lundi 27 décembre 2021

why is the user being able to submit the POST even if the captcha is not verified?

I'm trying to set the google recaptcha, but whenever the user submits the form it gets verified, even if the captcha is not verified. Why can that be due to? I think everything is set up correctly with required and everything:

This is my registraton controller: I think the frontend is fine, as I can see and the captcha is interactive

class RegisterController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Register Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users as well as their
    | validation and creation. By default this controller uses a trait to
    | provide this functionality without requiring any additional code.
    |
    */

    use RegistersUsers;

    /**
     * Where to redirect users after registration.
     *
     * @var string
     */
    protected $redirectTo = '/login';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest');
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        $rules = [
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
            'phone' => ['required', 'string', 'regex:/^([0-9\s\-\+\(\)]*)$/', 'min:8'],
            'password' => ['required', 'string', 'min:8', 'confirmed'],
            'g-recaptcha-response' => ['required', function ($attribute, $value, $fail) {
                $secretKey = "6LfGStAdAAAAAOQZWvjtATtnjmGc48YoMTtfrxPc";
                $response = $value;
                $userIP = $_SERVER['REMOTE_ADDR'];
                 $url = 'https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$response&remoteip=$userIP';
                 $response = \file_get_contents($url);
                 $response = json_decode($response);
                 if (!$response->success) {
                     Session::flash("g-recaptcha-response", "Please check the the captcha form.");
                     Session::flash("alert-class", "alert-danger");
                     $fail('The recaptcha is not valid');
                 } 
             }
            ],
        ];
        if (config('settings.enable_birth_date_on_register') && config('settings.minimum_years_to_register')) {
            $rules['birth_date'] = 'required|date|date_format:Y-m-d|before:-'.config('settings.minimum_years_to_register').' years';
        }
        //dd($rules);
        return Validator::make($data, $rules);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return \App\User
     */
    protected function create(array $data)
    {
        /*return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'phone' => $data['phone'],
            'password' => Hash::make($data['password']),
            'api_token' => Str::random(80)
        ]);*/

        //dd($data);

        $user = User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'phone' => $data['phone'],
            'password' => Hash::make($data['password']),
            'api_token' => Str::random(80),
            'birth_date' => isset($data['birth_date']) ? $data['birth_date'] : ''
        ]);

        $user->assignRole('client');

        //Send welcome email
        //$user->notify(new WelcomeNotification($user));

        return $user;
    }

    protected function registered(Request $request, User $user)
    {
        if (config('settings.enable_sms_verification')) {
            // $user->callToVerify();
        }

        return redirect($this->redirectPath());
    }
}


via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire