0

After becoming the target for lots of spam, I've been trying to implement a reCAPTCHA v2 on my site's .php contact form. I have the front end of the form working, and have the site submission of the form working, but I'm still getting spam and an alert from Google reCAPTCHA admin that my site is not verifying solutions.

I've browsed other answered questions trying to Frankenstein a solution together, but I haven't had any luck. I'm not very familiar with .php, so I don't particularly know what changes I make could be interfering with others.

<?php 

/* Verify reCAPTCHA First */
$secret = 'my secret code from Google'; 
$url = 'https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response'];
$verifyresponse = file_get_contents($url);
$verify = json_decode($verifyresponse);

/* Process Form */

/* Make sure all fields are filled */

$errors = '';

    if (empty($_POST['name'])  || 
        empty($_POST['email']) || 
        empty($_POST['phone']) || 
        empty($_POST['message'])) {

        $errors .= "</br> Error: All fields are required";
    }

    $name = $_POST['name']; 
    $email_address = $_POST['email']; 
    $phone = $_POST['phone'];
    $message = $_POST['message']; 

/* Check for valid email adress */

    if (!preg_match(
        "/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", 
        $email_address)){

        $errors .= "</br> Error: Invalid email address";
    }

/* No errors, then submit */

if ($verify->success = 'true' && empty($errors)) {
    $to = "...@gmail.com"; // Emails to send the form to
    $email_subject = "SLS Contact Form Submission: $name";
    $email_body =
        "New Contact Form. ".
        "Here are the details: \n
        Name: $name \n
        Email: $email_address \n
        Phone Number: $phone \n
        Message: \n $message";
   /* $message = "Name - " . $_POST['name'] . "<br>";
    $message .= "Email - " . $_POST['email'] . "<br>";
    $message .= "Phone - " . $POST['phone'] . "<br>";
    $message .= "Message - " . $_POST['message'] . "<br>";
    */
    $headers = "From ....com\n";
    $headers .= "Reply to: $email_address";

    mail($to, $email_subject, $email_body, $headers);
      // Send mail OK
       //redirect to the 'thank you' page
       header('Location: ./thankyou.html');
        exit;
    } 
    else {
      // Send mail error
      $_POST['errors'] = $errors;
    }
?>

The contact form submits, sends, etc. but the reCAPTCHA doesn't seem to actually be doing anything.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Ross
  • 1
  • Possible duplicate of [The 3 different equals](https://stackoverflow.com/questions/2063480/the-3-different-equals) –  Jul 17 '19 at 21:28

1 Answers1

0

if ($verify->success = 'true' sets it to true.

You want ==, or for extra safety, === true.

ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • I tried to implement this, but for some reason it sets off one of my error checks and does not send the form – Ross Jul 17 '19 at 21:43
  • Then `$verify->success` is probably false. Do `print_r($verify)` and see what the results of the verification are. – ceejayoz Jul 18 '19 at 01:15