Simplest Cloudflare Turnstile Code in PHP

마지막 업데이트 6일 전

Follow the guide here:
Cloudflare Turnstile - Client-Side Rendering

Important Point:
Once a Turnstile token fails, it cannot be reused.

This means that if a login attempt fails (e.g., due to an incorrect password), you must reset Turnstile using:

turnstile.reset(widgetId);

If you don’t reset it, the old (failed) token will remain invalid. So, even if you enter the correct password on the next attempt, the login will still fail because Turnstile won’t generate a new token.

To avoid this issue, always reset Turnstile after a failed login attempt.

<form action="/path/authentication/index.php" class="signin-form clearfix" id="signup" method="post">

    ...

    <script src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer></script>
    <div style="max-width: 100%; margin-right: auto; margin-left: auto; height: 65px;">
        <div class="cf-turnstile" data-sitekey="0x4AAAAAAA7OP_XX-yyyyZZZ" data-size="flexible" data-language="<?= t(['en', 'ko', 'ja']); ?>" data-theme="light" data-callback="tsSuccess"></div>
    </div>

    ...

    <button ... >Login</button>
</form>

$('form.signin-form').submit(function() {

    $form = $(this);

    ...

    $.post($form.attr('action'), $form.serializeArray(), function(json) {

        if ( json.status == 1 ) {

            // Logged In!
            window.location.href = 'redirect_some_where';

        } else {

            const cloudFlareTurnstileEl = document.querySelector("[name='cf-turnstile-response']",);

            // cloudFlareTurnstileEl.id => cf-chl-widget-xxx99_response
            if ( cloudFlareTurnstileEl?.id ) {

                // widgetId: cf-chl-widget-xxx99
                const widgetId = cloudFlareTurnstileEl?.id?.replace('_response', '');

                // Reset Turnstile
                // turnstile.reset() is in loaded script, https://challenges.cloudflare.com/turnstile/v0/api.js
                turnstile.reset(widgetId);
            }
        }

        ...

    }, "json");

});


$cft = $_POST('cf-turnstile-response');

$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL            => "https://challenges.cloudflare.com/turnstile/v0/siteverify",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST           => true,
    CURLOPT_POSTFIELDS     => http_build_query([
        'secret'   => '0x4AAAAAAA7OPxxxxxxxxxx_yyyy-zzzzzz',
        'response' => $cft
    ], "", "&")
]);
$response = curl_exec($curl);

if ( @$response ) {
    $res = json_decode($response, true);

    if ( !@$res['success'] ) {

        echo 'Failed_JSON_Code';
        exit;

    } else {

        echo 'Succeed_JSON_Code';
        exit;
    }
}

Richard C. @richard

Hi, my name is Richard. I’m a developer wants to make the world better with logic power. Mainly I use Linux, Nginx, MySQL, PHP and JavaScript . I want to share my knowledge with someone that it was also based from some great persons via LYNMP. 👨‍💻

https://richardthink.com

팔로우 프로필

¶ 목차

Simplest Cloudflare Turnstile Code in PHP

Simplest Cloudflare Turnstile Code in PHP

¶ 목차

독자 의견

저자 @richard 에게 의견 남기기: