This snippet on Google Captcha usage and integration will help you in your project when you want to use Google CAPTCHA.
Introduction
My simple snippet will show you how I have used Google captcha in my login form. The form cannot be submitted until it has been verified that the user is not a robot but human.
Using the Code
To begin, go to this link to get your reCAPTCHA keys. After you have done the registration and not have the keys, follow the guide below.
The two keys needed are the Secret
key and data-sitekey
.
- Within your
php
tag, set your variable ($secretKey
) to the secret key string gotten from Google key generation page. - Write form request method (
(($_SERVER['REQUEST_METHOD']=='POST'))
) to check when the form is submitted just like in the code section. - And thirdly, within your
form
tag is to display the CAPTCHA using the data-sitekey
with the g-
recaptcha
class as seen in the code section.
This tip content was mostly copied from:
<?php
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
$secretKey = "6LeRwsklAAAAAJaFVyT1UJUDZnsZCFFVk7Q_uFJQ";
if(($_SERVER['REQUEST_METHOD']=='POST'))
{
$message ="";
if(isset($_POST['g-recaptcha-response']) &&
!empty($_POST['g-recaptcha-response'])){
$response = isset($_POST["g-recaptcha-response"]) ?
$_POST['g-recaptcha-response'] : null;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'secret' => $secretKey,
'response' => $response,
'remoteip' => $_SERVER['REMOTE_ADDR']
));
$message = json_decode(curl_exec($ch));
curl_close($ch);
if ($message->success === true) {
$username = $password = "";
$username=test_input($_POST['username']);
$password=test_input($_POST['password']);
login($username, $password);
}
}
else{
echo '<script>alert("The Captcha verification did not work")</script>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta >
<link href="" />
<title></title>
<meta name="">
<meta name=" content="">
</head>
<body>
<form id="form-send-money" method="post" autocomplete="off"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" >
<label>Enter Username(email address)</label>
<input type="text" name="username" class="form-control"
maxlength = "" required="" />
<br />
<label>Enter Password</label>
<input type="password" name="password" class="form-control"
maxlength = "" required="" />
<br />
<div class="g-recaptcha" data-sitekey="6LeRw555AAAAAGO5555JYkWVTZdF"></div>
<div> <input type="submit" name="login" value="Login"
class="btn btn-primary btn-block" />
</div>
</form>
</body>
</html>
Points of Interest
It is very important to understand that, until the CAPTCHA is clicked, your form can never be submitted. This is just its way to check that there is no script/robot trying to do the form submission.
The Google CAPTCHA after several logins or invalid logins is able to produce other types of hurdles to further check it is actually not a Robot trying to submit. This is mostly selecting a matching photo from a list of photos.
History
- 4th June, 2023: Initial version
Updated code will be shared when there is any improvement.