I have been trying to implement recaptcha v3 from a tutorial on my site form, but since adding it to the form and processing page the form no longer sends, I have checked the keys are correct, so not sure why its not working
In the head of the index page i have added this for it
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous">
</script>
<script src="https://www.google.com/recaptcha/api.js?render=my site key here"></script>
The form on the index page is as follows
<?php
//init variables
$cf = array();
$sr = false;
if(isset($_SESSION['cf_returndata'])){
$cf = $_SESSION['cf_returndata'];
$sr = true;
}
?>
<ul id="errors" class="<?php echo ($sr && !$cf['form_ok']) ? 'visible' : ''; ?>">
<li id="info">There were some problems with your form submission:</li>
<?php
if(isset($cf['errors']) && count($cf['errors']) > 0) :
foreach($cf['errors'] as $error) :
?>
<li><?php echo $error; ?></li>
<?php
endforeach;
endif;
?>
</ul>
<p id="success" class="<?php echo ($sr && $cf['form_ok']) ? 'visible' : ''; ?>">Thanks for your message! We will get back to you ASAP!</p>
<br/>
<form id+"form" method="post" action="process.php" class="<?php echo ($sr && $cf['form_ok']) ? 'visible' : ''; ?>" >
<label for="name">Name: <span class="required">*</span></label>
<input type="text" id="name" name="name" value="<?php echo ($sr && !$cf['form_ok']) ? $cf['posted_form_data']['name'] : '' ?>" placeholder="Your Name" required />
<input type="hidden" id="city" name="city" value="<?php echo ($sr && !$cf['form_ok']) ? $cf['posted_form_data']['city'] : '' ?>" />
<label for="email">Email Address: <span class="required">*</span></label>
<input type="email" id="email" name="email" value="<?php echo ($sr && !$cf['form_ok']) ? $cf['posted_form_data']['email'] : '' ?>" placeholder="johndoe@example.com" required />
<label for="telephone">Telephone: </label>
<input type="tel" id="telephone" name="telephone" value="<?php echo ($sr && !$cf['form_ok']) ? $cf['posted_form_data']['telephone'] : '' ?>" />
<label for="enquiry">Enquiry: </label>
<select id="enquiry" name="enquiry">
<option value="Sales" <?php echo ($sr && !$cf['form_ok'] && $cf['posted_form_data']['enquiry'] == 'Sales') ? "selected='selected'" : '' ?>>Sales</option>
<option value="Support" <?php echo ($sr && !$cf['form_ok'] && $cf['posted_form_data']['enquiry'] == 'Support') ? "selected='selected'" : '' ?>>Website Support</option>
</select>
<label for="message">Message: <span class="required">*</span> <div id="charNum">0</div></label>
<textarea id="message" name="message" oninput="countChar(this)" placeholder="Your message must be greater than 20 charcters" required data-minlength="20"><?php echo ($sr && !$cf['form_ok']) ? $cf['posted_form_data']['message'] : '' ?></textarea>
<span id="loading"></span>
<input type="submit" value="SEND MESSAGE" id="submit-button" />
<p id="req-field-desc"><span class="required">*</span> indicates a required field</p>
</form>
<script>
$('#form').submit(function(event) {
event.preventDefault();
var name = $('#name').val();
var email = $('#email').val();
var message = $('#message').val();
grecaptcha.ready(function() {
grecaptcha.execute('6LfJZswUAAAAAJyV7DXj_CvgWjWB-3FOq4_JsYhM', {action: 'index'}).then(function(token) {
$('#form').prepend('<input type="hidden" name="token" value="' + token + '">');
$('#form').prepend('<input type="hidden" name="action" value="index">');
$('#form').unbind('submit').submit();
});;
});
});
</script>
<?php unset($_SESSION['cf_returndata']);
?>
and this is the processing page
<?php
date_default_timezone_set('Australia/Adelaide');
define("RECAPTCHA_V3_SECRET_KEY", 'secret key here');
function clean_input($input){
return strip_tags(trim($input));
}
if( isset($_POST) ){
//form validation vars
$formok = true;
$errors = array();
//sumbission data
$ipaddress = $_SERVER['REMOTE_ADDR'];
$date = date('d/m/Y');
$time = date('H:i:s');
//form data
$name = clean_input($_POST['name']);
$city = $_POST['city'];
$email = clean_input($_POST['email']);
$telephone = clean_input($_POST['telephone']);
$enquiry = clean_input($_POST['enquiry']);
$message = clean_input($_POST['message']);
//validate form data
if(!empty($city)){
// log the attacker input
$myfile = fopen("attacks.txt", "a") or die("Unable to open file!");
$txt = "$date - $time - $city \n";
fwrite($myfile, $txt);
fclose($myfile);
//redirect back to form
header('location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
//validate name is not empty
if(empty($name)){
$formok = false;
$errors[] .= "You have not entered a name";
}
//validate email address is not empty
if(empty($email)){
$formok = false;
$errors[] .= "You have not entered an email address";
//validate email address is valid
}elseif(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$formok = false;
$errors[] .= "You have not entered a valid email address";
}
//validate message is not empty
if(empty($message)){
$formok = false;
$errors[] .= "You have not entered a message";
}
//validate message is greater than 20 charcters
elseif(strlen($message) < 20){
$formok = false;
$errors[] .= "Your message must be greater than 20 characters";
}
$token = $_POST['token'];
$action = $_POST['action'];
// call curl to POST request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('secret' => RECAPTCHA_V3_SECRET_KEY, 'response' => $token)));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
$arrResponse = json_decode($response, true);
// verify the response
if($arrResponse["success"] == '1' && $arrResponse["action"] == $action && $arrResponse["score"] >= 0.5) {
//send email if all is ok
if($formok == true){
$headers = "From: email address here" . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$emailbody = "<p>You have recieved a new message from the enquiries form on your website.</p>
<p><strong>Name: </strong> {$name} </p>
<p><strong>Email Address: </strong> {$email} </p>
<p><strong>Telephone: </strong> {$telephone} </p>
<p><strong>Enquiry: </strong> {$enquiry} </p>
<p><strong>Message: </strong> {$message} </p>
<p>This message was sent from the IP Address: {$ipaddress} on {$date} at {$time}</p>";
mail("email address here","New Enquiry",$emailbody,$headers);
}
} else {
header('location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
//what we need to return back to our form
$returndata = array(
'posted_form_data' => array(
'name' => $name,
'email' => $email,
'telephone' => $telephone,
'enquiry' => $enquiry,
'message' => $message
),
'form_ok' => $formok,
'errors' => $errors,
);
//if this is not an ajax request
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !== 'xmlhttprequest'){
//set session variables
session_start();
$_SESSION['cf_returndata'] = $returndata;
//redirect back to form
header('location: ' . $_SERVER['HTTP_REFERER']);
}
}
Any help to solve how I stuffed this would be appreciated, actual email addresses and site keys are correct in the actual code.