2

My current task: restrict bot activity on a website. Solution: integrate invisible reCaptcha and fire it on page load. If a user passes the humanity test, website continuous loading, if not user will be challenged.

Can someone help we with advice how to integrate it that way?

Arthur K.
  • 112
  • 12
  • This sounds like bad User Experience to me, what is the actual scenario of this? – Andy Holmes Mar 13 '17 at 16:49
  • 1
    @AndyHolmes I appreciate the concern and I am aware of the consequences. If googles algorithms will work as expected there will be no bad UE. For the more, if I succeed in the integration, the result will be used in a/b test on a limited amount of traffic, so no harm to majority. – Arthur K. Mar 13 '17 at 17:40
  • Okay, so the docs allow you to invoke this programatically with JS. I would imagine you can bind a success callback/hook on that to trigger a redirect or similar - https://developers.google.com/recaptcha/docs/invisible#programmatic_execute – Andy Holmes Mar 13 '17 at 18:24
  • @AndyHolmes As the documentation is a bit complicated. Is there a need for any back-end verification is my case? For example, should I configure the recaptchalib.php file or it's value is outdated? – Arthur K. Mar 15 '17 at 11:00
  • Complicated in which way? That link I added should be a start in what you need I think – Andy Holmes Mar 15 '17 at 11:38
  • I suspect if you try to trigger the recaptcha programmatically on page load, there will not have been sufficient user interaction for recaptcha to decide you are not a bot. So it should be tied to a button-clicking activity, such as "Welcome! Click OK to continue". Yes, you always need to do server-side verification. That step can be integrated with setting a cookie so that the site functions without further recaptcha involvement. – Tom Robinson Mar 18 '17 at 22:15

1 Answers1

2

I recently posted an answer detailing how to programmatically render and trigger invisible recaptcha for ajax forms. You can read the full answer here. But in short, use api method:

  • grecaptcha.render() api to render the invisible recaptcha by passing size="invisible"
  • grecaptcha.getResponse() to check if user has passed the test. It returns a token. If token is empty string, it means user is not verified human yet.
  • grecaptcha.execute() to programmatically show a challenge to user. You can pass a callback function in options to render() api method which gets called back when user has passed the test.
Community
  • 1
  • 1
codneto
  • 2,319
  • 3
  • 24
  • 36