Link to home
Start Free TrialLog in
Avatar of MMDeveloper
MMDeveloperFlag for United States of America

asked on

Recaptcha form being outsmarted?

I have a contact form I wrote that uses the Re-Captcha system. I've posted the OOP Recaptcha code I wrote (I took their "sample code" they offer and converted it to OOP style). The form is located at
http://www.mechanicmatt.com/Contact+Me-p67.html

Lately I've been receiving submissions from the form. I have personally tried to submit this form without using valid re-captcha responses but I keep getting stopped by my code. Have spam bots found a way to defeat the re-captcha system, does my code have an issue, or are these people manually submitting my form?

Below is the code from a large class I wrote that I just copied/pasted the functions used
public function processRequest($data) {
		if (intval($data["doContact"]) == 1) {
			$this->contactMe($data);
		} else {}
	}
 
	private function contactMe($data) {
		if (trim($data["email"]) != "") {
			header("Location: /Access+Denied-p71.html");
		}
		else {
			$recaptcha = new recaptcha();
			$error = true;
 
			if ($data["recaptcha_response_field"]) {
				$resp = $recaptcha->recaptcha_check_answer (
							$_SERVER["REMOTE_ADDR"],
							$data["recaptcha_challenge_field"],
							$data["recaptcha_response_field"]
						);
 
				if ($resp->is_valid === true) {
					$template = $this->fileContents("includes/emailTemplate.php");
					$message = sprintf($template, $data["contactTitle"], $data["contactName"], $data["contactCompany"], $data["contactWebsite"], $data["contactEmail"], $data["contactCategory"], $data["contactCategoryOther"], $data["contactDetail"]);
					$error = false;
				} else {
					$_SESSION["postContactForm"] = $data;
					$_SESSION["postContactForm"]["error"] = $resp->error;
					$error = true;
				}
			}
			else {
				$error = true;
			}
 
			if ($error === true) {
				header("Location: /Contact+Me-p67.html");
				die();
			}
			else {
				$this->sendMail($data["contactEmail"], "Contact Form Submission", $message);
				header("Location: /Portfolio+Home-p1.html");
			}
		}
	}
 
	function sendMail($from, $subject = "", $message = "", $cc = true, $html = true) {
 
		$eol = "\r\n";
 
		$headers = "From: " . $from . $eol;
		$headers .= "Reply-To: " . $from . $eol;
		$headers .= "MIME-Version: 1.0" . $eol;
 
		if ($subject == "") {
			$subject = $this->config["siteTitle"] . " Contact";
		} else {}
 
		if ($message == "") {
			$message = "Invalid Use!";
		} else {}
 
		if ($cc == true) {
			$headers .= "CC: " . $from . $eol;
			$message = "<b>Below is a copy of the email you submitted from " . $this->config["siteTitle"] . ":</b><br /><br />" . $message;
		} else {}
 
		if ($html == true) {
			$headers .= "Content-Type: text/html; charset=iso-8859-1" . $eol;
			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
		}
		else {
			$headers .= "Content-Type: text/plain; charset=iso-8859-1" . $eol;
			$headers .= "Content-Transfer-Encoding: 8bit" . $eol;
		}
 
		if (!mail($this->config["adminEmail"], stripslashes($subject), stripslashes($message), stripslashes($headers))) {
			die("problem mailing");
		} else {}
	}

Open in new window

contactMe.php.txt
index.php.txt
Init.php.txt
recaptcha.php.txt
ASKER CERTIFIED SOLUTION
Avatar of v2Media
v2Media
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of MMDeveloper
MMDeveloper
Flag of United States of America image

ASKER

so this is more than likely real people with no life, manually spamming my form?
Avatar of v2Media
v2Media
Flag of Australia image
Ya, possibly to test the form to see if it's exploitable.
Avatar of MMDeveloper
MMDeveloper
Flag of United States of America image

ASKER

ok thanks for your time