It’s worth noting that in that code, the message “SPAMMER! @$%K Off!” might be shown to a person if they fail the reCAPTCHA and submit anyway. I haven’t checked if that’s true but it’s undefined so if it’s not true today, it could be tomorrow without making any changes yourself.
It also doesn’t stop processing at that point, so in the case of a person failing the reCAPTCHA and submitting anyway or a bot submitting garbage including the g-recaptcha-response field, that SPAMMER message will appear before continuing with the rest of the script, presumably sending the email.
It’s also worth noting that verifying the recaptcha is done using a GET request. This must work since you’ve used it there but the documentation only talks about using a POST request, so it may stop working at any moment. Or it may work forever.
Simon
freewaytalk mailing list
email@hidden
Update your subscriptions at: