google recaptcha not working scalahosting - recaptcha

I have two shared hosting account from godaddy and scalahosting, I test this google recaptcha code on both hosting account this code working on godaddy but not in scalahosting, Out put result will be (in this code) "You are spammer !" So what is this issue ?
Is this web hosting issue ? or ?
<html>
<head>
<title>Google recapcha demo - Codeforgeek</title>
<script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<h1>Google reCAPTHA Demo</h1>
<form id="comment_form" action="form.php" method="post">
<input type="email" placeholder="Type your email" size="40"><br><br>
<textarea name="comment" rows="8" cols="39"></textarea><br><br>
<input type="submit" name="submit" value="Post comment"><br><br>
<div class="g-recaptcha" data-sitekey="6LftgAUTAAAAAAQkns-ihN6BIbp4Tje5_OF_TSv5"></div>
</form>
</body>
</html>
<?php
$email;$comment;$captcha;
if(isset($_POST['email'])){
$email=$_POST['email'];
}if(isset($_POST['comment'])){
$email=$_POST['comment'];
}if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
echo '<h2>Please check the the captcha form.</h2>';
exit;
}
$secretKey = "6LftgAUTAAAAAIcMb0tbYDYBN9mi_ZyIydMe2Zug";
$ip = $_SERVER['REMOTE_ADDR'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha."&remoteip=".$ip);
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) !== 1) {
echo '<h2>You are spammer !t</h2>';
} else {
echo '<h2>Thanks for posting comment.</h2>';
}
?>

You need a separate key for each domain and that domain needs to be added to the recaptcha domain names.

Related

cookies and session in login form

I need to create a login form with session and cookies . I tried a code in login as well as logout but the cookie is not working for me. I am a beginer kindly help and below is my code for login and log out. Thanx in advance
Login.php:
<?php
session_start();
$message="";
if(count($_POST)>0) {
$conn = mysqli_connect('localhost','root','Spiegel#123','sachin') or
die('Unable To connect');
$result = mysqli_query($conn,"SELECT * FROM login WHERE name='" .
$_POST["name"] . "' and password = '". $_POST["password"]."'");
$row = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["name"] = $row[name];
} else {
$message = "Invalid Username or Password!";
}
}
if(isset($_SESSION["id"])) {
setcookie("name", $_SESSION["name"], time()+60*60*24*100, "/");
header("Location:one.php");
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<form name="frmUser" id="frmUser" method="post" action="" align="center">
<div class="message"><?php if($message!="") { echo $message; } ?></div>
<h3 align="center">Enter Login Details</h3>
Username:<br>
<input type="text" name="name">
<br>
Password:<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Submit">
<input type="reset">
</form>
</body>
</html>
Logout.php:
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
unset($_COOKIE['name']);
header("Location: login.php"); // Redirecting To Home Page
}
?>
you need to set cookie for time before now like below:
setcookie('name', null, -1, '/');

reCaptcha ERROR: Invalid domain for site key in Google Server

i get recaptcha, put my domain.com.ar and get a key
i use this code
Code.gs
function doGet() {
var t = HtmlService.createTemplateFromFile('Index')
return t.evaluate().setTitle("Contacto de Usuarios").setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
function include(filename) {
return HtmlService.createHtmlOutputFromFile(filename)
.getContent();
}
function processForm(formObject) {
var userCompleto = formObject.userCompleto;
var Email = formObject.Email;
var Movil = formObject.Movil;
var Mensaje = formObject.Mensaje
var captcha = formObject.g-recaptcha-response
var captcha1 = formObject.g-recaptcha
Logger.log(userCompleto+Email+Movil+captcha)
//etc code ........
}
Index.htm
<form id="myForm2" action="?" method="post" >
<input type="text" name="userCompleto" value="" class="ss-q-short" id="userCompleto" size="30">
<input type="text" name="Email" value="" class="ss-q-short" id="Email" size="30">
<input type="text" name="Movil" value="" class="ss-q-short" id="Movil" size="30">
<textarea rows="4" cols="50" name="Mensaje" value="" class="ss-q-short" id="Mensaje" size="30" >
<div id= "example2"></div>
<input type="button" value="Comunicate" id="comunica" name="comunica" style="height: 30px" onclick="validateForm2()" />
</form>
<?!= include('JavaScript'); ?>
JavaScript.htm
<script type="text/javascript">
var onloadCallback = function() {
var widgetId2 = grecaptcha.render(document.getElementById('example2'), {
'sitekey' : '6LeDlhUTAAAAAMbdjlTLHDzA8MMb_pQS6epqgLHs'
});
};
</script>
<script src="https://www.google.com/recaptcha/api.js onload=onloadCallback&render=explicit" async defer>
</script>
<script type='text/javascript' >
function validateForm2(){
//..validation
var objDatosGuardar = document.getElementById("myForm2")
google.script.run.processForm2(objDatosGuardar);
};
</script>
trow a ERROR ERROR: Invalid domain for site key
I try change de key for the captcha and nothing
I try to put in the key new domains like 127.0.0.0
I dont get Looger.log nothing
Please Help
Could you have a look of your environment and check if one of the cases below applies?
Someone seems like solve the same problem by deleting the existing key and reissuing the key.
reCAPTCHA ERROR: Invalid domain for site key
Using reCAPTCHA on localhost: This question below says that there is a possibility that you need to reissue, if you migrated from the V1 to V2.
And one of the comments in this question also suggests you may need to add a different name, not localhost.
I personally used reCaptcha and reCaptchaV2 and never came across this problem, and noticed that I always used a domain name specified by hosts file(/etc/hosts) even if it run in my localhost.

