How to validate Google reCAPTCHA v3 on server side

Question

I ve just set up the new google recaptcha with checkbox  it s working fine on front end  however I don t know how to handle it on server side using PHP  I ve tried to use the old code below but the form is sent even if the captcha is not valid   require once  recaptchalib php     privatekey    my key    resp   recaptcha check answer   privatekey            SERVER  REMOTE ADDR              POST  recaptcha challenge field              POST  recaptcha response field      if    resp- gt is valid      errCapt   lt p style  color  D6012C   gt The CAPTCHA Code wasnot entered correctly  lt  p gt

User · Answer

Easy and best solution is the following  index html     lt form action  submit php  method  POST  gt      lt input type  text  name  name  value      gt      lt input type  text  name  email  value      gt      lt textarea type  text  name  message  gt  lt  textarea gt      lt div class  g-recaptcha  data-sitekey  Insert Your Site Key  gt  lt  div gt      lt input type  submit  name  submit  value  SUBMIT  gt   lt  form gt    submit php    lt  php if isset   POST  submit     amp  amp   empty   POST  submit        if isset   POST  g-recaptcha-response     amp  amp   empty   POST  g-recaptcha-response            your site secret key      secret    InsertSiteSecretKey         get verify response data      verifyResponse   file get contents  https   www google com recaptcha api siteverify secret    secret   amp response     POST  g-recaptcha-response          responseData   json decode  verifyResponse       if  responseData- gt success             contact form submission code goes here           succMsg    Your contact request have submitted successfully         else           errMsg    Robot verification failed  please try again             else       errMsg    Please click on the reCAPTCHA box            gt    I have found this reference and full tutorial from here - Using new Google reCAPTCHA with PHP

User · Answer

Private key safety While the answers here are definately working  they are using a GET request  which exposes your private key  even though https is used   On Google Developers the specified method is POST  For a little bit more detail  https   stackoverflow com a 323286 1680919 Verification via POST function isValid          try             url    https   www google com recaptcha api siteverify            data     secret      gt    YOUR SECRET KEY                      response    gt    POST  g-recaptcha-response                      remoteip    gt    SERVER  REMOTE ADDR                                options                  http    gt                     header     gt   quot Content-type  application x-www-form-urlencoded r n quot                    method     gt   POST                    content    gt  http build query  data                                          context    stream context create  options            result   file get contents  url  false   context           return json decode  result - gt success            catch  Exception  e            return null           Array Syntax  I use the  quot new quot  array syntax     and   instead of array        If your php version does not support this yet  you will have to edit those 3 array definitions accordingly  see comment   Return Values  This function returns true if the user is valid  false if not  and null if an error occured  You can use it for example simply by writing if  isValid

User · Answer

Source Tutorial Link  V2 of Google reCAPTCHA   Step 1 - Go to Google reCAPTCHA  Login then get Site Key and Secret Key  Step 2 - Download PHP code here and upload src folder on your server   Step 3 - Use below code in your form php                          lt head gt               lt title gt FreakyJolly com Google reCAPTCHA EXAMPLE form lt  title gt               lt script src  https   www google com recaptcha api js  gt  lt  script gt           lt  head gt            lt body gt               lt  php              require  src autoload php                  siteKey    6LegPmIUAAAAADLwDmXXXXXXXyZAJVJXXXjN                secret    6LegPmIUAAAAAO3ZTXXXXXXXXJwQ66ngJ7AlP                 recaptcha   new  ReCaptcha ReCaptcha  secret                 gRecaptchaResponse     POST  g-recaptcha-response      google captcha post data              remoteIp     SERVER  REMOTE ADDR      to get user s ip               recaptchaErrors          blank varible to store error               resp    recaptcha- gt verify  gRecaptchaResponse   remoteIp     method to verify captcha             if   resp- gt isSuccess                                                  Add code to create User here when form submission is successful                                       else                                              This variable will have error when reCAPTCHA is not entered correctly                                          recaptchaErrors    resp- gt getErrorCodes                                   gt                   lt form autcomplete  off  class  form-createuser  name  create user form  action    method  post  gt                       lt div class  panel periodic-login  gt                           lt div class  panel-body text-center  gt                               lt div class  form-group form-animate-text  style  margin-top 40px  important   gt                                   lt input type  text  autcomplete  off  class  form-text  name  new user name  required    gt                                   lt span class  bar  gt  lt  span gt                                   lt label gt Username lt  label gt                               lt  div gt                               lt div class  form-group form-animate-text  style  margin-top 40px  important   gt                                   lt input type  text  autcomplete  off  class  form-text  name  new phone number  required    gt                                   lt span class  bar  gt  lt  span gt                                   lt label gt Phone lt  label gt                               lt  div gt                               lt div class  form-group form-animate-text  style  margin-top 40px  important   gt                                   lt input type  password  autcomplete  off  class  form-text  name  new user password  required    gt                                   lt span class  bar  gt  lt  span gt                                   lt label gt Password lt  label gt                               lt  div gt                               lt  php                                      if isset  recaptchaErrors 0                                             print  Error in Submitting Form  Please Enter reCAPTCHA AGAIN                                                                          gt                               lt div class  g-recaptcha  data-sitekey  6LegPmIUAAAAADLwDmmVmXXXXXXXXXXXXXXjN  gt  lt  div gt                               lt input type  submit  class  btn col-md-12  value  Create User  gt                           lt  div gt                       lt  div gt                   lt  form gt           lt  body gt            lt  html gt

