User password Request and google reCaptcha
4 posts by 2 authors in: Forums > CMS Builder
Last Post: August 10, 2017 (RSS)
By Twocans - August 8, 2017 - edited: August 8, 2017
Hi yea,
I have a password request page,
<?php function validateGoogleCaptcha(){
$errorsAndAlerts = "";
if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }
else {
// check recaptcha
$postdata = array();
$postdata['secret'] = '6LcwKCwUAAAAAK5CXed1YJGfMk7iVBL5NgN2vPVd';
$postdata['response'] = @$_REQUEST['g-recaptcha-response'];
$postdata['remoteip'] = $_SERVER['REMOTE_ADDR'];
$url = "https://www.google.com/recaptcha/api/siteverify?". http_build_query($postdata, '', '&');
list($json, $httpStatusCode, $headers, $request) = getPage($url, 5, '', true);
$recaptchaResponse = json_decode($json, true);
if (!$recaptchaResponse['success']) {
if (is_array($recaptchaResponse['error-codes'])) {
if (in_array('missing-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (no secret)<br/>\n"; }
if (in_array('invalid-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (invald secret)<br/>\n"; }
if (in_array('missing-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box!<br/>\n"; }
if (in_array('invalid-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box again, your answer was incorrect!<br/>\n"; }
}
if (!$errorsAndAlerts) { $errorsAndAlerts .= "Invalid captcha response, please try again or contact us directly and let us know."; }
@trigger_error("Failed recaptcha on signup form", E_USER_NOTICE);
}
}
return $errorsAndAlerts;
}
// error checking
$errorsAndAlerts = alert();
if (@$CURRENT_USER) {
$errorsAndAlerts = "You are already logged in! <a href='/'>Click here to continue</a> or <a href='?action=logoff'>Logoff</a>.";
}
?>
<?php // process form
if (@$_POST['action']):?>
<?php $errorsAndAlerts = "";
$errorsAndAlerts .= validateGoogleCaptcha();
?>
<?php endif ?>
<?php
### send reset email
if (@$_POST['action'] == 'sendPasswordReminder') {
global $SETTINGS, $TABLE_PREFIX;
// display errors
if (!@$_REQUEST['usernameOrEmail']) { $errorsAndAlerts .= "No email specified!<br/>\n"; }
// send emails
if (@$_REQUEST['usernameOrEmail']) {
$where = mysql_escapef("? IN (`username`,`email`)", $_REQUEST['usernameOrEmail']);
$user = mysql_get(accountsTable(), null, $where);
// send message
if ($user) {
$emailHeaders = emailTemplate_loadFromDB(array(
'template_id' => 'USER-PASSWORD-RESET',
'placeholders' => array(
'user.username' => $user['username'],
'user.email' => $user['email'],
'loginUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']),
'resetUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_RESET_URL'] . "?userNum={$user['num']}&resetCode=" . _generatePasswordResetCode( $user['num'] )),
)));
$mailErrors = sendMessage($emailHeaders);
if ($mailErrors) { alert("Mail Error: $mailErrors"); }
//
$errorsAndAlerts .= "Thanks, we've emailed you instructions on resetting your password.<br/><br/>
If you don't receive an email within a few minutes check your spam filter for messages from elvis himself<br/>\n";
// clear form
$_REQUEST['usernameOrEmail'] = '';
}
//
if (!$user) { $errorsAndAlerts .= "No matching username or email was found!<br/>\n"; }
}
}
?>
I am using the google captcha, my question is how to have them fire both same time.
http://www.camteach.com/user-password-request.php
If i click submit without completing anything i have both the warning of "Please check the anti-spam 'I am not a robot' checkbox!" AND "No email specified!"
Were I to just click the Googles "I am not a robot" recaptcha error,,,, I get the "No email specified!" alert
but were I to NOT CHECK the captcha, and just enter a correct email address, on this occasion enter emmalinnery@gmail.com, then it goes through. I want it so when the correct email is entered and captcha is not checked to have the alert show "Please check the anti-spam 'I am not a robot' checkbox!"
I have tried this aka adding the join || but that didnt work.
