Captcha formulaire de contact #119

Merged
florent.lesaout merged 2 commits from deborah.jean/SiteWebAstrolabe:contactform_captcha into master 2025-02-20 14:59:04 +01:00
4 changed files with 41 additions and 5 deletions
Showing only changes of commit 5a113461ab - Show all commits

1
.gitignore vendored
View File

@ -7,6 +7,7 @@ npm-debug.*
*.swp
.DS_Store
.vscode
nohup.out
*.code-workspace
.sass-cache
node_modules

View File

@ -137,6 +137,7 @@ Edit `_data/faq.json` file to add a new Q/A couple object. Plain html e.g. `<br>
Edit `partials/components/contact-form.html` file to modify the contact form and `src/form/contact-form-handler.php` to modify the form handler.
To test it in a local environment, because there is PHP to execute, you will need to setup a apache vhost with the `dist` folder as the root and the phpmailer library installed.
The captcha service is hCaptcha, you will need to create an account and get your own site key (change it in the contact form partial) and secret key.
Add these lines to the vhost configuration file (here with mailtrap as smtp provider for testing purposes):
```
@ -144,4 +145,5 @@ SetEnv ASTRO_SMTP_FROM test@astrolabe.test
SetEnv ASTRO_SMTP_HOSTNAME sandbox.smtp.mailtrap.io
SetEnv ASTRO_SMTP_USERNAME xxxxx
SetEnv ASTRO_SMTP_PASSWORD xxxxx
SetEnv HCAPTCHA_SECRET_KEY xxxxx
```

View File

@ -56,6 +56,9 @@
<label class="ohnohoney" for="email"></label>
<input tabindex="-1" class="ohnohoney" autocomplete="off" type="email" id="email" name="email" placeholder="Your e-mail here">
</li>
<div class="h-captcha" data-sitekey="b07c49fe-50ee-4432-af0a-96d675c6326a"></div>
<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
</ol>
{% if contactMember %}
{{ hidden_field('contactTo', contactMember) }}

View File

@ -22,12 +22,41 @@ $wantedContact = (
|| empty($domainFromMyEmail)
) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
/* hCaptcha */
$hcaptchaSecret = getenv('HCAPTCHA_SECRET_KEY');
$hcaptchaVerifyUrl = "https://api.hcaptcha.com/siteverify";
if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {
$errors .= "\n Error: all fields are required";
$errors .= "\n Erreur : champs obligatoires manquants.";
}
if(!empty($_POST['name']) && !empty($_POST['email'])) {
$errors .= "\n Error: spam";
$errors .= "\n Erreur : spam détecté.";
}
/* Captcha verification */
if(!empty($_POST['h-captcha-response'])) {
$responseKey = $_POST['h-captcha-response'];
$data = array(
'secret' => $hcaptchaSecret,
'response' => $responseKey
);
$checkRequest = curl_init();
curl_setopt($checkRequest, CURLOPT_URL, $hcaptchaVerifyUrl);
curl_setopt($checkRequest, CURLOPT_POST, 1);
curl_setopt($checkRequest, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($checkRequest, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($checkRequest);
curl_close($checkRequest);
$responseData = json_decode($response, true);
if(!$responseData['success']) {
$errors .= "\n Erreur lors de la validation du captcha.";
}
} else {
$errors .= "\n Erreur lors de la validation du captcha.";
}
$name = $_POST['namezzz'];
@ -37,7 +66,7 @@ $message = $_POST['message'];
$subscribe = $_POST['subscribe'];
if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
$errors .= "\n Error: Invalid email address $emailAddress";
$errors .= "\n Erreur d'adresse e-mail invalide : $emailAddress";
}
if(empty($errors)) {
@ -110,7 +139,8 @@ if(empty($errors)) {
<body>
<!-- This page is displayed only if there is some error -->
<?php
echo nl2br($errors);
?>
echo nl2br($errors);
?>
<a href="javascript:history.back()">Retour</a>
</body>
</html>