Google reCaptcha v2 PHP - 仅适用于 file_get_contents()
Google reCaptcha v2 PHP - works only with file_get_contents()
我是 PHP 的新手,正在尝试使用 PHP 和 AJAX 使用 CurlPost() 或 SocketPost() 来实现 Google reCaptcha v2方法。目前,file_get_contents() 一切正常,但我的提供商将很快锁定它,因此我需要重构我的代码。不知何故,我 运行 在实现 CurlPost() 或 SocketPost() 时遇到问题 - 每当我尝试使用它们中的任何一个时,nginx 都会响应 403 声明 Not a POST request (它被硬编码在其中一个else 子句)。
我在 POST 中到底忽略了什么?下面是两段代码,一段与 file_get_contents() 完美配合,第二段是有问题的代码抛出 403.
工作一个
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require("PHPMailer.php");
require("Exception.php");
require("SMTP.php");
require('recaptcha-master/src/autoload.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get the form fields and remove whitespace.
$name = strip_tags(trim($_POST["name"]));
$name = str_replace(array("\r","\n"),array(" "," "),$name);
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST["tel"]);
$message = trim($_POST["message"]);
$recaptchaSecret = "6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf";
$captcha = '';
if(isset($_POST["captcha"]) && !empty($_POST["captcha"])){
$captcha=$_POST["captcha"];
}
if(!$captcha){
echo 'Prove that you are human';
exit;
}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf&response=".$captcha."&remoteip=".$_SERVER["REMOTE_ADDR"]);
$obj = json_decode($response);
if($obj->success == true) {
// Check that data was sent to the mailer.
if ( empty($name) OR empty($message) OR empty($tel) OR empty($captcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo "Oops! There was a problem with your submission. Please complete the form and try again.";
exit;
}
// Build the email content.
$email_content = "Имя: $name\n";
$email_content .= "Телефон: $tel\n";
$email_content .= "Email: $email\n";
$email_content .= "Сообщение: $message\n";
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
//$mail->setFrom($name, $email);
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo "success";
}
} else {
// Not a POST request, set a 403 (forbidden) response code.
http_response_code(403);
echo "Something went wrong. Please try again";
}
?>
并且不工作,给出 403:
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require("PHPMailer.php");
require("Exception.php");
require("SMTP.php");
require('recaptcha-master/src/autoload.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get the form fields and remove whitespace.
$name = strip_tags(trim($_POST["name"]));
$name = str_replace(array("\r","\n"),array(" "," "),$name);
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST["tel"]);
$message = trim($_POST["message"]);
$recaptcha = $_POST["g-recaptcha-response"];
$secret = '6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf';
}
//$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\CurlPost());
$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
// Check that data was sent to the mailer.
if ( empty($name) OR empty($message) OR empty($tel) OR empty($recaptcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo "Oops! There was a problem with your submission. Please complete the form and try again.";
exit;
}
// Build the email content.
$email_content = "Имя: $name\n";
$email_content .= "Телефон: $tel\n";
$email_content .= "Email: $email\n";
$email_content .= "Сообщение: $message\n";
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo "success";
} else {
// Not a POST request, set a 403 (forbidden) response code.
http_response_code(403);
echo "Something went wrong. Please try again";
}
?>
非常感谢任何提示!提前谢谢你。
最后我找到了 curl 的工作解决方案,不使用标准 google recaptcha 库,只是简单的 curl。该代码需要大量清理,但它正在运行。这是:
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require('PHPMailer.php');
require('Exception.php');
require('SMTP.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = strip_tags(trim($_POST['name']));
$name = str_replace(array('\r','\n'),array(' ',' '),$name);
$email = filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST['tel']);
$message = trim($_POST['message']);
$secret = '6LcjwkUUAAAAAENXwZtla40jNuPJGblZkYxLkXvf';
$captcha = '';
if(isset($_POST['captcha']) && !empty($_POST['captcha'])){
$captcha=$_POST['captcha'];
}
if(!$captcha){
echo 'Prove that you are human';
exit;
}
$fields = array(
'secret' => $secret,
'response' => $_POST['captcha'],
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$verifyResponse = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($verifyResponse, CURLOPT_RETURNTRANSFER, true);
curl_setopt($verifyResponse, CURLOPT_TIMEOUT, 15);
curl_setopt($verifyResponse, CURLOPT_POSTFIELDS, http_build_query($fields));
$responseData = json_decode(curl_exec($verifyResponse));
curl_close($verifyResponse);
if ($responseData->success) {
if ( empty($name) OR empty($message) OR empty($tel) OR empty($captcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo 'Oops! There was a problem with your submission. Please complete the form and try again.';
exit;
}
// Build the email content.
$email_content = 'Имя: $name\n';
$email_content .= 'Телефон: $tel\n';
$email_content .= 'Email: $email\n';
$email_content .= 'Сообщение: $message\n';
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo 'success';
}
} else {
http_response_code(403);
echo 'Something went wrong. Please try again';
}
?>
我是 PHP 的新手,正在尝试使用 PHP 和 AJAX 使用 CurlPost() 或 SocketPost() 来实现 Google reCaptcha v2方法。目前,file_get_contents() 一切正常,但我的提供商将很快锁定它,因此我需要重构我的代码。不知何故,我 运行 在实现 CurlPost() 或 SocketPost() 时遇到问题 - 每当我尝试使用它们中的任何一个时,nginx 都会响应 403 声明 Not a POST request (它被硬编码在其中一个else 子句)。
我在 POST 中到底忽略了什么?下面是两段代码,一段与 file_get_contents() 完美配合,第二段是有问题的代码抛出 403.
