7

It's kind of weird that Google's documentation for recaptcha is not as helpful as I thought it was going to be. I was asked to take a current existing form (which is getting spammed a few times a day) and update it with Google's new recaptcha. There are a lot of tutorials out there for the old captcha, but not so many for the new one. I basically just want a simple form to capture name, email, message, and then replace my current "anti-bot field" with the recaptcha (I used a field that basically asked you what 2+2 was and if you entered anything, but 4, it would not send). If the required fields are valid and the recaptcha is valid, then I want it to send me an email with the contents of the form fields.

I went through the simple steps:

  1. registered my site to get the keys

  2. added this snippet inside of my head tag:

    <script src='https://www.google.com/recaptcha/api.js'></script>

  3. added this snippet at the end of my form:

    <div class="g-recaptcha" data-sitekey="#MYKEY#"></div>

At this point, the recaptcha is showing up just fine. But the server-side part is a little confusing.

This is my updated contact form with the recaptcha showing:

<form method="post" action="contact-post.php">
  <label>Your Name (required):</label>
    <input name="name" type="text" placeholder="Enter your name here">
  <label>Email Address (required):</label>
    <input name="email" type="email" placeholder="Enter your email address here">
  <label>Your Message (required):</label>
    <textarea name="message" placeholder="Write your message here"></textarea>
  <div style="margin-top:20px;" class="g-recaptcha" data-sitekey="#MYKEY#"></div>
  <input id="submit" name="submit" type="submit" value="Submit Form">
</form>

And here is my current POST page (I'm unsure where to add in the recaptcha code):

<?php
        $name = $_POST['name'];
        $email = $_POST['email'];
        $message = $_POST['message'];
        $human = $_POST['human'];
        $from = 'From: My Website';
        $to = 'myemail@gmail.com';
        $subject = 'Request Form';

        $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

        if ($_POST['submit']) {
            if ($email != '') {
                if ($human == '4') {                 
                    if (mail ($to, $subject, $body, $from)) { 
                        echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                    } else { 
                        echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                    } 
                } else if ($_POST['submit'] && $human != '4') {
                    echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
                }
            } else {
                echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        }
    ?>

Any help is welcome. I feel like this might be a pretty common people with people trying to implement it into their current working forms.

Lawrence Cherone
  • 46,049
  • 7
  • 62
  • 106
Kevin May
  • 73
  • 1
  • 1
  • 4
  • FWIW, I abandoned Google re-captcha in favor of a custom captcha solution built into my framework. For whatever reason, I could not get the widget to show up reliably in all browsers. – Sparky Dec 28 '14 at 22:12

2 Answers2

6

Check out this link: https://developers.google.com/recaptcha/docs/verify

In a few words, you should make request to 

https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS

Where YOUR_SECRET is secret key you received on ReCAPTCHA site, USER_IP_ADDRESS can be received through $_SERVER array and RESPONSE_CAME_FROM_YOUR_FORM is a string sent with your form. It is stored in $_POST['g-recaptcha-response'].

You can do it via file_get_contents($url) like

$data = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR_SECRET&response=RESPONSE_CAME_FROM_YOUR_FORM&remoteip=USER_IP_ADDRESS");

In $data you will receive JSON object containing success field, which you are looking for. If success is false, then it is not a human and you should exit(). I suggest you checking this in the beginning of your program.

Update:

Decoding of JSON object looks like:

$data = json_decode($data); // This will decode JSON to object
if(!$data->success) 
    exit();

Update:

Sometimes, file_get_contents($url) won't be able to set up secured https connection. Instead you can use open_https_url($url) Make your code look like:

<?php
    $your_secret = "<secret_key_you_received_from_recaptcha_site>";
    $client_captcha_response = $_POST['g-recaptcha-response'];
    $user_ip = $_SERVER['REMOTE_ADDR'];

    $captcha_verify = open_https_url("https://www.google.com/recaptcha/api/siteverify?secret=$your_secret&response=$client_captcha_response&remoteip=$user_ip");
    $captcha_verify_decoded = json_decode($captcha_verify);
    if(!$captcha_verify_decoded->success)
      die('DIRTY ROBOT');

    $name = $_POST['name'];
    $email = $_POST['email'];
    $message = $_POST['message'];
    $human = $_POST['human'];
    $from = 'From: My Website';
    $to = 'myemail@gmail.com';
    $subject = 'Request Form';

    $body = "Name: $name \n E-Mail: $email \nMessage:\n$message";

    if ($_POST['submit']) {
        if ($email != '') {
            if ($human == '4') {                 
                if (mail ($to, $subject, $body, $from)) { 
                    echo '<p>You have successfully submitted your information to PS4RS. Subscribers to our mailing list will begin to periodically receive updates.</p>';
                } else { 
                    echo '<p>Something went wrong, go back and try again!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>'; 
                } 
            } else if ($_POST['submit'] && $human != '4') {
                echo '<p>You answered the anti-spam question incorrectly!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
            }
        } else {
            echo '<p>You need to fill in all required fields!!</p><p><input type="button" value="Go Back" onclick="history.back(-1)" class="goback" /></p>';
        }
    }
?>
Alexander O'Mara
  • 58,688
  • 18
  • 163
  • 171
Nikolay 'Alagunto' Tkachenko
  • 813
  • 8
  • 19
  • Yeah, I definitely looked at that site and it appeared that I needed a little more coding knowledge to get the concept of it. You did explain it very well. Figuring out how to modify my post page though and where to put in that code, is the tricky part I'm having trouble with. – Kevin May Dec 29 '14 at 04:34
  • I added some fixes and example code. Hope now you will be ok =) – Nikolay 'Alagunto' Tkachenko Dec 29 '14 at 10:26
1

Maybe the above answer is a bit outdated, since Google is now using reCaptcha nocaptcha. I found a simpler and more complete answer here to use with your separate php email file.

The solution has a simple email form with name and email and a separate php file to submit the form. You should be able to go on from there and tweak your form accordingly. The solution worked for me.

https://stackoverflow.com/a/27439796/3934886

and link to tutorial:

http://codeforgeek.com/2014/12/google-recaptcha-tutorial/

Community
  • 1
  • 1
alex351
  • 1,826
  • 1
  • 21
  • 32
  • 2
    Hi alex, as it stands it's a link only answer and likely to be deleted. If you find sure duplicates please flag as such. If you want to provide an answer make it stand alone, keep the link as reference. – bummi Feb 01 '15 at 12:19
  • I can not tell if it is a duplicate. Sometimes the question is so badly defined, it could have many answers. Anyways, I am strongly pro eliminating duplicates but am not sure about the efficiency of the flagging system. As pointing the inquirer in the right direction can be helpful as well. – alex351 Feb 01 '15 at 15:28
  • I can't too (missing domain knowledge), it's ok to add the links, but link only answers will usually be deleted, in this case please add a synopsis of the first link you provided. – bummi Feb 01 '15 at 15:36
  • I'm brand new to PHP (trying to expand the skillset from .Net) and have spent HOURS trying to get this to work. I was doing curl calls, but couldn't get the response to read correctly, no matter how many different ways I tried. Your link above (the codeforgeek.com one) saved me from punching something I do believe. Thanks :-) – Scott Salyer May 31 '15 at 01:10