execute dbms_epg.set_dad_attribute('APEX', 'error-style', 'DebugStyle');

wwv_flow.accept: SIGNATURE (parameter names) MISMATCH
VARIABLES IN FORM NOT IN PROCEDURE: RECAPTCHA_CHALLENGE_FIELD,RECAPTCHA_RESPONSE_FIELD
NON-DEFAULT VARIABLES IN PROCEDURE NOT IN FORM: 

  DAD name: apex
  PROCEDURE  : wwv_flow.accept
  URL        : http://XDB HTTP Server:8080/apex/wwv_flow.accept
  PARAMETERS :
  ===========
  P_FLOW_ID:
   119
  P_FLOW_STEP_ID:
   9
  P_INSTANCE:
   35115706335432
  P_PAGE_SUBMISSION_ID:
   6767075219461
  P_REQUEST:
   CREATE
  P_ARG_NAMES:
   27796300245933371
   27797103300933392
   27796789108933388
   27285993665854522
   27286094650854523
   27286104970854524
   27286269699854525
   27286320226854526
   27286497510854527
   27286564114854528
   27286723292854530
   27286807338854531
   27286951204854532
  P_T01:
   
  P_ARG_CHECKSUMS:
   27796300245933371_ukR9Lu06M7ckZaEPSRXAd2dPgbs
   27286723292854530_ukR9Lu06M7ckZaEPSRXAd2dPgbs
   27286807338854531_ukR9Lu06M7ckZaEPSRXAd2dPgbs
   27286951204854532_ukR9Lu06M7ckZaEPSRXAd2dPgbs
  P_T02:
   1
  P_T03:
   вывывы
  P_T04:
   Vindexsys@mail.ru
  P_T05:
   ADMIN
  P_T06:
   pasword
  P_T07:
   dsdsds
  P_T08:
   dsdsd
  P_T09:
   
  P_T10:
   F
  RECAPTCHA_CHALLENGE_FIELD:
   03AHJ_Vusm1zLMpSnjnMYyaqxxB_reHOnjJYMeFaDshTPK9AzqLi5Y5Q-Sc2yG7v6jfKuNvWo6lbfAvRTCWiGXnEqX6D9Ym18WO5zNXT8OCc0HjlcX1IX6ITyS3gpXhZqvKeNL1ilb6GZ93Ug-UqU3_DEyUj8IdDOUeocfvxE1N7xhp_tEStMr15BcZsvqrw8oVibp9S0KfpWSPBb9iUxlPm164tarzG9hhdT8RhKAmxqdGMJSF6Z8AGkRsq1mB6yVITN94rzklZRV22wATXnIUdzg_h6Smyhqew
  RECAPTCHA_RESPONSE_FIELD:
   
  P_T11:
   
  P_T12:
   
  P_T13:
   
  P_MD5_CHECKSUM:
   
