PHP reCaptcha on login page

Question

i try to make sure my login page to prevent brute force attack for it i want ot use google reCaptcha but i have some errors in particular with file_get_contents().

The errors when i log in and i check the captcha :

    Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199

Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=mySecretKey&response=03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g): failed to open stream: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199
bool(false) string(548) "03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g"
Robot verification failed, please try again.

The error when i log in and i don't chek the captcha :

Robot verification failed, please try again.

My function validation_login() in my page userController.controller.php :

public function validation_login($login, $password) {

if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){

    $secret = 'mySecretKey';
    $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
    $responseData = json_decode($verifyResponse);
    $success = $responseData["success"];
    if($success === true)
    { 
        if ($this->userManager->isCombinaisonValide($login, $password)) {
            Toolbox::ajouterMessageAlerte("Bon retour sur le portail" . $login . " ! AJOUT DU SYSTEME DE FILTRE POUR LES INCIDENTS" , Toolbox::COULEUR_VERTE);
            $_SESSION['profil'] = [
                "login" => $login,
            ];
            $datas = $this->userManager->getUserInformation($_SESSION['profil']['login']);
            $_SESSION['profil']["bl"] = $datas['bl'];
            $_SESSION['profil']["dist"] = $datas['dist'];
            $_SESSION['profil']["admin"] = $datas['admin'];
            $_SESSION['profil']["demandevalidation"] = $datas['demandevalidation'];
            $_SESSION['profil']["pilote"] = $datas['pilote'];
            $_SESSION['profil']["rs"] = $datas['rs'];
            if (Securite::estConnecte() && Securite::estBl()) {
                header("Location: " . URL . "tngs", "X-XSS-Protection: 1; mode=block");
            } else {
                header("Location: " . URL . "accueil", "X-XSS-Protection: 1; mode=block");
            }
        } else {
            Toolbox::ajouterMessageAlerte("Combinaison Login / Mot de passe non valide", Toolbox::COULEUR_ROUGE);
            header("location: " . URL, "X-XSS-Protection: 1; mode=block");
            
        }
    }
    else
    {
        var_dump($verifyResponse);
        //var_dump($responseData);
        var_dump($_POST['g-recaptcha-response']);
        ?>  <div style="color: red;"><b>Robot verification failed, please try again.</b></div> <?php
    }
}
else{
    ?>   <div style="color: red;"><b>Please do the robot verification.</b></div> <?php
}

}

My page login.view.php with log in form :

    <?php
ob_start();
// $token = generer_token('connexion');
 ?>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="container col-xl-10 col-xxl-8 px-4 py-0">
  <div class="row align-items-center g-lg-5 py-5">
    <div class="col-lg-7 text-center text-lg-start">
      <h1 class="display-4 fw-bold lh-1 mb-3">PORTAIL BL</h1>
      <p class="col-lg-10 fs-4">Bienvenue sur le portail. N'hésitez pas à nous faire un retour si vous avez rencontré des problèmes lors de la navigation.<br> Bonne journée à vous.<br> Cordialement, la cellule SI. </br>
     
    </div>
    <div class="col-md-10 mx-auto col-lg-5">

      <form class="p-4 p-md-5 border rounded-3 bg-light" method="POST" action="<?= URL ?>validation_login">
        <div class="form-floating mb-3">
          <input type="text" class="form-control" id="login" placeholder="AAAA0000" name="login" required>
          <label for="login">CUID</label>
        </div>
        <div class="form-floating mb-3">
          <input type="password" class="form-control" id="password" name="password" placeholder="Mot de passe" required>
          <input type="checkbox" onclick="Afficher()"> Afficher le mot de passe
          <label for="password">Mot de passe</label>
        </div>
        <button class="w-100 btn btn-lg btn-primary bouton border-0" id="vdcsolo" type="submit">Connexion</button>
        <hr class="my-4">
        <a href="<?= URL ?>users/motdepasse"><small class="text-muted">Pour un mot de passe oublié, cliquez ici.</small></a>
        <div class="g-recaptcha" data-sitekey="myDataSiteKey"></div><br><br>
     
        //<input type="hidden" name="token" id="token" value=" <?php echo $token; ?>"/> 
      </form>
      <script>
      function Afficher()
      { 
      var input = document.getElementById("password"); 
      if (input.type === "password")
      { 
      input.type = "text"; 
      } 
      else
      { 
      input.type = "password"; 
      } 
      } 
      </script>


    </div>
  </div>
</div>

<?php
$titre = "";
$content = ob_get_clean();
require "template.php";
?>

If anyone has an idea or has had the same problem and knows how to do it I'm interested.

Answer 1

This is my code using CURL, I've posted it as an answer just so I can format the code properly, not because I necessarily think it's the solution.

$url = "https://www.google.com/recaptcha/api/siteverify";
$response = $_POST['response'];
$secret = "my-secret-code";

$url = $url."?secret=".$secret. "&response=".$response;
 
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($curl, CURLOPT_TIMEOUT, 15);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, TRUE); 
        $curlData = curl_exec($curl);
        curl_close($curl);

   $captcha_success = json_decode($curlData, TRUE);
   
   if ($captcha_success['success'] == false) {
       // didn't work
   }
   else if ($captcha_success['success'] == true) {
       // worked
   }

I had some more code in there, defining a couple of arrays, but I deleted it as I can't see why it's there, especially as it's after the call to curl_exec(). It's some time since I wrote this code, but it does still work.