时间戳

首页 > 解决方案 > 如果没有检查 Recaptcha,为什么电子邮件会通过?

php - 如果没有检查 Recaptcha,为什么电子邮件会通过?

问题描述

我一直在努力让 recaptcha 验证用户并且在未经验证的情况下不发送电子邮件。我已经尝试了我能想到的一切,但即使复选框为空白,电子邮件也会从我的联系表单中消失。我的表单仍然检查表单的字段是否为空或是否输入了有效的电子邮件地址,但我从未收到警告说,如果未触摸复选框,recaptcha 将无法解决。我尝试了几乎所有我能想到的教程,甚至是 Stackoverflow 社区中的链接。提前谢谢了。

形式

<form action="mail.php" method="POST">
            <h1>Contact</h1>
            <input type="text" placeholder="First name" id="firstname" maxlength="50">
            <br>
            <input type="text" placeholder="Last name" id="lastname" maxlength="50">
            <br>
            <input type="text" placeholder="Email" id="email" maxlength="50">
            <br>
            <input type="text" placeholder="Subject" id="subject" maxlength="50">
            <br>
            <textarea id="message" name="message" placeholder="Message..." maxlength="120"></textarea>
            <div class="g-recaptcha" data-callback="recaptchaCallback" data-sitekey="sitekey"></div>
            <input type="submit" value="Submit" id="submit_button">
            <br>
            <p class="form-message"></p>
            <?php if (isset($_GET['CaptchaFail'])){?>
            <div class="form-error">You have not proven you are not a robot!</div>
            <?php }?>

<script>
    $(document).ready(function(){
        $("form").submit(function (event) {
            event.preventDefault();
            var first = $("#firstname").val();
            var last = $("#lastname").val();
            var subject = $("#subject").val();
            var email = $("#email").val();
            var message = $("#message").val();
            var submit = $("#submit_button").val();
            $(".form-message").load("mail.php", {
                first: first,
                last: last,
                subject: subject,
                email: email,
                message: message,
                submit: submit
            });
        });
    });
</script>

服务器端现场验证

<?php

if (isset($_POST['submit'])){
    $first = $_POST['first'];
    $last = $_POST['last'];
    $email = $_POST['email'];
    $subject = $_POST['subject'];
    $message = $_POST['message'];
    $submit = $_POST['submit'];

    $errorEmpty = false;
    $errorEmail = false;

    if (empty($first) || empty($last) || empty($email) || empty($subject) || empty($message)){
        echo "<span class='form-error'>Fill in all fields!</span>";
        $errorEmpty = true;
    }
    elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo "<span class='form-error'>Write a valid email address!</span>";
        $errorEmail = true;
    }
    else{

        if(isset($_POST['submit'])){
            $first = $_POST['first'];
            $last = $_POST['last'];
            $emailFrom = $_POST['email'];
            $subject = $_POST['subject'];
            $message = $_POST['message'];
            $success = "<span class='form-success'>Message Success!</span>";

            $emailTo = "ovalenzuela@itsmilvus.com";
            $headers = "From: ".$emailFrom;
            $txt = "You have received an email from ".$first . ' '.$last."\n\n".$message;

            mail($emailTo, $subject, $txt, $headers);
            echo "<span class='form-success'>$success</span>";
        }

    }
}

elseif (isset($_POST['submit'])){


}

else{
    echo "There was an error!";
}



?>

<script>
    var thanks = '<div>Thank you for you message!</div><br><Return to main page';

    $("#firstname, #lastname, #email, #subject, #message").removeClass("input-error");

    var errorEmpty = "<?php echo $errorEmpty; ?>";
    var errorEmail = "<?php echo $errorEmail; ?>";

    if (errorEmpty == true){
        $("#firstname, #lastname, #email, #subject, #message").addClass("input-error");
    }
    if (errorEmail == true){
        $("#email").addClass("input-error");
    }
    if (errorEmpty == false && errorEmail == false){
        $("#firstname, #lastname, #email, #subject, #message").val("");
        $("#contact-form").html(thanks).addClass("form-success");
    }
</script>

RECAPTCHA VALIDATION(在 contact.php 文件中。)

<?php
    if (isset($_POST['submit'])){
        $url = "https://www.google.com/recaptcha/api/siteverify";
        $privatekey = "secretkey";

        $response = file_get_contents($url."?secret=".$privatekey."&response=".$_POST['g-recaptcha-response']."&remoteip".$_SERVER['REMOTE_ADDR']);
        $data = json_decode($response);

        if (isset($data->success) AND $data-success == true){
            header('Location:contact.php?CaptchaPass==true');
        }
        else{
            header('Location:contact.php?CaptchaFail==true');
        }

    }
?>

标签: phpjqueryhtmlajaxrecaptcha

解决方案

在阅读了所有评论之后,事情开始变得更有意义。最终从前端验证了recaptcha,然后编写了服务器端代码来实现它。

这是我用来解决当 recpatcha 留空时遇到的问题的 PHP 逻辑:

if (empty($first) || empty($last) || empty($email) || empty($subject) || empty($message)) {
        echo "<br><span class='form-error'>Fill in all fields!</span>";
        $errorEmpty = true;
    } //  Validate if an email is entered
    elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo "<span class='form-error'>Write a valid email address!</span>";
        $errorEmail = true;
    }
    elseif (isset($data->success) && $data->success==true) {
        $rescapStatus = true;

    }
    elseif (!empty($_POST['recaptcha'])) {
//            echo('<p class="form-error"> Please set recaptcha variable.</p>');
            $recapBox = true;
    }
    else {
        $emailTo = "ovalenzuela@itsmilvus.com";
        $headers = "From: " . $emailFrom;
        $txt = "You have received an email from " . $first . ' ' . $last . "\n\n" . $message;

        mail($emailTo, $subject, $txt, $headers);
    }
}

else{
    echo "There was an error!";
}

?>

<script>
    var thanks = '<div>Thank you for you message!</div><br><Return to main page';

    $("#firstname, #lastname, #email, #subject, #message").removeClass("input-error");

    var errorEmpty = "<?php echo $errorEmpty; ?>";
    var errorEmail = "<?php echo $errorEmail; ?>";
    var recapStatus = "<?php echo $recapStatus; ?>";
    var recapBox = "<?php echo $recapBox; ?>";

    if (errorEmpty == true){
        $("#firstname, #lastname, #email, #subject, #message").addClass("input-error");
    }
    if (errorEmail == true){
        $("#email").addClass("input-error");
    }
    if (errorEmpty == false && errorEmail == false && recapBox == false){
        $("#firstname, #lastname, #email, #subject, #message").val("");
        $("#contact-form").html(thanks).addClass("form-success");
    }
</script>

推荐阅读