User · Answer

In response to  mattgen88 s answer  Here is a CURL method with better arrangement         secret   your google captcha private key        curl   curl init        curl setopt array  curl  array          CURLOPT URL               gt   https   www google com recaptcha api siteverify           CURLOPT HEADER            gt   Content-Type  application json           CURLOPT RETURNTRANSFER    gt  true          CURLOPT SSL VERIFYPEER    gt  FALSE     to disable ssl verifiction set to false else true           CURLOPT ENCODING        gt              CURLOPT MAXREDIRS         gt  10          CURLOPT TIMEOUT           gt  30          CURLOPT HTTP VERSION      gt  CURL HTTP VERSION 1 1          CURLOPT CUSTOMREQUEST     gt   POST           CURLOPT POSTFIELDS        gt  array               secret    gt   secret               response    gt    POST  g-recaptcha-response                 remoteip    gt    SERVER  REMOTE ADDR                           response   json decode curl exec  curl         err   curl error  curl        curl close  curl        if   response- gt success            echo  captcha              else if   err           echo  err               else           echo  no captcha

User · Answer

To verify at server side using PHP  Two most important thing you need to consider   1    POST  g-recaptcha-response    2  secretKey    6LeycSQTAAAAAMM3AeG62pBslQZwBTwCbzeKt06V     verifydata   file get contents  https   www google com recaptcha api siteverify secret    secretKey   amp response     POST  g-recaptcha-response              response  json decode  verifydata     If you get  verifydata true  You done   For more check out this  Google reCaptcha Using PHP   Only 2 Step Integration

User · Answer

I m not a fan of any of these solutions  I use this instead    ch   curl init    curl setopt  ch  CURLOPT URL   https   www google com recaptcha api siteverify    curl setopt  ch  CURLOPT HEADER  0   curl setopt  ch  CURLOPT RETURNTRANSFER  1    curl setopt  ch  CURLOPT POST  1   curl setopt  ch  CURLOPT POSTFIELDS         secret    gt   privatekey       response    gt    POST  g-recaptcha-response         remoteip    gt    SERVER  REMOTE ADDR         resp   json decode curl exec  ch    curl close  ch    if   resp- gt success           Success   else          failure     I d argue that this is superior because you ensure it is being POSTed to the server and it s not making an awkward  file get contents  call  This is compatible with recaptcha 2 0 described here  https   developers google com recaptcha docs verify  I find this cleaner  I see most solutions are file get contents  when I feel curl would suffice

User · Answer

I liked Levit s answer and ended up using it  But I just wanted to point out  just in case  that there is an official Google PHP library for new reCAPTCHA  https   github com google recaptcha  The latest version  right now 1 1 2  supports Composer and contains an example that you can run to see if you have configured everything correctly   Below you can see part of the example that comes with this official library  with my minor modifications for clarity       Make the call to verify the response and also pass the user s IP address      resp    recaptcha- gt verify   POST  g-recaptcha-response      SERVER  REMOTE ADDR          if   resp- gt isSuccess         If the response is a success  that s it            gt           lt h2 gt Success  lt  h2 gt           lt p gt That s it  Everything is working  Go integrate this into your real project  lt  p gt           lt p gt  lt a href     gt Try again lt  a gt  lt  p gt           lt  php       else      If it s not successful  then one or more error codes will be returned            gt           lt h2 gt Something went wrong lt  h2 gt           lt p gt The following error was returned   lt  php             foreach   resp- gt getErrorCodes   as  code                    echo   lt tt gt      code     lt  tt gt                                 gt  lt  p gt           lt p gt Check the error code reference at  lt tt gt  lt a href  https   developers google com recaptcha docs verify error-code-reference  gt https   developers google com recaptcha docs verify error-code-reference lt  a gt  lt  tt gt            lt p gt  lt strong gt Note  lt  strong gt  Error code  lt tt gt missing-input-response lt  tt gt  may mean the user just didn t complete the reCAPTCHA  lt  p gt           lt p gt  lt a href     gt Try again lt  a gt  lt  p gt       lt  php         Hope it helps someone

