This is not a real world solution. You execute the reCAPTCHA and retrieve the token on page load at the end of your script. The token will expire after 2 minutes. If the user takes longer than 2 minutes to complete the form, the server-side validation will fail after the form is submitted. The execution should take place upon clicking the submit button, not on page load. You're also ignoring the score returned after verifying the token server-side which indicates the likelihood of the user being a bot.
Hi Greg G, very good question, surprised you have not received a reply,, Come on folks, one of you may know to answer this , please be kind enough to share..
What happens if some user go to View > source code/developer tools, he can see the javascript coding of the reCaptcha, there. He can download the form to edit in HTML and copy and paste the JS scripts too, no risk? If the user see the KEY, can not be used for sending spam or malicious code?
I am developing a simple form just to request more info or send comments, NO DATABASE needed. Still important to do validations and sanitation for every field, specially on the server side, like FILTER_SANITATION_EMAIL ( or a kind of...) or “htmlspecialchars” or “strip_tags”, whatever...? BESIDES the implementation of recaptcha? WIll be extra layer?
Please click to subscribe ruclips.net/user/techareaindia
This is not a real world solution. You execute the reCAPTCHA and retrieve the token on page load at the end of your script. The token will expire after 2 minutes. If the user takes longer than 2 minutes to complete the form, the server-side validation will fail after the form is submitted. The execution should take place upon clicking the submit button, not on page load. You're also ignoring the score returned after verifying the token server-side which indicates the likelihood of the user being a bot.
Hi Greg G, very good question, surprised you have not received a reply,, Come on folks, one of you may know to answer this , please be kind enough to share..
This is exactly what I'm unsuccessfully looking for... the search continues.
Awesome Boy!!
Welcome dear. Thanks for your interest with us.
Very good 👍
Welcome
What happens if some user go to View > source code/developer tools, he can see the javascript coding of the reCaptcha, there. He can download the form to edit in HTML and copy and paste the JS scripts too, no risk? If the user see the KEY, can not be used for sending spam or malicious code?
Why do you declare remoteip and not use it?
Nice tutorial, but where is the info related with the server credential located? I mean the Host, Port, Usernam, Password...
Thanks for your interest with us... Please follow this link already given in description box www.google.com/recaptcha/admin/create
@@TechAreaIndia Thanks but I mean the email server info.
I am developing a simple form just to request more info or send comments, NO DATABASE needed. Still important to do validations and sanitation for every field, specially on the server side, like FILTER_SANITATION_EMAIL ( or a kind of...) or “htmlspecialchars” or “strip_tags”, whatever...? BESIDES the implementation of recaptcha? WIll be extra layer?