While the answers here are definately working, they are using a GET
request, which exposes your private key (even though https
is used). On Google Developers the specified method is POST
.
For a little bit more detail: https://stackoverflow.com/a/323286/1680919
function isValid()
{
try {
$url = 'https://www.google.com/recaptcha/api/siteverify';
$data = ['secret' => '[YOUR SECRET KEY]',
'response' => $_POST['g-recaptcha-response'],
'remoteip' => $_SERVER['REMOTE_ADDR']];
$options = [
'http' => [
'header' => "Content-type: application/x-www-form-urlencoded\r\n",
'method' => 'POST',
'content' => http_build_query($data)
]
];
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
return json_decode($result)->success;
}
catch (Exception $e) {
return null;
}
}
Array Syntax: I use the "new" array syntax ( [
and ]
instead of array(..)
). If your php version does not support this yet, you will have to edit those 3 array definitions accordingly (see comment).
Return Values: This function returns true
if the user is valid, false
if not, and null
if an error occured. You can use it for example simply by writing if (isValid()) { ... }