User password Request and google reCaptcha

4 posts by 2 authors in: Forums > CMS Builder
Last Post: August 10, 2017   (RSS)

By Twocans - August 8, 2017 - edited: August 8, 2017

Hi yea,

I have a password request page, 

<?php function validateGoogleCaptcha(){

$errorsAndAlerts = "";

if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }
else {
// check recaptcha
$postdata = array();
$postdata['secret'] = '6LcwKCwUAAAAAK5CXed1YJGfMk7iVBL5NgN2vPVd';
$postdata['response'] = @$_REQUEST['g-recaptcha-response'];
$postdata['remoteip'] = $_SERVER['REMOTE_ADDR'];
$url = "https://www.google.com/recaptcha/api/siteverify?". http_build_query($postdata, '', '&');
list($json, $httpStatusCode, $headers, $request) = getPage($url, 5, '', true);
$recaptchaResponse = json_decode($json, true);

if (!$recaptchaResponse['success']) {
if (is_array($recaptchaResponse['error-codes'])) {
if (in_array('missing-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (no secret)<br/>\n"; }
if (in_array('invalid-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (invald secret)<br/>\n"; }
if (in_array('missing-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box!<br/>\n"; }
if (in_array('invalid-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box again, your answer was incorrect!<br/>\n"; }
}
if (!$errorsAndAlerts) { $errorsAndAlerts .= "Invalid captcha response, please try again or contact us directly and let us know."; }
@trigger_error("Failed recaptcha on signup form", E_USER_NOTICE);
}
}

return $errorsAndAlerts;
}
// error checking
$errorsAndAlerts = alert();
if (@$CURRENT_USER) {
$errorsAndAlerts = "You are already logged in! <a href='/'>Click here to continue</a> or <a href='?action=logoff'>Logoff</a>.";
}
?>
<?php // process form
if (@$_POST['action']):?>
<?php $errorsAndAlerts = "";
$errorsAndAlerts .= validateGoogleCaptcha();
?>
<?php endif ?>
<?php
### send reset email
if (@$_POST['action'] == 'sendPasswordReminder') {
global $SETTINGS, $TABLE_PREFIX;


// display errors
if (!@$_REQUEST['usernameOrEmail']) { $errorsAndAlerts .= "No email specified!<br/>\n"; }


// send emails
if (@$_REQUEST['usernameOrEmail']) {
$where = mysql_escapef("? IN (`username`,`email`)", $_REQUEST['usernameOrEmail']);
$user = mysql_get(accountsTable(), null, $where);


// send message
if ($user) {


$emailHeaders = emailTemplate_loadFromDB(array(
'template_id' => 'USER-PASSWORD-RESET',
'placeholders' => array(
'user.username' => $user['username'],
'user.email' => $user['email'],
'loginUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']),
'resetUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_RESET_URL'] . "?userNum={$user['num']}&resetCode=" . _generatePasswordResetCode( $user['num'] )),
)));
$mailErrors = sendMessage($emailHeaders);
if ($mailErrors) { alert("Mail Error: $mailErrors"); }


//
$errorsAndAlerts .= "Thanks, we've emailed you instructions on resetting your password.<br/><br/>
If you don't receive an email within a few minutes check your spam filter for messages from elvis himself<br/>\n";


// clear form
$_REQUEST['usernameOrEmail'] = '';
}


//
if (!$user) { $errorsAndAlerts .= "No matching username or email was found!<br/>\n"; }
}
}
?>

I am using the google captcha, my question is how to have them fire both same time.

http://www.camteach.com/user-password-request.php

If i click submit without completing anything i have both the warning of "Please check the anti-spam 'I am not a robot' checkbox!" AND "No email specified!"

Were I to just click the Googles "I am not a robot" recaptcha error,,,, I get the "No email specified!" alert

but were I to NOT CHECK  the captcha, and just enter a correct email address, on this occasion enter emmalinnery@gmail.com, then  it goes through. I want it so when the correct email is entered and captcha is not checked to have the alert show "Please check the anti-spam 'I am not a robot' checkbox!"

I have tried this aka adding the join || but that didnt work. 

