Current version V2 reCaptcha returns a "POST" in CGI:params. Not exactly what the old V2 version did.
The up side is that any HTML form contents and the reCaptcha response come in at the same time. The down side is that the "g-recaptcha-response" value is a blob that requires local validation.
The "g-recaptcha-response" value looks something like this:
03AJzQf7OU1j33-wm7I73BItJg-l2COD-YwSjesvfej_5vy5c0r_LUhaDU1KsvU0BV0Rc-MHRbR4L17TNya1CqFtCJGulzvwTpKCfjwWcwqj2e3nFiqeropkXnYzwE78Eydr0jGi3OjZCKK71rmhOXZr0OA_nC8Cpd6aPaexqkrfLXdiXFPE7pQqc-qixYzVklb2MIuPyxw414kVbyHsbDr5p-pitK9cXvvPYK1Td7T_z6xnMUIuNN5zY3ArYzlAGexsSffucQRrzSKT_779In1QzwQppASux3-Z_xPLQgCLnRsJlwcby7gFFWXHSfAxV2ErpsiGWQcGa1
How can one decipher this response in Perl to be sure it is a genuine acknowledgement that the Turing test was solved correctly?
Do you know the module Captcha::reCAPTCHA::V2? I have succesfully used it and it is a great time saver. In plain CGI, the server side code that does the validation would look like:
my $rc = Captcha::reCAPTCHA::V2->new;
my $result = $rc->verify('<your secret key here>', param('g-recaptcha-response'), remote_host);
# Check the result
if( !$result->{success} ){
# The check failed, ignore the POST
next;
}
I assume that you have already created your reCAPTCHA keys, have your HTML form and an idea of how to create the rest of the server side code.
To help other people that may seek how to do this, this is a minimum form for the client side (this is based on bootstrap):
<form id="contact-form" method="post" action="contact">
<div class="row">
<div class="col-md-12">
<div class="form-group">
<label for="message">Comments</label>
<textarea id="message" type="text" name="message" class="form-control" placeholder="Your comments..." rows="4" required></textarea>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div align="center">
<button
class="g-recaptcha"
data-sitekey="<your site key here>"
data-callback="onSubmit">
Enviar mensaje
</button>
</div>
</div>
</div>
</form>
<script>
function onSubmit(token) {
document.getElementById("contact-form").submit();
}
</script>
Then, on the server side you would need something like (this is based on FastCGI; for CGI you would not use the loop):
use CGI::Fast qw(:standard);
use Captcha::reCAPTCHA::V2;
...
while(my $query = new CGI::Fast) {
...
if( request_method eq 'POST' ) {
my $rc = Captcha::reCAPTCHA::V2->new;
my $result = $rc->verify('<your secret key here>', param('g-recaptcha-response'), remote_host);
# Check the result
if( !$result->{success} ){
# The check failed, ignore the POST
next;
}
# Do something with the form
}
...
}
Related
I want to have two mailchimp forms ( linked to the same mailchimp list ) within the same landingpage in a Shopify Store. *it is a long landing page so I want them to be able to subscribe two times along the way.
It seems the second form does not work and the only think it does is refreshing the page. I am pretty sure there is a conflict with their ID´s because the two forms have the same ID ( id="mailchimp" ) but I believe it is neccesary for them to work.
I may have a very easy-to-resolve question but i have been struggling with it for a while. It seems there is no documentation about it ( apart from inserting one of the forms within an iframe -> I am not confortable with this solution because I want to record with GTM ( GA ) customer succesuful submitions etc. ).
The code for the forms ( snippet that it is called two times within the page ):
<!-- Newsletter Section -->
<section id="services" class="small-section bg-gray-lighter">
<div class="container relative">
<form class="form align-center newsdown" id="mailchimp">
<div class="row">
<div class="col-md-8 col-md-offset-2">
<div class="mb-20">
<input placeholder="Introduce tu email" class="newsletter-field form-control input-md round mb-xs-10" type="email" pattern=".{5,100}" required/>
<button type="submit" class="btn btn-mod btn-border-c btn-medium btn-round mb-xs-10">
Suscribe
</button>
</div>
<div id="subscribe-result"></div>
</div>
</div>
</form>
</div>
</section>
<!-- End Newsletter Section -->
What can I do to have these two identical forms working on the same page? Have in mind I don't have access to the javascript ( because mailchimp has Shopify app that makes this connection ).
If you wrap each mailchimp form in a ...., then run this script on the page, it will re-assign all IDs of the non-focused form, and re-bind the submit event. A bit hacky, but it works if you're in a bind.
