Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

google recaptcha returns false due to "invalid-input-secret"

I have installed the latest recaptcha from google but it always returns false upon post submit and always returning "invalid-input-secret" error even though the verification is always correct from the frontend view. What could be the reason on this. Btw I am testing everything in localhost xampp with phalcon framework. Here is the part where I check the captcha:

protected function validate_data($post, $ip){

    $validation = new Validation();
    $validation->add(
        'user_name',
        new PresenceOf(
            array(
                'message' => 'The Username is required'
            )
        )
    );
    $validation->add(
        'email',
        new PresenceOf(
            array(
                'message' => 'The e-mail is required'
            )
        )
    );
    $validation->add(
        'password',
        new PresenceOf(
            array(
                'message' => 'The Password is required'
            )
        )
    );
    $validation->add(
        'cpassword',
        new PresenceOf(
            array(
                'message' => 'The Confirmation Password is required'
            )
        )
    );
    $validation->add(
        'email',
        new Email(
            array(
                'message' => 'The e-mail is not valid'
            )
        )
    );

    $validation->add('password', 
        new Confirmation(array(
           'message' => 'Password doesn\'t match confirmation',
           'with' => 'cpassword'
           )
        )
    );

    $error = $validation->validate($post);
    $errors = array();
    if(count($error)){
        foreach($error as $e){
            $errors[] = $e;
        }
    }

    $data = array(
        'secret' => "my secret key",
        'response' => $post['g-recaptcha-response'],
        'remoteip' => $ip
    );

    $verify = curl_init();
    curl_setopt($verify, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
    curl_setopt($verify, CURLOPT_POST, true);
    curl_setopt($verify, CURLOPT_POSTFIELDS, http_build_query($data));
    curl_setopt($verify, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($verify, CURLOPT_RETURNTRANSFER, true);
    $res = curl_exec($verify);

    $captcha = json_decode($res);

    if($captcha->success == false){
        $errors[] = "Invalid Captcha, You are a freakin robot!";
    }

    return $errors;

}

what could be the reason here? here is the output when you dump the response:

object(stdClass)#70 (2) { ["success"]=> bool(false) ["error-codes"]=> array(1) { [0]=> string(20) "invalid-input-secret" } } 
like image 730
MusicManDev Avatar asked Apr 29 '16 13:04

MusicManDev


3 Answers

The whole problem arises because of confused peeps at Google. They have created multiple channels to implement reCAPTCHA Registration. If you have encountered this error, I am sure you have followed the first method to generate SECRET KEY for your reCAPTCHA Application.

  1. You visit the website: https://console.cloud.google.com/security/recaptcha and generate reCAPTCHA key for your website. Note that this is a Google Cloud Console link, and you must have received just a single key for both the frontend and the backend.

  2. You visit the website: https://www.google.com/recaptcha/admin/create and generate reCAPTCHA keys for your application. Note that this is not a Google Cloud Console Website, but an individual website which will serve you 2 different keys, one for your backend, and other for your frontend to be used. Use these keys, and you should be good to go.

This is bad on Google's end that they have multiple sources for the same targeted facility, and one of those ways is sort of deprecated or not-working.

like image 198
Sarthik Gupta Avatar answered Oct 08 '22 01:10

Sarthik Gupta


Silly me, I doubled check the secret key and it was just missing a single character at the beginning. That solved it.

like image 41
MusicManDev Avatar answered Oct 08 '22 00:10

MusicManDev


For javascript

In my case I used environment variable I defined the variable with double quotes"6Lfg1_0UAAAAABWdUn5gNhXEuLxhpkQyheDpLbnB". So when the secret key passed via url it will be included with double quotes. it was the issue in my case. the double quotes should not be included in the url.

When you define the environment variable define with single quotes like below:

RECAPTCHA_SECRET_KEY='6Lfg1_0UAAAAABWdUn5gNhXEuLxhpkQyheDpLbnB'

like image 4
Aathi Avatar answered Oct 08 '22 00:10

Aathi