Recaptcha Plugin Development
Development and Programming
Anyone tried this that can help me get going? I have the following code in a template (with PHP Parsing set to input):
<html>
<body>
<form action="" method="post">
<?php
require_once('/home/<secret>/edalzell/phplib/recaptcha-php-1.10/recaptchalib.php');
$publickey = "publickey";
$privatekey = "myprivatekey";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# are we submitting the page?
if ($_POST["submit"]) {
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
echo "You got it!";
# in a real application, you should send an email, create an account, etc
} else {
# set the error code so that we can display it. You could also use
# die ("reCAPTCHA failed"), but using the error message is
# more user friendly
$error = $resp->error;
}
}
echo recaptcha_get_html($publickey, $error);
?>
<br>
<input type="submit" name="submit" value="submit" />
</form>
</body>
</html>And you can see the result here. I have something wrong, eh?
Well, like I mentioned up in the thread, I am happy to write the plugin, but I am getting an error when I try the code on my pages.
If someone can help me get it going, then I will create the plugin.
Hi Erin,
I’m no expert on PHP, but I tried your link, and got just your main weblog - maybe you took something down?
Anyway, that might be why nobody replied above.
I wish I could help.
But anyway, congrats on your new position, and I left a comment on your site page about this 😉.
Regards, Clive
Hi Erin,
I played with this to wake myself up this morning, after very late night with work still to get done. Maybe have figured it out 😉.
on your site, the Recaptcha shows nicely, and I was going to send you a pic. But.
you’re not saying what you think the problem is, but what I see is that no matter what is typed for the answer, a new Recaptcha just shows, without saying the answer was right or wrong.
I got the library, signed up for keys, and tried your code, exactly cut-paste into my own template. Here everything works perfectly. Correct answer gets ‘you got it’, with a new Recapcha. Wrong answer gets their error message inside a new Recaptcha.
much puzzlement about your silent responses right or wrong.
I think I got it. By the logic of your script, there could be a problem with your PHP installation somehow, like being really old or with wierd php.ini config and so not having the _POST variable (so the if would always fail), but I don’t think that’s it.
I tried bad values for the public and private key variables (just added an ‘x’ to string, one at a time).
When I put a bad value into $privatekey, then I got complete lack of results, exactly like yours.
I would check that you copied and pasted exactly the private key which came in your signup, for example with no extra spaces.
If you lost it, you can log back into your account at the Recaptcha site and look at the My Sites page (and click the link) to see it again.
Why don’t they show an error for this? I suspect it’s a security thing. Without a good privatekey, they don’t want to talk.
Erin, I hope this leads to satisfaction 😉
Best, Clive
p.s. One thing that helped me work this through was to temporarily put another echo message in the script, inside the branch for failure. echo “You dinna get it”; . This gets rid of enough of the silence so that it’s easier to think about results.
Hmmm…interesting…I will play with this. Thanks for looking into it.
Well, not sure what the problem was, but after recopying the above code AND recopying my keys (though they looked the same as before) everything is working again!
I will work on a plugin/module for this.
Sounds great, and you’re welcome.
I had a quick look at your page, and it was working for me also.
Regards, Clive
The first time I visit the page, I get the following error:
Notice: Undefined index: recaptcha_response_field in /home/edalzell/thedalzells.org/xxx/core/core.functions.php(637) : eval()'d code on line 19Line 19 is:
if ($_POST["recaptcha_response_field"]) {The full code is:
<html>
<body>
<form action="" method="post">
<?php
require_once('/home/edalzell/phplib/recaptcha-php-1.10/recaptchalib.php');
$publickey = "pub_key";
$privatekey = "priv_key";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# are we submitting the page?