User · Answer

this is solution  index html   lt html gt     lt head gt       lt title gt Google recapcha demo - Codeforgeek lt  title gt       lt script src  https   www google com recaptcha api js  gt  lt  script gt     lt  head gt     lt body gt       lt h1 gt Google reCAPTHA Demo lt  h1 gt       lt form id  comment form  action  form php  method  post  gt         lt input type  email  placeholder  Type your email  size  40  gt  lt br gt  lt br gt         lt textarea name  comment  rows  8  cols  39  gt  lt  textarea gt  lt br gt  lt br gt         lt input type  submit  name  submit  value  Post comment  gt  lt br gt  lt br gt         lt div class  g-recaptcha  data-sitekey      Your site key      gt  lt  div gt       lt  form gt     lt  body gt   lt  html gt    verify php   lt  php      email   comment   captcha       if isset   POST  email              email   POST  email        if isset   POST  comment              comment   POST  comment        if isset   POST  g-recaptcha-response              captcha   POST  g-recaptcha-response         if   captcha           echo   lt h2 gt Please check the the captcha form  lt  h2 gt            exit              response   json decode file get contents  https   www google com recaptcha api siteverify secret YOUR SECRET KEY amp response    captcha   amp remoteip     SERVER  REMOTE ADDR     true       if  response  success      false                echo   lt h2 gt You are spammer   Get the    K out lt  h2 gt              else               echo   lt h2 gt Thanks for posting comment  lt  h2 gt            gt    http   codeforgeek com 2014 12 google-recaptcha-tutorial

User · Answer

Check below example   lt script src  https   www google com recaptcha api js  gt  lt  script gt   lt script gt   function get action form         var v   grecaptcha getResponse        if v length    0                document getElementById  captcha   innerHTML  You can t leave Captcha Code empty           return false            else                document getElementById  captcha   innerHTML  Captcha completed           return true             lt  script gt   lt form autocomplete  off  method  post  action submit php  gt        lt input type  text  name  name  gt       lt input type  text  name  email  gt       lt div class  g-recaptcha  id  rcaptcha   data-sitekey  site key  gt  lt  div gt       lt span id  captcha  style  color red    gt  lt  span gt   lt  -- this will show captcha errors -- gt       lt input type  submit  id  sbtBrn  value  Submit  name  sbt  class  btn btn-info contactBtn    gt   lt  form gt

User · Answer

Here you have simple example  Just remember to provide secretKey and siteKey from google api    lt  php  siteKey    Provide element from google    secretKey    Provide element from google    if   POST  submit          username     POST  username         responseKey     POST  g-recaptcha-response         userIP     SERVER  REMOTE ADDR         url    https   www google com recaptcha api siteverify secret  secretKey amp response  responseKey amp remoteip  userIP        response   file get contents  url        response   json decode  response       if  response- gt success           echo  Verification is correct  Your name is  username         else           echo  Verification failed             gt    lt html gt   lt meta gt       lt title gt Google ReCaptcha lt  title gt   lt  meta gt   lt body gt       lt form action  index php  method  post  gt           lt input type  text  name  username  placeholder  Write your name   gt           lt div class  g-recaptcha  data-sitekey   lt     siteKey   gt   gt  lt  div gt           lt input type  submit  name  submit  value  send   gt       lt  form gt       lt script src  https   www google com recaptcha api js  gt  lt  script gt   lt  body gt

User · Answer

it is similar with mattgen88  but I just fixed CURLOPT HEADER  and redefine array for it work in domain com host server  this one doesn t work on my xampp localhost  Those small error but took long to figure out  this code was tested on domain com hosting       privatekey    your google captcha private key         ch   curl init        curl setopt  ch  CURLOPT URL   https   www google com recaptcha api siteverify        curl setopt  ch  CURLOPT HEADER   Content-Type  application json        curl setopt  ch  CURLOPT RETURNTRANSFER  1        curl setopt  ch  CURLOPT POST  1       curl setopt  ch  CURLOPT POSTFIELDS  array           secret    gt   privatekey           response    gt    POST  g-recaptcha-response             remoteip    gt    SERVER  REMOTE ADDR                                 resp   json decode curl exec  ch        curl close  ch        if   resp- gt success               Success         echo  captcha         else              failure         echo  no captcha

User · Answer

In the example above  For me  this if  response success  false  thing does not work  Here is correct PHP code     url    https   www google com recaptcha api siteverify    privatekey    --your key--    response   file get contents  url   secret    privatekey   amp response     POST  g-recaptcha-response     amp remoteip     SERVER  REMOTE ADDR      data   json decode  response    if  isset  data- gt success  AND  data- gt success  true                   everything is ok    else                  spam

[php] How to validate Google reCAPTCHA v3 on server side?

Examples related to php

Examples related to recaptcha

Examples related to recaptcha-v3