How can I implement in TYPO 3 server side validation? - validation

I am using TYPO 3 version 6.2.14. In this version I am using Formhandler Plugin to generate a contact form. I have implemented custom code of Google
reCAPTCHA V2 Explicitly render. Now reCAPTCHA code is generated. But it is not performing server side validation. I have also created php file for serverside validation inside fileadmin/templates/fromhandler/serversidevalidation.php
if(isset($_POST['g-recaptcha-response']))
{
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
echo '<h2>Please check the the captcha form.</h2>';
exit;
}
$secretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
$ip = $_SERVER['REMOTE_ADDR'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
$responseKeys = json_decode($response,true);
echo $responseKeys;
if(intval($responseKeys["success"]) !== 1) {
echo '<h2>You are spammer ! Get the bot out</h2>';
} else {
echo '<h2>Thanks for posting </h2>';
}
But this simple php file is not including in TypoScript. How can I implement server side validation with formhandler extension. I do not want to use extension because of compatibility issue. Can someone guide me?

Related

Google recaptcha when posting to different server

I have a form with recaptcha V2:
https://www.fisherwallace.com/pages/do-you-qualify-to-use-the-device
It posts to a different server and then redirects back to a different page on the server with the recaptcha form.
Recaptcha site says: "We detected that your site is not verifying reCAPTCHA solutions." I assume it's due to posting to the different server.
NOTE: You'll see I have a clumsy workaround at the moment to address the fact that the recaptcha does not challenge automatically. Without the workaround, the recaptcha is there but nothing happens on submit.
I found some sample PHP code for the server side...
$email;$comment;$captcha;
if(isset($_POST['email'])){
$email=$_POST['email'];
}
if(isset($_POST['comment'])){
$comment=$_POST['comment'];
}
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
echo '<h2>Please check the the captcha form.</h2>';
exit;
}
$secretKey = "Put your secret key here";
$ip = $_SERVER['REMOTE_ADDR'];
// post request to server
$url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha);
$response = file_get_contents($url);
$responseKeys = json_decode($response,true);
// should return JSON with success as true
if($responseKeys["success"]) {
echo '<h2>Thanks for posting comment</h2>';
} else {
echo '<h2>You are spammer ! Get the #$%K out</h2>';
}
Clearly lots of this code is moot since the user does not actually load the POST server page.
But will this part get the callback recaptcha needs?
$secretKey = "Put your secret key here";
$ip = $_SERVER['REMOTE_ADDR'];
// post request to server
$url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha);
$response = file_get_contents($url);
$responseKeys = json_decode($response,true);
// should return JSON with success as true
If the IP is a mismatch, can i hard code it using the IP from the originating server?
IP is optional
You need to do file_get_contents 'method' => 'POST' for siteverify

Joomla 3 reCaptcha validation

I have a simple custom form in Joomla 3.6 that I have added reCaptcha to successfully. However, I am struggling with validating this.
After a few web searches, I can up with the following code:
$joomla_captcha = JFactory::getConfig()->get('captcha');
if ( $joomla_captcha != '0') {
$jpost = JFactory::getApplication()->input->post;
$reCaptcha = $jpost->get("g-recaptcha-response");
$dispatcher = JEventDispatcher::getInstance();
$captcha_response = $dispatcher->trigger('onCheckAnswer', $reCaptcha);
}
if ( ! $captcha_response[0] ) {
die("Invalid Captcha");
}
However, the form is passing whether the captcha is done or not.
What changes do I need to make to pick up whether the captcha was passed or not?
The form is really basic and I am loathe to install yet another component just for this validation.
Okay, it appears I hit a brick wall in trying to find a "Joomla" way to do this that calls on inbuilt API methods.
Since I am only using Google reCaptcha, I found on Google's site that the "g-recaptcha-response" field is empty if the captcha challenge has not been completed and not empty if correctly completed.
So, for Google reCaptcha, I need to test the "g-recaptcha-response" field and my code example becomes:
$joomla_captcha = JFactory::getConfig()->get('captcha');
if ( $joomla_captcha != '0') {
$jpost = JFactory::getApplication()->input->post;
$reCaptcha = $jpost->get("g-recaptcha-response");
}
if ( isset( $reCaptcha ) && empty( $reCaptcha ) {
die("Invalid Captcha");
}
This is obviously limited to Google reCaptcha and would have been nice to query the Joomla API Layer instead to allow flexibility but good enough.
Edit
The following Joomla API calls will return "true" or "false" into $completed indicating whether the captcha passed or not
$config = JFactory::getConfig()->get('captcha');
$captcha = JCaptcha::getInstance($config);
$completed = $captcha->CheckAnswer();
if ($completed === false) {
die("Invalid Captcha");
}
Preferable to the earlier approach as will be able to work with other captcha plugins that may be added to Joomla.

