Search code examples
phphtmlrecaptcha

Google Recaptcha (PHP)

So, it seems quite simple, I have added a Google recaptcha to my website with the following to HTML codes.

<script src='https://www.google.com/recaptcha/api.js'></script>
<div class="g-recaptcha" data-sitekey="My key would be here"></div>

However, people can still fill the form and send mail without completing the captcha. (So they do not have to solve any puzzles they can just get straight through which is leaving me vunerable to bots of course)

So, I basically need PHP code that checks to see if the users has actually "Ticked" or "Completed" the Recaptcha. So then they can proceed to send mail.

My PHP code:

if ($_POST['submit']) {
        if ($email != '') {
            if ($human == '4') {                 
                if (mail ($to, $subject, $body, $from)) { 
                    echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                } else { 
                    echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                } 
            } else if ($_POST['submit'] && $human != '4') {
                echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        } else {
            echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
        }
    }
?>

I really have no clue in how to code in PHP, this is my best attempt.

Solution

  • This is not my original answer, I found it here

    <?php
  $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=". $yoursecret."&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']);
  $googleobj = json_decode($response);
  $verified = $googleobj->success;
  if ($verified === true){
    //do stuff
  }

    so for your purpose...

    <?php
if($_POST['submit']) {
  $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=". $yoursecret."&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']);
  $googleobj = json_decode($response);
  $verified = $googleobj->success;
  if($verified === true) {
    if(mail($to, $subject, $body, $from)) { 
      echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
    } else { 
      echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
    } 
  }
}
?>


    Be sure to add your SECRET KEY in for $yoursecret

    (That's different from the site key)


    Hope that helps