Recaptcha with Salesforce Web-To-Lead

1
votes

I have a salesforce web-to-lead form that I have on my website. Everything works fine but there is no recaptcha or any way to prevent spamming. So I downloaded recaptcha, got everything setup, and I also followed the instructions here to take the $_POST data, verify the recaptcha is correct and then submit it over to salesforce.

I got all of that setup but when I submit the form it just goes to my check-this-first.php (I called it contactFormConfirm.php) page and is just blank. It doesn't hit the retURL or actually submit to salesforce.

Any light that can be shed to help me out would be amazing. Thank you in advance.

Here is the code that I am using:

Salesforce Web to Lead:

<form action="/contactFormConfirm.php" method="POST">
<input type=hidden name="oid" value="#############">
<input type=hidden name="retURL" value="http://www.google.com">
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="first_name" class="span3">First Name</label>
    <input  id="first_name" maxlength="40" name="first_name" size="20" type="text" class="span9" />
</div>
<div class="span6 pull-left">
    <label for="last_name" class="span3">Last Name</label>
    <input  id="last_name" maxlength="80" name="last_name" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="title" class="span3">Title</label>
    <input  id="title" maxlength="40" name="title" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="email" class="span3">Email</label>
    <input  id="email" maxlength="80" name="email" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="phone" class="span3">Phone</label>
    <input  id="phone" maxlength="40" name="phone" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="00N4000000231ne" class="span3" style="position:relative; top:-1.2em;">Profile:</label>
    <select  id="profile" name="00N4000000231ne" title="Profile" class="span9">    <option value="">--None--</option>
**[other options hidden for privacy]**
    </select>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="company" class="span3">Company</label>
    <input  id="company" maxlength="40" name="company" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="country" class="span3">Country</label>
    <input  id="country" maxlength="40" name="country" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="street" class="span3">Address</label>
    <textarea name="street" class="span9"></textarea><br>
</div>
<div class="span6 pull-left">
    <label for="city" class="span3">City</label>
    <input  id="city" maxlength="40" name="city" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="state" class="span3" style="position:relative; top:-1.2em;">State / Province</label>
    <input  id="state" maxlength="20" name="state" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="zip" class="span3">Zip</label>
    <input  id="zip" maxlength="20" name="zip" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="00N40000001V9wA" class="span3" style="position:relative; top:-1.2em;">Product Interest:</label>
    <select  id="productInterest" multiple="multiple" name="00N40000001V9wA" title="Product Interest" class="span9" size="5">
        <option value="API">API</option>
        **[other options hidden for privacy]**
    </select><br>
</div>
    <div class="span6 pull-left">
    <label for="00N40000001V8Yl" class="span3" style="position:relative; top:-1.2em;">Background Notes:</label>
    <textarea  id="notes" name="00N40000001V8Yl" type="text" wrap="soft" class="span9"></textarea><br>
</div>
</div>
<div class="clearfix"><br /></div>
<div class="span12 offset3">
<div class="span10 pull-right">
    <label for="lead_source" class="span8 pull-left">Check here to be contacted by *** for a demonstration.</label>
    <input id="demonstration" type="checkbox" name="lead_source" class="span1 pull-left" value="Web w/Demo Request"></input>
</div>
<div class="span10 pull-right">
    <label for="00N400000023QE0" class="span8 pull-left">Check here if you have a timeline for this project.</label>
    <input id="timeline" type="checkbox" name="00N400000023QE0" class="span1 pull-left" value="Confirmed"></input>
</div>
<div class="span10 pull-right">
    <label for="00N400000023QE5" class="span8 pull-left">Check here if you have purchase authority for this project.</label>
    <input id="purchaseAuthority" type="checkbox" name="00N400000023QE5" class="span1 pull-left" value="Confirmed"></input>
</div>
</div>
<div class="clearfix"><br /></div>
<div class="row-fluid">
<div class="span9 pull-right offset2">
    <div class="span8">
        <?php
            require_once('recaptcha/recaptchalib.php');
            $publickey = "xxxxxxxxxxxxx"; // you got this from the signup page
            echo recaptcha_get_html($publickey);
        ?><br />
    </div>
</div>
</div>
<input type="hidden" name="lead_source" value="Web" />
<input type="hidden" name="00N4000000231kf" value="Web Inquiry" />
<div class="span10 offset1 pull-right">
<input type="submit" name="ctl00$ctl00$MainContent$mainContentHolder$btnSubmit" value="Submit Inquiry" class="btn btn-primary span3 pull-right" />
</div>
</form>

