在 recaptcha 的文档中(https://developers.google.com/recaptcha/docs/verify https://developers.google.com/recaptcha/docs/verify)它说remoteip参数是可选的,但我试图在请求中发送硬编码的错误IP,但Google仍然返回 success:true 响应。此参数的全部目的是防止使用第三方应用程序或工作人员(例如点击农场)生成验证码令牌,然后将其注入表单提交中。
老实说,我不明白我的代码有什么问题。如果有人知道此功能是否已被 Google 删除,请告诉我。
这是以前在这里提出的,但无论回答者都无法理解用户的问题:谷歌recaptcha Remoteip解释 https://stackoverflow.com/questions/46632194/google-recaptcha-remoteip-explanation
您可以通过在此处创建 reCAPTCHA v2 并替换 SITEKEY_GOES_HERE 和 SECRET_HERE 来自行测试:https://www.google.com/recaptcha/admin https://www.google.com/recaptcha/admin
{ "success": true, "challenge_ts": "2020-05-18T02:48:33Z", "hostname": "########" }
这是我的 verify.php 代码:
<?php
$sender_name = stripslashes($_POST["sender_name"]);
$sender_email = stripslashes($_POST["sender_email"]);
$sender_message = stripslashes($_POST["sender_message"]);
$response = $_POST["g-recaptcha-response"];
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = array(
'secret' => 'SECRET_HERE',
'response' => $_POST["g-recaptcha-response"],
'remoteip' => '123.123.123.123',
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
if ($captcha_success->success==false) {
echo $verify;
} else if ($captcha_success->success==true) {
echo $verify;
}
?>
这是我的index.html代码:
<html>
<head>
<title>reCAPTCHA demo: Simple page</title>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<form action="verify.php" method="post" enctype="multipart/form-data">
<input name="sender_name" placeholder="Your Name..."/>
<input name="sender_email" placeholder="Your email..."/>
<textarea placeholder="Your Message..." name="sender_message"></textarea>
<div class="captcha_wrapper">
<div class="g-recaptcha" data-sitekey="SITEKEY_GOES_HERE"></div>
</div>
<button type="submit" id="send_message">Send Message!</button>
</form>
</body>
</html>
Yes