看看这个链接:
https://developers.google.com/recaptcha/docs/verify
简而言之,你应该提出要求
https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS
如果YOUR_SECRET是您在ReCAPTCHA站点上收到的密钥,则可以通过$_SERVER数组接收USER_IP_ADDRESS,并且RESPONSE_CAME_FROM_YOUR_FORM是与您的表单一起发送的字符串.它存储在$_POST [‘g-recaptcha-response’]中.
您可以通过file_get_contents($url)来完成
$data = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS");
在$data中,您将收到包含您要查找的成功字段的JSON对象.如果成功是错误的,那么它不是人类,你应该退出().我建议你在程序开头检查这个.
更新:
JSON对象的解码如下所示:
$data = json_decode($data); // This will decode JSON to object
if(!$data->success)
exit();
更新:
有时,file_get_contents($url)将无法设置安全的https连接.相反,你可以使用open_https_url($url)
使您的代码看起来像:
$your_secret = "";
$client_captcha_response = $_POST['g-recaptcha-response'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$captcha_verify = open_https_url("https://www.google.com/recaptcha/api/siteverify?secret=$your_secret&response=$client_captcha_response&remoteip=$user_ip");
$captcha_verify_decoded = json_decode($captcha_verify);
if(!$captcha_verify_decoded->success)
die('DIRTY ROBOT');
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$human = $_POST['human'];
$from = 'From: My Website';
$to = 'myemail@gmail.com';
$subject = 'Request Form';
$body = "Name: $name \n E-Mail: $email \nMessage:\n$message";
if ($_POST['submit']) {
if ($email != '') {
if ($human == '4') {
if (mail ($to, $subject, $body, $from)) {
echo '
You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.
';} else {
echo '
Something went wrong, go back and try again!
}
} else if ($_POST['submit'] && $human != '4') {
echo '
You answered the anti-spam question incorrectly!
}
} else {
echo '
You need to fill in all required fields!!
}
}
?>