This is the contactFormConfirm.php code with the php cURL code:

<?php

ob_start();
session_start();

include_once('[path-to]/recaptcha/recaptchalib.php');

     //Recaptcha Settings
   $publickey = "xxxxxxxxx"; // you got this from the signup page
   $privatekey = "xxxxxxxxx";


//curl method posting
//extract data from the post
  extract($_POST);

    if (isset($submit)){

    $ok = 1;

     $resp = recaptcha_check_answer ($privatekey,
                            $_SERVER["REMOTE_ADDR"],
                            $_POST["recaptcha_challenge_field"],
                            $_POST["recaptcha_response_field"]);

     if (!$resp->is_valid) {
          $ok = 0;
        }

if ($ok){       
    //set POST variables
    $url = 'https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8';
    $fields = array(
                'oid'=>urlencode($oid),
                'retURL'=>urlencode($retURL),
                'first_name'=>urlencode($first_name),
                'last_name'=>urlencode($last_name),
                'title'=>urlencode($title),
                'email'=>urlencode($email),
                'phone'=>urlencode($phone),
                '00N4000000231ne'=>urlencode($profile),
                'company'=>urlencode($company),
                'country'=>urlencode($country),
                'address'=>urlencode($address),
                'city'=>urlencode($city),
                'state'=>urlencode($state),
                'zip'=>urlencode($zip),
                '00N40000001V9wA'=>urlencode($productInterest),
                '00N40000001V8Yl'=>urlencode($notes),
                'lead_source'=>urlencode($demonstration),
                '00N400000023QE0'=>urlencode($timeline),
                '00N400000023QE5'=>urlencode($purchaseAuthority)
            );

    //url-ify the data for the POST
    foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
    rtrim($fields_string,'&');

    //print_r($fields_string);

    //open connection
    $ch = curl_init();

    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_POST,count($fields));
    curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

    //execute post
    $result = curl_exec($ch);

    //close connection
    curl_close($ch);

} //if ok
else {
          echo "<h4>Sorry - Invalid Captcha </h4>";
        }   


 } //if submit.
 ?>
2
phpcurlsalesforce
Hi, I recommend you to use the google recaptcha api in this link: link It has sufficient documentation. Also I recommend you to use PRG Pattern - Post Redirect Get pattern link lastly, also please consider to use 2 secret question instead of captcha. 1st question is with an image (example: ask Obama with his mini image) and 2nd question is logical question (example: opposite of white? or color of sea?) this is more safe I think since some bots can solve captcha but bots can not think in a logical way... - Andre Chenier
Thanks for your recommendations. I will have to look into some of those. In the mean time I did work with another developer at work to come up with the solution. I'll post the answer as soon as I can. - cschneider27

2 Answers

1
votes

After working for several hours, me and another developer at work were able to solve this issue using the solution (kind of) above.

Here's how it broke down:

