Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eliminate magic constants usage #508

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Eliminate magic constants usage #508

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Expand Up @@ -66,7 +66,7 @@ This library comes in when you need to verify the user's response. On the PHP
side you need the response from the reCAPTCHA service and secret key from your
credentials. Instantiate the `ReCaptcha` class with your secret key, specify any
additional validation rules, and then call `verify()` with the reCAPTCHA
response (usually in `$_POST['g-recaptcha-response']` or the response from
response (usually in `$_POST[\ReCaptcha\ReCaptcha::USER_TOKEN_PARAMETER]` or the response from
`grecaptcha.execute()` in JS which is in `$gRecaptchaResponse` in the example)
and user's IP address. For example:

Expand Down
8 changes: 5 additions & 3 deletions examples/recaptcha-v2-checkbox-explicit.php
View file
Open in desktop
Expand Up @@ -37,6 +37,8 @@
// not install via Composer.
require_once __DIR__ . '/../vendor/autoload.php';

use ReCaptcha\ReCaptcha;

// Register API keys at https://www.google.com/recaptcha/admin
$siteKey = '';
$secret = '';
Expand Down Expand Up @@ -77,7 +79,7 @@
<h2>Add your keys</h2>
<p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
<?php
elseif (isset($_POST['g-recaptcha-response'])):
elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
// The POST data here is unfiltered because this is an example.
// In production, *always* sanitise and validate your input'
?>
Expand All @@ -86,15 +88,15 @@
<?php
// If the form submission includes the "g-captcha-response" field
// Create an instance of the service using your secret
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$recaptcha = new ReCaptcha($secret);

// If file_get_contents() is locked down on your PHP installation to disallow
// its use with URLs, then you can use the alternative request method instead.
// This makes use of fsockopen() instead.
// $recaptcha = new \ReCaptcha\ReCaptcha($secret, new \ReCaptcha\RequestMethod\SocketPost());
// Make the call to verify the response and also pass the user's IP address
$resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);

if ($resp->isSuccess()):
// If the response is a success, that's it!
Expand Down
8 changes: 5 additions & 3 deletions examples/recaptcha-v2-checkbox.php
View file
Open in desktop
Expand Up @@ -37,6 +37,8 @@
// not install via Composer.
require_once __DIR__ . '/../vendor/autoload.php';

use ReCaptcha\ReCaptcha;

// Register API keys at https://www.google.com/recaptcha/admin
$siteKey = '';
$secret = '';
Expand Down Expand Up @@ -77,7 +79,7 @@
<h2>Add your keys</h2>
<p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in the <kbd>config.php</kbd> file or directly to <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
<?php
elseif (isset($_POST['g-recaptcha-response'])):
elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
// The POST data here is unfiltered because this is an example.
// In production, *always* sanitise and validate your input'
?>
Expand All @@ -86,7 +88,7 @@
<?php
// If the form submission includes the "g-captcha-response" field
// Create an instance of the service using your secret
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$recaptcha = new ReCaptcha($secret);

// If file_get_contents() is locked down on your PHP installation to disallow
// its use with URLs, then you can use the alternative request method instead.
Expand All @@ -95,7 +97,7 @@

// Make the call to verify the response and also pass the user's IP address
$resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()):
// If the response is a success, that's it!
?>
Expand Down
8 changes: 5 additions & 3 deletions examples/recaptcha-v2-invisible.php
View file
Open in desktop
Expand Up @@ -37,6 +37,8 @@
// not install via Composer.
require_once __DIR__ . '/../vendor/autoload.php';

use ReCaptcha\ReCaptcha;

// Register API keys at https://www.google.com/recaptcha/admin
$siteKey = '';
$secret = '';
Expand Down Expand Up @@ -77,7 +79,7 @@
<h2>Add your keys</h2>
<p>If you do not have keys already then visit <kbd> <a href = "https://www.google.com/recaptcha/admin">https://www.google.com/recaptcha/admin</a></kbd> to generate them. Edit this file and set the respective keys in <kbd>$siteKey</kbd> and <kbd>$secret</kbd>. Reload the page after this.</p>
<?php
elseif (isset($_POST['g-recaptcha-response'])):
elseif (isset($_POST[ReCaptcha::USER_TOKEN_PARAMETER])):
// The POST data here is unfiltered because this is an example.
// In production, *always* sanitise and validate your input'
?>
Expand All @@ -86,7 +88,7 @@
<?php
// If the form submission includes the "g-captcha-response" field
// Create an instance of the service using your secret
$recaptcha = new \ReCaptcha\ReCaptcha($secret);
$recaptcha = new ReCaptcha($secret);

// If file_get_contents() is locked down on your PHP installation to disallow
// its use with URLs, then you can use the alternative request method instead.
Expand All @@ -95,7 +97,7 @@

// Make the call to verify the response and also pass the user's IP address
$resp = $recaptcha->setExpectedHostname($_SERVER['SERVER_NAME'])
->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
->verify($_POST[ReCaptcha::USER_TOKEN_PARAMETER], $_SERVER['REMOTE_ADDR']);
if ($resp->isSuccess()):
// If the response is a success, that's it!
?>
Expand Down
6 changes: 6 additions & 0 deletions src/ReCaptcha/ReCaptcha.php
View file
Open in desktop
Expand Up @@ -51,6 +51,12 @@ class ReCaptcha
*/
const SITE_VERIFY_URL = 'https://www.google.com/recaptcha/api/siteverify';

/**
* User response token parameter name
* @const string
*/
const USER_TOKEN_PARAMETER = 'g-recaptcha-response';
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider renaming to USER_RESPONSE_TOKEN_PARAMETER or USER_RESPONSE_PARAMETER.

USER_TOKEN_PARAMETER does not ring a bell at first sight and the comment suggests better.


/**
* Invalid JSON received
* @const string
Expand Down