php - 如果没有检查 Recaptcha,为什么电子邮件会通过?
问题描述
我一直在努力让 recaptcha 验证用户并且在未经验证的情况下不发送电子邮件。我已经尝试了我能想到的一切,但即使复选框为空白,电子邮件也会从我的联系表单中消失。我的表单仍然检查表单的字段是否为空或是否输入了有效的电子邮件地址,但我从未收到警告说,如果未触摸复选框,recaptcha 将无法解决。我尝试了几乎所有我能想到的教程,甚至是 Stackoverflow 社区中的链接。提前谢谢了。
形式
<form action="mail.php" method="POST">
<h1>Contact</h1>
<input type="text" placeholder="First name" id="firstname" maxlength="50">
<br>
<input type="text" placeholder="Last name" id="lastname" maxlength="50">
<br>
<input type="text" placeholder="Email" id="email" maxlength="50">
<br>
<input type="text" placeholder="Subject" id="subject" maxlength="50">
<br>
<textarea id="message" name="message" placeholder="Message..." maxlength="120"></textarea>
<div class="g-recaptcha" data-callback="recaptchaCallback" data-sitekey="sitekey"></div>
<input type="submit" value="Submit" id="submit_button">
<br>
<p class="form-message"></p>
<?php if (isset($_GET['CaptchaFail'])){?>
<div class="form-error">You have not proven you are not a robot!</div>
<?php }?>
<script>
$(document).ready(function(){
$("form").submit(function (event) {
event.preventDefault();
var first = $("#firstname").val();
var last = $("#lastname").val();
var subject = $("#subject").val();
var email = $("#email").val();
var message = $("#message").val();
var submit = $("#submit_button").val();
$(".form-message").load("mail.php", {
first: first,
last: last,
subject: subject,
email: email,
message: message,
submit: submit
});
});
});
</script>
服务器端现场验证
<?php
if (isset($_POST['submit'])){
$first = $_POST['first'];
$last = $_POST['last'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$submit = $_POST['submit'];
$errorEmpty = false;
$errorEmail = false;
if (empty($first) || empty($last) || empty($email) || empty($subject) || empty($message)){
echo "<span class='form-error'>Fill in all fields!</span>";
$errorEmpty = true;
}
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<span class='form-error'>Write a valid email address!</span>";
$errorEmail = true;
}
else{
if(isset($_POST['submit'])){
$first = $_POST['first'];
$last = $_POST['last'];
$emailFrom = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
$success = "<span class='form-success'>Message Success!</span>";
$emailTo = "ovalenzuela@itsmilvus.com";
$headers = "From: ".$emailFrom;
$txt = "You have received an email from ".$first . ' '.$last."\n\n".$message;
mail($emailTo, $subject, $txt, $headers);
echo "<span class='form-success'>$success</span>";
}
}
}
elseif (isset($_POST['submit'])){
}
else{
echo "There was an error!";
}
?>
<script>
var thanks = '<div>Thank you for you message!</div><br><Return to main page';
$("#firstname, #lastname, #email, #subject, #message").removeClass("input-error");
var errorEmpty = "<?php echo $errorEmpty; ?>";
var errorEmail = "<?php echo $errorEmail; ?>";
if (errorEmpty == true){
$("#firstname, #lastname, #email, #subject, #message").addClass("input-error");
}
if (errorEmail == true){
$("#email").addClass("input-error");
}
if (errorEmpty == false && errorEmail == false){
$("#firstname, #lastname, #email, #subject, #message").val("");
$("#contact-form").html(thanks).addClass("form-success");
}
</script>
RECAPTCHA VALIDATION(在 contact.php 文件中。)
<?php
if (isset($_POST['submit'])){
$url = "https://www.google.com/recaptcha/api/siteverify";
$privatekey = "secretkey";
$response = file_get_contents($url."?secret=".$privatekey."&response=".$_POST['g-recaptcha-response']."&remoteip".$_SERVER['REMOTE_ADDR']);
$data = json_decode($response);
if (isset($data->success) AND $data-success == true){
header('Location:contact.php?CaptchaPass==true');
}
else{
header('Location:contact.php?CaptchaFail==true');
}
}
?>
解决方案
在阅读了所有评论之后,事情开始变得更有意义。最终从前端验证了recaptcha,然后编写了服务器端代码来实现它。
这是我用来解决当 recpatcha 留空时遇到的问题的 PHP 逻辑:
if (empty($first) || empty($last) || empty($email) || empty($subject) || empty($message)) {
echo "<br><span class='form-error'>Fill in all fields!</span>";
$errorEmpty = true;
} // Validate if an email is entered
elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<span class='form-error'>Write a valid email address!</span>";
$errorEmail = true;
}
elseif (isset($data->success) && $data->success==true) {
$rescapStatus = true;
}
elseif (!empty($_POST['recaptcha'])) {
// echo('<p class="form-error"> Please set recaptcha variable.</p>');
$recapBox = true;
}
else {
$emailTo = "ovalenzuela@itsmilvus.com";
$headers = "From: " . $emailFrom;
$txt = "You have received an email from " . $first . ' ' . $last . "\n\n" . $message;
mail($emailTo, $subject, $txt, $headers);
}
}
else{
echo "There was an error!";
}
?>
<script>
var thanks = '<div>Thank you for you message!</div><br><Return to main page';
$("#firstname, #lastname, #email, #subject, #message").removeClass("input-error");
var errorEmpty = "<?php echo $errorEmpty; ?>";
var errorEmail = "<?php echo $errorEmail; ?>";
var recapStatus = "<?php echo $recapStatus; ?>";
var recapBox = "<?php echo $recapBox; ?>";
if (errorEmpty == true){
$("#firstname, #lastname, #email, #subject, #message").addClass("input-error");
}
if (errorEmail == true){
$("#email").addClass("input-error");
}
if (errorEmpty == false && errorEmail == false && recapBox == false){
$("#firstname, #lastname, #email, #subject, #message").val("");
$("#contact-form").html(thanks).addClass("form-success");
}
</script>
推荐阅读
- python - TensorFlow 对象检测 AttributeError:模块 'tensorflow._api.v1.compat' 没有属性 'v2'
- php - docker-compose 没有看到我的 index.php 但 docker run 看到了
- javascript - 如果其中任何一个条件满足,forEach 循环不会检查数组中的所有项目
- javascript - 为什么我的拼接方法会删除选定索引之后的所有对象?(javascript)
- android - 我正在尝试在 xml 中创建这个形状,如何制作它?
- python - CSRF 令牌验证失败
- c# - 使用 .NET-Standard 2.0 项目构建 ASP.NET-Core 3.1 会导致 Microsoft.AspNetCore.Mvc.Analyzers 程序集发生冲突
- r - 从列表列表中提取结果并维护列指标
- javascript - 尝试在发送前验证我的电子邮件表单
- flutter - 我需要在颤动的http请求正文中传递一个地图