Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

justinw
justinw
14,517 Points
Posted by justinw
justinw
14,517 Points

Google reCAPTCHA in PHP Code Help

I built a web form in HTML and I have an action to a PHP script to execute the form. Within this PHP file I want to add the reCAPTCHA code, but for some reason everything I have tried has not work for validating the from. Code is below for both the HTML and PHP. Thanks for the help!

contact.html 
<!DOCTYPE html>
<html>
<head>
  <title>Contact Us Form</title>
<!-- reCAPTCHA -->
    <script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
  <div class="container content">
<form action="mail.php" method="post" id="form">
                        <fieldset class="no-padding">
                            <label>Name <span class="color-red">*</span></label>
                            <div class="row sky-space-20">
                                <div class="col-md-7 col-md-offset-0">
                                    <div>
                                        <input type="text" name="name" id="name" class="form-control">
                                    </div>
                                </div>
                            </div>

                            <label>Phone <span class="color-red">*</span></label>
                            <div class="row sky-space-20">
                                <div class="col-md-7 col-md-offset-0">
                                    <div>
                                        <input type="text" name="phone" id="phone" class="form-control">
                                    </div>
                                </div>
                            </div>


                            <label>Email <span class="color-red">*</span></label>
                            <div class="row sky-space-20">
                                <div class="col-md-7 col-md-offset-0">
                                    <div>
                                        <input type="text" name="email" id="email" class="form-control">
                                    </div>
                                </div>
                            </div>

                            <label>Message <span class="color-red">*</span></label>
                            <div class="row sky-space-20">
                                <div class="col-md-11 col-md-offset-0">
                                    <div>
                                        <textarea rows="8" name="message" id="message" class="form-control"></textarea>
                                    </div>
                                </div>
                            </div>
<br>
                        <div class="g-recaptcha" data-sitekey="6LeL5xkTAAAAAN636UxFiRCFFJCNhw4ebReMYrkb"></div>
                        <br>
                            <p><button type="submit" class="btn-u">Send Message</button></p>
                        </fieldset>
                    </form>
  </div>
</body>
</html>
mail.php 
/* Write your PHP code below. */
<?php

$EmailFrom = "justin@email.com";
$EmailTo = "justin@email.com";
$Subject = "Contact Form";
$name = Trim(stripslashes($_POST['name']));
$phone = Trim(stripslashes($_POST['phone'])); 
$email = Trim(stripslashes($_POST['email']));
$message = Trim(stripslashes($_POST['message'])); 

// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=/\">";
  exit;
}

// prepare email body text
$Body = "";
$Body .= "Name: ";
$Body .= $name;
$Body .= "\n";
$Body .= "Phone: ";
$Body .= $phone;
$Body .= "\n";
$Body .= "Email: ";
$Body .= $email;
$Body .= "\n";
$Body .= "Message: ";
$Body .= $message;
$Body .= "\n";

// send email 
$success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");

// redirect to success page 
if ($success){
  print "<meta http-equiv=\"refresh\" content=\"0;URL=/assets/newsite/contact-sent.html\">";
}
else{
  print "<meta http-equiv=\"refresh\" content=\"0;URL=/\">";
}
?>

1 Answer

jcorum
jcorum
71,830 Points
jcorum
jcorum
71,830 Points

I changed your form method to get so I could see the form values in the query string, and here's what I got when I filled in the fields with xxx, yyy, zzz and asdfasfasdfasdf, clicked the gotcha button, and then the Send Message button:

http://localhost:8888/Test/mail.php?name=xxx&phone=yyy&email=zzz&message=asdfasfasdfasdf&g-recaptcha-response=03AHJ_VutAG-I37nzsnuJGnpg0RGab9yJxjoeVby-ZsbVU92o51j0T0Bb_lP-iB56bTvylpX7AlJWHmzRacqeWC6BEEOV8MXYBkICUrYc-Eo0lTve_Foy4bBk9-wGBz4_zOUIJwTmuwEBNmZCHj18PRr3r9e3i-FBPVeZQnQnls0gczml0Hpz7fA9DR8VmlD2khSJitSjwWCbvoCPqtQvpMv9jnrT8JYMJTWc5UNMRazPSxKHhkqUaJ7eeReqthQqQBoFucm9VyfQyxY51L_vpHN5yf-6HfzmTMmiklLhDQQSRu5D8mbm6wmoLQUl_UnpCDG9BUqqDK9ENrGoZ-yT5WVJeq4fNQZSE_tOz2sFr38P2rmSDCoCd_Gpp_BNuEpizlITDy-b0FBvKelD89gPbEZ0-7hx2cpF_OtRY0aqsXIei72sKlAuyg9ukS19ZJN1igihlyWZFslGeMM15XnIkQSuUxaIJWtWdnJDo9rk9k5q7bPCgoeRIWpMACPgbHgYS0oDczhXP1K8Rb7rJ07z5NJ1aLcgvhEZ_aX__5LsJcVP1u2aaPBnmFpr64O8ToDnactuZ24b3CwboL2HwsO9x3L_wQMHkq_MGbPuvVfj1fSGpJhSUXfPRnxY6x1j0cXTz9ExeRzKlUjirDnt3C9oc2DrVtpqUtk7887-3DQXetKwdAzwUm62x4koCwpAP5Ym0aRdfiLsO-dw3r99C-Oh96M9MY5pi7Qb3Ed2_dCRaQIoYUmpCC7_koVCrJlQnj29zVCQFgXVwI4NgFacNDLBUFwh366H9oGFovS4E5NjPelHuF6hO4G5OYBBLokS8NYRmJtRjVfySWj3Llo50lOFfN2d9OMAkJ20bOADKCVeMuG2tITwbzroTjgXgZ6WG72ybEtDNXRgMRW22sOPgE5A_TzdtC-BfwNLq1Ia8ab6nGZ2SIwIOwnVISs9xmahT6cR8nYTkc7J5cPvp

So the gotcha button is working. But I don't see anything in your mail.php page that uses it. You put the form entries in php variables:

$name = Trim(stripslashes($_POST['name']));
$phone = Trim(stripslashes($_POST['phone'])); 
$email = Trim(stripslashes($_POST['email']));
$message = Trim(stripslashes($_POST['message']));

After that you hard-code $validation to true (?):

// validation
$validationOK=true;
if (!$validationOK) {
  print "<meta http-equiv=\"refresh\" content=\"0;URL=/\">";
  exit;
}

Then you go on and create the email message and send it. But nowhere is there any code that looks at the gotcha response.

If I hit the Send Message button without clicking the gotcha button I get this in the query string:

http://localhost:8888/Test/mail.php?name=xxx&phone=yyy&email=zzz&message=asdfasdfasdf&g-recaptcha-response=

So at a bare minimum you could do this just to see if it is working:

$gotcha = Trim(stripslashes($_POST['g-recaptcha-response']));

And change your validation to:

$validation = false;
if (!isset($gotcha)) {
    $validation = true;
} else {
    . . .
}

But you might want to check the gotcha API, to see how they suggest you validate. And don't forget to set the form's method back to post or someone could easily add garbage to the end of the query string and defeat the above validation.

justinw
justinw
14,517 Points
justinw
justinw
14,517 Points

Made the adjustments you suggested and it did not work as expected. I found a few sample's online from different sources, but they all operate differently. PHP is definitely not my strong suite, so I am manipulating what I find and am trying to integrate...definitely a struggle right now.