1

Basically when I try this I don't need to click on the captcha to send the message. I just don't understand what in the code allows to bypass the captcha.

Also I'd like to include an error for the user when the captcha is not checked. Sorry if this is a stupid question I'm just trying to learn.

$result = CheckCaptcha($_POST['g-recaptcha-response']);

   if ($result['success']($address, $e_subject, $msg, $headers)) {
        echo "<h1>Captcha verified</h1>";
        echo "<fieldset>";
        echo "<div id='success_page'>";
        echo "<h1>Email Sent Successfully.</h1>";
        echo "</div>";
        echo "</fieldset>";
    
    } else {
       echo 'ERROR!';
    }
TomTom
  • 11
  • 2
  • 1
    All that happens when the captcha fails is your code outputs a message. It then carries on as usual. In fact your code will try to send the email without you even submitting the form at all! Move the logic which sends the email inside the `if` which runs if the captcha succeeds – ADyson Jun 26 '22 at 06:40
  • @ADyson So I just tweaked it a bit (see changes) but now I don't get any output. I assume it has to do with the IF statement but I can't find the issue – TomTom Jun 26 '22 at 15:01
  • `$result['success']($address`...etc looks like a syntax error to me. Have you got error reporting switched on in php? – ADyson Jun 26 '22 at 16:04
  • @ADyson It's on but it doesn't show any error. Basically I tried to combine `if(mail($address, $e_subject, $msg, $headers))` with `if ($result['success']($address, $e_subject, $msg, $headers))` – TomTom Jun 26 '22 at 17:34
  • That doesn't make any sense, because it doesn't call the mail function anymore if you do that, and $result["success"] doesn't return a callable function. – ADyson Jun 26 '22 at 17:40
  • This is more like it: `if ($result['success'] == true) { if(mail($address, $e_subject, $msg, $headers)) { echo "mail sent" } else { echo "mail not sent"; } } else { echo "captcha failed"; }` – ADyson Jun 26 '22 at 17:40

0 Answers0