1

I've got a reCaptcha service working, but passing the return values through PHP's json_decode function gives some results I don't understand.

If the reCaptcha is valid then the service returns { "success": true } - which I expect.

Calling 

print_r(json_decode($result, $assoc = true)); //where $result is the service call

gives

Array ( [success] => )

...but I was expecting Array ( [success] => 1) (or similar), to signify a true value.

In fact, print_r(json_decode('{"success": true}', $assoc = true)); does return Array ( [success] => 1 )

What's different about the json the reCaptcha is returning? (and / or what am I failing to understand?!)

I guess that's what's further confusion here: 

echo(gettype($a->success));
echo($a->success === true);
echo($a->success === false);

then I get

boolean
1
1

How can a check against true and false both return true?!

Further info

Even more confusingly (for me at least), I've tried var_dump too:

echo($a);
var_dump($a);

which returns

{ "success": true }
string(22) "{ "success": false }"

why is the json representation in var_dump false when echo shows that it is true?!

ChrisW
  • 4,970
  • 7
  • 55
  • 92
  • personally i used this lib: https://github.com/google/recaptcha –  Nov 15 '15 at 20:10
  • @Dagon thanks, that looks interesting. I'm still curious about why the returned json doesn't get decoded in the same way as my plain text version does tho! – ChrisW Nov 15 '15 at 20:29
  • im not paid enough to work out why, i stop at - well that works, move on –  Nov 15 '15 at 21:54

2 Answers2

1

I think, your main problem was that the JSON returned from recaptcha and saved in $result was { "success": false }and not { "success": true }.

That would explain why you got Array ( [success] => ) and not Array ( [success] => 1) as echo false returns an empty string but echo true returns 1;

I tried to reproduce the response from recaptcha using this code:

<html>
<head>
    <script src='https://www.google.com/recaptcha/api.js'></script>
</head>
<body>
<form>
    <div class="g-recaptcha" data-sitekey="FILL_IN_YOUR_KEY"></div>
    <input type="submit">
</form>
</body>
</html>
<?php
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = ['secret' => 'FILL_IN_YOUR_SECRET', 'response' => $_GET['g-recaptcha-response']];

$options = ['http' => ['method' => 'POST', 'content' => http_build_query($data),],];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);

echo '$result var_dump:<br>';
var_dump($result);
echo '$result print_r:<br>';
print_r($result);
$object = json_decode($result);
echo '<br><br><br>$object var_dump:<br>';
print_r($object);
echo '<br>$object print_r:<br>';
var_dump($object);

And what I got was this in case of success:

In case of success

And this in case of failure:

In case of failure

Community
  • 1
  • 1
lukassteiner
  • 787
  • 1
  • 6
  • 25
  • Yeh - that's as far as I'd got! I couldn't see why I'd got a `false` value too. I've found out why (it was *really* stupid) and added it as an answer – ChrisW Nov 17 '15 at 00:56
1

In my question, I should have probably said I was using code inspired by this answer, and that my call to the Google verification service was wrapped in a function. I've realised that you can only ever call this service once, but I was calling it every time I called the function, and so the second time I called the function (i.e. the second time I called the service), the verification service did return false

I'm not sure this is explicitly documented anywhere, although perhaps it should have been a bit more obvious!

Community
  • 1
  • 1
ChrisW
  • 4,970
  • 7
  • 55
  • 92