php - Cakephp : 验证recaptcha

Question

我已经下载了一个recaptchalib 并成功实现了recaptcha 并在我的页面上显示recaptcha 但我无法验证它......我如何验证recaptcha

在查看文件中

 <div id="recaptcha_div"></div>

 <script type="text/javascript">
 $(function(){
  Recaptcha.create("<?php echo Configure::read("recatpch_settings.public_key")?>",   'recaptcha_div', {
  theme: "red",
  callback: Recaptcha.focus_response_field});
});

</script>

控制器的登录动作

 public function login() {

    App::import('Vendor', 'recaptchalib', array('file' =>   'recaptchalib/recaptchalib.php'));
    $resp = recaptcha_check_answer (Configure::read("recatpch_settings.private_key"),
        $_SERVER["REMOTE_ADDR"],
        $this->params['form']["recaptcha_challenge_field"],
        $this->params['form']["recaptcha_response_field"]);
    pr($resp);
    exit();
    if (!$resp->is_valid) {
        $this->Session->setFlash('The reCAPTCHA wasn\'t entered correctly. Please, try again.');
    } else {
        if ($this->request->is('post')) {
            if ($this->Auth->login()) {
                $this->redirect($this->Auth->redirect());
            } else {
                $this->Session->setFlash('Your username/password combination was incorrect');
            }
        }
    }
}

我无法验证验证码。如果我输入正确的验证码以及用户名和密码，我想登录用户。

Answer 1

我知道这是一个非常古老的问题，但我会继续回答那些可能正在考虑实施此问题的人。

将 Site/Secret 密钥添加到您的 app/config/bootstrap.php 文件中。

//Recaptcha Config
Configure::write('Recaptcha.SiteKey','YourSiteKey');
Configure::write('Recaptcha.SecretKey','YourSecretKey');

将 reCaptcha 小部件添加到您的视图/表单中：

<div>
    <div class="g-recaptcha" 
         data-sitekey="<?php echo Configure::read('Recaptcha.SiteKey'); ?>">
    </div>
    <?php echo $this->Html->script('https://www.google.com/recaptcha/api.js"'); ?>
</div>

验证用户的响应（控制器内的可重用功能）：

private function __checkRecaptchaResponse($response){
    // verifying the response is done through a request to this URL
    $url = 'https://www.google.com/recaptcha/api/siteverify';
    // The API request has three parameters (last one is optional)
    $data = array('secret' => Configure::read('Recaptcha.SecretKey'),
                    'response' => $response,
                    'remoteip' => $_SERVER['REMOTE_ADDR']);

    // use key 'http' even if you send the request to https://...
    $options = array(
        'http' => array(
            'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
            'method'  => 'POST',
            'content' => http_build_query($data),
        ),
    );

    // We could also use curl to send the API request
    $context  = stream_context_create($options);
    $json_result = file_get_contents($url, false, $context);
    $result = json_decode($json_result);
    return $result->success;
}

在提交包含小部件的表单后，您可以通过调用上述函数来检查响应：

if($this->__checkRecaptchaResponse($this->request->data['g-recaptcha-response'])){
    // user solved the captcha
} else {
    // user failed to solve the captcha
}

有用的资源：

• https://developers.google.com/recaptcha/docs/display
• https://developers.google.com/recaptcha/docs/verify

Answer 2

Google 引入了新的 reCaptcha API，即你是机器人吗？一种新的设计验证码系统。这可以保护您的网站免受机器人和垃圾邮件发送者的攻击，在这篇文章中，我使用 CakePHP 实现了带有 HTML 登录表单的新 reCaptch API 系统。请快速查看演示。

获取验证码密钥

单击此处创建 Google reCaptcha 应用程序。

注册您的网站

在没有 http 的情况下提供您的网站域详细信息：

谷歌网站密钥

您将在 HTML 代码中使用它。

谷歌密钥

这将有助于您的网站与 Google 进行通信。

HTML 代码

包含带有 Google reCaptcha 片段的 HTML 代码。您必须修改 GOOGLE_SITE_KEY 值。

<html>
<head>
/* Google reCaptcha JS */
<script src="https://www.google.com/recaptcha/api.js"></script>
</head>
<body>
<form action="" method="post">
<label>Username</label>
<?php echo $this->Form->text('User.username', array('maxlength' => 32))?>
<label>Password</label>
<?php echo $this->Form->password('User.password', array('maxlength' => 32))?>
<div class="g-recaptcha" data-sitekey="GOOGLE_SITE_KEY"></div>
<input type="submit"  value="Log In" />
</form>
</body>
</html>

在 Vendor 文件中创建新的 Vendor：

卷曲.php

<?php
function getCurlData($url)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16");
$curlData = curl_exec($curl);
curl_close($curl);
return $curlData;
}
?>

在控制器中使用，您必须修改 GOOGLE_SECRET_KEY 值。

$recaptcha = $this->data['g-recaptcha-response'];

$google_url = "https://www.google.com/recaptcha/api/siteverify";
$secret = 'GOOGLE_SECRET_KEY';
$ip = $_SERVER['REMOTE_ADDR'];
$url = $google_url . "?secret=" . $secret . "&response=" . $recaptcha ."&remoteip=" . $ip;
App::import('Vendor', 'curl');
$res = getCurlData($url);
$res = json_decode($res, true);

if(empty($res['success'])){

//if success not empty
//some code here
}

希望它有用。