<?php function validateGoogleCaptcha(){
$errorsAndAlerts = "";
if (!@$_REQUEST['usernameOrEmail'] || !@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "plop!<br/>\n"; }
if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }

http://www.camteach.com/user-password-request1.php

I would be grateful for any input. cheers

Kenny D

By Twocans - August 10, 2017

Thank you Dave,
I tried that but it didnt help

http://www.camteach.com/zzzzpwreq.php

try using the email address emmalinnery@gmail.com

the code on the page is as

Thanks for your help

Kenny

<?php function validateGoogleCaptcha(){

$errorsAndAlerts = "";


if (!@$_REQUEST['usernameOrEmail'] || !@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "plop!<br/>\n"; }
if (!@$_REQUEST['g-recaptcha-response']) { $errorsAndAlerts .= "Please check the anti-spam 'I am not a robot' checkbox!<br/>\n"; }
else {
// check recaptcha
$postdata = array();
$postdata['secret'] = '6LcwKCwUAAAAAK5CXed1YJGfMk7iVBL5NgN2vPVd';
$postdata['response'] = @$_REQUEST['g-recaptcha-response'];
$postdata['remoteip'] = $_SERVER['REMOTE_ADDR'];
$url = "https://www.google.com/recaptcha/api/siteverify?". http_build_query($postdata, '', '&');
list($json, $httpStatusCode, $headers, $request) = getPage($url, 5, '', true);
$recaptchaResponse = json_decode($json, true);


if (!$recaptchaResponse['success']) {
if (is_array($recaptchaResponse['error-codes'])) {
if (in_array('missing-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (no secret)<br/>\n"; }
if (in_array('invalid-input-secret', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "There's a problem with recaptcha, please let us know! (invald secret)<br/>\n"; }
if (in_array('missing-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box!<br/>\n"; }
if (in_array('invalid-input-response', $recaptchaResponse['error-codes'])) { $errorsAndAlerts .= "Please fill out the recaptcha box again, your answer was incorrect!<br/>\n"; }
}
if (!$errorsAndAlerts) { $errorsAndAlerts .= "Invalid captcha response, please try again or contact us directly and let us know."; }
@trigger_error("Failed recaptcha on signup form", E_USER_NOTICE);
}
}


return $errorsAndAlerts;
}
// error checking
$errorsAndAlerts = alert();
if (@$CURRENT_USER) {
$errorsAndAlerts = "You are already logged in! <a href='/'>Click here to continue</a> or <a href='?action=logoff'>Logoff</a>.";
}
?>
<?php // process form
if (@$_POST['action']):?>
<?php // $errorsAndAlerts = "";
$errorsAndAlerts .= validateGoogleCaptcha();
?>
<?php endif ?>
<?php
### send reset email
if (@$_POST['action'] == 'sendPasswordReminder') {
global $SETTINGS, $TABLE_PREFIX;



// display errors
if (!@$_REQUEST['usernameOrEmail']) { $errorsAndAlerts .= "No email specified!<br/>\n"; }



// send emails
if (@$_REQUEST['usernameOrEmail']) {
$where = mysql_escapef("? IN (`username`,`email`)", $_REQUEST['usernameOrEmail']);
$user = mysql_get(accountsTable(), null, $where);



// send message
if ($user) {



$emailHeaders = emailTemplate_loadFromDB(array(
'template_id' => 'USER-PASSWORD-RESET',
'placeholders' => array(
'user.username' => $user['username'],
'user.email' => $user['email'],
'loginUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']),
'resetUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_RESET_URL'] . "?userNum={$user['num']}&resetCode=" . _generatePasswordResetCode( $user['num'] )),
)));
$mailErrors = sendMessage($emailHeaders);
if ($mailErrors) { alert("Mail Error: $mailErrors"); }



//
$errorsAndAlerts .= "Thanks, we've emailed you instructions on resetting your password.<br/><br/>
If you don't receive an email within a few minutes check your spam filter for messages from elvis himself<br/>\n";



// clear form
$_REQUEST['usernameOrEmail'] = '';
}



//
if (!$user) { $errorsAndAlerts .= "No matching username or email was found!<br/>\n"; }
}
}
?>

By Dave - August 10, 2017

Hi Twocans, 

Hmm, I'm not sure by looking at the code.  I don't see any obvious errors.  A quick and easy debugging technique would be put some print statements to see what the contents of $errorsAndAlerts is at various points and then try and determine where the variable is either not getting set, or getting overwritten.

Hope that helps! 

Dave Edis - Senior Developer
interactivetools.com