$(document).ready(function() {
// only execute if confirmed more than 1 mailchimp form on this page
if ( $('.mc-form-instance').length > 1 ) {
$('.mc-field-group > .required').on('focus', function() {
var thisField = $(this);
// backup all mc-form ids on this page
$('.mc-form-instance [id]').each(function() {
var currentID = $(this).attr('id');
if ( currentID.indexOf('-bak') == -1 ) {
$(this).attr('id', currentID + '-bak');
}
});
// change the current form ids back to original state
var thisForm = thisField.closest('.mc-form-instance');
thisForm.find('[id]').each(function() {
var currentID = $(this).attr('id');
if ( currentID.indexOf('-bak') != -1 ) {
$(this).attr('id', currentID.replace('-bak', ''));
}
});
});
// re-bind
$.getScript('//s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js');
}
});
As it appeared there were a conflict with two exact forms ( same javascript etc ) so I implemented the second form differently:
<!-- Newsletter Section -->
<section id="services" class="small-section bg-gray-lighter">
<div class="container relative">
<form action="YOURACTION;id=YOURID" method="post" id="mc-embedded-subscribe-form" name="mc-embedded-subscribe-form" class="validate" target="_blank" novalidate>
<div class="row">
<div class="col-md-8 col-md-offset-2" style="text-align: center;">
<div class="newsletter-label font-alt">
¿Te interesa? Recibe más noticias y tutoriales exclusivos
</div>
<div class="mb-20">
<input name="EMAIL" id="mce-EMAIL" placeholder="Introduce tu email" class="newsletter-field form-control input-md round mb-xs-10 required email" type="email" pattern=".{5,100}" required/>
<input type="submit" value="Subscribe" name="subscribe" id="mc-embedded-subscribe" class="button btn btn-mod btn-border-c btn-medium btn-round mb-xs-10">
</div>
<div id="mce-responses" class="clear">
<div class="response" id="mce-error-response" style="display:none"></div>
<div class="response" id="mce-success-response" style="display:none"></div>
</div>
<!-- real people should not fill this in and expect good things - do not remove this or risk form bot signups-->
<div style="position: absolute; left: -5000px;" aria-hidden="true"><input type="text" name="b_5307a1008b76c5446a7303622_18658ede2a" tabindex="-1" value=""></div>
<div class="form-tip">
<i class="fa fa-info-circle"></i> Pocos emails, pero de calidad. Nunca Spam. Te servirán.
</div>
<div id="subscribe-result"></div>
</div>
</div>
</form>
</div>
</section>
<!-- End Newsletter Section -->
<script type='text/javascript' src='//s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js'></script><script type='text/javascript'>(function($) {window.fnames = new Array(); window.ftypes = new Array();fnames[0]='EMAIL';ftypes[0]='email';fnames[1]='FNAME';ftypes[1]='text';fnames[2]='LNAME';ftypes[2]='text';fnames[3]='MMERGE3';ftypes[3]='dropdown';fnames[4]='MMERGE4';ftypes[4]='phone';fnames[5]='MMERGE5';ftypes[5]='url';fnames[7]='MMERGE7';ftypes[7]='text';fnames[6]='MMERGE6';ftypes[6]='birthday';fnames[8]='MMERGE8';ftypes[8]='text';fnames[9]='MMERGE9';ftypes[9]='radio';}(jQuery));var $mcj = jQuery.noConflict(true);</script>
<!--End mc_embed_signup-->
I am newbie to Perl. I am working on integration of Braintree Payment gateway to an existing project. I'm following guides given n Braintre, its so clear and simple but I can't get it done. I have downloaded the Sample project from Github through the link: https://github.com/braintree/braintree_perl_guide
I am getting server errors while executing the app.pl file,
Steps followed:
Created a Sandbox account, got the Merchant id, Public key, Private key and the Configuration code.
Installed necessary modules needed to run the Perl script
Edited the app.pl file given and given my Merchant id and the associated keys.
Edited the form.tt file and given the Configuration code.
In terminal executed the command Perl app.pl, while pressing enter I got,
Dancer 1.3124 server 79859 listening on locahost:3000
== Entering the development dance floor ...
From the browser connected to localhost:3000/ and have got the Braintree Credit Card Transaction Form.
Entered the details and clicked on submit button and suddenly got Error 500. "Unable to process your query".
How to resolve this please need your assistance.