PHP Session issues, perhaps lost data?

I'm having some issues using sessions on my test website (Running it on WAMP server locally, using PHP php5.3.13) I have checked my php.ini to make sure that sessions are actually being saved, which they are:
C:\wamp\tmp
Basically, when the user logs in it shows, Welcome back, .$username so when I log in with the user "John", it shows this accordingly. Now, when I leave the login page and go back to it this sessions is somehow being lost. (And yes, I am using session_start at the top of every page).
Here is my code;
index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Codecall Tutorials - Secured Login with php5</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php include "header.php" ?>
<div id="wrapper">
<form method="post" action="">
<h2>Log In</h2>
<div id="underline"></div>
<ul>
<li>
<label for="usn">Username : </label>
<input type="text" maxlength="30" required autofocus name="username" />
</li>
<li>
<label for="passwd">Password : </label>
<input type="password" maxlength="30" required name="password" />
</li>
<li class="buttons">
<input type="submit" name="login" value="Log me in" class="xbutton" />
<input type="button" name="register" value="Forgot Password?" onclick="location.href='passrecover.php'" class="xbutton" />
</li>
</ul>
</form>
</div>
</body>
</html>
<?php include "login.php" ?>
And my login.php page:
<?php
if($_POST){
if(empty($_POST['username']) && empty($_POST['password'])) {
echo 'Please enter all fields';
}else {
$username = $_POST['username'];
$password = $_POST['password'];
if($password !== $password){
echo 'Your password is wrong';
}else {
$db_name =
$db_user =
$db_pass =
$conn = new PDO('mysql:host=localhost;dbname=XXXXX', 'XXXXX', 'XXXXX', // My bd details have been removed for this post, for security issues obviously
array( PDO::ATTR_PERSISTENT => true )
);
$stmt = $conn->prepare("SELECT username,password from members WHERE username = ? AND password = ?");
$stmt = $conn->prepare("SELECT username,password FROM users WHERE username = ? AND password = ?");
$stmt->execute(array($username, $password));
if($stmt->rowCount() === 1 )
{
$_SESSION['name']= $username;
echo 'Welcome back '. $_SESSION['name'];
//echo '<META HTTP-EQUIV="Refresh" Content="0; URL=usercp.php">';
}else {
echo 'Username or Password incorrect.';
}
}
}
}
?>
So, when I originally log in it shows the $_SESSION['name'];
just fine, but when I move page and go back to it, it no longer shows it. (My other pages also have session_start(); ) My original assumption was that my code was wrong, or that my php.ini file wasn't saving any data. What is going wrong here?
You need to add session_start() on your login.php too
The reason it no longer shows is because when you go to another page, you aren't processing that block of code anymore. Because $_POST is empty on a regular page load, so you aren't echoing anything out. Try adding, var_dump($_SESSION); at the top of your page and then load something.
Try this right after your session_start();,
if(!empty($_SESSION['name'])) {
echo "Hello {$_SESSION['name']}";
}
Perhaps you're destroying the session somewhere in the script.

How do I modify a .html file to give hardcoded inputs to input fields every time?

