reCaptcha - submitted form is validated?

0

I'm implementing reCaptcha, the box with the checkbox for the user to click and confirm that it is not a robot being presented, however I have doubts if it is really working, as I am using:

"... if(grecaptcha.getResponse() == "")..." 

And I do not know if any robot could circumvent this, since I'm not analyzing the response that the Google API returns, I just check if there is a return.

Note: this page is HTML, but I will also implement reCaptcha in jsp.

Follow the code below:

function logar(){
	if (grecaptcha.getResponse() == "")
	 {
	      alert("Você não clicou no reCAPTCHA, por favor, faça!")
	      return false;
	 } else {
		 document.login.submit();
	 }
}
<script src='https://www.google.com/recaptcha/api.js?hl=pt' async defer></script>


<form class="form-inline" role="form" name="login" action="loginController.do" method="post">
  <div class="modal-body">
    Usuario: <input type="text" name="login">
    senha <input type="text" name="senha">
    <div class="g-recaptcha" data-sitekey="XX_chave_XX"></div>
  </div>
  <div class="modal-footer">
    <button type="button" class="btn btn-default" data-dismiss="modal">Fechar</button>
    <button type="button" class="btn btn-primary" onClick="logar()" >Login</button>
  </div>
</form>

Thank you so much !!

    
asked by anonymous 05.11.2016 / 23:37

1 answer

0

If the user does not correctly mark the reCaptcha box, the return is not an empty string, the way you are comparing it. But an empty array. So, you should check as follows:

var v = grecaptcha.getResponse();
if(v.length == 0)
{
    alert("Você não clicou no reCAPTCHA, por favor, faça!")
    return false;
} else {
     document.login.submit();
 }

I hope I have helped.

    
07.11.2016 / 18:50