PHP verify reCAPTCHA was checked

recaptcha v3 php
google recaptcha validation example
recaptcha v2
recaptcha invalid-input-response
recaptcha v2 example
google recaptcha code in html
recaptcha timeout-or-duplicate
recaptcha missing-input-response

I know this question has been asked before but I'm trying to implement a reCAPTCHA into a simple contact form on a website I'm building and still can't get it to work. The form works as expected normally, however when I implement the reCAPTCHA as per Google's instructions the form gets submitted regardless if the reCAPTCHA is checked or not.

My php form code is below.

<?php
$action=$_REQUEST['action'];
    {
    $to="adam@cygnusdesign.com.au";
    $name=$_REQUEST['name'];
    $phone=$_REQUEST['phone'];
    $email=$_REQUEST['email'];
    $enquire=$_REQUEST['enquire'];
    $message=$_REQUEST['message'];
    $MESSAGE_BODY = "Name: ".$name."\n";
    $MESSAGE_BODY .= "Phone No: ".$phone."\n";
    $MESSAGE_BODY .= "Email: ".$email."\n";
    $MESSAGE_BODY .= "Enquiring About: ".$enquire."\n";
    $MESSAGE_BODY .= $message;
    $secretKey = "keygoeshere";
    $responseKey = $_POST['g-recaptcha-response'];
    $userIP = $_SERVER['REMOTE_ADDR'];
    $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";
    $response = file_get_contents($url);
    $response = json_decode($responses);
    if ($response->success)
        {
        $from="From: $name <$email>\r\nReturn-path: $email";
        $subject="Message from $name about $enquire";
        mail($to, $subject, $MESSAGE_BODY, $from);
        header('Location: /sent.php');
        }
    else{
        echo "All * fields are required, please fill out <a href=\"../contact.php\">the form</a> again.";
        }
    }  
?>

Here is my code for reCaptcha which works in my site.

Kohana 2.3 Framework code below, You can edit and fill with plan php formatt

<?php

if($_POST){

    $this->userPost = $this->input->post();
    $post = new Validation($_POST);
    $post = Validation::factory(array_merge($_POST))
                ->pre_filter('trim')
                ->add_rules('name', 'required')
                ->add_rules('email','required','valid::email')
                ->add_rules('message', 'required')
                ->add_rules('g-recaptcha-response', 'required');

    $captcha = $this->input->post('g-recaptcha-response');
    $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=SECRET-KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);

    $obj = json_decode($response);

    if($obj->{'success'}==false)
    {
        $this->form_error['name'] = '*Please Fill the Name';
        $this->form_error['email'] = '*Please Fill the Email';
        $this->form_error['message'] = '*Please Fill the Message';
        $this->form_error['captcha_code'] = '*Are you a bot!';

    }elseif($post->validate()){


        $status = $this->home->mob_app(arr::to_object($this->userPost));

            if($status != 0){

                if(isset($_POST['message'])) { $feedback= $_POST['message']; } else { $feedback='-'; } 
                $name=$_POST['name'];
                $leadid= 'LE-'.$status;
                $subject = "Reg : ".$leadid." - Inquiry";
                $txts = '<h4>Lead Details :</h4></br>
                    <p><b>Name : </b> '.$name.'</p></br>
                    <p><b>From : </b> '.$_POST['email'].'</p></br>
                    <p><b>Description :</b> '.$feedback.'</p>';
                $from = $_POST['email'];
                $to="xxxx@xxxxx.com";                                                   
                email::sendgridnew($from, $to, $subject, $txts);
                url::redirect(PATH.'thankyou.html');
            }
        }else{

            $this->form_error = error::_error($post->errors());
        }

    }
    $this->captchastring = '';
    for ($i = 0; $i < 5; $i++) {
    $this->captchastring .= chr(rand(97, 122));
}

?>

How to use Google reCAPTCHA with PHP, When form is submitted we need to check do we have posted value from recaptcha in g-recaptcha-response and then validate it with another call to Google� The problem is, I can submit a form with the reCaptcha included without checking it and the form will ignore the reCaptcha. Before you had to send the form to a PHP file with the private key et al, but I'm not seeing any mention of that in their Developer's Guide.

