Implementing Recaptcha 2


#1

Hello, the site I have inherited currently runs Recaptcha 1, I believe the code to implement that is in the lines below. I don’t have enough knowledge of what to change to modify this to Recaptcha 2 which the dialogue box is telling me I need to do before the end of this month, any help or suggestions are warmly welcomed.

Thanks in advance

[php]<?php
// Recaptcha settings (from http://code.google.com/apis/recaptcha/docs/php.html)
require_once(’./includes/recaptchalib.php’);
$publickey = “Obscured”;
$privatekey = “Obscured”;

function ShowComments($event_id, $type, $date_start) {
// Displays the comments for the selected event
// … and saves comments submitted

global $db_con, $base_url, $mail_from, $area_email, $_POST, $publickey, $privatekey;

if ($_POST["save_comment"] == "yes") { 
  // Try and save the comment!
  $s_name = $_POST["name"];
  $s_email = $_POST["email"];
  $s_comment = $_POST["comment"];
  $posted = date("Y-m-d H:i:s", GetUKTime());

  // Validate the reCAPTCHA entered (to prevent spam)
  if (trim($_POST["recaptcha_response_field"]) != "") {  
    $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
    if (!$resp->is_valid) { $error .= "- invalid reCAPTCHA entered<Br>"; }
  } else {
    $error .= "- invalid reCAPTCHA entered<br>"; 
  }

  if ($s_name == "") { $error .= "- enter your name!<BR>"; }
  if ($s_email == "") { $error .= "- enter your email (won't be displayed)!<BR>"; }
  if (trim($s_comment) == "") { $error .= "- no comment entered!<BR>"; }
  if (substr_count(strtolower($s_comment),"http") || substr_count(strtolower($s_comment),"www")) { $error .= "- comment may not contain web addresses!<BR>"; }

  if ($error == "") { 
    $sql = "INSERT INTO event_comments (event_id, posted, name, email, comment)
                   VALUES ($event_id, '$posted', '$s_name', '$s_email', '".mysql_real_escape_string($s_comment)."') ";

    $res = mysql_query($sql, $db_con);

    if (@mysql_affected_rows($db_con) < 1) {
      $error .= "- comment not saved!";
    } else {
      $saved = true;
    }

    @mysql_free_result($res);
  }
}

$sql = "SELECT EC.comment_id, EC.name, EC.comment, EC.email, 
               DATE_FORMAT(EC.posted, '%D %b %Y %H:%i') xposted ,
               E.title, E.region  
          FROM event_comments EC, events E 
         WHERE E.event_id = EC.event_id 
           AND EC.event_id = $event_id ";

if ($type != "future") { 
  $sql .= " AND (UNIX_TIMESTAMP(EC.posted)) >= 
                 UNIX_TIMESTAMP(CONCAT_WS(' ',E.date_start,E.departure_time))";
}

$sql .= "       ORDER BY comment_id ASC ";

$res = mysql_query($sql, $db_con);

echo "<TABLE WIDTH=\"100%\" BORDER=0 cellpadding=3 cellspacing=0>";
echo " <tr valign=top>";
echo "  <td>"; 

if ($res == "" || @mysql_num_rows($res) < 1) {
  echo "<BR><BR>[ <EM>no comments sumbitted!</EM> ]<BR><BR><BR>";
} else {
  while ($row = mysql_fetch_array($res)) {
    $posted = $row["xposted"];
    $name = $row["name"];
    $comment = HTMLOutput($row["comment"]);
    $title = $row["title"];
    $region = $row["region"];

    ?>
      <!--<div class="wrap">
       <img src="images/user.png" />
       <div class="comment" data-owner="">
        <h2 class="owner"><?php echo $name; ?></h2>
        <p><?php echo $comment; ?></p>
        <ol class="postscript">
         <li class="date"><?php echo $posted; ?></li>
        </ol>
       </div>
      </div> --!>
    <?php

    echo "<TABLE BORDER=\"1\" CELLPADDING=\"2\" CELLSPACING=\"0\" BORDERCOLOR=\"lightgrey\" WIDTH=\"100%\">";
    echo "<TR>";
    echo " <TD>";
    echo "  <SMALL>"; 
    echo "   <B>$posted :: <FONT COLOR=\"blue\">$name</FONT></B><BR>";
    echo $comment; 
    echo "  </SMALL>";
    echo " </TD>";
    echo "</TR>";
    echo "</TABLE>";
    echo "<BR>"; 
  }
}

echo "  </td>";
echo "  <td WIDTH=280>"; 


echo "<A NAME=\"comments\">"; 

if ($event_id == 269) { 
  // Show nothing
} elseif (($saved == false || $error) && $event_id != 269) { 
  // Show the form that allows a comment to be added
  ?>     
  <script type="text/javascript">
   var RecaptchaOptions = {
       theme : 'white'
   };
  </script>