My app.pl file
use strict;
use warnings;
use Dancer;
use Template;
use Net::Braintree;
my $config = Net::Braintree->configuration;
$config->environment("sandbox");
$config->merchant_id("wbjnmbzfnvs6zt56");
$config->public_key("smbbnwfhybb3h5ty");
$config->private_key("****");
get '/' => sub {
template 'form'
};
post '/create_transaction' => sub {
my $result = Net::Braintree::Transaction->sale({
amount => "1000.00",
credit_card => {
number => param("number"),
expiration_month => param("month"),
expiration_year => param("year"),
cvv => param("cvv")
},
options => {
submit_for_settlement => 1
}
});
my $success = $result->is_success ? "true" : "false";
if ($result->is_success) {
return "<h1>Success! Transaction ID: " . $result->transaction->id . "</h1>"
} else {
return "<h1>Error: " . $result->message . "</h1>"
}
};
Dancer->dance;
and my Form.tt file
<html>
<head>
</head>
<body>
<h1>Braintree Credit Card Transaction Form</h1>
<div>
<form action="/create_transaction" method="POST" id="braintree-payment-form">
<p>
<label>Card Number</label>
<input type="text" size="20" autocomplete="off" data-encrypted-name="number" />
</p>
<p>
<label>CVV</label>
<input type="text" size="4" autocomplete="off" data-encrypted-name="cvv" />
</p>
<p>
<label>Expiration (MM/YYYY)</label>
<input type="text" size="2" data-encrypted-name="month" /> / <input type="text" size="4" data-encrypted-name="year" />
</p>
<input type="submit" id="submit" />
</form>
</div>
<script type="text/javascript" src="https://js.braintreegateway.com/v1/braintree.js"></script>
<script type="text/javascript">
var braintree = Braintree.create('MIIBCgKCAQEA1E9xWJbLZeJVM9VuITkFTLbYhbxERQ64hKqDL495BTwJBJaTz+Y29U555ekRaAGeOzuRAP7wgsOhyKsvKn3w7i3JVakdPYJSLMKgjqrQOTxSxUaUn+qpb+etJiALC3lsckmh04Io/x8B16hZAKhjQTB1XUZtuEcT8Pe0ObPlnZpWPXayMGElyBQnS/AaLWE7VZiq7ezqiRl5atp7RatAUACvfTkpRdlBAw9XuaEpgKPLPWtj8CQCJk3LDYWjrLvwGKQ/LW/uPoBpfVmqbbSVe1sAaZcdMcPyqL0viYn3QSIkiLhz8SvCJExo4XaMBSGOENg2bCbBWNHSNiJzrdZA4wIDAQAB');
braintree.onSubmitEncryptForm('braintree-payment-form');
</script>
</body>
</html>
Per comments, the error was actually caused by a proxy issue. Bypassing the proxy resolved the problem.
I want to update the value from a input/textfield with a calculated value from the cookie.It's like a mini local cookie cart.
Saving and retrieving the json from the cookie is a piece of cake.
In my behavior I fail to make the following work:
I added a class for every node in the input field, it's constructed like the example below.
Myid = 'webform_cart_nid_10';
formElement = $('.' + Myid);
console.log(formElement);
The html is quite nested and can be seen http://it2servu.be/broodjes/bestellen (if I may link?) .
the field whose value I want to update looks like this:
<input class="webform_cart_nid_10 webform_cart_nid form-text" type="text" id="edit-submitted-cart-item-cart-elements-10" name="submitted[cart_item][cart_elements][10]" value="0" size="3" maxlength="128">
Is contained in drupal output with severe div-itis.
<div class="page clearfix" id="page">
<div id="section-content" class="section section-content">
<div id="zone-content-wrapper" class="zone-wrapper zone-content-wrapper clearfix">
<div id="zone-content" class="zone zone-content clearfix container-12">
<div class="grid-12 region region-content" id="region-content">
<div class="region-inner region-content-inner">
<div class="block-inner clearfix">
<div class="content clearfix">
<div class="node node-webform node-promoted view-mode-full clearfix ">
<div class="field field-name-title field-type-ds field-label-hidden">
<form class="webform-client-form" enctype="multipart/form-data" action="/broodjes/bestellen" method="post" id="webform-client-form-5" accept-charset="UTF-8">
<div>
<fieldset class="collapsible form-wrapper collapse-processed" id="edit-submitted-cart-item-cart-elements">
<div class="fieldset-wrapper">
<div class="form-item form-type-textfield form-item-submitted-cart-item-cart-elements-10">
<input class="webform_cart_nid_10 webform_cart_nid form-text" type="text" id="edit-submitted-cart-item-cart-elements-10" name="submitted[cart_item][cart_elements][10]" value="0" size="3" maxlength="128">
...
probably it's something stupid, I just can't figure out what it is?
