Skip to content Skip to sidebar Skip to footer

Submit Button Sends Email Even If ReCaptcha Has Been Done

Im in the process of adding the reCaptcha from google to my form. The problem is that even though I have followed the instructions from google. I can still press the Submit button

Solution 1:

So we set up the form and make sure your library is included, I prevent the submit button from being clicked while the recaptcha has not been completed and show a tooltip to notify the user it is needed to continue. Then enable it when it has been complete using the callback methods.

login.php

<div class="formContainer">
    <script src='https://www.google.com/recaptcha/api.js'></script>
    <form action="loginHandler.php" method="post" name="login_form" id="loginForm" class="loginForm">  
        <h2>Login</h2>
        <p><input type="text" required placeholder="Email" name="email"></p>
        <p><input type="password" required placeholder="Password" name="password" id="password"></p>
        <div class="g-recaptcha" data-callback="captcha_filled"
                 data-expired-callback="captcha_expired" 
                 data-sitekey="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX">
        </div>
        <div>
            <p class="show-tt" data-toggle="tooltip" title="Complete the reCAPTCHA to login." data-placement="bottom">
                <input id="submitLogin" type="submit" value="Login">
            </p>
        </div>
    </form>
</div>

<script>
    //prevent submit and show tooltip until captch is complete.
    var submit = false;
    $("#submitLogin").prop('disabled', true);

    function captcha_filled() {
        submit = true;
        $("#submitLogin").prop('disabled', false);
        $(".show-tt").tooltip('destroy');
    }
    function captcha_expired() {
        submit = false;
        $("#submitLogin").prop('disabled', true);
        showTooltip();
    }
    function showTooltip () {
        $(".show-tt").tooltip('show');
    }
</script>

Now we post to loginHandler.php, or wherever your form submits too and then there we will assign your secret key and then verify the request with google.

loginHandler.php

$secret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

if (isset($_POST["g-recaptcha-response"])) {

    $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secret) .
            '&response=' . urlencode($_POST['g-recaptcha-response']) . '&remoteip=' . urlencode($_SERVER['REMOTE_ADDR']);
    //ip address is optional
    $result = json_decode(file_get_contents($url), true);

    if ($result != null && $result['success'] === true) {

        //success, handle login/submit data or whatever

    } else {
        //response is bad, handle the error
        header('Location: login.php?error=4');
    }
} else {
    //captcha response is not set, handle error
    header('Location: login.php?error=5');
}

Post a Comment for "Submit Button Sends Email Even If ReCaptcha Has Been Done"