开发者

validate reCAPTCHA Key

问答 作者:

I'm trying to figure out the best way to sanatize and validate a reCAPTCHA key. The problem is I don't have a lot of information on how they keys are formed. I think the best way may be just to chec开发者_运维技巧k to see if the string is 40 charicters long and contains letters,numbers,dashes, and underscores. Here's the infomation I have from the documntations.

invalid-site-public-key: Did you make sure to copy the entire key, with all hyphens and underscores, but without any spaces? The key should be exactly 40 letters long. Source

My public key looks like this 6Ler570SAAAAAOfjh3CNFPtuBSH_QdavHc5x_JUv I'm just worried about writing validation that is too strict and won't let some people use the plugin that I'm writing.

This is what I'm using now but not sure if there is a better way. 

if( $recaptcha_public_key ) {
    //validate the key
        $recaptcha_public_key = filter_var($recaptcha_public_key, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/[0-9a-zA-Z_-]{40}/")));
    // Update value in database
    update_option( 'recaptcha_public_key', $recaptcha_public_key );
}

Thanks!

What you have ("/[0-9a-zA-Z_-]{40}/") is as strict as you're going to get. The point of the key is that it is random - if it conformed to a strict set of formatting rules it would be easy to crack.

Without analyzing a set of public keys, it's fair to assume that each character is completely random within the set [0-9a-zA-Z_-]. Even if this is assumption is incorrect and there is some more specific pattern, this would be likely to change at some point in the future so it's not a good idea to commit your application to the current pattern.

Why are you verifying it yourself? You aren't hitting your database with the information or displaying it on the page are you? If you are putting it on the page html encode it and that should prevent scripts form being run.

You should just send it off to the third party using http://www.google.com/recaptcha/api/verify and it will validate it (as it states in http://code.google.com/apis/recaptcha/docs/verify.html).

This seems to be perfect

if(preg_match('#^6[0-9a-zA-Z_-]{39}$#', $key)){
    // Valid key
}

These are the current conditions of the keys:

  • 40 characters
  • Start with a "6"
  • Only alphanumeric, underscore and dash characters

继续阅读:captchaphprecaptcharegex

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9