How to add SliderCaptcha to "form_without_ajax.php"

Standard Form Submission (no Ajax)

Synchronous request: The standard form is submitted, the browser “blocks” interaction and waits for the server's response to load a completely new page."

OldNew
1<?php1<?php
2$errors = [];2$errors = [];
3$showCaptcha = false;
4$captchaServiceAvailable = true; // Default: Service is available
35
4if ($_SERVER['REQUEST_METHOD'] === 'POST') {6if ($_SERVER['REQUEST_METHOD'] === 'POST') {
57
6 $email = trim($_POST['email'] ?? '');8 $email = trim($_POST['email'] ?? '');
79
8 // Validate Email10 // Step 1: Validate Email (only if CAPTCHA-Token does not exist)
11 if (empty($_POST['slidercaptcha_token'])) {
9 if ($email === '') {12 if ($email === '') {
10 $errors['email'] = 'Required field';13 $errors['email'] = 'Required field';
11 } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {14 } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
12 $errors['email'] = 'Please enter a valid email address';15 $errors['email'] = 'Please enter a valid email address';
13 }16 }
17 }
1418
15 // When no errors during validation:19 // When no errors during validation:
16 if (!$errors) {20 if (!$errors) {
21
22 // Step 2: Check if CAPTCHA-Token exists
23 if (empty($_POST['slidercaptcha_token'])) {
24 // SliderCaptcha not solved → Show SliderCaptcha
25 $showCaptcha = true;
26 } else {
27 // Step 3: CAPTCHA-Token exists → Validate Token
28 $captchaToken = (string)($_POST['slidercaptcha_token'] ?? '');
29
30 if ($captchaToken === 'CAPTCHA_UNAVAILABLE') {
31 // Special Token: 'CAPTCHA_UNAVAILABLE'
32 // Check if service is really down!
33 $ch = curl_init('https://slidercaptcha.net/api/v1/verify.php');
34 curl_setopt_array($ch, [
35 CURLOPT_POST => true,
36 CURLOPT_RETURNTRANSFER => true,
37 CURLOPT_HTTPHEADER => ['Content-Type: application/json'],
38 CURLOPT_POSTFIELDS => json_encode(['token' => 'test', 'secret_key' => 'test']),
39 CURLOPT_TIMEOUT => 3,
40 CURLOPT_CONNECTTIMEOUT => 3
41 ]);
42
43 $testResponse = curl_exec($ch);
44 $testHttpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
45 curl_close($ch);
46
47 // If service is NOT available (Timeout, Connection Error, etc.)
48 if ($testResponse === false || $testHttpCode === 0) {
49 // Service is down → Allow Bypass
50 error_log('SliderCaptcha service unavailable - allowing bypass for email: ' . $email);
51 $captchaVerified = true;
52 $captchaServiceAvailable = false;
53 } else {
54 // Service is NOT down → Bot-Attack!
55 error_log('SECURITY WARNING: Attempted CAPTCHA bypass with available service for email: ' . $email);
56 $errors['captcha'] = 'Invalid CAPTCHA token. Please try again.';
57 $captchaVerified = false;
58 }
59
60 } else {
61 // Normal Token → Verify that token
62 $verifyPayload = json_encode([
63 'token' => $captchaToken,
64 'secret_key' => 'sk_live_26918...provided by DSLM IT-CONSULTING'
65 ]);
66 $ch = curl_init('https://slidercaptcha.net/api/v1/verify.php');
67 curl_setopt_array($ch, [
68 CURLOPT_POST => true,
69 CURLOPT_RETURNTRANSFER => true,
70 CURLOPT_HTTPHEADER => [
71 'Content-Type: application/json'
72 ],
73 CURLOPT_POSTFIELDS => $verifyPayload,
74 CURLOPT_TIMEOUT => 5,
75 CURLOPT_CONNECTTIMEOUT => 5
76 ]);
77
78 $verifyResponse = curl_exec($ch);
79 $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
80 $curlError = curl_error($ch);
81 curl_close($ch);
82
83 // Network-/Servererror
84 if ($verifyResponse === false || $httpCode === 0) {
85 // Service ist down → Allow Bypass
86 error_log('SliderCaptcha service unavailable during verification - allowing bypass for email: ' . $email);
87 $captchaVerified = true;
88 $captchaServiceAvailable = false;
89 } elseif ($httpCode !== 200) {
90 $errors['captcha'] = 'SliderCaptcha verification failed. Please try again.';
91 $captchaVerified = false;
92 } else {
93 $data = json_decode($verifyResponse, true);
94 // Invalid Response
95 if (!is_array($data) || empty($data['success'])) {
96 $errors['captcha'] = 'SliderCaptcha verification failed. Please try again.';
97 $captchaVerified = false;
98 } else {
99 // Optional: Check Score
100 if (isset($data['score']) && $data['score'] < 0.5) {
101 $errors['captcha'] = 'SliderCaptcha verification failed. Please try again.';
102 $captchaVerified = false;
103 } else {
104 $captchaVerified = true;
105 }
106 }
107 }
108 }
109
110
111 if ($captchaVerified) {
112 // ✓ SliderCaptcha successfully solved → Check if Email already exists in subscripton table
17 /*113 /*
18 *** put your code here to check Email against database ***114 *** put your code here to check Email against database ***
19 */115 */
20 116
21 // Simple check to demonstrate what happens if email already exists in database:117 // Simple check to demonstrate what happens if email already exists in database:
22 if ($email == "joe.doe@example.com") {118 if ($email == "joe.doe@example.com") {
23 $errors['email'] = "This email-address already exists in our database"; 119 $errors['email'] = "This email-address already exists in our database";
24 } else {120 } else {
25 /*121 /*