I want to access my Powerschool (powerschool.avon.k12.ct.us), and I find the need to type in my password and username every time rather tedious. To try and fix this I downloaded the page's source in Chrome, below:
<!DOCTYPE html>
<!-- saved from url=(0052)http://powerschool.avon.k12.ct.us/guardian/home.html -->
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Parent Sign In</title>
<meta http-equiv="X-UA-Compatible" content="IE=8">
<meta name="robots" content="noindex">
<link href="./Powerschool_files/screen.css" rel="stylesheet" type="text/css" media="screen">
<meta name="viewport" content="width=device-width">
<script src="./Powerschool_files/jquery-1.4.2.min.js"></script><style type="text/css"></style>
<script language="JavaScript" src="./Powerschool_files/md5.js" type="text/javascript"></script>
<script language="JavaScript" type="text/javascript"><!--
var pskey = "4EDE156E2FAD0F1A427D2AD066530F496ADC3EEA78CE43E70F28053576FD4EA1";
//-->
</script>
<script language="JavaScript" type="text/javascript">
function deleteCookie(cookieName){
var cookieDate = new Date();
cookieDate.setTime(cookieDate.getTime()-1);
document.cookie = cookieName + "=; expires='" + cookieDate.toGMTString()+"'; path=/";
}
deleteCookie("InformAuthToken");
function getURLParameter(name) {
return unescape(
(RegExp(name + '=' + '(.+?)(&|$)').exec(location.search)||[,null])[1]
);
}
var $j = jQuery.noConflict();
$j(document).ready(function() {
// Hide or show the translator login input field
// if the URL parameter "translator" is present
var translator = getURLParameter("translator");
if (translator == "null") {
$j('#translatorInput').hide();
} else {
if (translator == "true") {
$j('#translatorInput').show();
} else {
$j('#translatorInput').hide();
}
}
$j('a.popWin').click(function(){
var winURL = $j(this).attr('href');
window.open(winURL);
return false;
});
});
</script>
</head>
<body class="pslogin" id="palogin">
<div id="container">
<div id="branding-powerschool"><img src="./Powerschool_files/ps7-logo-lrg.png" alt="PowerSchool" width="280" height="41"></div>
<div id="content" class="group">
<form action="./Powerschool_files/Powerschool.htm" method="post" name="LoginForm" target="_top" id="LoginForm" onsubmit="doPCASLogin(this);">
<input type="hidden" name="pstoken" value="2465670387a1nxrEimrKqPMN0c7QbxxKLNZe16PRC">
<input type="hidden" name="contextData" value="4EDE156E2FAD0F1A427D2AD066530F496ADC3EEA78CE43E70F28053576FD4EA1">
<input type="hidden" name="dbpw" value="">
<input type="hidden" name="translator_username" value="">
<input type="hidden" name="translator_password" value="">
<input type="hidden" name="translator_ldappassword" value="">
<input type="hidden" name="returnUrl" value="">
<input type="hidden" name="serviceName" value="PS Parent Portal">
<input type="hidden" name="serviceTicket" value="">
<input type="hidden" name="pcasServerUrl" value="/">
<input type="hidden" name="credentialType" value="User Id and Password Credential">
<h2>Parent Sign In</h2>
<!--box content-->
<div id="noscript" class="feedback-alert" style="display: none;"> To sign in to PowerSchool, you must use a browser that supports and has JavaScript enabled. </div>
<fieldset id="login-inputs" class="group">
<div>
<label>Username</label>
<input type="text" id="fieldAccount" name="account" value="" size="39">
</div>
<div>
<label>Password</label>
<input type="password" name="pw" value="" size="39"><div id="login-help">Having trouble signing in?</div>
</div>
<div id="translatorInput" style="display: none;">
<label>Translator Sign In</label>
<input type="password" name="translatorpw" value="" size="39">
</div>
<div class="button-row">
<button type="submit" id="btn-enter" title="Sign In To PowerSchool Parent Access" value="Enter" border="0">Sign In</button>
</div>
</fieldset>
<!-- box content-->
</form>
</div>
<div id="footer" class="group">
<p>Copyright© 2005 - 2013 Pearson Education, Inc., or its affiliate(s). All rights reserved.</p>
<p id="pearsoncorplink">Join us on Facebook</p>
</div>
</div>
<div id="branding-pearson">
<div id="logo-pearson"></div>
<div id="tagline-pearson"></div>
</div>
<script type="text/javascript">
/**
* Set the page's locale via a request_locale URL parameter. If there is already a URL parameter by
* this name, then substitute it with the passed-in locale. NOTE: This function will actually cause the page
* to be re-submitted with the new locale, so it really should not be used with pages submitted via POST
* requests (if there are any, which I hope there are not).
* #param locale the locale to set (e.g. en_US)
*/
function setPageLocale (locale) {
var c=String (window.location);
var rlpos = c.indexOf("request_locale=");
var afterPart = "";
if (rlpos > 0) {
var afterBegin = c.indexOf("&", rlpos);
if (afterBegin > 0) {
afterPart = c.substring(afterBegin);
}
c = c.substring(0, rlpos-1);
}
var s=(c.indexOf('?') > 0 ? '&' : '?');
var np = c + s + 'request_locale=' + locale + afterPart;
window.location = np;
}
function jsCheck() {
document.getElementById("login-inputs").className = 'group';
}
jsCheck();
</script>
<script>
$j('#noscript').hide();
function jsEnabled() {
if(typeof $j != 'function'){
alert('Developer: This page is missing key components required for functionality!\n\nPossible causes include:\n - Commonscripts might be missing.\n - Page customization might enabled, and incomplete.');
//document.write('<script...');
} else {
$j('#login-inputs').removeClass('hide');
$j("#fieldAccount").focus();
}
}
$j(document).ready(function(){
jsEnabled();
});
</script>
</body></html>
I was wondering if it was possible to directly modify the downloaded source to automatically fill the input boxes (the below block is where I think it would be done) to always fill in the username and pass fields with "myUsername" and "myPassword," or something like that. I tried setting the value of the Input and Username fields, but that (chrome) gave me an, shown here:
No webpage was found for the web address: file:///C:/Users/Me/Desktop/Powerschool_files/Powerschool.htm
Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.
Do you guys know how this could be done?
Instead of copying the entire page, it's probably simpler to make a bookmarklet that fills in the form. Just edit a normal bookmark and change the link to be this:
javascript:(function() { document.forms[0].elements[0].value="hi" })()
That will set the value of the first field in the first form. (It may take some experimenting to see which form number and which field number.)
You can probably use Chrome to remember your passwords for you automatically, but what you have should actually work. You just need to change any paths to urls for it to work perfectly. One that you definitely need to change is the form action:
- ./Powerschool_files/Powerschool.htm
+ https://example.com/Powerschool_files/Powerschool.htm
This should allow you to submit directly to that site unless they have a CSRF token in the form that I don't see.

