I have a feedback webpage on my PHP-based project. The feedback page has a form with all the fields I need and i put recaptcha display there and it works just fine: everything is displayed properly and functions according to the google manuals. The form "action" is set to another page which should just check recaptcha, prevent sql injections and insert the user message to the db. Everything seems simple.
The problem however is in this second page. It just returns blank even though it shouldnt:
<?php
require_once('recaptchalib.php');
$privatekey = "my private key";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
//in this case the returned page is totally blank
echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Error</title>
</head>
<body bgcolor="WhiteSmoke">
EOT;
switch ($_POST["lang"]) {
case "en":
echo <<<EOT
<table width="100%" height="100%" border="0" cellspacing="10" align="center">
<tr>
<td width="100" height="100" align="center" valign="middle"><h3>CAPTCHA failed ($resp->error)!</h3></td>
</tr>
</table>
<meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</body>
</html>
EOT;
break;
//here go other possible $_POST['lang'] values which i removed from the sample since its irrelevant
}
} else {
// Your code here to handle a successful verification
//in this case the page returns totally blank either
//here goes some db stuff
//here goes sql injection check which is also skipped for this code
//more db stuff
switch ($_POST["lang"]) {
case "en":
echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Thank you!</title>
<meta HTTP-EQUIV='REFRESH' content='3; url=feedback_en.php'>
</head>
<body bgcolor="WhiteSmoke">
<table width="100%" height="100%" border="0" cellspacing="10" align="center">
<tr>
<td width="100" height="100" align="center" valign="middle"><h3>Thank you for the feedback, with your help this service will be better!</h3></td>
</tr>
</table>
</body>
</html>
EOT;
break;
//and so on...
} //end of switch
//and we have nothing
}
?>
As noted in the code, whatever the result of the test, the output page is blank. It only works somewhat decent if to leave recaptcha field completely empty. It returns HTML according to the idea with the text "CAPTCHA failed (incorrect-captcha-sol)!"