Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Dear Friends,
Laravel 10 with controller code as
public function dashboard(Request $request)
{
$keySecret = '6Ld6YCkNp53_wft2s5';
$check = array(
'secret' => $keySecret,
'response' => $_POST['g-recaptcha-response']
);
$startProcess = curl_init();
curl_setopt($startProcess, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($startProcess, CURLOPT_POST, true);
curl_setopt($startProcess, CURLOPT_POSTFIELDS, http_build_query($check));
curl_setopt($startProcess, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($startProcess, CURLOPT_RETURNTRANSFER, true);
$receiveData = curl_exec($startProcess);
$finalResponse = json_decode($receiveData, true);
print_r($finalResponse);
if($finalResponse['success'])
{
echo "success reached";
} // success
else
{
echo "fail";
}
}
form.blade.php as below
<form method="post" action="{{ route('dashboard') }}">
@csrf
<div class="form-group">
<input type="email" id="email" name="email" class="form-control form-control-lg"
placeholder="E-mail" value="">
@if ($errors->has('email'))
<span class="text-danger">{{ $errors->first('email') }}</span>
@endif
</div>
<div class="form-group">
<input type="password" name="password" class="form-control form-control-lg"
id="exampleInputPassword1" placeholder="Password">
@if ($errors->has('password'))
<span class="text-danger">{{ $errors->first('password') }}</span>
@endif
</div>
<div class="form-group">
@if (session('failed'))
<span class="text-danger">{{ session('failed') }}</span>
@endif
</div>
<div class="row">
<div class="col-md-12">
<div class="form-group">
<div class="g-recaptcha"
data-sitekey="6Ld6YCkeqE6m0u"></div>
@if ($errors->has('g-recaptcha-response'))
<span class="text-danger">The captcha field is required.</span>
@endif
</div>
</div>
</div>
<div class="form-group text-center">
<button type="submit" value="Send" name="Login"
class="btn btn-block btn-success btn-lg font-weight-medium auth-form-btn">SIGN
IN</button>
</div>
</form>
got output as below
Array ( [success] => 1 [challenge_ts] => 2023-12-11T15:58:22Z [hostname] => careers-ksrtc.karnataka.gov.in ) success reachedArray ( [success] => [error-codes] => Array ( [0] => timeout-or-duplicate ) ) fail
I need to avoid second array in that ,there suspect two form submission.
How to solve it ?
is your dashboard really consuming post requests that seems like a login form?
anyway, always redirect after a POST request to avoid duplicate form submission. If you have to show a view, create a new show endpoint (with a separate GET request for it), then redirect to it from the POST.
note: and if that is your real secret key, i suggest to remove it from your post and change it
@s4muel Thanks for Your reply.
I got solution using Cache mechanism to filter the second Array elements for that I include
use Illuminate\Support\Facades\Cache;
in LoginController and my function is as below
public function dashboard(Request $request)
{
$user = $request->email;
if (!Cache::has('user_' . $user)) {
Cache::put('user_' . $user, true, 10);
$keySecret = '6Ld63_wft2s5';
$check = array(
'secret' => $keySecret,
'response' => $_POST['g-recaptcha-response']
);
$startProcess = curl_init();
curl_setopt($startProcess, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($startProcess, CURLOPT_POST, true);
curl_setopt($startProcess, CURLOPT_POSTFIELDS, http_build_query($check));
curl_setopt($startProcess, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($startProcess, CURLOPT_RETURNTRANSFER, true);
$receiveData = curl_exec($startProcess);
$finalResponse = json_decode($receiveData, true);
if($finalResponse['success'])
{
$input = $request->all();
$email = $request->email;
$password = base64_encode($request->password);
$adminData = AdminUserModel::where('email', $email)->where('password',MD5(base64_decode($password)))->where('status','1')->where('role','=','admin')->get()->count();
$operator = AdminUserModel::where('email', $email)->where('password',MD5(base64_decode($password)))->where('status','1')->where('role','=','operator')->get()->count();
if($adminData > 0 || $operator > 0)
{
$email = AdminUserModel::where('email', $email)->value('email');
$role = AdminUserModel::where('email', $email)->value('role');
$loginId = AdminUserModel::where('email', $email)->value('id');
Session::put('email', $email);
Session::put('role', $role);
Session::put('login_id', $loginId);
Session::put('isAdminLoggedIn', 1);
$totalapp = ApplicationModel::where('active','1')->count();
$notificationYear = NotificationsModel::select('notification_year')
->where('notification_status','1')
->orderBy('notification_year','desc')->groupBy('notification_year')->get()->toArray();
foreach($notificationYear as $key => $year)
{
$notifiData = NotificationsModel::where('notification_year',$year['notification_year'])->where('notification_status','1')->orderBy('created_at','desc')->get()->toArray();
$notificationYear[$key]['notfn'] = $notifiData;
foreach($notificationYear[$key]['notfn'] as $k => $nsp)
{
$p = DB::table('ksrtc_post')->select('post_name','id')
->whereIn('id', json_decode($nsp['notification_post_id']))
->get()->toArray();
foreach($p as $pn)
{
$post_count = ApplicationModel::where('notification_id',$nsp['id'])->where('active','1')->where('post_id',$pn->id)->orderBy('created_at','desc')->get()->count();
$pn->appln_count = $post_count;
}
$notificationYear[$key]['notfn'][$k]['posts'] = $p;
}
}
$currentYear = date("Y");
return view('admin/Dashboard',['current_year' => $currentYear, 'total_app_count' => $totalapp, 'notifications' => $notificationYear, 'role' => $role, 'refresh' => true]);
}
}
else
{
return redirect()->back()->with(['failed' => 'Login Failed.']);
}
}
header("Refresh: 0"); // To Refresh the page
}
My Special thanks goes to Nandini .
Thanks
Anes P A
wait what?! please, read my suggestion again.
1 - always redirect after a post endpoint
2 - do not post your secret keys online
3 - do not use md5 as password hashing method - especially on some government website (or whichever website rather)
do not just use some random solution that makes your code messy just because it seemingly works on a first sight.
@s4muel Sir,
1 - https://www.theserverside.com/news/1365146/Redirect-After-Post boiled to one sentence: if you have endpoint to process post data, always return redirect to another view from it, do not return the view
2 - good, just to be sure
3 - use laravel Hash facade, it uses bcrypt by default, which i think is fine. have a read: https://laravel.com/docs/10.x/hashing#introduction
just set the rounds to 12 (if you dont have already) in config/hashing.php
'bcrypt' => [
'rounds' => env('BCRYPT_ROUNDS', 12),
],
Please or to participate in this conversation.