  <TABLE BORDER="1" BORDERCOLOR="darkgray" WIDTH="100%" CELLPADDING="2" CELLSPACING="0">
   <TR>
    <TD ALIGN="CENTER">
     <FORM ACTION="events.php?event_id=<?php echo $event_id; ?>#comments" METHOD="POST">
      <INPUT TYPE="HIDDEN" NAME="save_comment" VALUE="yes">
      <TABLE BORDER="0" WIDTH="100%" CELLPADDING="2" CELLSPACING="0">
       <?php
         if ($error != "") { 
           echo "<TR BGCOLOR=\"lemonchiffon\">";
           echo "<TD COLSPAN=\"2\"><SMALL><FONT COLOR=\"red\">";
           echo "<b>Unable to save comment : <br><br>";
           echo $error;
           echo "<br><br></FONT></SMALL></TD>";
           echo "</TR>";
         }
       ?>
       <TR BGCOLOR="lemonchiffon">
        <TD width="80" align="right"><SMALL><B>Name :</B></SMALL></TD>
        <TD><INPUT TYPE="TEXT" CLASS="small" NAME="name" MAXLENGTH="30" SIZE="20" VALUE="<?php echo $s_name; ?>"></TD>
       </TR>
       <TR VALIGN="TOP" BGCOLOR="lemonchiffon">
        <TD align="right"><SMALL><B>Email :</B></SMALL></TD>
        <TD><INPUT TYPE="TEXT" CLASS="small" NAME="email" MAXLENGTH="60" SIZE="20" VALUE="<?php echo $s_email; ?>"><SMALL>*not displayed</SMALL></TD>
       </TR>
       <TR BGCOLOR="lemonchiffon" valign="top">
        <TD align="right">
         <SMALL><B>Comment :</B></SMALL>
        </td>
        <td>
         <TEXTAREA NAME="comment" CLASS="small" COLS="30" ROWS="8"><?php echo $s_comment; ?></TEXTAREA>
        </TD>
       </TR>
       <tr>
        <td colspan="2">
         <?php 
           echo recaptcha_get_html($publickey);
         ?>
       <TR BGCOLOR="lemonchiffon">
        <TD COLSPAN="2" ALIGN="RIGHT">
         <INPUT TYPE="SUBMIT" VALUE="Save Comment" CLASS="small">
        </TD>
       </TR> 
      </TABLE>
     </FORM>

    </TD>
   </TR>
  </TABLE> 
  <?php
} else {
  echo "<br><center><b><font color=red>Comment saved</font</b></center>";
}

@mysql_free_result($res);

echo "  </td>";
echo " </tr>";
echo "</table>"; 

// Attempt to send an email notification indicating comment posted
// to relevant area co=ordinator
if ($saved && $area_email[$region] != "") {
  $subject = "MX5Scotland - Comment Posted";
  $to = $area_email[$region];

  $body  = "MX5Scotland - Comment Posted\n\n";
  $body .= "Event : $title\n";
  $body .= "Link : $base_url/events.php?event_id=$event_id\n";
  $body .= "Comment by : $s_name ($s_email)\n\n";
  $body .= "$s_comment\n\n";

  $res =  mail($to, $subject, $body, "From: $s_name <$s_email>\nReturn-Path: <$s_email>\n","-f$mail_from");

  if ($res == false) {
    // Message not sent
  } else {
    // Message sent
  }
}

}

// *********************************************************************

function ShowDetails($event_id, $info) {
// Function to display info about a future event
global $db_con;
global $path_to_gallery_images, $base_url;

// Fetch details about the event
$sql = "SELECT E.region, E.meeting_point, E.departure_time,
               E.title, E.details, E.route,
               E.report, E.car_count, 
               DATE_FORMAT(E.date_start, '%a %D %b %Y') date_start,
               DATE_FORMAT(E.date_end, '%a %D %b %Y') date_end
          FROM events E
         WHERE E.event_id = $event_id ";

$res = mysql_query($sql, $db_con);


if ($res == "" || @mysql_num_rows($res) < 1) { 
  ?>
  <BR><BR>
  <CENTER><B>Details for the specified event could not be found</B></CENTER><BR>
  <BR>";
  <A HREF="events.php">&lt;&lt; Back to events page</A>";
  <?php
} else {
  $row = mysql_fetch_array($res);

