Click here to Skip to main content
15,888,984 members
Search within:


Protect my submit form from robots
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
PHP
hey so i have this submite form on my website for a few months but so now and then bots still manage to submit my form even tough I do use recaptcha
what am i doing wrong?

code PHP
PHP
<pre><html>
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
        <link rel="stylesheet" href="style.css">
        <script src=
        "https://www.google.com/recaptcha/api.js" async defer>
    </script>
        <script src="https://www.google.com/recaptcha/enterprise.js?render=6Lci2pkkAAAAAMiyayyetw1U-CPysP2Ibbmk6nVz"></script>

        <title>Contact formulier</title>
    </head>
    <style>
        .welkom{
            background-color: #66b3ff;
            background-image: url("delta_fiber_logo.png");
            background-repeat: no-repeat;
            background-position: center; 
            position: relative;
            height: 50%;
            margin-bottom: 5%;
            display: flex;
            justify-content: center;
        }
       .welkom p{
            padding-top: 10%;
            color: #fff;
            font-family: Arial;
            font-size: 60px;
            /* animation: fadeIn 5s; */
        }
    </style>
    <body>
    <div class="welkom">
            <!-- <p>Welkom op de website... </p> -->
    </div>

    <div class="submit_form">
        <h1> Contact formulier</h1>
        <form action="contactform_backend.php" method="post">
        
            <div class="form-group">
                <label for="naam">Naam:</label>
                <input type="text" class="form-control" id="naam" name="naam" placeholder="Naam" required="required">
            </div>
            <div class="form-group">
                <label for="email">Email address:</label>
                <input type="email" class="form-control" id="email" name="email" placeholder="Email" required="required">
            </div>
            <div class="form-group">
                <label for="user_message">Bericht: </label>
                <textarea id="user_message" name="user_message" rows="4" maxlength="250" placeholder="Je bericht" required="required"></textarea>
            </div>

            <div class="g-recaptcha" data-sitekey="sitekey" data-callback="enableBtn"></div>
            <br>
            <button type="submit" id="check_recaptcha" class="btn btn-default" disabled style="background-color: #80bfff; color: white;">Submit</button>
      </form>
    </div>
      
    </body>
    <script type="text/javascript">
        function enableBtn(){
            document.getElementById("check_recaptcha").disabled = false;
        }
    </script>
</html>



backend

<?php
//stuur mail
include "../config.php";
include "../phpmailer.php";
if ($_SERVER['REQUEST_METHOD'] === 'POST') { 
            if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']) && !empty($_POST['naam']) && !empty($_POST['email']) && !empty($_POST['user_message'])){ 
                $secretKey = "secret";
                //informatie van contactform pagina
                $klant = $_POST['naam'];
                $email = $_POST['email'];
                $message = $_POST['user_message'];
                $date = date("d-m-Y");
                // Verify the reCAPTCHA API response 
                $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secretKey.'&response='.$_POST['g-recaptcha-response']); 
                // Decode JSON data of API response 
                $responseData = json_decode($verifyResponse); 
                // If the reCAPTCHA API response is valid 
                if($responseData->success){ 
                    $sql = "SELECT * FROM users";
                    $stmt = $conn->prepare($sql); 
                    $stmt->execute();
                    $result = $stmt->get_result();
                    while ($row = $result->fetch_assoc()) {
                        $adminEmail = $row['email'];
                        $onderwerp = "contact formulier bericht";
                        $testbericht = "
                        Geachte heer/mevrouw,
                        <br>
                        <p>".$message."</p>
                        Met vriendelijke groet,
                        <br>
                        <br>
                        Klant: ".$klant."
                        <br>
                        Klantemail: ".$email."
                        <br>
                        Verzonden op: ".$date."";
                        mailen($adminEmail, $klant, $onderwerp, $testbericht);
                    }
        
                    //klant mail
                    $onderwerp = "Verzonden bericht";
                    $testbericht = "
                    Geachte ".$klant." 
                    <br>
                    Dit is een kopie van het bericht dat u heeft gestuurd. 
                    <br>
                    ".$message."
                    <br>
                    Bericht is verstuurd op: ".$date."";
                    mailen($email, $klant, $onderwerp, $testbericht);
                    header('Location: code_invullen.php');
                }
                    
            }else{
                echo "<script>alert('please fill all fields ');</script>"; 
                echo "<script>window.location.href = '../index.php';</script>"; 
            }
       
        
    
}
?>


What I have tried:

So I added a extra dumb question in my new version but i'm afraid that bots can still get through that one
like a what is 2+2 question. idk if that protects it better. just need some tips


right now changes the url to 
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secretKey.'&response='.$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']);
again not sure if this protects it better I jsut know that the remoteIP works with the ip adress
Posted
Updated 8-May-23 23:59pm
v4
Add a Solution
Comments
Richard Deeming 10-May-23 4:53am    
One obvious issue: you're loading the scripts for both the regular reCAPTCHA and reCAPTCHA Enterprise. You never actually seem to use the Enterprise version, so that script almost certainly isn't needed.

I'm assuming you've actually replaced the data-sitekey="sitekey" value with your actual site key?

Beyond that, if you're still getting spam submissions, then there's a good chance that someone is manually solving the reCAPTCHA. There's not really anything you can do to block that without also making it impossible for real messages to be submitted.
Rebecca2002 11-May-23 3:51am    
the second question: Yes I don't know much about recaptcha so I didn't know if it was safe to just show the site keys. and I see what you mean with the enterprise I will remove it thank you

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Clearing of inserted data after submit the form
Subdomain submition protection help
[Resolved] PHP submit form at end of duration
Using ASP.NET to submit an HTML form.
Submitting a form even with a fired validation.
Keep data in form after Submit
submit form
Validating form before submit is not showing any validation error from the form
submit registration form
How to display the data a user just submitted in a form?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 May 2023
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900