I have the following problem, after entering the username and password the code is verified but the code has been verified or not, I can still log in.
Regardless whether the RECaptcha is verified or not when I press the login button, I can start the session but I understand that this should not be possible since it must be verified and the user data provided
Following this example: Google RECaptcha Code with Example in ASP.Net
the code is like this:
<div class="form-group">
<br /><br /><label for="username">Username</label>
<asp:TextBox ID="txt_Username" runat="server" CssClass="form-control" placeholder="Username: "></asp:TextBox>
</div>
<div class="form-group">
<label for="userpassword">Password</label>
<asp:TextBox ID="txt_pwd" runat="server" CssClass="form-control" placeholder="Password: " TextMode="Password"></asp:TextBox>
</div>
<div class="form-group row m-t-20">
<div class="col-12 text-right">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
<script type="text/javascript" src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"
async defer></script>
<script type="text/javascript">
var onloadCallback = function () {
grecaptcha.render('dvCaptcha', {
'sitekey': '<%=ReCaptcha_Key %>',
'callback': function (response) {
$.ajax({
type: "POST",
url: "Login.aspx/VerifyCaptcha",
data: "{response: '" + response + "'}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (r) {
var captchaResponse = jQuery.parseJSON(r.d);
if (captchaResponse.success) {
$("[id*=txtCaptcha]").val(captchaResponse.success);
$("[id*=rfvCaptcha]").hide();
} else {
$("[id*=txtCaptcha]").val("");
$("[id*=rfvCaptcha]").show();
var error = captchaResponse["error-codes"][0];
$("[id*=rfvCaptcha]").html("RECaptcha error. " + error);
}
}
});
}
});
};
</script>
<div id="dvCaptcha">
</div>
<asp:TextBox ID="txtCaptcha" runat="server" Style="display: none" />
<asp:RequiredFieldValidator ID = "rfvCaptcha" ErrorMessage="Captcha validation is required." ControlToValidate="txtCaptcha"
runat="server" ForeColor = "Red" Display = "Dynamic" />
<br />
<asp:Button ID="btn_Login" runat="server" CssClass="btn btn-primary w-md waves-effect waves-light" Text="Login" OnClick="btn_Login_Click" ToolTip="Ingresar" disabled="disabled"/>
</div>
</div>
And the code that allows the session to start is the following:
Protected Sub btn_Login_Click(sender As Object, e As EventArgs)
If txt_Username.Text.Length <= 1 Or txt_pwd.Text.Length <= 1 Then
lbl_AlertDanger.Visible = True
lbl_AlertDanger.Text = "<strong>ERROR</strong> - Wrong credentials"
Else
txt_Username.Focus()
Dim v_Salt As String = "F4!t#+God=$$"
Dim v_PwdSalt As String = txt_pwd.Text.Trim + v_Salt
lbl_AlertDanger.Visible = False
Try
ds_Student_Login.SelectParameters("Username").DefaultValue = txt_Username.Text.Trim.ToLower
ds_Student_Login.SelectParameters("Pwd").DefaultValue = getMd5Hash(v_PwdSalt)
ds_Student_Login.DataBind()
Dim o_Selecte_UserData As DataView = CType(ds_Student_Login.Select(DataSourceSelectArguments.Empty), DataView)
For Each o_UserData As DataRow In o_Selecte_UserData.Table.Rows
If o_UserData("Result_Cd") = "OK" Then
Dim v_CkLastLogin As New HttpCookie("PI_LastLogin")
v_CkLastLogin.Values("Username") = txt_Username.Text.ToString.Trim.ToLower
v_CkLastLogin.Expires = DateTime.Now.AddDays(30)
Response.Cookies.Add(v_CkLastLogin)
Session("s_UserID") = o_UserData("User_ID")
Session("s_Username") = o_UserData("Username")
Session("s_Type") = o_UserData("Type")
Session("s_Rol") = o_UserData("Rol")
Session("s_UserFullNm") = o_UserData("UserFullNm")
Session("s_UserImgProfile") = o_UserData("UserImgProfile")
Response.Redirect("Home.aspx", True)
End If
Next
Catch ex As Exception
lbl_AlertDanger.Visible = True
lbl_AlertDanger.Text = "<strong>ERROR</strong> - " + ex.Message
End Try
End If
End Sub
