JavaScript, JQuery, or AJAX version of Recaptcha Validate

Question

am trying to validate the recaptcha using some js code but am getting some permission Errors "Access is Denied" Is it possible to achieve the validation using the javascript validation code alongside ajax across multiple browsers.

<script type="text/javascript">


    $(document).ready(function() {

        Recaptcha.create("var_public_key", recaptchadiv, {
            theme: "clean",
            callback: Recaptcha.focus_response_field
        });
    });


function submitFormData() {

var urlString = "http://www.google.com/recaptcha/api/verify";
var params = encodeURI("remoteip=" + $("#userIp").val() +"&privatekey=" + var_private_key + "&challenge=" + Recaptcha.get_challenge() + "&response=" +
Recaptcha.get_response());
        params = encodeURI(params);
        var status = document.getElementById("status");
        status.className = "";
        status.innerHTML = "<b>Submitting your data. Please wait...</b>";
        var html = $.ajax({
            type: "POST",
            url: urlString + "?" + params,
            async: false
        }).responseText;

        alert("ResponseText: " + html + ", Recaptcha.responseText: " + Recaptcha.responseText);

        var result = html.split("\n")[0];

        if (result == "true") {
            status.innerHTML = " ";
            return true;
        }
        else {
            status.className = "GlobalErrorText";
            status.innerHTML = "Your captcha is incorrect. Please try again";
            Recaptcha.reload();
            return false;
        }
    }
</script>

score 2 · Answer 1 · answered Apr 03 '12 at 20:55

The question has already been answered. But, here's some added code that will work in ASP.NET WebForms, which enables you to make a local AJAX request to the page w/ the reCaptcha control, then do server-side captcha validation. The page's web method will return true/false.

I got this code from mindfire solutions, but added the execution of JS functions in the Ajax success callback b/c Ajax is making async callbacks.

Javascript:

<script type="text/javascript">
$(function(e) {
    $("#submit").click(function() { // my button is type=button, not type=submit
        // I'm using jQuery validation and want to make sure page is valid before making Ajax request
        if ( $("#aspnetForm").valid() ) {
            validateCaptcha();  // or validateCaptchaJson() if you want to use Json
        }   // end  If ($("#aspnetForm").valid())
    }); // end $("#submit").click()
}); // end $(function(e)


function validateCaptcha() {
    // Individual string variables storing captcha values
    var challengeField = $("input#recaptcha_challenge_field").val();
    var responseField = $("input#recaptcha_response_field").val();

    // Ajax post to page web method that will do server-side captcha validation
    $.ajax({
        type: "POST",
        url: "page.aspx/ValidateCaptcha",
        data: "recaptcha_challenge_field=" + challengeField + "&amp;recaptcha_response_field=" + responseField,
        async: false
        success: function(msg) {
            if(msg.d) { // Either true or false, true indicates CAPTCHA is validated successfully.
                // this could hide your captcha widget
                $("#recaptcha_widget_div").html(" ");
                // execute some JS function upon successful captcha validation
                goodCaptcha();
            } else {
                // execute some JS function upon failed captcha validation (like throwing up a modal indicating failed attempt)
                badCaptcha();
                // don't forget to reload/reset the captcha to try again
                Recaptcha.reload();
            }
            return false;
        }
    });
}

function validateCaptchaJson() {
    // JavaScript object storing captcha values
    var captchaInfo = {
        challengeValue: Recaptcha.get_challenge(),
        responseValue: Recaptcha.get_response()
    };

    // Ajax post to page web method that will do server-side captcha validation
    $.ajax({
        type: "POST",
        url: "page.aspx/ValidateCaptcha",
        data: JSON.stringify(captchaInfo),  // requires ref to JSON (http://www.JSON.org/json2.js)
        contentType: 'application/json; charset=utf-8',
        dataType: 'json',
        success: function(msg) {
            if(msg.d) { // Either true or false, true indicates CAPTCHA is validated successfully.
                // this could hide your captcha widget
                $("#recaptcha_widget_div").html(" ");
                // execute some JS function upon successful captcha validation
                goodCaptcha();
            } else {
                // execute some JS function upon failed captcha validation (like throwing up a modal indicating failed attempt)
                badCaptcha();
                // don't forget to reload/reset the captcha to try again
                Recaptcha.reload();
            }
            return false;
        }
    });
}
</script>

Page's Web Method (VB.NET):

<WebMethod()> _
Public Shared Function ValidateCaptcha(ByVal challengeValue As String, ByVal responseValue As String) As Boolean
    ' IDEA: Get Private key of the CAPTCHA from Web.config file.
    Dim captchaValidtor As New Recaptcha.RecaptchaValidator() With { _
     .PrivateKey = "your_private_key_goes_here", _
     .RemoteIP = HttpContext.Current.Request.UserHostAddress, _
     .Challenge = challengeValue, _
     .Response = responseValue _
    }

    ' Send data about captcha validation to reCAPTCHA site.
    Dim recaptchaResponse As Recaptcha.RecaptchaResponse = captchaValidtor.Validate()
    ' Get boolean value about Captcha success / failure.
    Return recaptchaResponse.IsValid
End Function

I saw you are calling "Recaptcha" directly in js, why does that work? — Ascendant, Apr 29 '14 at 17:21

score 2 · Answer 2 · answered May 21 '11 at 15:36

2

You are getting permission error because your ajax code is trying to access a script on a different site (google) as your script. From what I know, I dont think you can do cross site Ajax calls for security reasons

answered May 21 '11 at 15:36

boug

1,859
1
13
13

score 2 · Accepted Answer · edited May 23 '17 at 12:04

2

@Boug is right, this is called cross site ajax request, you can see this question to see if you can a find a solution Cross-site AJAX requests but....

I think putting your private key for recaptcha in javascript is a vulnerability, recaptcha should be validated on Server Side code, this question contain useful links about how to implement recaptcha in Asp.Net MVC How to implement reCaptcha for ASP.NET MVC? I used this approach and it works perfectly http://www.dotnetcurry.com/ShowArticle.aspx?ID=611&AspxAutoDetectCookieSupport=1

edited May 23 '17 at 12:04

Community

1
1

answered May 21 '11 at 15:45

k-dev

1,657
19
30

thanks a lot...i wd try implementing this...thanks for sharing the knowledge – abhijit May 21 '11 at 19:01
how to verify Recaptcha on the server? – The Light Nov 07 '12 at 12:23

JavaScript, JQuery, or AJAX version of Recaptcha Validate

3 Answers3

Linked