Contact form issue to handle Google reCaptcha response

Question

I'm trying to implement google reCaptcha for my contact form. I've read several tutorials and posts on SA but without success.

My issue is that no matter wheter the user check the reCaptcha or not, the form gets send anyway as if the reCaptcha was not taken into consideration.

I have used the method described in this post and see below my full code:

What is the issue?

Many thanks

FORM

<form action="sendmessage-test.php" class="well form-horizontal" id="contact_form" method="post" name="contact_form">

  fields etc.

  <button class="" name="submit" type="submit"> SEND</button>
  <div class="g-recaptcha" data-sitekey="mykey"></div>

         <!-- Success message -->
        <div class="alert alert-success" id="success_message" role="alert">
          Votre message a bien été envoyé. Merci!
        </div>
        <!-- error message -->
        <div class="alert alert-danger" id="error_message" role="alert">
          Le message n'a pas pu être envoyé. Veuillez nous contacter par téléphone. Merci.
        </div>

</form>

AJAX

$(document).ready(function() {

        $('#contact_form').bootstrapValidator({
            feedbackIcons: {
                valid: 'fa fa-check',
                invalid: 'fa fa-times',
                validating: 'fa fa-refresh'
            },
            fields: {
                first_name: {
                    validators: {
                            stringLength: {
                            min: 2,
                        },
                            notEmpty: {
                            message: 'Veuillez indiquer votre prénom'
                        }
                    }
                },
                 last_name: {
                    validators: {
                         stringLength: {
                            min: 2,
                        },
                        notEmpty: {
                            message: 'Veuillez indiquer votre nom'
                        }
                    }
                },
                email: {
                    validators: {
                        notEmpty: {
                            message: 'Veuillez indiquer votre adresse e-mail'
                        },
                        regexp: {
                        regexp: '^[^@\\s]+@([^@\\s]+\\.)+[^@\\s]+$',
                        message: 'Veuillez indiquer une adresse e-mail valide'
                                }
                    }
                },
                message: {
                    validators: {
                          stringLength: {
                            min: 10,
                            max: 1000,
                            message:'Votre message doit faire plus de 10 caractères et moins de 1000.'
                        },
                        notEmpty: {
                            message: 'Veuillez indiquer votre message'
                        }
                        }
                    }
                }}).on('success.form.bv', function (e) {
                e.preventDefault();
              $('button[name="submit"]').hide();

              var bv = $(this).data('bootstrapValidator');
              // Use Ajax to submit form data
              $.post($(this).attr('action'), $(this).serialize(), function (result) {
                  if (result.status == 1) {
                      $('#success_message').slideDown({
                          opacity: "show"
                      }, "slow")
                      $('#contact_form').data('bootstrapValidator').resetForm();
                  } else {
                        $('#error_message').slideDown({
                          opacity: "show"
                      }, "slow")              }
              }, 'json');
          }
            );

    });

PHP

<?php

require 'PHPMailer/PHPMailerAutoload.php';

$mail = new PHPMailer;
$mail->CharSet = 'utf-8';

$email_vars = array(
    'message' => str_replace("\r\n", '<br />', $_POST['message']),
    'first_name' => $_POST['first_name'],
    'last_name' => $_POST['last_name'],
    'phone' => $_POST['phone'],
    'email' => $_POST['email'],
    'organisation' => $_POST['organisation'],
    'server' => $_SERVER['HTTP_REFERER'],
    'agent' => $_SERVER ['HTTP_USER_AGENT'],

);

// CAPTCHA


function isValid() 
{
    try {

        $url = 'https://www.google.com/recaptcha/api/siteverify';
        $data = ['secret'   => 'mykey',
                 'response' => $_POST['g-recaptcha-response'],
                 'remoteip' => $_SERVER['REMOTE_ADDR']];

        $options = [
            'http' => [
                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
                'method'  => 'POST',
                'content' => http_build_query($data) 
            ]
        ];

        $context  = stream_context_create($options);
        $result = file_get_contents($url, false, $context);
        return json_decode($result)->success;
    }
    catch (Exception $e) {
        return null;
    }
}



