I have been trying to get this CAPTCHA to work for a while but i cant get it to work whatever i try to do.
When i changed !== to just != as someone suggested the form submission will go trough with a "TRUE" response when i press "submit" button for the form EVEN if press the reCAPTCHA box or just ignore pressing it. The output for var_dump($responseKeys) always gives a me "NULL" value also so i cant figure out what is wrong.
can anyone see why it's not working?
PHP
if (isset($_POST)) {
$captcha = $_POST['g-recaptcha-response'];
$ip = $_SERVER['REMOTE_ADDR'];
$secretkey = 'SECRET KEY';
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $secretkey . '&response=' . $captcha . '&remoteip=' . $ip);
$responseKeys = json_decode($response, true);
if (intval($responseKeys['success']) != 1) {
//echo 'TRUE';
//echo "<br>";
//echo var_dump($responseKeys)."<br>";
//exit;
} else {
//echo 'FALSE';
//echo "<br>";
//echo var_dump($responseKeys)."<br>";
// exit;
}
}
HTML
<div class="span9 page_sidebar registerForm">
<?php
if (isErrors())
{
echo outputErrors();
}
?>
<div class="well">
<p>
<?php echo t('register_intro_text', 'Please enter your information below to register for an account. Your new account password will be sent to your email address.'); ?>
</p>
<form id="regerform" method="post" action="https://<?php echo _CONFIG_SITE_FULL_URL; ?>/register.<?php echo SITE_CONFIG_PAGE_EXTENSION; ?>" class="form">
<div class="third">
<label for="title">
<?php echo t("title", "title"); ?>:
</label>
<select autofocus="autofocus" tabindex="1" id="title" name="title">
<option value="Mr"><?php echo t('title_mr', 'Mr'); ?></option>
<option value="Mrs"><?php echo t('title_mrs', 'Mrs'); ?></option>
<option value="Miss"><?php echo t('title_miss', 'Miss'); ?></option>
<option value="Dr"><?php echo t('title_dr', 'Dr'); ?></option>
<option value="Pro"><?php echo t('title_pro', 'Pro'); ?></option>
</select>
</div>
<div class="third">
<label for="firstname">
<?php echo t("firstname", "firstname"); ?>:
</label>
<input type="text" tabindex="1" value="<?php echo isset($firstname) ? safeOutputToScreen($firstname) : ''; ?>" id="firstname" name="firstname">
</div>
<div class="thirdLast">
<label for="lastname">
<?php echo t("lastname", "lastname"); ?>:
</label>
<input type="text" tabindex="1" value="<?php echo isset($lastname) ? safeOutputToScreen($lastname) : ''; ?>" id="lastname" name="lastname">
</div>
<div class="clear"></div>
<div>
<label for="emailAddress">
<?php echo t("email_address", "email address"); ?>:
</label>
<input type="text" tabindex="1" value="<?php echo isset($emailAddress) ? safeOutputToScreen($emailAddress) : ''; ?>" id="emailAddress" name="emailAddress">
</div>
<div>
<label for="emailAddressConfirm">
<?php echo t("email_address_confirm", "Email Confirm"); ?>:
</label>
<input type="text" tabindex="2" value="<?php echo isset($emailAddressConfirm) ? safeOutputToScreen($emailAddressConfirm) : ''; ?>" id="emailAddressConfirm" name="emailAddressConfirm">
</div>
<div class="thirdLast">
<label for="username">
<?php echo t("username", "username"); ?>:
</label>
<input type="text" tabindex="3" value="<?php echo isset($username) ? safeOutputToScreen($username) : ''; ?>" id="username" name="username">
</div>
<div class="clear"></div>
<?php if(SITE_CONFIG_REGISTER_FORM_SHOW_CAPTCHA == 'yes'): ?>
<div class="g-recaptcha" data-sitekey="PRIVATE KEY"></div>
<?php endif; ?>
<div class="buttonWrapper">
<button type="submit" name="submit" class="btn btn-primary" tabindex="99"><?php echo t("register", "register"); ?></button>
</div>
<input type="hidden" value="1" name="submitme"/>
</form>
<div class="disclaimer">
<?php echo t('by_clicking_register_you_agree_to_our_terms', 'By clicking \'register\', you agree to our <a href="terms.[[[SITE_CONFIG_PAGE_EXTENSION]]]" target="_blank">terms</a>.', array('SITE_CONFIG_PAGE_EXTENSION'=>SITE_CONFIG_PAGE_EXTENSION)); ?>
</div>
<div class="clear"></div>
</div>
</div>
The method of verifying users is a bit different.
g-recaptcha-response is sent through a POST request to your server-side script,
and along with your reCAPTCHA key that you get when you sign up,
you pass that along to Google to tell if the user is a bot or not.
The response is a JSON response so we will be using file_get_contents() and json_decode() to fetch the response and decide what to do from there with our script.
This example will give you an idea to write your own code.
$response = $_POST["g-recaptcha-response"];
$url = 'https://www.google.com/recaptcha/api/siteverify';
//verify your site
$data = array(
'secret' => 'YOUR_SECRET',
'response' => $_POST["g-recaptcha-response"]
);
$options = array(
'http' => array (
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$verify = file_get_contents($url, false, $context);
$captcha_success=json_decode($verify);
if ($captcha_success->success==false) {
echo "<p>You are a bot! Go away!</p>";
} else if ($captcha_success->success==true) {
echo "<p>You are not not a bot!</p>";
}