Issue
i try to make sure my login page to prevent brute force attack for it i want ot use google reCaptcha but i have some errors in particular with file_get_contents().
The errors when i log in and i check the captcha :
Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199
Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=mySecretKey&response=03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g): failed to open stream: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199
bool(false) string(548) "03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g"
Robot verification failed, please try again.
The error when i log in and i don’t chek the captcha :
Robot verification failed, please try again.
My function validation_login() in my page userController.controller.php :
public function validation_login($login, $password)
{
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$secret = 'mySecretKey';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
$success = $responseData["success"];
if($success === true)
{
if ($this->userManager->isCombinaisonValide($login, $password)) {
Toolbox::ajouterMessageAlerte("Bon retour sur le portail" . $login . " ! AJOUT DU SYSTEME DE FILTRE POUR LES INCIDENTS" , Toolbox::COULEUR_VERTE);
$_SESSION['profil'] = [
"login" => $login,
];
$datas = $this->userManager->getUserInformation($_SESSION['profil']['login']);
$_SESSION['profil']["bl"] = $datas['bl'];
$_SESSION['profil']["dist"] = $datas['dist'];
$_SESSION['profil']["admin"] = $datas['admin'];
$_SESSION['profil']["demandevalidation"] = $datas['demandevalidation'];
$_SESSION['profil']["pilote"] = $datas['pilote'];
$_SESSION['profil']["rs"] = $datas['rs'];
if (Securite::estConnecte() && Securite::estBl()) {
header("Location: " . URL . "tngs", "X-XSS-Protection: 1; mode=block");
} else {
header("Location: " . URL . "accueil", "X-XSS-Protection: 1; mode=block");
}
} else {
Toolbox::ajouterMessageAlerte("Combinaison Login / Mot de passe non valide", Toolbox::COULEUR_ROUGE);
header("location: " . URL, "X-XSS-Protection: 1; mode=block");
}
}
else
{
var_dump($verifyResponse);
//var_dump($responseData);
var_dump($_POST['g-recaptcha-response']);
?> <div style="color: red;"><b>Robot verification failed, please try again.</b></div> <?php
}
}
else{
?> <div style="color: red;"><b>Please do the robot verification.</b></div> <?php
}
}
My page login.view.php with log in form :
<?php
ob_start();
// $token = generer_token('connexion');
?>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="container col-xl-10 col-xxl-8 px-4 py-0">
<div class="row align-items-center g-lg-5 py-5">
<div class="col-lg-7 text-center text-lg-start">
<h1 class="display-4 fw-bold lh-1 mb-3">PORTAIL BL</h1>
<p class="col-lg-10 fs-4">Bienvenue sur le portail. N'hésitez pas à nous faire un retour si vous avez rencontré des problèmes lors de la navigation.<br> Bonne journée à vous.<br> Cordialement, la cellule SI. </br>
</div>
<div class="col-md-10 mx-auto col-lg-5">
<form class="p-4 p-md-5 border rounded-3 bg-light" method="POST" action="<?= URL ?>validation_login">
<div class="form-floating mb-3">
<input type="text" class="form-control" id="login" placeholder="AAAA0000" name="login" required>
<label for="login">CUID</label>
</div>
<div class="form-floating mb-3">
<input type="password" class="form-control" id="password" name="password" placeholder="Mot de passe" required>
<input type="checkbox" onclick="Afficher()"> Afficher le mot de passe
<label for="password">Mot de passe</label>
</div>
<button class="w-100 btn btn-lg btn-primary bouton border-0" id="vdcsolo" type="submit">Connexion</button>
<hr class="my-4">
<a href="<?= URL ?>users/motdepasse"><small class="text-muted">Pour un mot de passe oublié, cliquez ici.</small></a>
<div class="g-recaptcha" data-sitekey="myDataSiteKey"></div><br><br>
//<input type="hidden" name="token" id="token" value=" <?php echo $token; ?>"/>
</form>
<script>
function Afficher()
{
var input = document.getElementById("password");
if (input.type === "password")
{
input.type = "text";
}
else
{
input.type = "password";
}
}
</script>
</div>
</div>
</div>
<?php
$titre = "";
$content = ob_get_clean();
require "template.php";
?>
If anyone has an idea or has had the same problem and knows how to do it I’m interested.
Solution
This is my code using CURL, I’ve posted it as an answer just so I can format the code properly, not because I necessarily think it’s the solution.
$url = "https://www.google.com/recaptcha/api/siteverify";
$response = $_POST['response'];
$secret = "my-secret-code";
$url = $url."?secret=".$secret. "&response=".$response;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($curl, CURLOPT_TIMEOUT, 15);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, TRUE);
$curlData = curl_exec($curl);
curl_close($curl);
$captcha_success = json_decode($curlData, TRUE);
if ($captcha_success['success'] == false) {
// didn't work
}
else if ($captcha_success['success'] == true) {
// worked
}
I had some more code in there, defining a couple of arrays, but I deleted it as I can’t see why it’s there, especially as it’s after the call to curl_exec(). It’s some time since I wrote this code, but it does still work.
Answered By – droopsnoot
This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0