  P_PAGE_CHECKSUM:
   rfuxYFBiqCfnYerzrqWkmU55TAc

  ENVIRONMENT:
  ============
    PLSQL_GATEWAY=WebDb
    GATEWAY_IVERSION=2
    SERVER_SOFTWARE=Oracle Embedded PL/SQL Gateway/11.2.0.2.0
    GATEWAY_INTERFACE=CGI/1.1
    SERVER_PORT=8080
    SERVER_NAME=XDB HTTP Server
    REQUEST_METHOD=POST
    QUERY_STRING=
    PATH_INFO=/wwv_flow.accept
    SCRIPT_NAME=/apex
    REMOTE_HOST=
    REMOTE_ADDR=127.0.0.1
    SERVER_PROTOCOL=HTTP/1.1
    REQUEST_PROTOCOL=HTTP
    REMOTE_USER=ANONYMOUS
    ORACLE_SSO_USER=
    OSSO_IDLE_TIMEOUT_EXCEEDED=
    OSSO_USER_GUID=
    HTTP_CONTENT_LENGTH=1329
    HTTP_CONTENT_TYPE=application/x-www-form-urlencoded
    HTTP_USER_AGENT=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36
    HTTP_HOST=127.0.0.1:8080
    HTTP_ACCEPT=text/html,application/xhtml+xml,image/webp,application/xml;q=0.9,*/*;q=0.8
    HTTP_ACCEPT_ENCODING=gzip,deflate
    HTTP_ACCEPT_LANGUAGE=ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
    HTTP_ACCEPT_CHARSET=
    HTTP_COOKIE=ORA_WWV_APP_119=ORA_WWV-HJz2BFTC-yen0KuyV6r36Lao; ORA_WWV_USER_102265922222415=ORA_WWV-Iiw2MEqffLhM4eLMR-8YMzY2; ORA_WWV_REMEMBER_UN=ADMIN:cars; LOGIN_USERNAME_COOKIE=admin
    HTTP_IF_MODIFIED_SINCE=
    HTTP_REFERER=http://127.0.0.1:8080/apex/f?p=119:9:35115706335432:::::
    HTTP_SOAPACTION=
    HTTP_ORACLE_ECID=
    HTTP_ORACLE_CACHE_VERSION=
    HTTP_AUTHORIZATION=
    WEB_AUTHENT_PREFIX=
    DAD_NAME=apex
    DOC_ACCESS_PATH=docs
    DOCUMENT_TABLE=wwv_flow_file_objects$
    PATH_ALIAS=r
    REQUEST_CHARSET=AL32UTF8
    REQUEST_IANA_CHARSET=UTF-8
    SCRIPT_PREFIX=
    HTTP_IF_MATCH=
    HTTP_CACHE_CONTROL=
    SOAP_BODY=
    HTTP_X_ORACLE_DEVICE_CLASS=
    HTTP_X_ORACLE_DEVICE_ORIENTATION=
    HTTP_X_ORACLE_DEVICE_MAXDOCSIZE=
    HTTP_X_ORACLE_DEVICE=
    HTTP_X_ORACLE_ORIG_ACCEPT=
    HTTP_X_ORACLE_ORIG_USER_AGENT=
    HTTP_X_ORACLE_USER_LOCALE=
    HTTP_X_ORACLE_USER_NAME=
    HTTP_X_ORACLE_USER_DISPLAYNAME=
    HTTP_X_ORACLE_USER_USERKIND=
    HTTP_X_ORACLE_USER_AUTHKIND=
    HTTP_X_ORACLE_USER_DEVICEID=
    HTTP_X_ORACLE_USER_LOCATION_ADDRESSLINE1=
    HTTP_X_ORACLE_USER_LOCATION_ADDRESSLINE2=
    HTTP_X_ORACLE_USER_LOCATION_ADDRESSLASTLINE=
    HTTP_X_ORACLE_USER_LOCATION_BLOCK=
    HTTP_X_ORACLE_USER_LOCATION_CITY=
    HTTP_X_ORACLE_USER_LOCATION_COMPANYNAME=
    HTTP_X_ORACLE_USER_LOCATION_COUNTY=
    HTTP_X_ORACLE_USER_LOCATION_STATE=
    HTTP_X_ORACLE_USER_LOCATION_POSTALCODE=
    HTTP_X_ORACLE_USER_LOCATION_POSTALCODEEXT=
    HTTP_X_ORACLE_USER_LOCATION_COUNTRY=
    HTTP_X_ORACLE_USER_LOCATION_TYPE=
    HTTP_X_ORACLE_USER_LOCATION_X=
    HTTP_X_ORACLE_USER_LOCATION_Y=
    HTTP_X_ORACLE_SERVICE_HOME_URL=
    HTTP_X_ORACLE_SERVICE_PARENT_URL=
    HTTP_X_ORACLE_HOME_URL=
    HTTP_X_ORACLE_MODULE_CALLBACK_URL=
    HTTP_X_ORACLE_MODULE_CALLBACK_LABEL=
    HTTP_X_ORACLE_CACHE_USER=
    HTTP_X_ORACLE_CACHE_SUBID=
    HTTP_X_ORACLE_CACHE_AUTH=
    HTTP_X_ORACLE_CACHE_DEVICE=
    HTTP_X_ORACLE_CACHE_LANG=
    HTTP_X_ORACLE_CACHE_ENCRYPT=
    HTTP_X_ORACLE_ASSERT_USER=

The requested URL has been prohibited. Contact your administrator.

