Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Recaptcha Not Verifying with file_get_contents

Confused as to why this isn't working. When the form is submitted I get the error message, meaning my recaptcha verification has failed.

From my form:

<div class="g-recaptcha" data-sitekey="(site-key)"></div>

PHP:

if(isset($_POST['g-recaptcha-response'])){
      $captcha=$_POST['g-recaptcha-response'];
    }

$secretKey = "(secret-key)";
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$captcha);
$responseKeys = json_decode($response,true);
if(intval($responseKeys["success"]) === true) {
    echo '<h3>Thanks for your message!</h3>';
} else {
    echo '<h3>Error</h3>';
    }
like image 793
Claire Avatar asked Apr 20 '17 20:04

Claire


People also ask

How to fix reCAPTCHA not working on Windows 10?

To do that, press the Win + R shortcut, type CMD into the “Run” dialog box, and press the Ctrl + Shift + Enter shortcut. Once all the commands have been executed successfully, open any browser and check if the reCAPTCHA feature is working again.

What are CAPTCHA and reCAPTCHA?

Sometimes, after ticking the small box, you’ll have to solve a short visual or audio test called CAPTCHA to gain access to the website you want to visit. CAPTCHAs and reCAPTCHAs work similarly, only that CAPTCHAs require more input from you. For example, you may need to solve a math problem, interpret a text, or verify some images.

What is reset IP address Recaptcha and how does it work?

Reset IP Address ReCAPTCHA is a free security service from Google that helps to protect websites from spam and abuse. It is a CAPTCHA-like system which is used to determine that a computer user is a person. The CAPTCHA system can block spambots, which is helpful to protect your computer from cyber threats.


3 Answers

The reCaptcha documentation specifically specifies that the parameters for the request to https://www.google.com/recaptcha/api/siteverify must be sent via POST. You can use CURL for this.

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => [
        'secret' => $secretKey,
        'response' => $captcha,
        'remoteip' => $_SERVER['REMOTE_ADDR']
    ],
    CURLOPT_RETURNTRANSFER => true
]);

$output = curl_exec($ch);
curl_close($ch);

$json = json_decode($output);

// check response...
like image 144
Yemiez Avatar answered Oct 05 '22 23:10

Yemiez


Don't use file_get_contents. Google suggests using POST requests. You may use something in the lines of the following

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => array(
        'secret' => $secretKey,
        'response' => $captcha
    )
));
$response = curl_exec($curl);
curl_close($curl);

if(strpos($response, '"success": true') !== FALSE) {
    echo '<h3>Thanks for your message!</h3>';
} else {
    echo "<h3>Error</h3>";
}

EDIT

Yemiez answer (just got me at the corner) is better at handling the response part, by using the json_decode function.

EDIT just fixed a typo

like image 22
Orestis Samaras Avatar answered Oct 05 '22 23:10

Orestis Samaras


if(isset($_POST['g-recaptcha-response'])){  
    $captcha=$_POST['g-recaptcha-response'];  
}  
$recaptcha_secret = '(secret-key)';  
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$captcha);  
$response = json_decode($response, true);  
if(!empty($response["success"]))  
{  
    echo 'Thanks for your message!';  
} else {  
    echo 'Error';  
}  
like image 21
Deeraj T Avatar answered Oct 06 '22 00:10

Deeraj T