Maybe this is just in the post, but you have "$responses", which seems like a typo.

Furthermore you could try to dump the value $response, and see what the values are and if success is not valid.

Or you can use curl in combination with POST (validate your POST values):

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,"https://www.google.com/recaptcha/api/siteverify");
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, 
                http_build_query(
                    array(
                        'secret' => 'your-secret',
                        'response' => $_POST['g-recaptcha-response'],
                        'remoteip' => $_SERVER['REMOTE_ADDR']
                    )
                )
        );

        // receive server response ...
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        $server_output = curl_exec ($ch);

        curl_close ($ch);

        $recaptcha_result = json_decode($server_output, true);

        if(!empty($recaptcha_result['success'])) {
            // etc
        }

How to check if the user has already checked Google Recaptcha , Verify server side Example using PHP (note that the method can be different of POST according to your form): if($_POST["g-recaptcha-response"] != ''){ // The user solved the recaptcha, now verify it if is a robot using the API. } Verify reCAPTCHA challenge using reCAPTCHA and PHP. Call the Google reCAPTCHA API and pass the Site Secret Key ( secret) & user’s response ( response ).Check the reCAPTCHA response. If the reCAPTCHA response is valid and successful, An email will be sent to the site admin with the contact form data using PHP.

<?php

$action=$_REQUEST['action'];
    {

    $to="adam@cygnusdesign.com.au";
    $name=$_REQUEST['name'];
    $phone=$_REQUEST['phone'];
    $email=$_REQUEST['email'];
    $enquire=$_REQUEST['enquire'];
    $message=$_REQUEST['message'];

    $MESSAGE_BODY = "Name: ".$name."\n";
    $MESSAGE_BODY .= "Phone No: ".$phone."\n";
    $MESSAGE_BODY .= "Email: ".$email."\n";
    $MESSAGE_BODY .= "Enquiring About: ".$enquire."\n";
    $MESSAGE_BODY .= $message;

    $secretKey = "keygoeshere";
    $responseKey = $_POST['g-recaptcha-response'];
    $userIP = $_SERVER['REMOTE_ADDR'];

 $url = "https://www.google.com/recaptcha/api/siteverify?secret=$secretKey&response=$responseKey&remoteip=$userIP";

    $response = file_get_contents($url);
    $response = json_decode($responses);
    if ($response->success)
        {

       $from="From: $name <$email>\r\nReturn-path: $email";
        $subject="Message from $name about $enquire";
        mail($to, $subject, $MESSAGE_BODY, $from);
        header('Location: /sent.php');
        }
    else
        {
        echo "All * fields are required, please fill out <a href=\"../contact.php\">the form</a> again.";
        }
    }  
?>

Verify Google reCAPTCHA with PHP � GitHub, verify-google-recaptcha-with-php. #. # Verify captcha CAPTCHA verification failed. Please email me Thank you, actually, empty check should be enough:. <div class="g-recaptcha" data-sitekey="== Your site Key =="></div> When the form get submit to Server, this script will send ‘g-recaptcha-response’ as a POST data. You need to verify it in order to see whether user has checked the Captcha or not.

Verifying the user's response | reCAPTCHA, Each reCAPTCHA user response token is valid for two minutes, and can only be verified once to prevent replay attacks. If you need a new� I am continuously receiving the " Please check the reCaptcha" message on my login and registration page. I cannot find where to check the reCaptcha. I am using the Invisible reCAPTCHA site type and i have updated the keys in US4.3 and yes, i have checked to make sure the keys are correct.

Validate form using Google reCaptcha in PHP, Check reCAPTCHA V2 box and fill the domain of your choice, in case of local development, enter localhost. and select checkbox to Accept the� Verify Google reCAPTCHA with PHP. GitHub Gist: instantly share code, notes, and snippets.

Google reCAPTCHA V2 tutorial with Example Demo in PHP , You need to verify it in order to see whether user has checked the Captcha or not. form we will use PHP in back-end to do the Google reCAPTCHA validation. The reCAPTCHA appears on my form but even if I don’t check the box it will submit and process the form. I pasted the server side code at the beginning of the verify script right after the <?php. Any suggestions?

Comments
  • first verify the captcha before verifying any input value. if no errors then go to sending the data