reCAPTCHA v3验证分数存在问题

时间:2019-01-28 19:11:53

标签: php recaptcha-v3

尝试在我的网站的“联系方式”上实现重新验证,除非将分数设置为0.0,否则我很难通过任何检查。甚至0.1也会将其踢到垃圾邮件。关于实现方法的例子太多了,我尝试了其中的几个例子,但是没有运气(因为几个例子也适用于不同的版本,这对我们菜鸟来说很难)。

无论如何,这是我要使用的html页面表单的精简版本:

<head>
<script src='https://www.google.com/recaptcha/api.js?render=KEY'></script>
</head>
<body>
<form name="contactform" action="send_form_email.php" method="post">
<div class="input-group">
    <span class="input-group-label">Name</span>
    <input name="realname" class="input-group-field" type="text" value="Your Name Here" maxlength="50" onFocus="this.value=''">
</div>
<div class="input-group">
    <span class="input-group-label">Email</span>
    <input name="email" class="input-group-field" type="email" value="Your E-Mail Here" maxlength="50" onFocus="this.value=''">
</div>
<div class="input-group">
    <span class="input-group-label">Message</span>
    <textarea name="message" rows="10"></textarea>
</div>          
<input type="Submit" class="button" value="SEND"><input type="Reset" class="button" value="RESET">
</form>
<script>
    $(function(){ //wait for document ready
        grecaptcha.ready(function() {
            grecaptcha.execute('KEY', {action: 'contactUs'}).then(function(token) {
            // Verify the token on the server.
            });
        });
    });
</script>
</body>

因此,我有一个名为send_form_email.php的PHP表单,用于处理所有辛苦的工作:

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Build POST request:
$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret = 'SECRET_KEY';
$recaptcha_response = $_POST['g-recaptcha-response'];
// Make and decode POST request:
$recaptcha = file_get_contents($recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response);
$recaptcha = json_decode($recaptcha);

    // Take action based on the score returned:
    if ($recaptcha->score >= 0.0) {
    // This is just where I take care of formatting the email and sending it to me, which is working just fine... well while the score is set to 0.0
    }
    } else {
    // otherwise, let the spammer think that they got their message through
    header('Location: success.htm');
    exit();
    }
}
?>

所以这就是我遇到的问题。在上面的代码中,我将其设置为0.0,这是目前电子邮件通过的唯一方式。但这当然可以通过垃圾邮件或真实邮件,因为它基本上是关闭的。就像我说的,如果我将其设置为0.1,则不会通过分数检查,也不会发送电子邮件。我敢肯定,这很简单,我想念它或者我没有正确传递信息或其他东西,但是google文档不是很有帮助。所以我希望有人能指出我错过了什么?

谢谢!

1 个答案:

答案 0 :(得分:0)

最后找到了一个答案here,它给了我确切的答案。一些简单的示例代码就可以了! (为什么Google不能这样做?)它没有被列为“可接受的”答案,它是下面的答案,但是可接受的答案只是将您扔到了一个git上,这对于新手来说是很荒谬的。

这是我上面从上方编辑的代码:

<head>
<script src='https://www.google.com/recaptcha/api.js?render=YOUR_KEY_HERE'></script>
</head>
<body>
<form name="contactform" action="send_form_email.php" method="post">
<input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
<input type="hidden" name="action" value="validate_captcha">
<div class="input-group">
    <span class="input-group-label">Name</span>
    <input name="realname" class="input-group-field" type="text" value="Your Name Here" maxlength="50" onFocus="this.value=''">
</div>
<div class="input-group">
    <span class="input-group-label">Email</span>
    <input name="email" class="input-group-field" type="email" value="Your E-Mail Here" maxlength="50" onFocus="this.value=''">
</div>
<div class="input-group">
    <span class="input-group-label">Message</span>
    <textarea name="message" rows="10"></textarea>
</div>          
<input type="Submit" class="button" value="SEND"><input type="Reset" class="button" value="RESET">
</form>
<script>
    $(function(){ //wait for document ready
        grecaptcha.ready(function() {
            grecaptcha.execute('YOUR_KEY_HERE', {action: 'contactUs'}).then(function(token) {
            // Verify the token on the server.
            document.getElementById('g-recaptcha-response').value = token;
            });
        });
    });
</script>
</body>

然后使用修订后的PHP表单send_form_email.php来处理所有辛苦的工作:

<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Build POST request:
$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret = 'YOUR_SECRET_KEY';
$recaptcha_response = $_POST['g-recaptcha-response'];
// Make and decode POST request:
$recaptcha = file_get_contents($recaptcha_url.'?secret='.$recaptcha_secret.'&response='.$recaptcha_response);
$recaptcha = json_decode($recaptcha);

    // Take action based on the score returned:
    if ($recaptcha->score >= 0.5) {
    // Basically if the score is equal to or better than the above, you have a good one and can send your email off and this is just where you would do that
    }
    } else {
    // otherwise, let the spammer think that they got their message through
    header('Location: success.htm');
    exit();
    }
}
?>

我现在显示它的得分为0.5,但您当然应该在google上查看您的管理员,查看获得的得分并根据需要进行调整。

相关问题
最新问题