i have php login file and i want to put the google captcha in that login form and i use php and html together(not sending the form data to other php page.) the problem is when users don't verify captcha , users still can log in to the website.(even captcha not verify) here is my code :
<form action="" method="post" id="form">
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-user"></i></span>
<input type="text" class="form-control" name="form-username" id="form-username" placeholder="Username" required="">
</div>
</div>
<div class="form-group">
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-lock"></i></span>
<input type="password" class="form-control" name="form-password" placeholder="Password" id="form-password" required="">
</div>
</div>
<div class="form-group">
<div class="g-recaptcha" data-theme="dark" data-sitekey="my site key"></div>
<div class="form-group no-border margin-top-20">
<input type="submit" name="submit" value="Sign In !" class="submit_button4 btn btn-primary btn-block" >
</form>
<?php
if($_SERVER["REQUEST_METHOD"] === "POST")
{
//form submitted
//check if other form details are correct
//verify captcha
$recaptcha_secret = "my secret key";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$_POST['g-recaptcha-response']);
$response = json_decode($response, true);
if($response["success"] === true)
{
echo "Logged In Successfully";
}
else
{
echo "You are a robot";
}
}
?>
Note : also,this code <script src='https://www.google.com/recaptcha/api.js'></script> is in my head tag (and all code is in one page).
sorry for my bad english.
Aucun commentaire:
Enregistrer un commentaire