Menu
https://developers.google.com/recaptcha/docs/verify
if(isset($_POST['submit'])){
$recaptchaResponse = $_POST['g-recaptcha-response'];
$secretKey = 'MYKEY';
$request = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secretKey."&response=".$recaptchaResponse);
if(!strstr($request,"false")){
echo '<div class="notification error clearfix"><p><strong>Attention!</strong> You didnt complete the captcha.</p></div>';
exit();
Then the rest of the php file mails the form, but its just sending anyway even if you dont complete the recaptcha. Basically if the JSON returns a false I was hoping the it wouldnt send and would display an error
Also here is the form from the page if it helps, Ive probably done something wrong there too...
<form method="POST" action="post.php" name="contactform" id="contactform" class="container">
<fieldset>
<div class="form-field grid-half">
<label for="name">Name</label>
<span><input type="text" name="name" id="name" /></span>
</div>
<div class="form-field grid-half">
<label for="email">Email</label>
<span><input type="email" name="email" id="email" /></span>
</div>
<div class="form-field grid-full">
<label for="message">Message</label>
<span><textarea name="message" id="message"></textarea></span>
</div>
<div class="form-field grid-full">
<div class="g-recaptcha" data-sitekey="MYKEY"></div>
</div>
</fieldset>
<div class="form-click grid-full">
<span><input type="submit" name="submit" value="Submit" id="submit" /></span>
</div>
<div id="alert" class="grid-full"></div>
</form>
818
Sometimes, you may see a "failed reCAPTCHA check" error message while trying to create or amend your account. This means the website believes your actions may be those of a bot. Don't worry, it is programmed to be over-cautious for your security.
In short, yes they can. While reCAPTCHA v2 and v3 can help limit simple bot traffic, both versions come with several problems: User experience suffers, as human users hate the image/audio recognition challenges.
Can I run reCAPTCHA v2 and v3 on the same page? To do this, load the v3 site key as documented, and then explicitly render v2 using grecaptcha.render.
Using curl instead of file_get_contents (should you, like me, want file_get_contents to be disabled in the server settings)
$post_data = "secret=__your_secret_key__&response=".
$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR'] ;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER,
array('Content-Type: application/x-www-form-urlencoded; charset=utf-8',
'Content-Length: ' . strlen($post_data)));
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$googresp = curl_exec($ch);
$decgoogresp = json_decode($googresp);
curl_close($ch);
if ($decgoogresp->success == true)
{
// Success
}
I found that sometimes, depending on the PHP version/config, accessing an object directly won't work, so use json_decode().
/* $response object returned from https://www.google.com/recaptcha/api/siteverify via which ever method you use */
$obj = json_decode($response);
if($obj->success == true)
{
//passes test
}
else
{
//error handling
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With