Check recaptcha before anything else is done?

Question

Here recently I implemented a ReCAPTCHA script onto my upload script.

What the problem is, is that it waits until the WHOLE upload is done before it checks the ReCAPTCHA...

Can anyone tell me what i'm doing wrong?

<?php
include 'config.php';
$download = "caches/" . $_POST['email'] . ".zip";
$revision = $_POST['email'];
$details  = $_POST['password'];
$ip       = $_SERVER['REMOTE_ADDR'];
if ($revision >= 300 && $revision <= 499) {
    $table = "300caches";
} else if ($revision >= 500 && $revision <= 599) {
    $table = "500caches";
} else if ($revision >= 600 && $revision <= 800) {
    $table = "600caches";
} else {
    header('Location: error.php?err=rev');
}
require_once('captcha/recaptchalib.php');
$privatekey = "";
$resp       = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
    header('Location: error.php?err=rec');
}
if (!$_GET['act']) {
    if ((($_FILES["file"]["type"] == "application/zip") || ($_FILES["file"]["type"] == "application/octet-stream")) && ($_FILES["file"]["size"] < 315000000)) {
        if ($_FILES["file"]["error"] > 0) {
            header('Location: error.php?err=unknown');
        } else {
            if (file_exists("caches/" . $_FILES["file"]["name"])) {
                header('Location: error.php?err=fx&name=' . $_FILES["file"]["name"]);
            } else {
                $checkFile  = "main_file_cache.dat";
                $checkFile2 = "main_file_cache.dat0";
                $checkExe   = "exe";
                $zip        = new ZipArchive;
                $res        = $zip->open($_FILES["file"]["tmp_name"]);
                if (!is_numeric($zip->locateName($checkExe))) {
                    if ($res === TRUE) {
                        if (is_numeric($zip->locateName($checkFile)) || is_numeric($zip->locateName($checkFile2))) {
                            $uploaded = move_uploaded_file($_FILES["file"]["tmp_name"], "caches/" . $revision . ".zip");
                            if ($uploaded) {
                                $sql    = "INSERT INTO $table(revision, link, details, ip)VALUES('$revision', '$download', '$details', '$ip')";
                                $result = mysql_query($sql);
                                if ($result) {
                                    header("Location: index.php");
                                } else {
                                    header("Location: error.php?err=sql");
                                }
                            }
                            $zip->close();
                        } else {
                            header("Location: error.php?err=nc");
                        }
                    } else {
                        header("Location: error.php?err=nc");
                    }
                } else {
                    header("Location: error.php?err=nc");
                }
            }
        }
    } else {
        header('Location: error.php?err=if&name=' . $_FILES["file"]["name"]);
    }
}
?>

Answer 1

Of course it waits for the upload to finish.

The data is sent to the server on the form submit, whether AJAX or not. The form data is not retrieved from the browser when you call the $_POST.

A solution if your using ajax is too first check a different ajax page and check that the captcha was correct, and return a token which can be used in the file upload.

Im not sure how you would get around this on just a normal file upload, other than having a page where a user enters a captcha before they can access the page for upload.