我是网络开发的新手,我想知道将reCaptcha私钥放在我使用的contact-us.php页面中是否安全
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"将表单提交到同一页面是因为IE将问题提交到其他php页面,如sentmail.php或thankyou.php页面,我可以隐藏reCaptcha私钥吗?
这是我的代码。如果有人可以帮我理解问题出在哪里或者我应该如何将代码分成2页:contact.php和sendmail.php我将非常感激。
<?php
//set validation error flag as false
$error = false;
//check if form is submitted
if (isset($_POST['submit']))
{
//Sanitize incoming data and store in variable
$name = trim(stripslashes(htmlspecialchars($_POST['InputName'])));
$fromemail = trim(stripslashes(htmlspecialchars($_POST['InputEmail'])));
$subject = trim(stripslashes(htmlspecialchars($_POST['InputSubject'])));
$message = trim(stripslashes(htmlspecialchars($_POST['InputMessage'])));
//Validate data and return success or error message
if (!preg_match("/^[a-zA-Z ]+$/",$name))
{
$error = true;
$name_error = "Please Enter Valid Name";
}
if(!filter_var($fromemail,FILTER_VALIDATE_EMAIL))
{
$error = true;
$fromemail_error = "Please Enter Valid Email Address";
}
if(empty($subject))
{
$error = true;
$subject_error = "Please Enter Your Subject";
}
if(empty($message))
{
$error = true;
$message_error = "Please Enter Your Message";
}
// grab recaptcha library
require_once "recaptchalib.php";
// your secret key
$privatekey = "----------secret key-----------";
//check reCaptcha
if ($_POST["g-recaptcha-response"]) {
$response_json = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".urlencode($privatekey)."&response=".urlencode($_POST["g-recaptcha-response"]));
$response = json_decode($response_json, true);
}
// if submitted check response
if ($_POST["g-recaptcha-response"]) {
$response = $reCaptcha->verifyResponse(
$_SERVER["REMOTE_ADDR"],
$_POST["g-recaptcha-response"]
);
}
// empty response
$response = null;
// check secret key
$reCaptcha = new ReCaptcha($privatekey);
if (!$error)
{
// If there are no errors, send the email
$toemail = "email@domain.com";
$subject = "Message from Contact Form: " . $subject;
$body = "Message from Contact Form: \n\n Name: $name \n From: $fromemail \n Subject: $subject\n Message: \n $message";
$headers = "From: $fromemail\n";
$headers .= "Reply-To: $fromemail";
if (mail ($toemail, $subject, $body, $headers))
$alertmsg = '<div class="alert alert-success text-center">Thank you for contacting us. We will be in touch with you very soon.</div>';
else
$alertmsg = '<div class="alert alert-danger text-center">Sorry there was an error sending your message. Please try again later.</div>';
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Company | Contact us </title>
<meta charset="UTF-8">
<!--[if IE]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE9">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet" type="text/css">
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="js/jquery.min.js"></script>
<!-- Custom CSS files -->
<link href="css/style.css" rel='stylesheet' type='text/css' />
<!----webfonts--->
<!-- Recaptcha -->
<script type="text/javascript">
var onloadCallback = function() {
grecaptcha.render('html_element', {
'sitekey' : '----sitekey------'
});
};
</script>
</head>
<body>
<!-- container -->
<div class="container">
<!-- header -->
<header class="row">
<!-- logo -->
<div class="logo">
<a href="index.html"><img src="images/logo.png" title="Logo" alt="Logo" width="300" height="125" /></a>
</div><!--- End logo -->
</header>
<!-- navbar -->
<div class="row">
<nav class="navbar navbar-default navbar-inverse navbar-fixed-top" role="navigation">
<div class="container-fluid">
<!-- Toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#collapse" aria-expanded="false">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div><!-- /.navbar-header -->
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="index.html">Home </a></li>
<li><a href="about.html">About us</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Services <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="services1.html">Services1</a></li>
<li><a href="services2.html">Services2</a></li>
</ul>
</li>
<li><a href="application.html">application</a></li>
