I've been using Tectite Formmail.php for many years. Finally added Recaptcha ver 2 (Invisible mode). It works okay, except that it messes with the derive_fields email string. Without Captcha, the results email's From field properly contains the name and email address of the person who filled out my form, that is a value derived from "realname" and "email".
e.g., Ralph Waldo <[email protected]
When I enable ReCaptcha, the results email's From field undesirably shows my hosting account username and server address:
e.g., *[email protected]
If I revert the form to a standard tag and disable Recaptcha (by nulling the $REQUIRE_CAPTCHA and $RECAPTCHA_PRIVATE_KEY values as in code shown below), I get the desired From contents as I used to. This behavior is the same for Formmail v 9.15 and 9.19.
If this is standard procedure for Recaptcha, it seems undocumented. If not, what's the fix?
SNIPPETS, PER REQUEST:
In web page header:
<!-- CAPTCHA Ver2 Invisible -->
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<script>
function onSubmit(token) {
document.getElementById("Contact_Form").submit();
}
</script>
<!-- end CAPTCHA -->
In web page HTML
<form id="Contact_Form" action="https://www.example.com/formmail.php" method="post" name="Formtype 1">
<input name="good_url" value="https://www.example.com/tnxpg.html" type="hidden" />
<INPUT NAME="subject" TYPE="hidden" VALUE="~~FORM RECEIVED - Main mail form">
<!-- OTHER INFO TO APPEAR IN EMAIL -->
<input type="hidden" name="form_version" value="Visitor used Main Form">
<input type="hidden" name="mail_options" value="[email protected]" />
<!-- DON'T CHANGE THE FOLLOWING ... EXCEPT put actual field names after equals signs. -->
<!-- this derives (creates) "email" and "realname" special fields from the input fields -->
<input type="hidden" name="derive_fields" value="email=EmailAddr,realname=FullName" />
<!-- DON'T CHANGE THE FOLLOWING! -->
<!-- this excludes the "email" and "realname" special fields from the body of the email you receive -->
<input type="hidden" name="mail_options" value="Exclude=email;realname" >
<input name="env_report" value="REMOTE_HOST,REMOTE_ADDR,HTTP_USER_AGENT,AUTH_TYPE,REMOTE_USER" type="hidden" />
* * *
<input type="hidden" name="derive_fields" value="imgverify=g-recaptcha-response" />
<!-- with this simple Submit tag and the private key removed from Formmail.php, results email From is correct -->
<!--
<input type="submit" value=" Send message ">
-->
<input type="submit" value=" Send Message " class="g-recaptcha" data-callback="onSubmit" data-sitekey="PublicKeyGoesHere" / >
In formmail.php:
/* Help: http://www.tectite.com/fmdoc/require_captcha.php */
//// DO NOT USE CAPTCHA
//// $REQUIRE_CAPTCHA = ""; /* set to a message string if your forms */
//// USE CAPTCHA
$REQUIRE_CAPTCHA = "Confirm you are not a robot.";
/* set to a message string if your forms must provide a CAPTCHA string*/
/* Help: http://www.tectite.com/fmdoc/recaptcha_private_key.php */
//// DO NOT USE CAPTCHA
//$RECAPTCHA_PRIVATE_KEY = "";
//// USE CAPTCHA
$RECAPTCHA_PRIVATE_KEY = "myprivatekeygoeshere";
This is unusual behaviour.
I suspect there's a syntax error in your HTML and that's causing the damage to the form submission.
You should validate your HTML at https://validator.w3.org/