0

I am currently creating a login script for a project, yet trying to introduce a captcha has proven issues with it; of which I am not entirely certain of.

Login page:

Form:

enter image description here

Form code:

    <div class="col-lg-8">
    <script src="https://www.google.com/recaptcha/api.js"></script>
      <form class="form-signin" method="post" action="loginauth.php">
        <h2 class="form-signin-heading">Sign in to ServiceAdmin</h2><br>
        <label class="sr-only">Email address</label>
        <input name="email" type="email" class="form-control" placeholder="Email address" required autofocus>
        <label class="sr-only">Password</label>
        <input name="password" type="password" class="form-control" placeholder="Password" required><br>
    </div>
    <div class="col-lg-4">
        <div class="g-recaptcha" style="margin-top: 115px; margin-left: 20px;" data-sitekey="REDACTED"></div>

        <?php if($_SESSION['login.captcha']){
            echo '<font color="red"><p style="margin-left:27px;">Please tick this checkbox to verify your security.</p></font>';
            unset($_SESSION['login.captcha']);
          } else {
            echo '<p style="margin-left:27px;">Please tick this checkbox to verify your security.</p>';
          } ?>

        </div><br><br>
        <input class="btn btn-lg btn-primary btn-block" type="submit" value="Sign in">
      </form>

Login backend code (loginauth.php):

<?php
error_reporting(E_ALL);
$email = $password = $captcha = NULL;
if(isset($_POST['email'])){
  $email = $_POST['email'];
}
if(isset($_POST['password'])){
  $password = $_POST['password'];
}
if(isset($_POST['g-recaptcha-response'])){
  $captcha = $_POST['g-recaptcha-response'];
}
if(!$captcha){
  echo "captcha error";
  exit;
}

$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=REDACTED&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false){
  "captcha error bot";
} else {
  "success";
}
?>

No matter what, despite the captcha being filled in, it will not be recognized as entered, and will come up with error as such:

( ! ) Notice: Undefined variable: captcha in C:\wamp\projects\ServiceAdmin\login\loginauth.php on line 11

If anybody has any ideas as to the cause of this issue, help would be appreciated profusely.

sjagr
  • 15,983
  • 5
  • 40
  • 67
Tom Shep
  • 3
  • 1
  • 3
  • possible duplicate of [Reference - What does this error mean in PHP?](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) If you still don't understand it or if you are still stuck after reading this link tell us! (BTW: Can't reproduce your error) – Rizier123 Jan 13 '15 at 18:10

2 Answers2

1

PHP throws notices if you reference a variable that hasn't been created yet, although the code still "works".

In this case, $captcha is never instantiated because your code never reaches the line that creates it

if(isset($_POST['g-recaptcha-response'])){ $captcha = $_POST['g-recaptcha-response']; }

The common fix is to declare $captcha with a false or null value before you use/reference it on line 11.

STLMikey
  • 1,210
  • 7
  • 19
  • 2
    Hmmm, *declare $captcha with a false or null* -> `$email = $password = $captcha = NULL;` hmmm, yeah, yep i think your right – Rizier123 Jan 13 '15 at 18:17
0

Try to see this link: http://php.net/manual/en/function.isset.php

Determine if a variable is set and is not NULL.

If a variable has been unset with unset(), it will no longer be set. isset() will return FALSE if testing a variable that has been set to NULL. Also note that a NULL byte ("\0") is not equivalent to the PHP NULL constant.

If multiple parameters are supplied then isset() will return TRUE only if all of the parameters are set. Evaluation goes from left to right and stops as soon as an unset variable is encountered.

I would write if(isset($captcha))

Rafael Capretz
  • 1
  • 1