0

I have been having this issue for a while and I cant figure it out. My Google recaptcha code seems to work on some websites - but the exact same code when added to other websites (or even other pages within the same website) won't work. When it doesn't work, if I do a var_dump($_POST['g-recaptcha-response']); (on the second page) I get NULL.

My initial/form code: 

<script src='https://www.google.com/recaptcha/api.js'></script>
<div class="g-recaptcha" data-sitekey="xxxxx"></div>

My verification page code:

$gRecaptcha = $_POST['g-recaptcha-response'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=xxxxx&response=".$gRecaptcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false || !$gRecaptcha){
    die('xxxx');
}

There are other's that posted this question as well, but it doesn't seem any of them have a solution posted (they all just switched to a different captcha). Any suggestions what to check next?

Devpaq
  • 169
  • 4
  • 11

3 Answers3

0

Your condition inside if clause is wrong. The API response is a json object, like this:

{
  "success": true|false,
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
}

Here's the reference:

So first you have to decode it using json_decode() function and then check the status of user's response.

Hence your code should be like this:

if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
    //get verified response data

    //your site secret key
    $secret = 'YOUR_SECRET_KEY';

    $gRecaptcha = $_POST['g-recaptcha-response'];
    $gRecaptcha = "https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$_POST['g-recaptcha-response'];

    $response = file_get_contents($gRecaptcha);
    $responseData = json_decode($response);

    if($responseData->success){
        // success
    }else{
        // failure
    }
}
Rajdeep Paul
  • 16,887
  • 3
  • 18
  • 37
  • I will switch it, but that is not the issue. I am getting NULL as the post from g-recaptcha-response – Devpaq May 04 '16 at 21:57
  • Your code will let it go through even if there is an issue that I am having but that's because you are wrapping everything in `if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){` which just ignores it completely when its null and lets it go through even if the recaptcha wasn't checked off at all – Devpaq May 04 '16 at 22:00
  • @Devpaq The `if` condition will be true *only* if there's a response from user's side, otherwise not. Do `var_dump($_POST['g-recaptcha-response']);`, is it showing `NULL`? – Rajdeep Paul May 04 '16 at 22:03
  • @Devpaq May be [this SO question](http://stackoverflow.com/questions/27683888/new-google-recaptcha-not-posting-receiving-g-recaptcha-response) will help you debug the issue further. And please show how you're displaying the reCaptcha widget, I mean the HTML form. – Rajdeep Paul May 04 '16 at 22:26
  • `var_dump($_POST['g-recaptcha-response']);` is showing `NULL` which is why I had my original question. The recapthca widget is basically what I showed in my question `
    '>
    ` As I mentioned, the same code works on some pages/sites and not on others. I cant think of anything conflicting
     – Devpaq May 05 '16 at 18:16
0

Use like this: Step 1 : put this code for validate : 

<?php
$secret = "Your own code";
$sitekey = "Your own code";
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    $captcha=$_POST['g-recaptcha-response'];
            if(!$captcha){
                header("Location: index.php?info=cap");
                exit;
            }
            $response=json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);
            if($response['success'] == false)
            {
                  header("Location: index.php?info=cap");
                    exit;
            }
}
    ?>

Step 2 : use this tag in your form :

<label>I'm not robot: </label>
<div class="g-recaptcha"></div>

Step 3 : Google API

<script src="https://www.google.com/recaptcha/api.js?onload=CaptchaCallback&render=explicit" async defer></script>
<script type="text/javascript">
    var CaptchaCallback = function(){
    $('.g-recaptcha').each(function(index, el) {
        grecaptcha.render(el, {'sitekey' : '<?php echo $sitekey;?>'});
        });
    };
</script>
Mohammad Alipour
  • 313
  • 1
  • 3
  • 15
-1

Verify you have added both of these in google recaptcha:

www.yourdomain.com and yourdomain.com

Ahmed Ashour
  • 5,179
  • 10
  • 35
  • 56
Sonu Sonu
  • 1
  • This isn't correct, it would simply be "yourdomain", in fact you're no even allowed to put the www, protocol, or the .com portion in the domain list. – Trevor Hart May 26 '17 at 19:12