Contact your application administrator.

BEGIN
    :P7_RECAPTCHA_ERROR := checkRecaptcha
                             ( pPrivateKey => 'your_private_key'
                             , pChallenge  => :P7_RECAPTCHA_CHALLENGE_FIELD
                             , pResponse   => :P7_RECAPTCHA_RESPONSE_FIELD
                             );
    RETURN (:P7_RECAPTCHA_ERROR IS NULL);
END;

CREATE OR REPLACE FUNCTION checkRecaptcha
  ( pPrivateKey IN VARCHAR2
  , pRemoteIP   IN VARCHAR2 := OWA_Util.get_cgi_env('REMOTE_ADDR')
  , pChallenge  IN VARCHAR2
  , pResponse   IN VARCHAR2
  )
  RETURN VARCHAR2
IS
    --
    vRequest      Utl_Http.req;
    vPostText     VARCHAR2(500);
    vResponse     Utl_Http.resp;
    vResponseText VARCHAR2(2000);
    vError        VARCHAR2(200);
BEGIN
    ----------------------------------------------------------------------------
    -- Build text for the post action.
    -- For a field description, see
    -- http://recaptcha.net/apidocs/captcha/
    ----------------------------------------------------------------------------
    vPostText :=
      'privatekey='||Utl_Url.escape(pPrivateKey, TRUE)||CHR(38)||
      'remoteip='  ||Utl_Url.escape(pRemoteIP,   TRUE)||CHR(38)||
      'challenge=' ||Utl_Url.escape(pChallenge,  TRUE)||CHR(38)||
      'response='  ||Utl_Url.escape(pResponse,   TRUE)||CHR(38)
    ;
    ----------------------------------------------------------------------------
    -- if you need to set a proxy, uncomment next line.
    ----------------------------------------------------------------------------
    /* Utl_Http.set_proxy('proxy.it.my-company.com', 'my-company.com'); */
    ----------------------------------------------------------------------------
    -- Send data to reCAPTCHA.
    ----------------------------------------------------------------------------
    vRequest := Utl_Http.begin_request
                  ( url    => 'http://api-verify.recaptcha.net/verify'
                  , method => 'POST'
                  );
    Utl_Http.set_header
      ( r     => vRequest
      , name  => 'Content-Type'
      , value => 'application/x-www-form-urlencoded'
      );
    Utl_Http.set_header
      ( r     => vRequest
      , name  => 'Content-Length'
      , value => LENGTH(vPostText)
      );
    Utl_Http.write_text
      ( r    => vRequest
      , data => vPostText
      );
    vResponse := Utl_Http.get_response(vRequest);
    IF vResponse.status_code = '200' -- the HTTP call was successful
    THEN
        Utl_Http.read_text(vResponse, vResponseText);
        -- Has the user entered a correct solution?
        IF vResponseText LIKE 'false%'
        THEN
            vError := SUBSTR(vResponseText, 7);
        END IF;
    ELSE
        vError := 'HTTP status: '||vResponse.status_code||'-'||vResponse.reason_phrase;
    END IF;
    --
    Utl_Http.end_response(vResponse);
    --
    RETURN vError;
END checkRecaptcha;

declare

–works for testing, but is not secure to leave in place…
–lc_principal constant varchar2(30) := ‘PUBLIC’;
–lc_host constant varchar2(100) := ‘*’;

