CODEWITHSUNDEEP
phpforms
Joon Kit
Joon Kit

Reputation: 79

How to remove g-recaptcha-response in online form?

See below for the image, that I highlighted, Can I know how to remove g-recaptcha-response when I received the email?

enter image description here

$mailTo = "$email_address";

$mailSubject = "$email_subject";

$mailBody = "The form values entered by the user are as follows: \n\n";

foreach($HTTP_POST_VARS as $key=>$value)
{
if(isset($_POST['g-recaptcha-response'])){$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha)
{
echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$redirect_to_failed\">";
exit;
}
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{
          echo '<h2>You are spammer! /h2>';
}else
{
          echo '<h2>Thanks for contacting us.</h2>';
}

$mailBody .= "$key = $value\n";

}

Upvotes: 4

Views: 3090

Answers (2)

MattAllegro
MattAllegro

Reputation: 7365

I managed to avoid showing the g-recaptcha-response and its "long" value in the email body, adding this line:

unset($_POST['g-recaptcha-response']);

in my sendmail.php, before mailing the form and after validating the ReCaptcha status (source).

Upvotes: 0

Geoff Atkins
Geoff Atkins

Reputation: 1703

Check for the g-recaptcha-response outside of the loop, there's no need to check it everytime you iterate.

Then check that the key of the $_POST variable is not the g-recaptcha-response before adding it to the message.

$mailTo = "$email_address";

$mailSubject = "$email_subject";

$mailBody = "The form values entered by the user are as follows: \n\n";

if(isset($_POST['g-recaptcha-response'])){$captcha=$_POST['g-recaptcha-response'];
}

foreach($HTTP_POST_VARS as $key=>$value)
{
    if(!$captcha)
    {
        echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$redirect_to_failed\">";
        exit;
    }
    $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
    if($response.success==false)
    {
              echo '<h2>You are spammer! /h2>';
    }else
    {
              echo '<h2>Thanks for contacting us.</h2>';
    }
    if ($key != 'g-recaptcha-response') {
        $mailBody .= "$key = $value\n";
    }
}

Upvotes: 5

Related Questions