Jump to content

Spam malgré Recaptcha de Doekia


Recommended Posts

Bonjour,

J'ai installé le Recaptcha de @doekia sur prestashop 1.7.5.2 Et quand je test c'est bien bloqué sur les 2 formulaires d'inscription (normal et pendant le processus de commande) si je ne coche pas la case. Cependant je n'ai pas de message d'erreur qui s'affiche si je ne coche pas la case. et j'ai quand meme encore plein de fausse inscription sur le site. polirmalin.com

J'ai mis le code suivant :

Header.tpl

<!-- Copyright (c)2017-2018 (d)oekia Enter-Solutions GPL -->
                <!-- Google ReCaptcha on contact form -->
                <script>
                        (function(){
                        var googlecaptchasitekey = 'ma_clé_de_site'; /* TODO: tune this https://www.google.com/recaptcha/admin */
                        var trigger = function(){
                                setTimeout(function(){
                                    $('div.g-recaptcha').remove();
                                    var $forms = $('form.contact-form-box,form#sendOrderMessage, .contact-form form, #customer-form');
                                    if ($forms.length > 0){
                                            var captcha = $('<div class="g-recaptcha" data-sitekey="'+ googlecaptchasitekey + '">');
                                            var $submit = $forms.find('#submitMessage, button[name=submitMessage], #submit-login, input[name=submitMessage], button[data-link-action=save-customer], button[data-link-action=register-new-customer]');
                                            $submit.before(captcha);
                                            $submit.click(function(event){
                                                    $gresponse = $forms.find('[name=g-recaptcha-response]');
                                                    if ($gresponse.length == 0 || $gresponse.val().length == 0) {
                                                            event.preventDefault();
                                                            event.stopPropagation();
                                                            return false;
                                                    }
                                            });
                                            try {
                                                    window.grecaptcha.render(captcha[0]);
                                            } catch(e){};
                                    }
                                },1000);
                        };
                        $(document).ready(trigger);
                        $(document).bind('ajaxComplete', trigger);
                        })();
                </script>
                {if !isset($language_code)}{assign var="language_code" value=$lang_iso}{/if}
                <script src='https://www.google.com/recaptcha/api.js?hl={$language_code}'></script>
                <script>
                    if ( window.history.replaceState ) {
                        window.history.replaceState( null, null, window.location.href );
                    }
                </script>

index.php :
 

<?php 
if (isset($_REQUEST['submitMessage']) || isset($_REQUEST['submitAccount'])) {
                if (empty($_REQUEST['g-recaptcha-response'])){
                        sleep(25);
                        die('not human');
                }
                $opts = array('http' =>
                                array(
                                        'method'  => 'POST',
                                        'header'  => 'Content-type: application/x-www-form-urlencoded',
                                        'content' => http_build_query( $post =
                                                array(
                                                        'secret' => 'my_secret_key', /* TODO: tune this https://www.google.com/recaptcha/admin */
                                                        'response' => $_REQUEST['g-recaptcha-response'],
                                                )
                                        ),
                                ),
                );
                if (in_array(ini_get('allow_url_fopen'), array('On', 'on', '1'))) {
                    $stream = stream_context_create($opts);
                	$captcha = @json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $stream), true);
                } elseif (function_exists('curl_init')) {
	$curl = curl_init();
	curl_setopt_array($curl, array(
		CURLOPT_RETURNTRANSFER => 1,
		CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
		CURLOPT_POST => 1,
		CURLOPT_POSTFIELDS => $post,
		)
	);
	$captcha = @json_decode(curl_exec($curl),true);
	curl_close($curl);
} else {
	// buggy hoster !
	$captcha = array('error' => 'buggy hoster');
}
    if (empty($captcha) || empty($captcha['success']) || !$captcha['success']){
            if(!empty($_SERVER['HTTP_REFERER']) && ($h = parse_url($_SERVER['HTTP_REFERER'])) && $h['host'] == $_SERVER['HTTP_HOST']) {
                sleep(5);
                die('<p>Captcha Invalide</p><a href="'.$_SERVER['HTTP_REFERER'].'"><button>Retour au formulaire</button></a>');
            }

            sleep(25);
            die('not human'.PHP_EOL/*.print_r($captcha,1)*/);
    }
}

require(dirname(__FILE__).'/config/config.inc.php');
Dispatcher::getInstance()->dispatch(); 
?>

J'ai mal fait quelque chose ? Ou alors c'est juste que les fausse inscription sont faite manuellement ?
Mais le fait que le message d'erreur ne s'affiche pas quand je coche pas, meme si le formulaire n'ai pas envoyé, je trouve ça bizarre.
Merci d'avance

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...