PHP ReCaptcha if else

Question

OK I am trying to implement ReCaptcha on a simple form that posts to a DB. This form has a few different validation for validating the address is valid against LiveAddress API and deduping etc.

So I am trying to add ReCaptcha in the elseif like below, both of my other validation work but once it gets to ReCaptcha whether i enter a the captcha correct or incorrect when i hit submit it just goes to a blank page. With no errors.

I do have the correct public and private keys on my form and an includes for the recaptchalib.php. I can post that code if you think that would be helpful.

I am assuming that i need this to be in if else elseif below because if i just have all of the captcha code on the form like the example that you download it ignores the captcha all together it just get posted to the DB successfully, even if you don't put anything in the captcha input.

if(empty($errorMessage))
{
    // Dedupe the entry into the form
    $dupesql = "SELECT * FROM fromData WHERE (address = '$primary_number' AND city = '$city_name' AND state = '$state_abbreviation' AND zip = '$zipcode_full')";
    $duperaw = $mysqli->query($dupesql);

    // Check to make sure that they entered a valid address according to Liveaddress API
    if(empty($primary_number)){
        $bad_address .= "$bad_add in $bad_city, $bad_state is not a valid address please try again\n";
    }
    // Check to make sure that they have not already registered deduping on address, city, state, zip
    elseif($duperaw->num_rows > 0) {
        $dupe .= "$full_name already exists on $bad_add in $bad_city, $bad_state \n";
    }

    elseif( isset( $_POST["recaptcha_response_field"] ) )
    {
        $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);

        if(!$resp->is_valid) {
            echo "reCaptcha incorrect";
        } else {
            echo "reCaptcha OK";
        }
    }

    // If all "elseif" fail then we insert them into our database
    else {
        $sql = "INSERT INTO fromData (name, email, address, city, state, zip, date, optin, proccessed) VALUES ('$full_name', '$email', '$primary_number', '$city_name', '$state_abbreviation', '$zipcode_full', '$date', '$optin', 'No')";
        $mysqli->query($sql);
        echo $mysqli->error;

        header("location: index.php?success=1");
        exit();
    }
}

Can anyone see anything that is glaringly wrong with my code above? I have been moving the capcha code all around and it still isn't working. I am assuming that this is the closet i have to making it work the way that i need.

Answer 1

The way you have it now, last block of code else { ... } only gets executed if there are no previous errors (which is good) and if user entered nothing for captha (which is bad).

This is because if user enters anythnig for captcha, elseif( isset( $_POST["recaptcha_response_field"] ) ) will happen and the last else { ... } will not be executed.

The code you want to execute if the captcha is correct should be in the

else {
  echo "reCaptcha OK";        
} 

branch, not in the last else which only gets executed if variable which holds users response to captcha (I assumed you keep that in $_POST["recaptcha_response_field"]) is empty. So:

elseif( isset( $_POST["recaptcha_response_field"] ) ) { 
  $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"],     $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); 
  if(!$resp->is_valid) { 
    echo "reCaptcha incorrect"; 
  }
  else {
    $sql = "INSERT INTO fromData (name, email, address, city, state, zip, date, optin, proccessed) VALUES ('$full_name', '$email', '$primary_number', '$city_name', '$state_abbreviation', '$zipcode_full', '$date', '$optin', 'No')";
    $mysqli->query($sql);
    echo $mysqli->error;
    header("location: index.php?success=1");
    exit();
  } 
}