replace random image captcha with Google reCaptcha v2

2020-08-12 19:55:48 -04:00 · 2020-08-12 19:55:48 -04:00 · e5f89165cb
parent 24af2c2a21
commit e5f89165cb
6 changed files with 28 additions and 55 deletions
--- a/captcha/background1.jpg
+++ b/captcha/background1.jpg
--- a/captcha/background2.jpg
+++ b/captcha/background2.jpg
--- a/captcha/background3.jpg
+++ b/captcha/background3.jpg
--- a/captcha/background4.jpg
+++ b/captcha/background4.jpg
--- a/captcha/randomimage.php
+++ b/captcha/randomimage.php
@ -1,52 +0,0 @@
 <?php
 session_start();
 // make a string with all the characters that we 
 // want to use as the verification code
 $alphanum  = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
 // generate the verication code 
 $rand = substr(str_shuffle($alphanum), 0, 5);
 // choose one of four background images
 $bgNum = rand(1, 4);
 // create an image object using the chosen background
 $image = imagecreatefromjpeg("background$bgNum.jpg");
 $textColor = imagecolorallocate ($image, 0, 0, 0); 
 // write the code on the background image
 imagestring ($image, 5, 5, 8,  $rand, $textColor); 
 // create the hash for the verification code
 // and put it in the session
 $_SESSION['image_random_value'] = md5($rand);
 // send several headers to make sure the image is not cached	
 // taken directly from the PHP Manual
 // Date in the past 
 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); 
 // always modified 
 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
 // HTTP/1.1 
 header("Cache-Control: no-store, no-cache, must-revalidate"); 
 header("Cache-Control: post-check=0, pre-check=0", false); 
 // HTTP/1.0 
 header("Pragma: no-cache"); 	
 // send the content type header so the image is displayed properly
 header('Content-type: image/jpeg');
 // send the image to the browser
 imagejpeg($image);
 // destroy the image to free up the memory
 imagedestroy($image);
 ?>
--- a/sendform.php
+++ b/sendform.php
@ -15,6 +15,10 @@
 	// $referals is a list of web site domains seperated by commas.  Only requests originating from
 	// these domains will be processed.
 	$referals = "domain.com";
 	// Google reCaptcha v2 secret. Obtain your key from https://www.google.com/recaptcha/admin/create
 	// Enter your secret key below and be sure to integrate reCaptcha into your site with your site key.
 	$reCaptchaSecret = "";
 	// $excludeFields is a list of field names seperated by commas.  Field names listed here will not
 	// be included in the resulting email of this script.
@ -76,9 +80,30 @@
 	$theDomain = getdomain($_SERVER['HTTP_REFERER']);
 	checkreferal();
-	if(isset($_SESSION['image_random_value']) && strcasecmp(md5(strtoupper($_REQUEST['verification'])), $_SESSION['image_random_value']) != 0) {
+	
-		die("Verification box did not match image");
+	// Google reCaptcha v2
-	}
+	if(isset($reCaptchaSecret)){
 		if(isset($_POST['g-recaptcha-response'])) $captcha=$_POST['g-recaptcha-response'];
 		else errormsg("Verification failed. Please try again.");
 		// post request to server
        $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($reCaptchaSecret) .  '&response=' . urlencode($captcha);
        $ch = curl_init();
 		curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
 		curl_setopt($ch, CURLOPT_HEADER, 0);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 		curl_setopt($ch, CURLOPT_URL, $url);
 		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);       
 		$response = curl_exec($ch);
 		curl_close($ch);
        $responseKeys = json_decode($response,true);
        // should return JSON with success as true
        if(!$responseKeys["success"]) errormsg("Verification failed. Please try again.");
    }
 	checkrequired();
 	if(!validemail($defaultFrom) && !isset($_POST['email'])) bademail($defaultFrom);
 	fillrecipients();