jQuery ajaxSubmit ignored by IE8

I am combing the jQuery validation plug-in with the jQuery Form Plugin to submit the form via AJAX.
This works perfectly in Firefox & Chrome, but (as usual) Internet Explorer is being a pain. For reasons that are alluding me, IE is ignoring the ajaxSubmit, as a result it submits the form in the normal fashion.
I've followed the validation plug-in's documentation when constructing my code:
JS:
<script src="/js/jquery.validate.min.js" type="text/javascript"></script>
<script src="/js/jquery.form.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
var validator = $("#form_notify").validate({
messages: {
email: {
required: 'Please insert your email address. Without your email address we will not be able to contact you!',
email:'Please enter a <b>valid</b> email address. Without a valid email address we will not be able to contact you!'
}
},
errorLabelContainer: "#error",
success: "valid",
submitHandler: function(form) {$(form).ajaxSubmit();}
});
$('#email').blur(function() {
if (validator.numberOfInvalids() > 0) {
$("#label").addClass("label_error");
return false;
}
else {$("#label").removeClass("label_error");}
});
$('#form_notify').submit(function() {
if (validator.numberOfInvalids() == 0) {
$(this).fadeOut('fast', function() {$('#thank-you').fadeIn();});
return true;
}
return false;
});
});
</script>
Form HTML:
<form id="form_notify" class="cmxform" name="form_notify" action="optin.pl" method="get">
<fieldset>
<div class="input">
<label id="label" for="email">Email Address:</label>
<input type="text" id="email" name="email" value="" title="email address" class="{required:true, email:true}"/>
<div class="clearfix"></div>
</div>
<input type="hidden" name="key" value="sub-745-9.224;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0;;subscribe-224.htm">
<input type="hidden" name="followup" value="19">
<input type="submit" name="submit" id="submit-button" value="Notify Me">
<div id="error"></div>
</fieldset>
</form>
I can't understand what is causing IE to act differently, any assistance would be greatly appreciated.
I can provide more information if needed.
Thanks in advance!
Try the following:
$('#form_notify').submit(function(e) {
e.preventDefault();
if (validator.numberOfInvalids() == 0) {
$(this).fadeOut('fast', function() {$('#thank-you').fadeIn();});
return true;
}
return false;
});

Resources