Fully working captcha for contact form

This commit is contained in:
Déborah Jean 2025-02-06 11:12:47 +01:00
parent d27b2035bb
commit 5a113461ab
4 changed files with 41 additions and 5 deletions

1
.gitignore vendored
View File

@ -7,6 +7,7 @@ npm-debug.*
*.swp
.DS_Store
.vscode
nohup.out
*.code-workspace
.sass-cache
node_modules

View File

@ -137,6 +137,7 @@ Edit `_data/faq.json` file to add a new Q/A couple object. Plain html e.g. `<br>
Edit `partials/components/contact-form.html` file to modify the contact form and `src/form/contact-form-handler.php` to modify the form handler.
To test it in a local environment, because there is PHP to execute, you will need to setup a apache vhost with the `dist` folder as the root and the phpmailer library installed.
The captcha service is hCaptcha, you will need to create an account and get your own site key (change it in the contact form partial) and secret key.
Add these lines to the vhost configuration file (here with mailtrap as smtp provider for testing purposes):
```
@ -144,4 +145,5 @@ SetEnv ASTRO_SMTP_FROM test@astrolabe.test
SetEnv ASTRO_SMTP_HOSTNAME sandbox.smtp.mailtrap.io
SetEnv ASTRO_SMTP_USERNAME xxxxx
SetEnv ASTRO_SMTP_PASSWORD xxxxx
SetEnv HCAPTCHA_SECRET_KEY xxxxx
```

View File

@ -56,6 +56,9 @@
<label class="ohnohoney" for="email"></label>
<input tabindex="-1" class="ohnohoney" autocomplete="off" type="email" id="email" name="email" placeholder="Your e-mail here">
</li>
<div class="h-captcha" data-sitekey="b07c49fe-50ee-4432-af0a-96d675c6326a"></div>
<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
</ol>
{% if contactMember %}
{{ hidden_field('contactTo', contactMember) }}

View File

@ -22,12 +22,41 @@ $wantedContact = (
|| empty($domainFromMyEmail)
) ? $myEmail : "$wantedContact@$domainFromMyEmail" ;
/* hCaptcha */
$hcaptchaSecret = getenv('HCAPTCHA_SECRET_KEY');
$hcaptchaVerifyUrl = "https://api.hcaptcha.com/siteverify";
if(empty($_POST['namezzz']) || empty($_POST['emailzzz']) || empty($_POST['message'])) {
$errors .= "\n Error: all fields are required";
$errors .= "\n Erreur : champs obligatoires manquants.";
}
if(!empty($_POST['name']) && !empty($_POST['email'])) {
$errors .= "\n Error: spam";
$errors .= "\n Erreur : spam détecté.";
}
/* Captcha verification */
if(!empty($_POST['h-captcha-response'])) {
$responseKey = $_POST['h-captcha-response'];
$data = array(
'secret' => $hcaptchaSecret,
'response' => $responseKey
);
$checkRequest = curl_init();
curl_setopt($checkRequest, CURLOPT_URL, $hcaptchaVerifyUrl);
curl_setopt($checkRequest, CURLOPT_POST, 1);
curl_setopt($checkRequest, CURLOPT_POSTFIELDS, http_build_query($data));
curl_setopt($checkRequest, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($checkRequest);
curl_close($checkRequest);
$responseData = json_decode($response, true);
if(!$responseData['success']) {
$errors .= "\n Erreur lors de la validation du captcha.";
}
} else {
$errors .= "\n Erreur lors de la validation du captcha.";
}
$name = $_POST['namezzz'];
@ -37,7 +66,7 @@ $message = $_POST['message'];
$subscribe = $_POST['subscribe'];
if (!filter_var($emailAddress, FILTER_VALIDATE_EMAIL)) {
$errors .= "\n Error: Invalid email address $emailAddress";
$errors .= "\n Erreur d'adresse e-mail invalide : $emailAddress";
}
if(empty($errors)) {
@ -110,7 +139,8 @@ if(empty($errors)) {
<body>
<!-- This page is displayed only if there is some error -->
<?php
echo nl2br($errors);
?>
echo nl2br($errors);
?>
<a href="javascript:history.back()">Retour</a>
</body>
</html>