# This is where we process the user's response. We don't
# do this when the form is initially displayed - only
# when the user submits it.
if ($_POST["recaptcha_response_field"]) {
$response = recaptcha_check_answer(
PRIVATE_KEY, $_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']
);
if ( $response->is_valid ) {
# The user passed the reCAPTCHA test: form submission should continue
# Your other form validation logic should go here.
# For example
# ... validate user input ...
# ... store form data in a database ...
# ... redirect to 'thank you' page
}
else {
# The user failed the reCAPTCHA test so we need
# to fill in the error message and re-try the
# form submission
$error = $response->error;
}
}
# Display the reCAPTCHA challenge. The first time
# through $error will be null.
echo recaptcha_get_html( $publickey, $error );
?>
<br>
<input type="submit" value="submit" />
</form>
</body>
</html>Any ideas?
Late here - I’m in europe. I noticed this new error the first time I tried your page also, but put it down to, well, imagined things not important.
I’m curious why you changed from testing _POST[“submit”], in the first if statement. I am guessing you’re working from some skeleton code from the recaptcha people, as can’t look into everything as said.
As to why the change causes an error, here’s my guess.
The contents of _POST[] should be an array of the posted variables, which are the fields visible or not within the form on your web page – which this PHP also generates, including within it those from the recaptcha php library.
There isn’t any “recaptcha_response_field” available until a submit has happened, to send in that form, if you see the logic. Why “submit” is allowed may be a special case to allow for that.
Anyway, doesn’t your logic of solving the problem need the code to check _POST[“submit”] for the first if block? And that we found does work.
Hope I am somewhere near giving you a useful clue at this hour.
Regards, Clive
I changed it because that is the example on the wiki now.
Regardless, that error showed up when I had the submit in there as well.
I am going on vacation for a week…I will take a look at this when I get back.
Erin, I thought I might have been getting a bit fuzzy, last night.
Here’s the answer, I think. And this morning I thought (!) to test the code on my own server, where I could get messages and troubleshoot it, rather than guess by reading.
The problem is here, in the line I’ve commented out and replaced:
# PRIVATE_KEY, $_SERVER['REMOTE_ADDR'],
$privatekey, $_SERVER['REMOTE_ADDR'],There is no variable called PRIVATE_KEY. I put in the one we do have, $privatekey, and from there everything again worked correctly, on your new code.
Not helpful if the wiki code misleads you, is it. Probably it works with some test setup they have, but can’t see how it can for anyone else.
Anyway, the test if($_POST[“recaptcha_response_field”]) is ok after all, which makes more sense than the special case for submit that I was proposing.
Here’s the kind of error message I used, to see their server responses:
echo "wrong ", $error;You could try it in the fail branch, to see the codes sent back, which are readable and told me where to look this time.
Might be a good idea to put something like this into your plugin, conditioned not to show when the message is a failed Captcha answer, but which will show if there is some other problem. Users too may copy their keys in not quite correctly. For example:
if ($error != "incorrect-captcha-sol") {
echo "Service failure: ", $error;
}The other thing to help user inputs is to trim any leading or trailing whitespace from what they entered, which is a standard thing to do.
Anyway, glad to hear you will enjoy some vacation! A good thing, and this is one problem you can leave behind 😉.
Best, Clive
p.s. I put a little pace in my work, and so took a moment to dig up that wiki.
I can see where the problem came in, then. If you notice, they are defining the public and private key values a little differently (or changed how they did it since you first took some code from there).
What they’ve done at present is use PHP constants, rather than variables. This can be a good practice, though in PHP it’s a bit loose as usual, since apparently you can actually change constants, which shouldn’t be allowed.
Anyway, what they did was:
# These are /not/ real keys - you must replace them with your *own* keys
define('PUBLIC_KEY', '6LcTCgAAAAAAgOdATOWSL66jRLL6ioPibkgMp');
define('PRIVATE_KEY', '6LtYPgAAAAAAbodQWSLAP66jR997ioPibkgMp');vs. what you did:
# These are /not/ real keys - you must replace them with your *own* keys
$publickey = "6LcTCgAAAAAAgOdATOWSL66jRLL6ioPibkgMp";
$privatekey = "6LtYPgAAAAAAbodQWSLAP66jR997ioPibkgMp";This then makes two differences: the actual name was different, and you have to use a $ with a variable, while a constant evaluates without one.
