i try to make sure my login page to prevent brute force attack for it i want ot use google reCaptcha but i have some errors in particular with file_get_contents().
The errors when i log in and i check the captcha :
Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199
Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=mySecretKey&response=03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g): failed to open stream: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\Applications\wamp64\www\portail\controllers\UserController.controller.php on line 199
bool(false) string(548) "03AIIukzgubg-3X3dSe9XfZqq-JRMXUG4-TX5BO2MafiTYEjlHVM7b731p0nzIe8nw4n8IjZ7Po0wJeVT4jMYVqUzjZqvq8ACAbR8CtwH6sI5tKMDFahHUHNFn03iJEj9ZfN8F6yJXV0u89x0x9RjEVdkQzK5-A3e7zAkEk3xxyv3MVsVkaS9nFYSOzMZKpY1PAaXS7ilfXTqg76zrv3cga2U_06OiavRv1OnieFmN_SeQQEhc2yv9eyKGCHq_4tdkpP4WB4-He8ChOeDLDNRot8CLoVD5I1c38EnLQCwSippt3dNf6G0TDAAECnPJoUmJG_oU_LEPjAXI-KN0_-YP4lQBqwr_4iOl5Jv_M3QIhaMhsCcEjgna5dBJUj4RnyFK4TpRTId1CK5lZ4cZhuq8iaPZoO9wz2d-aarbTIcV-LU2nOeS1nJSfhed8eKEWNOiewp0qvHx-O2VCnxCVOFKwIWlyRT4nnUyhHX5DO8R-_AFEWc9Ub0WywwtzJaO2XVKyK5-O1VztraiEm2z3FocjpT1h_7stYK80g"
Robot verification failed, please try again.
The error when i log in and i don't chek the captcha :
Robot verification failed, please try again.
My function validation_login() in my page userController.controller.php :
public function validation_login($login, $password) {
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
$secret = 'mySecretKey';
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
$success = $responseData["success"];
if($success === true)
{
if ($this->userManager->isCombinaisonValide($login, $password)) {
Toolbox::ajouterMessageAlerte("Bon retour sur le portail" . $login . " ! AJOUT DU SYSTEME DE FILTRE POUR LES INCIDENTS" , Toolbox::COULEUR_VERTE);
$_SESSION['profil'] = [
"login" => $login,
];
$datas = $this->userManager->getUserInformation($_SESSION['profil']['login']);
$_SESSION['profil']["bl"] = $datas['bl'];
$_SESSION['profil']["dist"] = $datas['dist'];
$_SESSION['profil']["admin"] = $datas['admin'];
$_SESSION['profil']["demandevalidation"] = $datas['demandevalidation'];
$_SESSION['profil']["pilote"] = $datas['pilote'];
$_SESSION['profil']["rs"] = $datas['rs'];
if (Securite::estConnecte() && Securite::estBl()) {
header("Location: " . URL . "tngs", "X-XSS-Protection: 1; mode=block");
} else {
header("Location: " . URL . "accueil", "X-XSS-Protection: 1; mode=block");
}
} else {
Toolbox::ajouterMessageAlerte("Combinaison Login / Mot de passe non valide", Toolbox::COULEUR_ROUGE);
header("location: " . URL, "X-XSS-Protection: 1; mode=block");
}
}
else
{
var_dump($verifyResponse);
//var_dump($responseData);
var_dump($_POST['g-recaptcha-response']);
?> <div style="color: red;"><b>Robot verification failed, please try again.</b></div> <?php
}
}
else{
?> <div style="color: red;"><b>Please do the robot verification.</b></div> <?php
}
}
My page login.view.php with log in form :
<?php
ob_start();
// $token = generer_token('connexion');
?>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="container col-xl-10 col-xxl-8 px-4 py-0">
<div class="row align-items-center g-lg-5 py-5">
<div class="col-lg-7 text-center text-lg-start">
<h1 class="display-4 fw-bold lh-1 mb-3">PORTAIL BL</h1>
<p class="col-lg-10 fs-4">Bienvenue sur le portail. N'hésitez pas à nous faire un retour si vous avez rencontré des problèmes lors de la navigation.<br> Bonne journée à vous.<br> Cordialement, la cellule SI. </br>
</div>
<div class="col-md-10 mx-auto col-lg-5">
<form class="p-4 p-md-5 border rounded-3 bg-light" method="POST" action="<?= URL ?>validation_login">
<div class="form-floating mb-3">
<input type="text" class="form-control" id="login" placeholder="AAAA0000" name="login" required>
<label for="login">CUID</label>
</div>
<div class="form-floating mb-3">
<input type="password" class="form-control" id="password" name="password" placeholder="Mot de passe" required>
<input type="checkbox" onclick="Afficher()"> Afficher le mot de passe
<label for="password">Mot de passe</label>
</div>
<button class="w-100 btn btn-lg btn-primary bouton border-0" id="vdcsolo" type="submit">Connexion</button>
<hr class="my-4">
<a href="<?= URL ?>users/motdepasse"><small class="text-muted">Pour un mot de passe oublié, cliquez ici.</small></a>
<div class="g-recaptcha" data-sitekey="myDataSiteKey"></div><br><br>
//<input type="hidden" name="token" id="token" value=" <?php echo $token; ?>"/>
</form>
<script>
function Afficher()
{
var input = document.getElementById("password");
if (input.type === "password")
{
input.type = "text";
}
else
{
input.type = "password";
}
}
</script>
</div>
</div>
</div>
<?php
$titre = "";
$content = ob_get_clean();
require "template.php";
?>
If anyone has an idea or has had the same problem and knows how to do it I'm interested.