Menu
recently my site has been receiving a lot of spam through my payments form and I've decided I need to add a captcha in order to prevent this.
I was looking at a few options and I decided to go with Googles reCaptcha. It seems easy enough to set up and use but I've been running into a few problems.
Firstly I've included this script in the header of the form:
<script src='https://www.google.com/recaptcha/api.js'></script>
I've then included the actually captcha itself at the foot of the form:
<div class="g-recaptcha" data-sitekey="6LdOVv4SAAAAAJ4muJvo_vD7vsd9T9QIfkEwcO7y"></div>
When I submit the form I do the following:
$captcha = $_POST["g-recaptcha-response"]; //Get Captcha token
$secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; //Get Secret key
$google_response = http_get("https://www.google.com/recaptcha/api/siteverify", array("secret"=>$secret, "response"=>$captcha), $info); //perform Get request
print_r($info);
But nothing is happening, in fact the page which used to work just hangs and doesn't even display an error message. Any ideas what I might be doing wrong? From my understanding of the documentation, the response will be in JSON and success will either be true or false, I'd like to continue with the payment if true or stop and return to the form if false.
any help is much appreciated. Or if anyone has an alternative solution to adding a captcha I'd be willing to look into that.
885
How to add reCaptcha to a form. 1 Register your website. Registering your website to use reCaptcha is pretty straight forward. Just visit this link (logged in with your Google account) ... 2 Add keys to the application environment. 3 Add the reCaptcha input in the form. 4 Add reCaptcha validation in the back end. 5 Conclusion.
The API call validates the token and returns the JSON response through the reCAPTCHA API and Secret key. A user checks the reCAPTCHA checkbox to complete the reCaptcha challenge. If the reCAPTCHA response is successful form will be submitted, and the message will be displayed to the user.
The scripts provided in the reCaptcha dashboard contain the input that we'll have to add to our form, and the script that is executed when it's triggered. Here's how our previous form looks after I've added the snippets:
Google Forms doesn't support reCaptcha at the moment. But there are some hacks you may try. This is an article 3 Ways To Protect Google Forms From Spamming that elaborates these hacks. Our automated system analyzes replies to choose the one that's most likely to answer the question.
Try this to run google new recaptcha 2015:
==PHP Verification==
if(isset($_POST['submit'])){
$userIP = $_SERVER["REMOTE_ADDR"];
$recaptchaResponse = $_POST['g-recaptcha-response'];
$secretKey = "SECRET_KEY";
$request = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secretKey}&response={$recaptchaResponse}&remoteip={$userIP}");
if(!strstr($request, "true")){
echo "NOPE (Failed Verification)";
}
else{
echo "YUP (Successful Verification)";
}
}
Don't use file_get_contents. Google recommends to use POST-Requests to call their api. GET-Requests like above can result in multiple problems:
Therefore, use something like this:
// Get resource
$curl = curl_init();
// Configure options, incl. post-variables to send.
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => array(
'secret' => 'your_secret_code_here',
'response' => $_POST['g-recaptcha-response']
)
));
// Send request. Due to CURLOPT_RETURNTRANSFER, this will return reply as string.
$resp = curl_exec($curl);
// Free resources.
curl_close($curl);
// Validate response
if(strpos($resp, '"success": true') !== FALSE) {
echo "Verified.";
} else {
echo "Not verified.";
}
Also, the validate part is more conservative in what it accepts as 'validated'.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