<li class="active"><a href="contact.html">Contact us <span class="sr-only">(current)</span></a></li>
<form class="navbar-form navbar-left" role="search">
<div class="form-group">
<input type="text" class="form-control" placeholder="Search">
</div>
<button type="submit" class="btn btn-default">Submit</button>
</form>
</ul>
</div><!-- /.navbar-collapse -->
</div><!-- /.container-fluid -->
</nav>
</div><!-- navbar -->
</div><!-- End container -->
<!----MAP ---->
<div class="welcome-note">
<div class="container">
<div class="map">
<iframe src="link"></iframe>
</div>
</div>
</div><!---- MAP ---->
<br/>
<!-- Contact with Map - START -->
<div class="container">
<div class="row">
<div class="contact-left col-md-4">
<div class="panel panel-default text-center">
<div class="panel-body text-center">
<address>
</address>
</div>
</div>
</div>
<!---- contact us form----->
<div class="col-md-7">
<div class="well well-md">
<div><span><h2>Contact us</h2></span>
</div><br/>
<form role="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" id="contactForm" enctype="multipart/form-data" data-toggle="validator" data-disable="false">
<?php if (isset($alertmsg)) { echo $alertmsg; } ?>
<fieldset>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<span class="text-danger"><?php if (isset($name_error)) echo $name_error; ?></span><br/>
<label for="InputName">Name *</label>
<input type="text" class="form-control" name="InputName" id="InputName" placeholder="First & Last Name: Jane Doe" autocomplete="on" autofocus required value="<?php if($error) echo $name; ?>" />
</div>
</div>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<span class="text-danger"><?php if (isset($fromemail_error)) echo $fromemail_error; ?></span> <br/>
<label for="InputEmail">Email *</label>
<input type="email" class="form-control" name="InputEmail" id="InputEmail" placeholder="Email: example@domain.com" autocomplete="on" required value="<?php if($error) echo $fromemail; ?>" />
</div>
</div>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<span class="text-danger"><?php if (isset($subject_error)) echo $subject_error; ?></span> <br/>
<label for="InputSubject">Subject *</label>
<input type="text" class="form-control" name="InputSubject" id="InputSubject" placeholder="Subject" autocomplete="on" required value="<?php if($error) echo $subject; ?>" />
</div>
</div>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<span class="text-danger"><?php if (isset($message_error)) echo $message_error; ?></span><br/>
<label for="InputMessage">Message *</label>
<textarea class="form-control" rows="5" name="InputMessage" id="InputMessage" placeholder="Enter your massage for us here. We will get back to you within 2 business days." autocomplete="off" required><?php if($error) echo $message; ?></textarea>
</div>
</div>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<br/>
<div class="g-recaptcha" data-sitekey="sitekey"></div>
<script type="text/javascript">
var onloadCallback = function() {
alert("grecaptcha is ready!");
};
</script>
</div>
</div>
<!--<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<!-- input element hidden as dummy code for IE to can submit the form -->
<!--<input type="hidden" name="submit" id="submit" class="btn btn-primary" value="Send" />
</div>
<div class="form-group">
<div class="col-xs-10 col-md-offset-1">
<button type="submit" id="submit" name="submit" class="btn btn-primary" value="Send">Send message <span class="glyphicon glyphicon-send"></span></button>
</div>
</div>-->
</fieldset>
<div class="col-md-4 col-md-offset-1">
<input type="submit" id="submit" name="submit" class="btn btn-primary" value="Send message" >
</div>
</form>
</div>
</div>
</div>
<div class="clearfix"> </div>
</div>
<!-- End contact -->
<!-- javascript -->
<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<script src="js/jquery.min.js"></script>
<script src="js/bootstrap.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<!-- Recaptcha -->
<script src="https://www.google.com/recaptcha/api.js"></script>
</body>
</html>