CODEWITHSUNDEEP
phpformsrecaptcha
faq
faq

Reputation: 3076

How do I validate reCAPCHA in this case?

I know that the isset($a) is incorect it is just for ilustration. if i apply this code it dose absolutley nothing (refreshes the page). So ho do i validate it?

<?php
if (isset($a)) {

// entering data in database

if($result = mysql_query($sql ,$db)) {
// some code here

} else { 
echo "ERROR: ".mysql_error();
}
} else {
?>
<form method='post' action='' name='form' id='form' enctype='multipart/form-data'>
<?php
require_once('recaptchalib.php');
// Get a key from https://www.google.com/recaptcha/admin/create
$publickey = "mypublickey";
$privatekey = "myprivatekey";

# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;

# was there a reCAPTCHA response?
if ($_POST["recaptcha_response_field"]) {
        $resp = recaptcha_check_answer ($privatekey,
                                        $_SERVER["REMOTE_ADDR"],
                                        $_POST["recaptcha_challenge_field"],
                                        $_POST["recaptcha_response_field"]);

 if ($resp->is_valid) {
$a = '';
         } else {
                # set the error code so that we can display it
                $error = $resp->error;
        }
}
echo recaptcha_get_html($publickey, $error);
?>
<input type="submit" id='button2' name="Submit" value="Submit it!" class="button2">

</form>
<?php
}
?>

Upvotes: 0

Views: 1473

Answers (1)

Martijn
Martijn

Reputation: 5611

First of all: to check wether a form was submitted, you could check the REQUEST_METHOD key of the $_SERVER-array. According to PHP.net this indicates which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'. So the following line would do the trick: if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

Secondly, the reCAPTCHA Developer Guilde describes exactly how to show the captcha image and check wether the captcha was filled in correctly. I've slightly modified your code sample, so you can get an idea of how you should proceed. Not tested tough!

<?php
/* Require the recaptcha library, file-globally */
require_once('recaptchalib.php');

/* Get a key from https://www.google.com/recaptcha/admin/create */
$publickey = "mypublickey";
$privatekey = "myprivatekey";

/* Check wether the form was submitted */
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

    /* Check wether the captcha was correct */
    $resp = recaptcha_check_answer( $privatekey, $_SERVER['REMOTE_ADDR'], $_POST['recaptcha_challenge_field'], $_POST['recaptcha_response_field'] );

    /* Was it ? */
    if ( ! $resp->is_valid ) {

        /* What happens when the CAPTCHA was entered incorrectly */
        die( "The reCAPTCHA wasn't entered correctly. Go back and try it again. (reCAPTCHA said: " . $resp->error . ")" );

    } else {

        /* Entering data in database */
        if ( $result = mysql_query( $sql, $db ) ) {

            /* Some code here */

        } else {

            echo "ERROR: ".mysql_error( );

        }

    }

/* The form isn't posted yet, so we show the form */
} else {

    ?>

    <form method='post' action='' name='form' id='form' enctype='multipart/form-data'>
        <?php
        /* This is all we need to display the recaptcha */
        echo recaptcha_get_html($publickey);
        ?>
        <input type="submit" id='button2' name="Submit" value="Submit it!" class="button2">
    </form>

    <?php
}
?>

Upvotes: 3

Related Questions