<?php function validateGoogleCaptcha(){
$errorsAndAlerts = "";
if (!@$_REQUEST['usernameOrEmail'] || !@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "plop!<br/>\n"; }
if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }
http://www.camteach.com/user-password-request1.php
I would be grateful for any input. cheers
Kenny D
By Dave - August 9, 2017
Hi Kenny D,
Can you try removing this line in red:
// process form
if (@$_POST['action']) {
$errorsAndAlerts = "";
$errorsAndAlerts .= validateGoogleCaptcha();
}
Let me know if that works for you.
interactivetools.com
By Twocans - August 10, 2017
Thank you Dave,
I tried that but it didnt help
http://www.camteach.com/zzzzpwreq.php
try using the email address emmalinnery@gmail.com
the code on the page is as
Thanks for your help
Kenny
<?php function validateGoogleCaptcha(){
$errorsAndAlerts = "";
if (!@$_REQUEST['usernameOrEmail'] || !@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "plop!<br/>\n"; }
if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }
else {
// check recaptcha
$postdata = array();
$postdata['secret'] = '6LcwKCwUAAAAAK5CXed1YJGfMk7iVBL5NgN2vPVd';
$postdata['response'] = @$_REQUEST['g-recaptcha-response'];
$postdata['remoteip'] = $_SERVER['REMOTE_ADDR'];
$url = "https://www.google.com/recaptcha/api/siteverify?". http_build_query($postdata, '', '&');
list($json, $httpStatusCode, $headers, $request) = getPage($url, 5, '', true);
$recaptchaResponse = json_decode($json, true);
if (!$recaptchaResponse['success']) {
if (is_array($recaptchaResponse['error-codes'])) {
if (in_array('missing-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (no secret)<br/>\n"; }
if (in_array('invalid-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (invald secret)<br/>\n"; }
if (in_array('missing-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box!<br/>\n"; }
if (in_array('invalid-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box again, your answer was incorrect!<br/>\n"; }
}
if (!$errorsAndAlerts) { $errorsAndAlerts .= "Invalid captcha response, please try again or contact us directly and let us know."; }
@trigger_error("Failed recaptcha on signup form", E_USER_NOTICE);
}
}
return $errorsAndAlerts;
}
// error checking
$errorsAndAlerts = alert();
if (@$CURRENT_USER) {
$errorsAndAlerts = "You are already logged in! <a href='/'>Click here to continue</a> or <a href='?action=logoff'>Logoff</a>.";
}
?>
<?php // process form
if (@$_POST['action']):?>
<?php // $errorsAndAlerts = "";
$errorsAndAlerts .= validateGoogleCaptcha();
?>
<?php endif ?>
<?php
### send reset email
if (@$_POST['action'] == 'sendPasswordReminder') {
global $SETTINGS, $TABLE_PREFIX;
// display errors
if (!@$_REQUEST['usernameOrEmail']) { $errorsAndAlerts .= "No email specified!<br/>\n"; }
// send emails
if (@$_REQUEST['usernameOrEmail']) {
$where = mysql_escapef("? IN (`username`,`email`)", $_REQUEST['usernameOrEmail']);
$user = mysql_get(accountsTable(), null, $where);
// send message
if ($user) {
$emailHeaders = emailTemplate_loadFromDB(array(
'template_id' => 'USER-PASSWORD-RESET',
'placeholders' => array(
'user.username' => $user['username'],
'user.email' => $user['email'],
'loginUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']),
'resetUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_RESET_URL'] . "?userNum={$user['num']}&resetCode=" . _generatePasswordResetCode( $user['num'] )),
)));
$mailErrors = sendMessage($emailHeaders);
if ($mailErrors) { alert("Mail Error: $mailErrors"); }
//
$errorsAndAlerts .= "Thanks, we've emailed you instructions on resetting your password.<br/><br/>
If you don't receive an email within a few minutes check your spam filter for messages from elvis himself<br/>\n";
// clear form
$_REQUEST['usernameOrEmail'] = '';
}
//
if (!$user) { $errorsAndAlerts .= "No matching username or email was found!<br/>\n"; }
}
}
?>
By Dave - August 10, 2017
Hi Twocans,
Hmm, I'm not sure by looking at the code. I don't see any obvious errors. A quick and easy debugging technique would be put some print statements to see what the contents of $errorsAndAlerts is at various points and then try and determine where the variable is either not getting set, or getting overwritten.
Hope that helps!
interactivetools.com