Sem-anyonymous with captcha

  • Resolved arustad

    (@arustad)


    10 years, 1 month ago

    I was tasked with creating a website at work. Where I work there are several departments which are different departments, legally separate organizations under one roof.

    I set up a multi-site.

    I want to make the “contact us” page for each site only visible to those who “logged in” with a recaptcha form.

    But I only want recaptcha, I don’t want to track user names or passwords.

    The reason I want this is I want the “contact us” to be inaccessible to bots, but still easily accessible to humans. These pages will be edited by people who disregard security.

    I am looking for suggestion on how this is accomplished.

Viewing 2 replies - 1 through 2 (of 2 total)
  • TrishaM

    (@trisham)

    10 years ago

    The easy way is with a plugin:
    http://www.wpbeginner.com/plugins/how-to-add-captcha-in-wordpress-login-and-registration-form/

    If you want to go without a plugin, see this post:
    https://ww.wp.xz.cn/support/topic/how-to-add-captcha-at-login-page-without-any-plugin?replies=2

    Keep in mind that this will NOT be 100% foolproof as some bots are smart enough now to handle CAPTCHAs, another method is to use a ‘hidden’ form field for a captcha – bots will often fill it in, but humans can’t see it and won’t, so when the field has an entry you know it’s a bot and block them. That’s a pretty advanced method, so I’d recommend going the easy route above, and only step up to a more advanced method if you have trouble with bots still getting through.

    Thread Starter arustad

    (@arustad)

    10 years ago

    Thanks for replying

    I ended up using something like the following copy pasta. My boss wants a href mailto: only. He doesn’t want forms [I don’t understand either].

    So on hitting the page, the page is like this.

    [Captcha_Hide]
Phone:123-4..
Email:[email protected]
...
[/Captcha_Hide]
    if ($_SESSION['timeout'] + 60*60 /*seconds*/ < time()) {
    // session timedout
	$_SESSION["AreYouHuman"] = false;
  } else {
     // session ok
	 $_SESSION["timeout"] = time() ;
  }
if(isset($_POST['submit']) && !empty($_POST['submit'])):
    if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])):
        //your site secret key
        $secret = 'Googles-Sectret';
        //get verify response data
        $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
        $responseData = json_decode($verifyResponse);
        if($responseData->success):
            //contact form submission code
			$_SESSION["AreYouHuman"] = true ;
			$_SESSION['timeout'] = time();

        else:
            $errMsg = 'Robot verification failed, please try again.';
        endif;
    else:
        $errMsg = 'Please click on the reCAPTCHA box.';
    endif;
else:
    $errMsg = '';
    $succMsg = '';
endif;

function AreYouHuman($atts,$content=null){

	static $foo_count=0; $foo_count++; 

	if ($_SESSION['AreYouHuman']==true){
			return do_shortcode($content);
	} else{
	if ($foo_count<>1){
		return;
	};
		echo '<script src="https://www.google.com/recaptcha/api.js" async defer>
				$(document).ready(function(){
					 document.getElementById("Submit").disabled = true;
				});
				</script>

		<form id="recaptcha-email" action="" method="POST">
			<div class="g-recaptcha"  data-callback="enableBtn" data-sitekey="SiteSecret"></div>
			<input id="Submit" type="submit" name="submit" value="Continue">
		</form>';

	};
}
add_shortcode("Captcha_Hide","AreYouHuman")

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Sem-anyonymous with captcha’ is closed to new replies.