工作一个
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require("PHPMailer.php");
require("Exception.php");
require("SMTP.php");
require('recaptcha-master/src/autoload.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get the form fields and remove whitespace.
$name = strip_tags(trim($_POST["name"]));
$name = str_replace(array("\r","\n"),array(" "," "),$name);
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST["tel"]);
$message = trim($_POST["message"]);
$recaptchaSecret = "6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf";
$captcha = '';
if(isset($_POST["captcha"]) && !empty($_POST["captcha"])){
$captcha=$_POST["captcha"];
}
if(!$captcha){
echo 'Prove that you are human';
exit;
}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf&response=".$captcha."&remoteip=".$_SERVER["REMOTE_ADDR"]);
$obj = json_decode($response);
if($obj->success == true) {
// Check that data was sent to the mailer.
if ( empty($name) OR empty($message) OR empty($tel) OR empty($captcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo "Oops! There was a problem with your submission. Please complete the form and try again.";
exit;
}
// Build the email content.
$email_content = "Имя: $name\n";
$email_content .= "Телефон: $tel\n";
$email_content .= "Email: $email\n";
$email_content .= "Сообщение: $message\n";
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
//$mail->setFrom($name, $email);
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo "success";
}
} else {
// Not a POST request, set a 403 (forbidden) response code.
http_response_code(403);
echo "Something went wrong. Please try again";
}
?>
并且不工作,给出 403:
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require("PHPMailer.php");
require("Exception.php");
require("SMTP.php");
require('recaptcha-master/src/autoload.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Get the form fields and remove whitespace.
$name = strip_tags(trim($_POST["name"]));
$name = str_replace(array("\r","\n"),array(" "," "),$name);
$email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST["tel"]);
$message = trim($_POST["message"]);
$recaptcha = $_POST["g-recaptcha-response"];
$secret = '6LcjwkUUAAAAAENXcZtla40jNuPJGblZkYxLkXvf';
}
//$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\CurlPost());
$recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
$resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()) {
// Check that data was sent to the mailer.
if ( empty($name) OR empty($message) OR empty($tel) OR empty($recaptcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo "Oops! There was a problem with your submission. Please complete the form and try again.";
exit;
}
// Build the email content.
$email_content = "Имя: $name\n";
$email_content .= "Телефон: $tel\n";
$email_content .= "Email: $email\n";
$email_content .= "Сообщение: $message\n";
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo "success";
} else {
// Not a POST request, set a 403 (forbidden) response code.
http_response_code(403);
echo "Something went wrong. Please try again";
}
?>
非常感谢任何提示!提前谢谢你。
最后我找到了 curl 的工作解决方案,不使用标准 google recaptcha 库,只是简单的 curl。该代码需要大量清理,但它正在运行。这是:
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
require('PHPMailer.php');
require('Exception.php');
require('SMTP.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = strip_tags(trim($_POST['name']));
$name = str_replace(array('\r','\n'),array(' ',' '),$name);
$email = filter_var(trim($_POST['email']), FILTER_SANITIZE_EMAIL);
$tel = trim($_POST['tel']);
$message = trim($_POST['message']);
$secret = '6LcjwkUUAAAAAENXwZtla40jNuPJGblZkYxLkXvf';
$captcha = '';
if(isset($_POST['captcha']) && !empty($_POST['captcha'])){
$captcha=$_POST['captcha'];
}
if(!$captcha){
echo 'Prove that you are human';
exit;
}
$fields = array(
'secret' => $secret,
'response' => $_POST['captcha'],
'remoteip' => $_SERVER['REMOTE_ADDR']
);
$verifyResponse = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($verifyResponse, CURLOPT_RETURNTRANSFER, true);
curl_setopt($verifyResponse, CURLOPT_TIMEOUT, 15);
curl_setopt($verifyResponse, CURLOPT_POSTFIELDS, http_build_query($fields));
$responseData = json_decode(curl_exec($verifyResponse));
curl_close($verifyResponse);
if ($responseData->success) {
if ( empty($name) OR empty($message) OR empty($tel) OR empty($captcha) OR !filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Set a 400 (bad request) response code and exit.
http_response_code(400);
echo 'Oops! There was a problem with your submission. Please complete the form and try again.';
exit;
}
// Build the email content.
$email_content = 'Имя: $name\n';
$email_content .= 'Телефон: $tel\n';
$email_content .= 'Email: $email\n';
$email_content .= 'Сообщение: $message\n';
// Send the email.
$mail = new PHPMailer();
//Server settings
$mail->SMTPDebug = 0; // Enable verbose debug output
$mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = 'domain.tld'; // Specify main and backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = 'info'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted
$mail->Port = 587; // TCP port to connect to
//Recipients
$mail->setFrom('info@domain.tld', 'DOMAIN.TLD');
$mail->addAddress('info@domain.tld', 'Information'); // Add a recipient
$mail->addReplyTo('info@domain.tld', 'Information');
//Content
$mail->Subject = 'Новое сообщение с сайта DOMAIN.TLD' ;
$mail->Body = $email_content;
$success = $mail->send();
echo 'success';
}
} else {
http_response_code(403);
echo 'Something went wrong. Please try again';
}
?>