  $title = $row["title"];
  $details = HTMLOutput($row["details"]);
  $route = $row["route"];
  $region = $row["region"];
  $meeting_point = $row["meeting_point"];
  $departure_time = $row["departure_time"];
  $date_start = $row["date_start"];
  $date_end = $row["date_end"];
  $report = HTMLOutput($row["report"]);
  $car_count = $row["car_count"];

  $tmpSTART = strtotime("$date_start $departure_time");
  $tmpNOW = GetUKTime();

  $diff = $tmpNOW - $tmpSTART;
  $diff = $diff/60/60;

  // An event is classed as a previous event if 6 hours (or more) in
  // the past (see above calculation!!)

  if ($diff >= 1) {
    $type = "previous";
  } else {
    $type = "future";
  }
  if ($car_count < 1) {  
    $car_count = "<SMALL>Unknown</SMALL>";
  }

  if ($meeting_point == "") { 
    $meeting_point = "TBA";
    $departure_time = "TBA";
  } else {
    $departure_time = substr($departure_time, 0, 6); 
  }

  if ($date_end != "") { 
    $event_date = "$date_start <SMALL>to</SMALL> $date_end"; 
  } else {
    $event_date = $date_start;
  }
  ?>
  <CENTER>
  <br>
  <TABLE BORDER="0" CELLPADDING="6" CELLSPACING="0" BORDERCOLOR="darkgray" WIDTH="97%">
   <TR BGCOLOR="darkgray">
    <TD>
     <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%">
      <TR>
       <TD>
        <B><FONT COLOR="black" size="5"><?php echo $title; ?></FONT></B><BR>
        <B><FONT COLOR="royalblue" size="4"><?php echo $event_date; ?></FONT></B><br>
        <b><font color="darkblue">organised by <?php echo ucfirst($region); ?> Scotland</font></b> 
        <?php if ($type == "previous") { ?>
            <br><br><b>Car Count : <?php echo $car_count; ?></b>
        <?php } ?>

       </TD>
       <TD ALIGN="RIGHT">
        <?php
          if ($route != "") {
            echo "<A HREF=\"$base_url/docs/$route\" TARGET=\"_blank\">";
            echo "<IMG SRC=\"images/map.gif\" TITLE=\"Download Route Instructions\" BORDER=\"0\" width=\"100\"></a>";
          } else {
            echo "&nbsp;";
          }
        ?>
       </TD>
      </TR>
     </TABLE> 
    </TD>
   </TR>
   <TR>
    <TD>
     <TABLE BORDER="0" CELLPADDING="2" CELLSPACING="0" WIDTH="100%">
      <TR VALIGN="TOP">
       <TD colspan="2">
        <TABLE>          
        <?php
          if ($type == "future") {
            echo "<TR>";
            echo " <TD BGCOLOR=\"lightgrey\" WIDTH=\"120\"><B>&nbsp;Meeting Point :</B></TD>";
            echo " <TD>$meeting_point&nbsp;</TD>";
            echo "</TR>";
            echo "<TR>";
            echo " <TD BGCOLOR=\"lightgrey\" WIDTH=\"120\"><B>&nbsp;Departure Time :</B></TD>";
            echo " <TD>$departure_time&nbsp;</TD>";
            echo "</TR>";
          } else {
            if ($info == "y") { 
              echo "[ <a href=\"events.php?event_id=$event_id\">show event report</a> ]";
            } else { 
              echo "[ <a href=\"events.php?event_id=$event_id&info=y\">show pre-run info</a> ]";
            }
          }           
        ?>
        </TABLE>
        <BR>
        <?php
          if ($type == "previous" && $info != "y") { 
            echo $report;
          } else {
            echo $details; 
          }

          if ($route != "") { 
            echo "<BR><BR>"; 
            echo "<CENTER>";
            echo "<A HREF=\"$base_url/docs/$route\" TARGET=\"_blank\">";
            echo "<IMG SRC=\"images/map.gif\" TITLE=\"Download Route Instructions\" BORDER=\"0\">";
            echo "<BR>$route</A>";
            echo "</CENTER>"; 
          }
        ?> 
        <BR><BR>
       </TD>
      </TR>
      <?php if ($type == "previous") { ?>
       <TR valign="middle">
        <td bgcolor="lightgrey" align="center" colspan="2">
         <img src="images/camera2.gif" align="left"><br><B>Event Images</B>
        </td>
       </tr>
       <TR>
        <td colspan="2" align="center">
         <?php
           $sql = "SELECT * FROM events_gallery 
                   WHERE event_id = $event_id 
                   ORDER BY posted DESC ";