<script type="text/javascript">
 var RecaptchaOptions = {
theme : 'clean'
 };
 </script>
<form action="/contactFormConfirm.php" method="POST" >
<input type=hidden name="oid" value="#########">
<input type=hidden name="retURL" value="http://www.website.com/thank-you/">
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="first_name" class="span3">First Name</label>
    <input  id="first_name" maxlength="40" name="first_name" size="20" type="text" class="span9" />
</div>
<div class="span6 pull-left">
    <label for="last_name" class="span3">Last Name</label>
    <input  id="last_name" maxlength="80" name="last_name" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="title" class="span3">Title</label>
    <input  id="title" maxlength="40" name="title" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="email" class="span3">Email</label>
    <input  id="email" maxlength="80" name="email" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="phone" class="span3">Phone</label>
    <input  id="phone" maxlength="40" name="phone" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="profile" class="span3" style="position:relative; top:-1.2em;">Profile:</label>
    <select  id="profile" name="profile" title="OverDrive Profile" class="span9">
        <option value="">--None--</option>
    </select>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="company" class="span3">Company</label>
    <input  id="company" maxlength="40" name="company" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="country" class="span3">Country</label>
    <input  id="country" maxlength="40" name="country" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="street" class="span3">Address</label>
    <textarea name="street" class="span9"></textarea><br>
</div>
<div class="span6 pull-left">
    <label for="city" class="span3">City</label>
    <input  id="city" maxlength="40" name="city" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="state" class="span3" style="position:relative; top:-1.2em;">State / Province</label>
    <input  id="state" maxlength="20" name="state" size="20" type="text" class="span9" /><br>
</div>
<div class="span6 pull-left">
    <label for="zip" class="span3">Zip</label>
    <input  id="zip" maxlength="20" name="zip" size="20" type="text" class="span9" /><br>
</div>
</div>
<div class="clearfix"></div>
<div class="row span12 pull-left">
<div class="span6 pull-left">
    <label for="productInterest" class="span3" style="position:relative; top:-1.2em;">Product Interest:</label>
    <select  id="productInterest" multiple="multiple" name="productInterest" title="Product Interest" class="span9" size="5">
        <option value="API">API</option>
    </select><br>
</div>
    <div class="span6 pull-left">
    <label for="notes" class="span3" style="position:relative; top:-1.2em;">Background Notes:</label>
    <textarea  id="notes" name="notes" type="text" wrap="soft" class="span9"></textarea><br>
</div>
</div>
<div class="clearfix"><br /></div>
<div class="span12 offset3">
<div class="span10 pull-right">
    <label for="lead_source" class="span8 pull-left">Check here to be contacted for a demonstration.</label>
    <input id="lead_source" type="checkbox" name="lead_source" class="span1 pull-left" value="Web w/Demo Request"></input>
</div>
<div class="span10 pull-right">
    <label for="timeline" class="span8 pull-left">Check here if you have a timeline for this project.</label>
    <input id="timeline" type="checkbox" name="timeline" class="span1 pull-left" value="Confirmed"></input>
</div>
<div class="span10 pull-right">
    <label for="purchaseAuthority" class="span8 pull-left">Check here if you have purchase authority for this project.</label>
    <input id="purchaseAuthority" type="checkbox" name="purchaseAuthority" class="span1 pull-left" value="Confirmed"></input>
</div>
</div>
<div class="clearfix"><br /></div>
<div class="row-fluid">
<div class="span9 pull-right offset2">
    <div class="span8">
        <?php
            require_once('recaptcha/recaptchalib.php');
            $publickey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"; // you got this from the signup page
            echo recaptcha_get_html($publickey);
        ?><br />
    </div>
</div>
</div>
<div class="span10 offset1 pull-right">
<input type="submit" name="submit" value="Submit Inquiry" class="btn btn-primary span3 pull-right" />
</div>
</form>

And here's the contactFormConfirm file:

<?php

ob_start();
session_start();

include_once('path-to/recaptcha/recaptchalib.php');

     //Recaptcha Settings
   $publickey = "xxxxxxxxxxxxxxxxxxxxxxxxx"; // you got this from the signup page
   $privatekey = "xxxxxxxxxxxxxxxxxxxxxxxx";


//curl method posting
//extract data from the post
  extract($_POST);

    if ($submit == 'Submit Inquiry'){

    $ok = 1;

     $resp = recaptcha_check_answer ($privatekey,
                            $_SERVER["REMOTE_ADDR"],
                            $_POST["recaptcha_challenge_field"],
                            $_POST["recaptcha_response_field"]);

     if (!$resp->is_valid) {
          $ok = 0;
        }

if ($ok){       
    //set POST variables
    $url = 'salesforce URL';


    $fields = array(
                'oid'=>urlencode($oid),
                'retURL'=>urlencode($retURL),
                'first_name'=>urlencode($first_name),
                'last_name'=>urlencode($last_name),
                'title'=>urlencode($title),
                'email'=>urlencode($email),
                'phone'=>urlencode($phone),
                'XXXXXXXXXXXXXXXX'=>urlencode($profile),
                'company'=>urlencode($company),
                'country'=>urlencode($country),
                'address'=>urlencode($street),
                'city'=>urlencode($city),
                'state'=>urlencode($state),
                'zip'=>urlencode($zip),
                'XXXXXXXXXXXXXXXX'=>urlencode($productInterest),
                'XXXXXXXXXXXXXXXX'=>urlencode($notes)
                );
                // replace XXXXXX with custom field ID

