周一我部署了全新版本的网站。有受 Google ReCAPTCHA v2 Checkbox 保护的联系表。今天我收到了第一个.
我的意思是。这怎么可能?验证的后端实现如下,我相信没有谷歌的确认是不可能成功提交联系表的。
但是,垃圾邮件还是来了!
$name = $_POST['person__name'] ?? throw new InvalidArgumentException();
$phone = $_POST['person__phone'] ?? throw new InvalidArgumentException();
$email = $_POST['person__email'] ?? throw new InvalidArgumentException();
$message = $_POST['message'] ?? throw new InvalidArgumentException();
$type = $_POST['message__type'] ?? throw new InvalidArgumentException();
$captcha = $_POST['g-recaptcha-response'] ?? throw new InvalidArgumentException();
$url = sprintf(
'https://www.google.com/recaptcha/api/siteverify?secret=%s&response=%s',
urlencode('SECRET_RECAPTCHA_KEY'),
urlencode($captcha),
);
$response = json_decode(file_get_contents($url));
if ($response->success !== true) {
throw new InvalidArgumentException('Recaptcha');
}