Results:
// correct with your approach
# Ask reCAPTCHA to check the user's response
$response = recaptcha_check_answer(
$privatekey, $_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field'] );
// correct with theirs
# Ask reCAPTCHA to check the user's response
$response = recaptcha_check_answer(
PRIVATE_KEY, $_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field'] );I am guessing it was issues around this area that caused your first problem also, so now there should be better confidence in the base code from Recaptcha people.
Closing thoughts: I get to have pace, since I will work the weekend. And you…get to have your vacation 😊
Regards, Clive
I still get that error.
Here is my code:
<html>
var RecaptchaOptions = {
theme : 'clean'
};
<body>
<form action="" method="post">
<?php
require_once('/home/edalzell/phplib/recaptcha-php-1.10/recaptchalib.php');
$publickey = "";
$privatekey = "";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# are we submitting the page?
# This is where we process the user's response. We don't
# do this when the form is initially displayed - only
# when the user submits it.
if ($_POST["recaptcha_response_field"]) {
$response = recaptcha_check_answer(
$privatekey, $_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']
);
if ( $response->is_valid ) {
# The user passed the reCAPTCHA test: form submission should continue
# Your other form validation logic should go here.
# For example
# ... validate user input ...
# ... store form data in a database ...
# ... redirect to 'thank you' page
}
else {
# The user failed the reCAPTCHA test so we need
# to fill in the error message and re-try the
# form submission
$error = $response->error;
echo "error: ", $error;
}
}
# Display the reCAPTCHA challenge. The first time
# through $error will be null.
echo recaptcha_get_html( $publickey, $error );
?>
<br>
<input type="submit" value="submit" />
</form>
</body>
</html>Erin, I don’t think you saw the same problem; rather it was a new one, just with unexpected text in the same place.
You need the bracketing of the added var code from the wiki; it all counts. Also, you should be using <head></head> around all of this for your html.
Here’s code that works, after the image to prove it 😉. I added a “passed” message also, especially since the new look doesn’t include a ‘failed’ message. It’s expecting you to handle that by some message or action on your page.
One thing to be knowing here also. There are really three states to this page: - passed - failed - no entry given
You really can’t know about the third state, and failed is only interesting to give the person a message for another chance. So a page using the plugin (or will it need to be an extension, to replace EE’s Captcha) will need to work the same way - act only if passed, and otherwise show again, maybe keeping its own idea for messages about whether this is the first try or not. This will take some thinking probably.
Actually, I just looked, and indeed the Advanced Captcha add-on from the EE site is an Extension. Paul Burdick of EllisLabs wrote it, and I imagine it could be used as a skeleton for enabling ReCaptcha.
Regards, Clive
Not sure where the picture will show up; I attached it.
Here’s the code.
<html>
<head>
var RecaptchaOptions = {
theme : 'clean'
};
</head>
<body>
<form action="" method="post">
<?php
require_once('/home/edalzell/phplib/recaptcha-php-1.10/recaptchalib.php');
$publickey = "";
$privatekey = "";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# are we submitting the page?
# This is where we process the user's response. We don't
# do this when the form is initially displayed - only
# when the user submits it.
if ($_POST["recaptcha_response_field"]) {
$response = recaptcha_check_answer(
$privatekey, $_SERVER['REMOTE_ADDR'],
$_POST['recaptcha_challenge_field'],
$_POST['recaptcha_response_field']
);
if ( $response->is_valid ) {
# The user passed the reCAPTCHA test: form submission should continue
# Your other form validation logic should go here.
# For example
# ... validate user input ...
# ... store form data in a database ...
# ... redirect to 'thank you' page
echo "passed";
}
else {
# The user failed the reCAPTCHA test so we need
# to fill in the error message and re-try the
# form submission
$error = $response->error;
echo "error: ", $error;
}
}
# Display the reCAPTCHA challenge. The first time
# through $error will be null.
echo recaptcha_get_html( $publickey, $error );
?>
<br>
<input type="submit" value="submit" />
</form>
</body>
</html>