Click here to Skip to main content
15,920,438 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hey so i have this submite form on my website for a few months but so now and then bots still manage to submit my form even tough I do use recaptcha
what am i doing wrong?

code PHP
PHP
<pre><html>
    <head>
        <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-1BmE4kWBq78iYhFldvKuhfTAU6auU8tT94WrHftjDbrCEXSU1oBoqyl2QvZ6jIW3" crossorigin="anonymous">
        <link rel="stylesheet" href="style.css">
        <script src=
        "https://www.google.com/recaptcha/api.js" async defer>
    </script>
        <script src="https://www.google.com/recaptcha/enterprise.js?render=6Lci2pkkAAAAAMiyayyetw1U-CPysP2Ibbmk6nVz"></script>

        <title>Contact formulier</title>
    </head>
    <style>
        .welkom{
            background-color: #66b3ff;
            background-image: url("delta_fiber_logo.png");
            background-repeat: no-repeat;
            background-position: center; 
            position: relative;
            height: 50%;
            margin-bottom: 5%;
            display: flex;
            justify-content: center;
        }
       .welkom p{
            padding-top: 10%;
            color: #fff;
            font-family: Arial;
            font-size: 60px;
            /* animation: fadeIn 5s; */
        }
    </style>
    <body>
    <div class="welkom">
            <!-- <p>Welkom op de website... </p> -->
    </div>

    <div class="submit_form">
        <h1> Contact formulier</h1>
        <form action="contactform_backend.php" method="post">
        
            <div class="form-group">
                <label for="naam">Naam:</label>
                <input type="text" class="form-control" id="naam" name="naam" placeholder="Naam" required="required">
            </div>
            <div class="form-group">
                <label for="email">Email address:</label>
                <input type="email" class="form-control" id="email" name="email" placeholder="Email" required="required">
            </div>
            <div class="form-group">
                <label for="user_message">Bericht: </label>
                <textarea id="user_message" name="user_message" rows="4" maxlength="250" placeholder="Je bericht" required="required"></textarea>
            </div>

            <div class="g-recaptcha" data-sitekey="sitekey" data-callback="enableBtn"></div>
            <br>
            <button type="submit" id="check_recaptcha" class="btn btn-default" disabled style="background-color: #80bfff; color: white;">Submit</button>
      </form>
    </div>
      
    </body>
    <script type="text/javascript">
        function enableBtn(){
            document.getElementById("check_recaptcha").disabled = false;
        }
    </script>
</html>



backend

<?php
//stuur mail
include "../config.php";
include "../phpmailer.php";
if ($_SERVER['REQUEST_METHOD'] === 'POST') { 
            if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response']) && !empty($_POST['naam']) && !empty($_POST['email']) && !empty($_POST['user_message'])){ 
                $secretKey = "secret";
                //informatie van contactform pagina
                $klant = $_POST['naam'];
                $email = $_POST['email'];
                $message = $_POST['user_message'];
                $date = date("d-m-Y");
                // Verify the reCAPTCHA API response 
                $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secretKey.'&response='.$_POST['g-recaptcha-response']); 
                // Decode JSON data of API response 
                $responseData = json_decode($verifyResponse); 
                // If the reCAPTCHA API response is valid 
                if($responseData->success){ 
                    $sql = "SELECT * FROM users";
                    $stmt = $conn->prepare($sql); 
                    $stmt->execute();
                    $result = $stmt->get_result();
                    while ($row = $result->fetch_assoc()) {
                        $adminEmail = $row['email'];
                        $onderwerp = "contact formulier bericht";
                        $testbericht = "
                        Geachte heer/mevrouw,
                        <br>
                        <p>".$message."</p>
                        Met vriendelijke groet,
                        <br>
                        <br>
                        Klant: ".$klant."
                        <br>
                        Klantemail: ".$email."
                        <br>
                        Verzonden op: ".$date."";
                        mailen($adminEmail, $klant, $onderwerp, $testbericht);
                    }
        
                    //klant mail
                    $onderwerp = "Verzonden bericht";
                    $testbericht = "
                    Geachte ".$klant." 
                    <br>
                    Dit is een kopie van het bericht dat u heeft gestuurd. 
                    <br>
                    ".$message."
                    <br>
                    Bericht is verstuurd op: ".$date."";
                    mailen($email, $klant, $onderwerp, $testbericht);
                    header('Location: code_invullen.php');
                }
                    
            }else{
                echo "<script>alert('please fill all fields ');</script>"; 
                echo "<script>window.location.href = '../index.php';</script>"; 
            }
       
        
    
}
?>


What I have tried:

So I added a extra dumb question in my new version but i'm afraid that bots can still get through that one
like a what is 2+2 question. idk if that protects it better. just need some tips


right now changes the url to
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secretKey.'&response='.$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']);
again not sure if this protects it better I jsut know that the remoteIP works with the ip adress
Posted
Updated 8-May-23 23:59pm
v4
Comments
Richard Deeming 10-May-23 4:53am    
One obvious issue: you're loading the scripts for both the regular reCAPTCHA and reCAPTCHA Enterprise. You never actually seem to use the Enterprise version, so that script almost certainly isn't needed.

I'm assuming you've actually replaced the data-sitekey="sitekey" value with your actual site key?

Beyond that, if you're still getting spam submissions, then there's a good chance that someone is manually solving the reCAPTCHA. There's not really anything you can do to block that without also making it impossible for real messages to be submitted.
Rebecca2002 11-May-23 3:51am    
the second question: Yes I don't know much about recaptcha so I didn't know if it was safe to just show the site keys. and I see what you mean with the enterprise I will remove it thank you

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900