Trouble implementing omnipay

I am using codeigniter and would like to implement omnipay. My development environment is windows and i use wamp server. After much struggle i installed it downloading composer and then curl and then changing the access controls in httpd.conf.
Now i am having trouble using the functions of omnipay. I have created a gateway with this code
echo 'testing the omnipay';
require 'Vendor/autoload.php';
use Omnipay\Common\GatewayFactory;
$gateway = GatewayFactory::create('PayPal_Express');
$gateway->setUsername('some_username');
$gateway->setPassword('some_password');
$gateway->setSignature('some_signature');
$gateway->setTestMode(true);
I am not sure how to proceed furthur
I would like to know if there are any tutorials or online documentation for proper use of omnipay
regards,
Nandakumar
Once you have set created the gateway, you can make a purchase with it. The documentation is in the README which comes with Omnipay.
There is an example here: https://github.com/omnipay/omnipay#tldr
and here: https://github.com/omnipay/omnipay#gateway-methods
$response = $gateway->purchase(['amount' => '10.00', 'currency' => 'USD', 'card' => $formData])->send();
if ($response->isSuccessful()) {
// payment was successful: update database
print_r($response);
} elseif ($response->isRedirect()) {
// redirect to offsite payment gateway
$response->redirect();
} else {
// payment failed: display message to customer
echo $response->getMessage();
}

undefined method mysqli_ssl_set

I am having a problem, I am trying to write some code listed below in php;
<?php
session_start();
if ($_SESSION['reg00'] != "yes")
{
header ('Location: https://somewebsite.ca/nodirect.html');
exit();
}
$EmailAddress = $_POST["EmailAddress"];
$_SESSION['reg01'] = "yes";
if (!$EmailAddress)
{
die ('All fields are required');
}
if (!filter_var($EmailAddress, FILTER_VALIDATE_EMAIL))
{
die ('Please verify you have included the correct email address');
}
$db = mysqli_init();
$db->mysqli_ssl_set($db, 'C:\apache\apache\conf\00key.pem', 'C:\apache\apache\conf\00cert.pem', NULL, NULL, NULL);
// $db->mysqli_real_connect($db, 'localhost', 'User', 'Password', 'ibank', MYSQLI_CLIENT_SSL);
// $con = mysqli_connect('localhost', 'User', 'Password', 'ibank');
// $get = $db->prepare('SELECT EmailAddress FROM accounts WHERE EmailAddress = ?');
// $get->bind_param('s', $EmailAddress);
// $get->execute();
// $result = $get->get_result();
// if ($row = $result->fetch_assoc())
// {
// die ('Email Address exists already');
// }
$db->close();
// mysqli_close($con);
session_write_close();
?>
The line I am specifically having trouble with is "$db->mysqli_ssl_set" everytime I run it I get undefined method, I have altered everything I can think of, did a thorough search on both Google and Stackoverflow and was unable to find any similar problems with a solution, can you please help me.
P.S. User and Password are not my credentials, I have not included my true credentials, LOL, I am using Apache 2.4.4, PHP 5.4.14 and MySQL 5.6.11 Community Version on Windows 7. I created the encryption keys myself using OpenSSL 1.0.1e.
To give a quick rundown of what I am trying to do, I am trying encrypt my connection between PHP and MySQL using my account which is set up for 256 bit enryption on MySQL. I am not even 100% whether or not I am going about it the right method. I originally had a standard account set up in MySQL and was able to connect to that with no problems.
I am also using the encryption key and certificate created for my website, can I do that, or do I have to create some specifically for PHP. Any assistance will be greatly appreciated, thank you.
I am ignoring some lines with a // because I am only uncommenting the lines if I know everything else is working, to help me narrow down exactly which line is causing the problem.
$db->mysqli_ssl_set should be $db->ssl_set

One list, two different thank you pages with Mailchimp

Mailchimp ties each form to one list.
I'd like to have a signup form on Page1.html that sends users to Page1ty.html and another form on Page2.html that sends users to Page2ty.html. But both forms need to feed users into the same list. As stated above, this isn't possible using their basic forms. I would need two list.
Mailchimp says this kind of routing might be possible using their API. Does any one know how to go about accomplishing the above kind of signups?
You would just create custom forms and tie into the MailChimp API, but as of their latest update you'll need to make sure you have administrator privileges.
You include (require) the MCAPI.class.php and config.inc.php files from their API downloads, and then write your process (I use PHP).
Once you have downloaded the files and set up your 'config.inc.php` file with the proper credentials, (API Key and list ID) you're ready to go.
Here's a sample in PHP that subscribes a user to a list, but you'll have to read the API docs to get the exact functionality you're looking for.
<?php
session_start();
// --- Sample fields - depends on your list
$mailChimpTIME = date('Y-m-d H:i:s');
$mailChimpFirstName = // First Name
$mailChimpLastName = // Last Name
$mailChimpEmailAddress = // Email Address
require_once 'MCAPI.class.php';
require_once 'config.inc.php'; //contains apikey
$api = new MCAPI($apikey);
$merge_vars = array(
'FNAME'=>$mailChimpFirstName,
'LNAME'=>$mailChimpLastName,
'EMAIL'=>$mailChimpEmailAddress,
'OPTIN_IP'=>$_SERVER['REMOTE_ADDR'],
'OPTIN_TIME'=>$mailChimpTIME
);
$email_type = 'html';
$double_optin = true;
$update_existing = true;
$replace_interests = false;
// By default this sends a confirmation email - you will not see new members
// until the link contained in it is clicked!
$retval = $api->listSubscribe( $listId, $mailChimpEmailAddress, $merge_vars, $email_type, $double_optin, $update_existing, $replace_interests);
if ($api->errorCode){
echo "Unable to load listSubscribe()!\n";
echo "\tCode=".$api->errorCode."\n";
echo "\tMsg=".$api->errorMessage."\n";
} else {
// Success
//echo "Subscribed - look for the confirmation email!\n";
}
?>

Resources