It's kind of weird that Google's documentation for recaptcha is not as helpful as I thought it was going to be. I was asked to take a current existing form (which is getting spammed a few times a day) and update it with Google's new recaptcha. There are a lot of tutorials out there for the old captcha, but not so many for the new one. I basically just want a simple form to capture name, email, message, and then replace my current "anti-bot field" with the recaptcha (I used a field that basically asked you what 2+2 was and if you entered anything, but 4, it would not send). If the required fields are valid and the recaptcha is valid, then I want it to send me an email with the contents of the form fields.
I went through the simple steps:
registered my site to get the keys
added this snippet inside of my head tag:
<script src='https://www.google.com/recaptcha/api.js'></script>
added this snippet at the end of my form:
<div class="g-recaptcha" data-sitekey="#MYKEY#"></div>
At this point, the recaptcha is showing up just fine. But the server-side part is a little confusing.
This is my updated contact form with the recaptcha showing:
<form method="post" action="contact-post.php">
<label>Your Name (required):</label>
<input name="name" type="text" placeholder="Enter your name here">
<label>Email Address (required):</label>
<input name="email" type="email" placeholder="Enter your email address here">
<label>Your Message (required):</label>
<textarea name="message" placeholder="Write your message here"></textarea>
<div style="margin-top:20px;" class="g-recaptcha" data-sitekey="#MYKEY#"></div>
<input id="submit" name="submit" type="submit" value="Submit Form">
</form>
And here is my current POST page (I'm unsure where to add in the recaptcha code):
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$human = $_POST['human'];
$from = 'From: My Website';
$to = '[email protected]';
$subject = 'Request Form';
$body = "Name: $name \n E-Mail: $email \nMessage:\n$message";
if ($_POST['submit']) {
if ($email != '') {
if ($human == '4') {
if (mail ($to, $subject, $body, $from)) {
echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
} else {
echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
} else if ($_POST['submit'] && $human != '4') {
echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
} else {
echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
}
?>
Any help is welcome. I feel like this might be a pretty common people with people trying to implement it into their current working forms.
Check out this link: https://developers.google.com/recaptcha/docs/verify
In a few words, you should make request to
https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS
Where YOUR_SECRET is secret key you received on ReCAPTCHA site, USER_IP_ADDRESS can be received through $_SERVER array and RESPONSE_CAME_FROM_YOUR_FORM is a string sent with your form. It is stored in $_POST['g-recaptcha-response'].
You can do it via file_get_contents($url) like
$data = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS");
In $data you will receive JSON object containing success field, which you are looking for. If success is false, then it is not a human and you should exit(). I suggest you checking this in the beginning of your program.
Update:
Decoding of JSON object looks like:
$data = json_decode($data); // This will decode JSON to object
if(!$data->success)
exit();
Update:
Sometimes, file_get_contents($url) won't be able to set up secured https connection. Instead you can use open_https_url($url)
Make your code look like:
<?php
$your_secret = "<secret_key_you_received_from_recaptcha_site>";
$client_captcha_response = $_POST['g-recaptcha-response'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$captcha_verify = open_https_url("https://www.google.com/recaptcha/api/siteverify?secret=$your_secret&response=$client_captcha_response&remoteip=$user_ip");
$captcha_verify_decoded = json_decode($captcha_verify);
if(!$captcha_verify_decoded->success)
die('DIRTY ROBOT');
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$human = $_POST['human'];
$from = 'From: My Website';
$to = '[email protected]';
$subject = 'Request Form';
$body = "Name: $name \n E-Mail: $email \nMessage:\n$message";
if ($_POST['submit']) {
if ($email != '') {
if ($human == '4') {
if (mail ($to, $subject, $body, $from)) {
echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
} else {
echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
} else if ($_POST['submit'] && $human != '4') {
echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
} else {
echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
}
}
?>