I have a simple login system made in Laravel, and I'm using Google Captcha V3 (invisible) to authenticate:
<form class="loginForm">
<input type="text" name="login">
<input type="password" name="password">
<button type="submit">LOGIN</button>
</form>
<script src="https://www.google.com/recaptcha/api.js?render=XXXXXX"></script>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('xxxxxxx', {action: 'newlogin'}).then(function(token) {
$('.loginForm').prepend('<input type="hidden" name="token_gcaptcha" value="' + token + '">');
/*
HERE I HAVE A AJAX FUNCTION THAT SENDS THE CONTENT OF MY FORM TO A ROUTE
*/
});
});
</script>
In my Controller Route I use this code to recognize the captcha:
$recaptcha = new \ReCaptcha\ReCaptcha('XXXXX');
$resp = $recaptcha->setExpectedAction("newlogin")->setScoreThreshold(0.5)->verify($data['token_gcaptcha'], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess() != true) {
return array('Error' => 'An Error Ocurred With Captcha', 'Title' => 'Captcha');
}
This code works perfectly when the user manages to login on the first attempt, the problem is that if the user misses the login/password on the first attempt, the route will return an error, and the second time he enters his login/password correctly the error that will be returned will be from the CAPTCHA.
This probably happened because maybe the validity of the captcha token has come to an end, no?
In this case, if the user gets his credentials wrong on the first try, he is obliged to refresh the page and try to log in again (this should update the captcha token).
How do I solve this problem?