//Enable SMTP debugging. 
$mail->SMTPDebug = false;                               
//Set PHPMailer to use SMTP.
$mail->isSMTP();            
//Set SMTP host name                          
$mail->Host = "smtp.sendgrid.net";
//Set this to true if SMTP host requires authentication to send email
$mail->SMTPAuth = true;                          
//Provide username and password     
$mail->Username = "";                 
$mail->Password = "";                           
//If SMTP requires TLS encryption then set it
$mail->SMTPSecure = "tls";                           
//Set TCP port to connect to 
$mail->Port = 587;                                   

$mail->FromName = $_POST['first_name'] . " " . $_POST['last_name'];

//To be anti-spam compliant

/* $mail->From = $_POST['email']; */     
$mail->From = ('mail@');
$mail->addReplyTo($_POST['email']);



$mail->addAddress("@gmail.com");
//CC and BCC
$mail->addCC("");
$mail->addBCC("");

$mail->isHTML(true);

$mail->Subject = "Nouveau message ";

$body = file_get_contents('emailtemplate.phtml');

if(isset($email_vars)){
    foreach($email_vars as $k=>$v){
        $body = str_replace('{'.strtoupper($k).'}', $v, $body);
    }
}
$mail->MsgHTML($body);

/* $mail->Body =  $_POST['message']."<br><br>Depuis la page: ". str_replace("http://", "", $_SERVER['HTTP_REFERER']) . "<br>" . $_SERVER ['HTTP_USER_AGENT'] ; */


$response = array();
if(!$mail->send()) {
  $response = array('message'=>"Mailer Error: " . $mail->ErrorInfo, 'status'=> 0);
} else {
  $response = array('message'=>"Message has been sent successfully", 'status'=> 1);
}

/* send content type header */
header('Content-Type: application/json');

/* send response as json */
echo json_encode($response);


?>

well you never call the function isValid, so you do not check for it. — jmattheis, Jul 23 '16 at 08:52

jmattheis · Accepted Answer · 2016-07-23T10:12:58.800

2

You need to call the function isValid you only defined it yet.

$response = array();
if(isValid()) {
    // send mail
    if(!$mail->send()) {
        $response = array('message'=>"Mailer Error: " . $mail->ErrorInfo, 'status'=> 0);
    } else {
        $response = array('message'=>"Message has been sent successfully", 'status'=> 1);
    }
} else {
    // handle error
    $response = array('message' => 'Captcha was not valid', 'status'=> 0);
}

Note that you need to call isValid after it was defined.

edited Jul 23 '16 at 10:12

answered Jul 23 '16 at 08:54

jmattheis

10,494
11
46
58

Thanks! Is it appropriate to put "exit;" after the else? Could you tell me which parts of my PHP file I should put in place of // send mail? (when I look at the php file everything looks like variables so not sure which part actually sends the email). Many thanks – Greg Jul 23 '16 at 09:11
this send it: ``$response = array(); if(!$mail->send()) { $response = array('message'=>"Mailer Error: " . $mail->ErrorInfo, 'status'=> 0); } else { $response = array('message'=>"Message has been sent successfully", 'status'=> 1); } `` you can do exit, but you are using response there wait I edit my answer. – jmattheis Jul 23 '16 at 09:24
Actually it seems that there's an issue. The message don't get sent even if reCaptcha is properly validated in the form: it shows the #error_message from the AJAX file. Any idea what the issue is? Thanks. – Greg Jul 23 '16 at 09:49
have you set the correct public key inside the html and the correct private key inside the php script? – jmattheis Jul 23 '16 at 09:56
Oops, yes there was a typo! Thanks again for your help! – Greg Jul 23 '16 at 10:10
Me again :) One more question if I may: do you know how I could check in the AJAX file that the recaptcha box was ticked? (the same way I check that the other fields were field in). Many thanks – Greg Jul 23 '16 at 10:29
You can't, as it need to be verified by recaptcha that it is checked, you could add an additional ajax request in which you only check ``isValid()`` and then proceed with this value. When you stuck at some point of that, you may ask a new question (: – jmattheis Jul 23 '16 at 10:32

Contact form issue to handle Google reCaptcha response

1 Answers1