获取Recapcha 2与PHP页面通信的问题

Question

我有一个输入字段表单，我用它来测试在服务器端安装带有验证的reCaptcha 2。我的流程图是通过Ajax将reCaptcha响应发送给PHP进行验证。我在我的console.log输出中得到的是，信息被正确地捕获到通过ajax传输到PHP页面的字符串中。我还从服务器端了解到，发布的内容是正确捕获的，而不是gRecaptchaResponse。我的代码的相关部分如下：

HTML:

<form  action="php/recapcha.php" method="post" id="myForm">
    <div class="form-group">
    <label for="fullName">Name:</label>
    <input type="name" name="name" class="form-control" id="fullName" aria-describedby="namelHelp" placeholder="Enter Full Name">
    <small id="nameHelp" class="form-text text-muted">We'll never share your name with anyone else.</small>
   </div>
   <!--   Submit Recaptcha and Button    -->
    <div class="g-recaptcha mb-3" data-sitekey="myPublicKeyTqUf"></div>
            <button id="recaptcha-submit" type="submit" class="btn btn-primary"  value="">Submit</button>
            <div id="result" class="mt-3"><p id="serverMessages">Server Results:  <span id="serverResponseValue"></span></p></div>

</form>

jS的基础如下：

   <script type="text/javascript">

    function processForm() {

     if (grecaptcha === undefined) {
            alert('Recaptcha not defined'); 
            return; 
        }

    var response = grecaptcha.getResponse();

    if (!response) {
        alert('Could not get recaptcha response'); 
        return; 
        }

            var form = document.getElementById("myForm");   
            var action = form.getAttribute("action");
            var name = document.getElementById("fullName").value;
            var formString = 'name=' + name + '&gRecaptchaResponse' + response;

             console.log('formString: ' + formString);

            var xhr = new XMLHttpRequest();
            xhr.open('POST', action, true);
            xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
            xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
            xhr.onreadystatechange = function () {
              if(xhr.readyState == 4 && xhr.status == 200) {
                var result = xhr.responseText;  
                console.log('result: ' + result);


                var DataStr = JSON.stringify(result);

                var jsObjectResult = JSON.parse(DataStr);
                postResult(jsObjectResult);
              }
            };

          console.log('formString: ' + formString);
            xhr.send(formString);
          }

          button.addEventListener("click", function(event) {

            event.preventDefault();
            processForm();
          });

​

正如您所看到的，我确保在客户端通过JS函数获得reCaptcha响应，然后再通过ajax将所有内容发送到php页面。

下面是我的PHP文件开头的一个片段：

<?php
    header( 'Content-Type: application/json' );

function is_ajax_request() {
    return isset( $_SERVER[ 'HTTP_X_REQUESTED_WITH' ] ) &&
        $_SERVER[ 'HTTP_X_REQUESTED_WITH' ] == 'XMLHttpRequest';
} 

global $captcha;

    if ( isset( $_POST[ 'name' ] ) ) {
        $name = $_POST[ 'name' ];
        echo($name);
    } else {
        $name = '';
    }

    if(isset($_POST['gRecaptchaResponse'])){
          $captcha=$_POST['gRecaptchaResponse'];
        }
        if(!$captcha){
          echo '<h2>Please check the the captcha form.</h2>';
          exit($captcha);
        }
        $secretKey = "mySecretKeyUPzF9";
        $ip = $_SERVER['REMOTE_ADDR'];
        // post request to server
        $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha);
        $response = file_get_contents($url);
        $responseKeys = json_decode($response,true);
        // should return JSON with success as true
        if($responseKeys["success"]) {
               echo '<h2>Thanks for posting comment</h2>';
            exit;
        } else {
               echo '<h2>You are a spammer ! Get the @$%K out</h2>';
            exit;
}

所以底线是。google验证返回的是$response == false，我收到的消息是“您是垃圾邮件发送者！获取@$%K”，在这两个页面上没有检测到错误。

Answer 1

这就是我用来检查错误的方法。

if(isset($responseKeys["error-codes"])){
     //has errors
}
else{
     //no errors
}

另外，合适的变量是g-recaptcha-response而不是gRecaptchaResponse.。