Your problem is with jQuery. If you pop open the console in Chrome and type jQuery, it returns the jQuery function. If you type $ it returns undefined. You have some sort of collision causing $ not to be set to jQuery.
use "jQuery" instead of "$"
Myid = 'webform_cart_nid_10';
formElement = jQuery('.' + Myid);
console.log(formElement);
the "$" never worked for me in Drupal 7.
I got a big problem with a Botnet...I think it is a botnet...
What happens?
The bot fills out the form and spams the database.
Here is the form:
<form method="POST" action="">
<textarea name="text2" style="width: 290px; margin-bottom: 10px;"></textarea>
<center>
<img id="captcha" alt="Captcha" src="http://www.mysite.de/php/captcha/Captcha_show.php?sid='2d7dd1256d06a724c34b9d703f3733e9">
<br>
<a onclick="document.getElementById('captcha').src = 'php/captcha/Captcha_show.php?' + Math.random(); return false" href="#">
<br>
<input id="mod" class="inputbox" type="text" alt="Bitte die Zeichen des Bildes eingeben." style="width: 280px" maxlength="15" name="captcha_code" value="">
<sub>Bitte die Zeichen des Bildes abschreiben</sub>
<br>
<br>
<input class="button" type="submit" value="Hinzufügen" name="submit">
</center>
</form>
Here is an array with words that can´t be inserted:
$badWords = array("/delete/i","/deleted/i","/deletee/i", "/update/i", "/updateu/i", "/updateup/i","/union/i","/unionu/i","/unionun/i", "/insert/i","/inserti/i","/insertin/i","/drop/i","/dropd/i","/dropdr/i","/http/i","/httph/i","/httpht/i","/--/i", "/url/i", "/urlu/i", "/urlur/i", "/true/i", "/truet/i", "/truetr/i", "/false/i", "/falsef/i", "/falsefa/i","/!=/i","/==/i", "/insurance/i", "/eating/i", "/viagra/i");
$text3 = preg_replace($badWords, "a12", $text2);
if($text3 != $text2){
echo "<center><b>No valid data!</b></center> <meta http-equiv=\"refresh\" content=\"2; URL=http://www.mysite.de\">";
exit;
}
So normally the user should not be able to post any text with e.g. "viagra" in it.
I can´t understand how someone or a bot could insert a text with some of these bad words?
I am using PDO and functions like htmlspecialchars() stripslashes() strip_tags() htmlspecialchars() to prevent the hack...
Any ideas?
Your script can be hacked by HTML entities:
Example:
The input is "Hello" but in code it is Hello.
If you now run a preg_match you will not find anything
var_dump(preg_match('/Hello/i','Hello'));
// returns int 0
If you want to prevent SQL injections: Use prepared statements.
If you not want to be spammed, you have also to look for an other way, as long as I could simply insert a valid string many times.
Notice: I think you can prevent my hack by using html_entity_decode
var_dump(preg_match('/Hello/i',html_entity_decode('Hello')));
// returns int 1
I want to post my user and password with Perl to a website. The source of the login page is:
<div class="top">Sign In</div>
<div class="row"><label for="username">Username:</label></div>
<div class="row"><div id="login:usernameContainer">
<input id="login:usernameContainer:username" type="text"
name="login:usernameContainer:username" class="username" size="16" />
</div></div>
<div class="row"><label for="password">Password:</label></div>
<div class="row"><div id="login:j_id598">
<input id="login:j_id598:password" type="password"
name="login:j_id598:password" value="" size="16" class="password" />
</div></div>
<div class="clearfix">
<div class="row rememberme">
<input id="login:rememberme" type="checkbox"
name="login:rememberme" class="rememberme" />Remember Me
</div>
<div class="submit-button">
<input type="image" src="/beta/style/shun/base/base/en/text/button/button-login.gif"
name="login:j_id603" />
</div>
</div>
What am I going to do to post my user and password?
Thanks in advance.
You use appropriate field names (you can find them in the HTML you posted) and populate the form values for whatever Perl code you use to post to the page (WWW::Mechanize or whatever else you use)
See http://search.cpan.org/dist/WWW-Mechanize/lib/WWW/Mechanize.pm for details on the module, but here's a stab at it:
use strict; use warnings;
use WWW::Mechanize;
my $mech = WWW::Mechanize->new();
$mech->get( 'http://url.to/your/form' );
$mech->submit_form(
form_number => 0, # see if it's the first form, or change this
fields => {
'login:usernameContainer:username'
=> 'username', # change to your user name
'login:j_id598:password'
=> 'password', # change to your password
}
);
If it doesn't work for you, or the fields have always different names or such, try using $mech->find_link with a regex and use the returned values to change the fields you need, then submit the form.
hope this helps