lc_principal constant varchar2(30) := ‘your-application-schema-name-here’;
lc_host constant varchar2(100) := ‘api-verify.recaptcha.net’;

begin

–Uncomment if recreating…
–dbms_network_acl_admin.drop_acl(‘recaptcha.xml’);

dbms_network_acl_admin.create_acl(acl => ‘recaptcha.xml’,
description => ‘Recaptcha Validation ACL’,
principal => lc_principal,
is_grant => true,
privilege => ‘connect’);

dbms_network_acl_admin.add_privilege(acl => ‘recaptcha.xml’,
principal => lc_principal,
is_grant => true,
privilege => ‘resolve’);

dbms_network_acl_admin.assign_acl(acl => ‘recaptcha.xml’,
host => lc_host,
lower_port => 80,
upper_port => 80);
commit;

end;

Error in PLSQL code raised during plug-in processing.

ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)

Error in PLSQL code raised during plug-in processing.

ORA-29273: HTTP request failed ORA-06512: at "SYS.UTL_HTTP", line 1130 ORA-24247: network access denied by access control list (ACL)

--===============================================================================
-- Renders the Google reCaptcha item type based on the configuration of the page item.
--===============================================================================
function render_recaptcha (
    p_item                in apex_plugin.t_page_item,
    p_plugin              in apex_plugin.t_plugin,
    p_value               in varchar2,
    p_is_readonly         in boolean,
    p_is_printer_friendly in boolean )
    return apex_plugin.t_page_item_render_result
is
    l_name       varchar2(30);
    l_public_key varchar2(4000) := p_plugin.attribute_01;
    l_theme      varchar2(10)   := nvl(p_item.attribute_01, 'red');

    l_result     apex_plugin.t_page_item_render_result;
begin
    -- Check plug-in configuration
    if l_public_key is null
    then
        raise_application_error(-20999, 'No Public Key has been set for the reCaptcha plug-in! Get one at https://www.google.com/recaptcha/admin/create');
    end if;

    -- If we are in printer friendly mode we are NOT generating the reCaptcha.
    if p_is_printer_friendly then
        return l_result;
    end if;

    -- Our Captcha page item has been defined as a multi value field so that
    -- we are able to transmit both, the challenge key and the entered response
    -- of the user in one field.
    l_name := apex_plugin.get_input_name_for_page_item (
                  p_is_multi_value => true );

    -- Container which will contain the reCaptcha widget
    sys.htp.p('<div id="'||p_item.name||'_RECAPTCHA"></div>');

    -- Add the Google reCaptcha JavaScript library and the call to initialize the widget
    apex_javascript.add_library (
        p_name      => 'recaptcha_ajax',
        p_directory => wwv_flow_utilities.get_protocol||'://www.google.com/recaptcha/api/js/',
        p_version   => null );

    -- The apexbeforepagesubmit event is used to map the reCaptcha fields to APEX compliant
    -- parameter names so that we don't get a 404 error and are also able to actually
    -- get the values into session state
    apex_javascript.add_onload_code (
        p_code => 'Recaptcha.create('||
                      apex_javascript.add_value(l_public_key)||
                      apex_javascript.add_value(p_item.name||'_RECAPTCHA')||
                      '{'||
                          apex_javascript.add_attribute('theme', l_theme, true, false)||
                      '});'||
                  'apex.jQuery(document).bind("apexbeforepagesubmit", function(){apex.jQuery("#recaptcha_challenge_field,#recaptcha_response_field").attr("name", "'||l_name||'");});' );

    -- Tell APEX that this field is NOT navigable
    l_result.is_navigable := false;

    return l_result;
end render_recaptcha;


