Reading:
Google Captcha in PHP
Share:
Twitter icon LinkedIn icon Facebook icon

Google Captcha in PHP

Metamug
Google Captcha in PHP

Setup the Keys

To add recaptcha on your site, setup the keys from Google Recaptcha Admin. Once the keys are setup, you need to copy the site key into the form, and use the secret on the server to verify the recaptcha response.

Include Google Recaptcha in the html code

Add the Recaptcha script on the page. 

<script src='https://www.google.com/recaptcha/api.js'></script>

Keep the site key generate in the previous step as follows.

<div class="g-recaptcha" data-callback="recaptchaCheck" data-sitekey="6LXXXcUiXXXXXXXXXXXXXXXXXXXXXXX9cJIXX">

Here is the complete HTML form.

<form action="./contact.php" method="POST">
  <div class="row">
    <div class="col-md-6">
      <div class="form-group">
        <label>Email Address *</label>
        <input name="email" type="email" placeholder="you@yoursite.com" class="form-control" required>
      </div>
    </div>
    <div class="col">
        <div class="g-recaptcha" data-callback="recaptchaCheck" data-sitekey="6Lf6VcUiAAAAANQgyqhUe_dtlGNLITAV6W9cJIub">
        </div>
        <br>
      <input name="submit" type="submit" class="form-control" value="Submit" />
    </div>
  </div>
</form>

Verify captcha on the server

You will recieve the captcha response from the user as g-recaptcha-response parameter in your form submit post request. We need to send this field in the site verification API. Here are the 3 fields that need to be sent.

  • response
  • secret
  • remoteip

Get Client IP in PHP

To get the client IP address in PHP, we are going to rely on HTTP_CLIENT_IP and HTTP_X_FORWARED_FOR request headers. Both these request headers are useful in fetching the client ip. Do not blindly trust the data being sent in these headers, use the filter var to confirm if its an IP address.

//contact.php

$ip = null;
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

//check for valid ip
$ip = filter_var($ip, FILTER_VALIDATE_IP);

Send Verification API call

Use PHP curl to send the HTTP POST request to Google recaptcha site verify api.


$postData = array(
    "response" => $_POST["g-recaptcha-response"],
    "secret" => "6LXXXXXXXXXXXXXXXXXXXPtsLTXXXX", 
    "remoteip" => $ip
);

$ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt_array($ch, array(
    CURLOPT_POST => TRUE,
    CURLOPT_RETURNTRANSFER => TRUE,
    CURLOPT_HTTPHEADER => array(
        'Content-Type: application/x-www-form-urlencoded'
    ),
    CURLOPT_POSTFIELDS => http_build_query($postData)
));
// Send the request
$response = json_decode(curl_exec($ch));

// var_dump($response);
if($response->success){
    // successfully save the details in the database
}else{
    echo "Invalid Captcha";
}

Check Captcha Analytics

Once you setup the captcha on the site, you can see the verifications in the admin page of Google Recaptcha.

Check Analytics

Share this article:
Twitter icon Facebook icon LinkedIn icon
Icon For Arrow-up
Comments
Post a comment