    // send default "lead source" value if it is not passed in the HTML form
    if (isset($lead_source))
    {
        $fields['XXXXXXXXXXXXXXXXX'] = urlencode('Web w/Demo Request');
    }
    else
    {
        $fields['XXXXXXXXXXXXXXXXX'] = urlencode('Web');
    }

    // add values to array if they are passed in via the HTML form
    if (isset($timeline))
    {
        $fields['XXXXXXXXXXXXXXXXX'] = urlencode($timeline);
    }

    if (isset($purchaseAuthority))
    {
        $fields['XXXXXXXXXXXXXXXX'] = urlencode($purchaseAuthority);
    }

    // add constant fields
    $fields['XXXXXXXXXXXXXXX'] = urlencode('Web Inquiry');
    $fields['recordType'] = urlencode('XXXXXXXXXXXXXXX');


    //url-ify the data for the POST
    $fields_string = '';
    foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
    $fields_string = substr($fields_string, 0, -1); // delete last &
    rtrim($fields_string,'&');

    //print_r($fields_string);

    //open connection
    $ch = curl_init();

    //set the url, number of POST vars, POST data
    curl_setopt($ch,CURLOPT_URL,$url);
    curl_setopt($ch,CURLOPT_POST,count($fields));
    curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

    //execute post
    $result = curl_exec($ch);

    //close connection
    curl_close($ch);

} //if ok
else {
          echo "<h4>Sorry - Invalid Captcha </h4>";
        }   


 } //if submit.
 ?>
0
votes

I know this is an old thread but I came across it while attempting to do the same thing and came up with this solution:

<?php
ob_start();
session_start();

require_once('recaptchalib.php');

$key_public = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$key_private = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

$captchaFailed = false;
$response = null;
$reCaptcha = new ReCaptcha($key_private);

if (!function_exists('curl_version')) {
    die('Curl package missing.');
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (isset($_POST['g-recaptcha-response'])) {
        $response = $reCaptcha->verifyResponse(
            $_SERVER['REMOTE_ADDR'],
            $_POST['g-recaptcha-response']
        );

        if ($response !== null) {
            if ($response->success) {
                $fields = $_POST;
                $sendURL = $fields['sendURL'];

                unset($fields['sendURL']);
                unset($fields['g-recaptcha-response']);

                $fields_string = http_build_query($fields);

                $ch = curl_init();

                curl_setopt($ch, CURLOPT_URL, $sendURL);
                curl_setopt($ch, CURLOPT_POST, 1);
                curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);

                $result = curl_exec($ch);

                curl_close($ch);
            } else {
                $captchaFailed = true;
            }
        } else {
            $captchaFailed = true;
        }
    } else {
        $captchaFailed = true;
    }
}

if ($captchaFailed && count(get_included_files()) < 3) {
    echo 'reCAPTCHA failed! Please go back and try again.';
}
?>

You will need to create a hidden input field called sendURL with the value of the URL you'd like to send the form to.

You can either set the action of your form to a file with the code above or include it at the top of the page with your form and leave the action blank.

An example of including it all in the same page could be something like this:

<?php require_once('form-submit.php'); ?>
<html>
<body>
    <form method="post">
        <input type="hidden" name="sendURL" value="https://login.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8&...">

        <label for="name">Name:</label>
        <input type="text" name="name" value="<?php if (!empty($_POST['name'])) { echo $_POST['name']; } ?>">

        <label for="email">E-Mail:</label>
        <input type="text" name="email" value="<?php if (!empty($_POST['email'])) { echo $_POST['email']; } ?>">

        <label for="message">Message:</label>
        <textarea name="message"><?php if (!empty($_POST['message'])) { echo $_POST['message']; } ?></textarea>

        <?php if ($captchaFailed): ?>
            <p>reCAPTCHA failed! Please try again!</p>
        <?php endif; ?>
        <div class="g-recaptcha" data-sitekey="<?php echo $key_public; ?>"></div>
    </form>

    <script src="https://www.google.com/recaptcha/api.js"></script>
</body>
</html>

And you could use this for pretty much any case where you need to validate the reCAPTCHA before sending the form data off somewhere else.