--==============================================================================
-- Validates the submitted reCaptcha value against the Google web service.
--==============================================================================
function validate_recaptcha (
    p_item   in apex_plugin.t_page_item,
    p_plugin in apex_plugin.t_plugin,
    p_value  in varchar2 )
    return apex_plugin.t_page_item_validation_result
is
    l_private_key     varchar2(4000) := p_plugin.attribute_02;
    l_incorrect_value varchar2(4000) := nvl(p_item.attribute_02, 'Incorrect value for reCaptcha. Try again.');

    l_value_list      apex_application_global.vc_arr2;
    l_parm_name_list  apex_application_global.vc_arr2;
    l_parm_value_list apex_application_global.vc_arr2;
    l_rest_result     varchar2(32767);

    l_result          apex_plugin.t_page_item_validation_result;
begin
    -- Check plug-in configuration
    if l_private_key is null
    then
        raise_application_error(-20999, 'No Private Key has been set for the reCaptcha plug-in! Get one at https://www.google.com/recaptcha/admin/create');
    end if;

    -- Our reCaptcha page item has been defined as a multi value field so that
    -- we are able to transmit both, the challenge key and the entered response
    -- of the user in one field.
    l_value_list := apex_util.string_to_table(p_value);

    -- has the user entered a response?
    if not l_value_list.exists(2)
    then
        l_result.message := l_incorrect_value;
        return l_result;
    end if;

    -- Build the parameters for the post action.
    -- For a field description, see http://code.google.com/apis/recaptcha/docs/verify.html
    l_parm_name_list (1) := 'privatekey';
    l_parm_value_list(1) := l_private_key;
    l_parm_name_list (2) := 'remoteip';
    l_parm_value_list(2) := owa_util.get_cgi_env('REMOTE_ADDR');
    l_parm_name_list (3) := 'challenge';
    l_parm_value_list(3) := l_value_list(1);
    l_parm_name_list (4) := 'response';
    l_parm_value_list(4) := l_value_list(2);

    -- For now we have to set the global header array, but that should actually be a
    -- parameter of make_rest_request
    apex_web_service.g_request_headers(1).name  := 'Content-Type';
    apex_web_service.g_request_headers(1).value := 'application/x-www-form-urlencoded';

    -- Let's call the reCaptcha REST service to verify the entered value
    l_rest_result := wwv_flow_utilities.clob_to_varchar2 (
                         apex_web_service.make_rest_request (
                             p_url         => 'http://www.google.com/recaptcha/api/verify',
                             p_http_method => 'POST', 
                             p_parm_name   => l_parm_name_list,
                             p_parm_value  => l_parm_value_list )
                         );

    -- clean up our global header array
    apex_web_service.g_request_headers.delete;

    -- has the HTTP call been successful?
    if apex_web_service.g_status_code = '200'
    then
        -- has the user entered a correct solution?
        if l_rest_result like 'false%'
        then
            if substr(l_rest_result, 7) = 'incorrect-captcha-sol' then
                l_result.message := l_incorrect_value;
            else
                l_result.message := substr(l_rest_result, 7);
            end if;
        end if;
    else
        l_result.message := 'HTTP status of reCaptcha request: '||apex_web_service.g_status_code;
    end if;

    return l_result;      
end validate_recaptcha;

declare

---–works for testing, but is not secure to leave in place…
--–lc_principal constant varchar2(30) := 'PUBLIC';
--–lc_host constant varchar2(100) := ‘*’;

lc_principal constant varchar2(30) := 'PUBLIC';
lc_host constant varchar2(100) := 'www.google.com';

begin

--–Uncomment if recreating…
--–dbms_network_acl_admin.drop_acl(‘recaptcha.xml’);

dbms_network_acl_admin.create_acl(acl => 'recaptcha.xml',
description => 'Recaptcha Validation ACL',
principal => lc_principal,
is_grant => true,
privilege => 'connect');

dbms_network_acl_admin.add_privilege(acl => 'recaptcha.xml',
principal => lc_principal,
is_grant => true,
privilege => 'resolve');

dbms_network_acl_admin.assign_acl(acl => 'recaptcha.xml',
host => lc_host,
lower_port => 80,
upper_port => 80);
commit;

end;