First thing to check: Make sure your php.ini file is set to allow URLs to be treated as files. Set allow_url_fopen to On. This is near line 880 in my php.ini file for PHP 5.4, line 835 in PHP 7.3. This is necessary for the file_get_contents() function to work properly in your PHP script
PHP.INI FILE
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
==================================================================
HTML SNIPPETS
This is the JavaScript you can use in the head of your document to make initiate reCaptcha after you have received your Site and Private keys from Google. Replace THIS_IS_WHERE_THE_SITE_KEY_GOES with your site key. The action parmeter is a short descriptor o the form being submitted and can be used for tracking purposes.
<script src="https://www.google.com/recaptcha/api.js?render=THIS_IS_WHERE_THE_SITE_KEY_GOES"></script>
<script>
grecaptcha.ready(function () {
grecaptcha.execute('THIS_IS_WHERE_THE_SITE_KEY_GOES', { action: 'form_sumbmit' }).then(function (token) {
var recaptchaResponse = document.getElementById('recaptchaResponse');
recaptchaResponse.value = token;
//alert(recaptchaResponse.value);
});
});
</script>
In your form, you need to add a hidden field. The JavaScript will give it a value to be used for validation
<input type="hidden" name="recaptcha_response" id="recaptchaResponse">
==================================================================
PHP PROCESSING
Make sure to replace THIS_IS_WHERE_THE_SECRET_KEY_GOES with the secret key you got from Google.
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['recaptcha_response'])) {
$recaptcha_response = $_POST['recaptcha_response'];
// You can use this to check that your form was submitted properly
$msg1 = "Form submitted properly";
// Build POST request:
$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret = 'THIS_IS_WHERE_THE_SECRET_KEY_GOES';
$recaptcha_response = $_POST['recaptcha_response'];
// Make and decode POST request:
$recaptcha = $recaptcha_url . '?secret=' . $recaptcha_secret . '&response=' . $recaptcha_response;
//This function may not work if your php.ini file isn't set up properly
$json = file_get_contents($recaptcha);
$j = json_decode($json);
}
else {
//If the form was not submitted properly, then you can get this
$msg1 = "Form not submitted properly";
}
// This is where you check for bot behavior.
// Here a score of .5 or greater says the submitter is a human and the form can be processed.
// Lower than .5 indicates a bot and the form can be aborted
if ($j->score <= 0.5) {
// Not Verified - abort
$vmsg = "Failed";
}
else {
// Verified - process form
$vmsg = "Passed";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>ReCaptcha</title>
</head>
<body>
<div class="content">
<h1>ReCaptcha Test</h1>
<!-- For debugging. Delete or comment out HTML and PHP if you don't need it -->
<blockquote>
<pre>
<?php
print <<<RECAPTEST
Form:
$msg1
Recaptcha Response:
$recaptcha_response
Recaptcha:
$recaptcha
JSON: $json
Pass/Fail: $vmsg
RECAPTEST;
?>
</pre>
</blockquote>
<!-- End Debugging block -->
</body>
</html>Questions, comments, or need some implementation help? Drop me a line.
Learn more about The Net Mechanic
©2020 Net Mechanic