26 *** put your code here to store the email-address in your database ***122 *** put your code here to store the email-address in your database ***
27 */123 */
28 $successMessage = 'Thank you for your subscription!';124 $successMessage = 'Thank you for your subscription!';
125 if (!$captchaServiceAvailable) {
126 $successMessage .= ' (Note: CAPTCHA service was unavailable)';
127 }
29 echo "<script>128 echo "<script>
30 alert('" . addslashes($successMessage) . "');129 alert('" . addslashes($successMessage) . "');
31 window.location.href = '" . $_SERVER['REQUEST_URI'] . "';130 window.location.href = '" . $_SERVER['REQUEST_URI'] . "';
32 </script>";131 </script>";
33 exit;132 exit;
133 }
134 }
34 }135 }
35 }136 }
36}137}
37?>138?>
38<!DOCTYPE html>139<!DOCTYPE html>
39<html lang="en">140<html lang="en">
40<head>141<head>
41 <meta charset="utf-8">142 <meta charset="utf-8">
42 <meta name="viewport" content="width=device-width, initial-scale=1">143 <meta name="viewport" content="width=device-width, initial-scale=1">
43 <title>Form without Ajax</title>144 <title>Form without Ajax plus SliderCaptcha - Secure Fallback</title>
44 <style>145 <style>
45 body { font-family: sans-serif; font-size: 14px };146 body { font-family: sans-serif; font-size: 14px };
46 </style>147 </style>
47</head>148</head>
48149
49<body>150<body>
50<h1>Form without Ajax and no SliderCaptcha</h1>151<h1>SliderCaptcha Example with Secure Fallback</h1>
51<h2>Standard Form Submission (no Ajax)</h2>152<h2>Standard Form Submission (no Ajax)</h2>
52<h3>Synchronous request: The standard form is submitted, the browser “blocks” interaction and waits for the server's response to load a completely new page.</h3>153<h3>Synchronous request: The standard form is submitted, the browser “blocks” interaction and waits for the server's response to load a completely new page.</h3>
53<h4>Hints:</h4>154<h4>Hints:</h4>
54<ul>155<ul>
55<li>Leave the email field empty to see backend validation</li>156<li>Leave the email field empty to see backend validation</li>
56<li>Enter invalid email to see backend validation</li>157<li>Enter invalid email to see backend validation</li>
57<li>Try <b>joe.doe@example.com</b> to see backend validation error</li>158<li>Try <b>joe.doe@example.com</b> to see backend validation error <b>after</b> passing SliderCaptcha</li>
58<li>Try any other valid email-address to see final form submission</li>159<li>Try any other valid email-address to see final form submission <b>after</b> passing SliderCaptcha</li>
160<li><b>SECURITY:</b> If SliderCaptcha service is unavailable, you can continue BUT server verifies the service is really down!</li>
59</ul>161</ul>
60162
61<form method="post" id="subscriptionForm" novalidate>163<form method="post" id="subscriptionForm" novalidate>
62 <!-- Email -->164 <!-- Email -->
63 Email:<br>165 Email:<br>
64 <input name="email" id="email" value="<?=htmlspecialchars($email ?? '')?>"> 166 <input name="email" id="email" value="<?=htmlspecialchars($email ?? '')?>">
65 <?php if (isset($errors['email'])): ?>167 <?php if (isset($errors['email'])): ?>
66 <br><small style="color: red;"><?= htmlspecialchars($errors['email']) ?></small>168 <br><small style="color: red;"><?= htmlspecialchars($errors['email']) ?></small>
67 <?php endif; ?>169 <?php endif; ?>
68 <br><br>170 <br><br>
69171
172 <!-- SliderCaptcha Error Display -->
173 <?php if (isset($errors['captcha'])): ?>
174 <div style="color: red; margin-bottom: 10px;">
175 <?= htmlspecialchars($errors['captcha']) ?>
176 </div>
177 <?php endif; ?>
178
179 <!-- Hidden field for SliderCaptcha token -->
180 <input type="hidden" name="slidercaptcha_token" id="slidercaptcha_token" value="">
181
70 <button type="submit">182 <button type="submit">
71 subscribe183 subscribe
72 </button>184 </button>
73</form>185</form>
186
187<?php if ($showCaptcha): ?>
188 <script>
189 // SliderCaptcha needs to be solved bevore form will be finally submitted
190 document.addEventListener('DOMContentLoaded', function() {
191
192 let captchaFailed = false;
193 // Check if SliderCaptcha is available
194 if (typeof SliderCaptcha === 'undefined') {
195 console.warn('SliderCaptcha script not loaded, waiting for timeout...');
196 captchaFailed = true;
197 document.getElementById('slidercaptcha_token').value = 'CAPTCHA_UNAVAILABLE'; // set marker
198 document.getElementById('subscriptionForm').submit(); // backend is checking if service is really unavailable
199 } else {
200 // Display SliderCaptcha
201 SliderCaptcha.execute()
202 .then(function(response) {
203 if (!captchaFailed) {
204 document.getElementById('slidercaptcha_token').value = response.token;
205 document.getElementById('subscriptionForm').submit();
206 }
207 })
208 .catch(function(error) {
209 // SliderCaptcha was cancelled by the user
210 console.error('SliderCaptcha error:', error);
211 });
212 }
213 });
214 </script>
215<?php endif; ?>
216
217<!-- SliderCaptcha Embed Script -->
218<script src="https://slidercaptcha.net/embed.js"
219 data-sitekey="pk_live_b4a35...provided by DSLM IT-CONSULTING"
220 data-mode="live"
221 data-language="en">
222</script>
74223
75</body>224</body>
76</html>225</html>
77226