           $pres = mysql_query($sql, $db_con);

           if ($pres == "" || @mysql_num_rows($pres) < 1) { 
             echo "<BR><I>no images have been uploaded for this event</I>";
           } else {
             $image_count = 0;

             while ($row=mysql_fetch_array($pres)) {
               if ($image_count == 6) { 
                 $image_count = 0;
                 echo "<BR>";
               }

               $filename = $row["filename"];
               $title = $row["title"];
               if ($row["description"] == '') { 
                 $description = "Photo taken by ".$row["name"];
               } else {
                 $description = "'".$row["description"]."' by ".$row["name"];
               }

               //echo "<A HREF=\"photo.php?events_gallery_id=".$row["events_gallery_id"]."&photo=".$path_to_gallery_images.$row["filename"]."\" OnClick=\"javascript:window.open(this.href,'_blank','menubar=no,location=no,resizable=yes,scrollbars=no,status=no,width=400,height=300'); return false;\"><IMG BORDER=\"0\" SRC=\"".$path_to_gallery_images."thumb_".$row["filename"]."\"></A>&nbsp;";
               echo "<a href=\"$path_to_gallery_images$filename\" alt=\"$description\" rel=\"lightbox[mx5grp]\" title=\"$description\"><img src=\"$path_to_gallery_images"."thumb_$filename\" border=\"0\"></a>&nbsp;\n";

               $image_count++;
             }
           }

           @mysql_close($pres);
         ?>
         <BR><BR>
         [<A HREF="<?php echo $base_url; ?>/event_image_upload.php?id=<?php echo $event_id; ?>" OnClick="javascript:window.open(this.href,'imageuploadwin','menubar=no,location=no,resizable=yes,scrollbars=yes,status=yes,width=550,height=600'); return false;">Click here to upload your image(s)</A>]<BR>
         <SMALL>(A guide can be found on the help pages)</SMALL>
         <BR><BR>
        </td>
       </TR>
      <?php } ?>
      <TR>
       <td bgcolor="lightgrey" align="center" colspan="2">
        <B>Your Comments</B>
       </td>
      </tr>
      <tr>
       <TD colspan="2" ALIGN="CENTER">
        <?php
            ShowComments($event_id, $type, $date_start);
        ?>
       </TD>
      </TR>
     </TABLE> 
    </TD>
   </TR>
  </TABLE>
  </CENTER>
  <?php 

  echo "<BR>";
  echo "<A HREF=\"events.php?region=$region&type=$type\">&lt;&lt; Back to ".ucfirst($region)." $type events</A>";   
}

@mysql_free_result($res); 

}

ShowDetails($_GET[“event_id”], $_GET[“info”]);

?>
[/php]


#2

My first suggestion would go to the horse’s mouth -> https://www.google.com/recaptcha/intro/

After that do a internet search on Google reCAPTCHA. Sorry about that but when I setup my reCAPTCHA I came across a very nice website that explained it perfectly though I can’t remember the URL.

You should see code looking something like the following:
[php] /* The Following to get response back from Google recaptcah */
$url = “https://www.google.com/recaptcha/api/siteverify”;

        $remoteServer = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_SANITIZE_URL);
        $response = file_get_contents($url . "?secret=" . PRIVATE_KEY . "&response=" . \htmlspecialchars($_POST['g-recaptcha-response']) . "&remoteip=" . $remoteServer);
        $recaptcha_data = json_decode($response);
        /* The actual check of the recaptcha */
        if (isset($recaptcha_data->success) && $recaptcha_data->success === TRUE) {
            $data['name'] = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $data['email'] = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $data['phone'] = filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $data['website'] = filter_input(INPUT_POST, 'website', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $data['reason'] = filter_input(INPUT_POST, 'reason', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
            $data['comments'] = filter_input(INPUT_POST, 'comments', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

            $send = new Email($data);
        } else {
            $success = "You're not a human!"; // Not of a production server:
        }[/php]

However, explaining it much better than I. Going to Google itself should help you a lot in itself.

P.S. After looking over your code there is obsolete code (mysql) that will probably have to be fixed as well. :frowning:


#3

Thanks, I think there is a lot of obsolete stuff in this and until I learn more about PHP or replace the site with something else then I have to live with it.

My problem is I’m not a coder at all, I can do copy/paste and steal someone else’s glory… :smiley:

I’m not sure I where to start to completely re-implement recaptcha 2, if it was as simple as replace this code with this I can give it a try otherwise I’ll have to try a different route.