MMDeveloper
asked on
Recaptcha form being outsmarted?
I have a contact form I wrote that uses the Re-Captcha system. I've posted the OOP Recaptcha code I wrote (I took their "sample code" they offer and converted it to OOP style). The form is located at
http://www.mechanicmatt.com/Contact+Me-p67.html
Lately I've been receiving submissions from the form. I have personally tried to submit this form without using valid re-captcha responses but I keep getting stopped by my code. Have spam bots found a way to defeat the re-captcha system, does my code have an issue, or are these people manually submitting my form?
Below is the code from a large class I wrote that I just copied/pasted the functions used
index.php.txt
Init.php.txt
recaptcha.php.txt
http://www.mechanicmatt.com/Contact+Me-p67.html
Lately I've been receiving submissions from the form. I have personally tried to submit this form without using valid re-captcha responses but I keep getting stopped by my code. Have spam bots found a way to defeat the re-captcha system, does my code have an issue, or are these people manually submitting my form?
Below is the code from a large class I wrote that I just copied/pasted the functions used
public function processRequest($data) {
if (intval($data["doContact"]) == 1) {
$this->contactMe($data);
} else {}
}
private function contactMe($data) {
if (trim($data["email"]) != "") {
header("Location: /Access+Denied-p71.html");
}
else {
$recaptcha = new recaptcha();
$error = true;
if ($data["recaptcha_response_field"]) {
$resp = $recaptcha->recaptcha_check_answer (
$_SERVER["REMOTE_ADDR"],
$data["recaptcha_challenge_field"],
$data["recaptcha_response_field"]
);
if ($resp->is_valid === true) {
$template = $this->fileContents("includes/emailTemplate.php");
$message = sprintf($template, $data["contactTitle"], $data["contactName"], $data["contactCompany"], $data["contactWebsite"], $data["contactEmail"], $data["contactCategory"], $data["contactCategoryOther"], $data["contactDetail"]);
$error = false;
} else {
$_SESSION["postContactForm"] = $data;
$_SESSION["postContactForm"]["error"] = $resp->error;
$error = true;
}
}
else {
$error = true;
}
if ($error === true) {
header("Location: /Contact+Me-p67.html");
die();
}
else {
$this->sendMail($data["contactEmail"], "Contact Form Submission", $message);
header("Location: /Portfolio+Home-p1.html");
}
}
}
function sendMail($from, $subject = "", $message = "", $cc = true, $html = true) {
$eol = "\r\n";
$headers = "From: " . $from . $eol;
$headers .= "Reply-To: " . $from . $eol;
$headers .= "MIME-Version: 1.0" . $eol;
if ($subject == "") {
$subject = $this->config["siteTitle"] . " Contact";
} else {}
if ($message == "") {
$message = "Invalid Use!";
} else {}
if ($cc == true) {
$headers .= "CC: " . $from . $eol;
$message = "<b>Below is a copy of the email you submitted from " . $this->config["siteTitle"] . ":</b><br /><br />" . $message;
} else {}
if ($html == true) {
$headers .= "Content-Type: text/html; charset=iso-8859-1" . $eol;
$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
}
else {
$headers .= "Content-Type: text/plain; charset=iso-8859-1" . $eol;
$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
}
if (!mail($this->config["adminEmail"], stripslashes($subject), stripslashes($message), stripslashes($headers))) {
die("problem mailing");
} else {}
}
contactMe.php.txtindex.php.txt
Init.php.txt
recaptcha.php.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ya, possibly to test the form to see if it's exploitable.
ASKER
ok thanks for your time
ASKER