Google Recaptcha错误,未完成拼图便登录但显示勾号 [英] Google Recaptcha error, logs in without completing puzzle but shows tick
问题描述
我已经建立了一个登录系统,并且我正在添加google recaptcha以确保安全.我在这条线上出现错误:$result = json_decode($url, TRUE);
I have built a log in system and I am adding google recaptcha for security. I am getting an error on this line: $result = json_decode($url, TRUE);
错误说;
无法打开流:HTTP请求失败! HTTP/1.0 400错误请求.
failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request.
这是我第一次使用recaptcha,我不确定这是否是常见错误.
This is my first time using recaptcha and I am not sure if this is a common mistake.
<?php
$secret = '*****';
$response = $_POST['g-recaptcha-response'];
$remoteip = $_SERVER['REMOTE_ADDR'];
$captcha = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$response&remoteip=$remoteip");
$result = json_decode($url, TRUE);
$username;
$password;
$captcha;
if (isset($_POST['username']))
$username = $_POST['username'];
if (isset($_POST['password']))
$password = $_POST['password'];
if (isset($_POST['g-recaptcha-response']))
$captcha = $_POST['g-recaptcha-response'];
if (!$captcha) {
echo '<p class="error-message">Please Complete The Captcha!</p>';
header("location: login.php");
exit;
}
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=6LfG-S8UAAAAAIqW1sBE31yMPyO4zeqOCgDzL1mA&response=" . $captcha . "&remote=" . $_SERVER['REMOTE_ADDR']), true);
if ($response['success'] == false) {
echo '<p class="error-message">Please Fill Captcha!</p>';
} else {
echo '<p class="error-message2">Welcome</p>';
}
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$q = $handler->prepare('SELECT * FROM users WHERE username = ?');
$q->execute(array($username));
$result = $q->fetch(PDO::FETCH_ASSOC);
if ($result !== false) {
$hash_pwd = $result['password'];
$hash = password_verify($password, $hash_pwd);
if ($hash) {
$_SESSION['username'] = $username;
header("location:index.php");
return;
} else {
echo '<p class="error-message3"><br><br>You have ented an incorrect login!<br>Please try again</p>';
}
}
}
?>
推荐答案
如果这确实是您的完整代码:
If this really is your complete code:
似乎您正在使用$url(在$result = ...行中)而没有对其进行初始化.
It seems you are using $url (in the line $result = ...) without having initialized it before.
此外,我希望名称为$url的变量包含URL,并且URL不是JSON格式,因此这会引起一些警报信号.您最终不希望对URL进行JSON解析,而是解析该URL在调用时返回的内容.
Additionally, I would expect that a variable with name $url contains an URL, and URLs are not in JSON format, so this raises some alarm signs. You eventually do not want to JSON-parse an URL, but instead parse what this URL returns when calling it.
第二,有时错误消息或警告中的行号会引起误解.我高度怀疑您提到的错误(HTTP请求失败)与json_decode()有关.顾名思义,json_decode()仅解析JSON格式的字符串,但不通过HTTP加载任何内容.
Secondly, sometimes the line numbers within error messages or warnings are misleading. I highly doubt that the error you have mentioned (HTTP request failed) is related to json_decode(). json_decode(), as the name implies, just parses a string in JSON format, but does not load anything via HTTP.
因此错误消息可能来自上面的行($ captcha = file_get_contents(...);).我想您输入的网址有误,或者Google出于其他原因拒绝了该请求.
So the error message probably comes from the line above ($captcha = file_get_contents(...);). I suppose that the URL you give there is wrong, or that Google refuses the request for another reason.
我要做的第一件事是将该URL放入变量中并打印出来(例如,使用error_log()).
The first thing I would do is putting that URL into a variable and print it out (e.g. by using error_log()).
如果这没有导致问题的根源,我将复制该URL(不是从代码中复制,而是从error_log()生成的输出中复制)并将其直接粘贴到新浏览器窗口的地址栏中.如果这产生了预期的结果(您应该在浏览器窗口中看到Google对请求的回答),则错误出在您的代码中.否则,错误是在URL中.
If that does not lead to the source of the problem, I would copy that URL (not from the code, but from the output produced by error_log()) and paste it directly into the address bar of a new browser window. If this yields the expected result (you should see Google's answer to the request in the browser window), the error is in your code. Otherwise, the error is in the URL.
这篇关于Google Recaptcha错误,未完成拼图便登录但显示勾号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
