How can I implement Google Recaptcha v3 in a PHP form?
I have searched this and other forums to implement the new version of ReCaptcha (V3) in my forms. I needed to know how to:
- Insert it with JS
- How to validate it with PHP
- What new fields were needed in my form.
I did not find any simple solution, which would show me all these points, or it was too complicated for somebody who just wanted to insert a contact form on their website.
At the end, taking some code portions of multiple solutions, I use a simple and reusable code, in which you only have to insert the corresponding keys.
Here it is.
The basic JS code
<script src="https://www.google.com/recaptcha/api.js?render=your reCAPTCHA site key here"></script>
<script>
grecaptcha.ready(function() {
// do request for recaptcha token
// response is promise with passed token
grecaptcha.execute('your reCAPTCHA site key here', {action:'validate_captcha'})
.then(function(token) {
// add token value to form
document.getElementById('g-recaptcha-response').value = token;
});
});
</script>
The basic HTML code
<form id="form_id" method="post" action="your_action.php">
<input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
<input type="hidden" name="action" value="validate_captcha">
.... your fields
</form>
The basic PHP code
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
else
$captcha = false;
if(!$captcha){
//Do something with error
}
else{
$secret = 'Your secret key here';
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$secret."&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']));
if($response->{'success'}==false)
{
//Do something with error
}
}
//... The Captcha is valid you can continue with the rest of your code
//... Add code to filter access using $response . score
if ($response->{'success'}==true && $response->{'score'} <= 0.5) {
//Do something to denied access
}
You have to filter access using the value of $response->{'score'}. It can takes values from 0.0 to 1.0, where 1.0 means the best user interaction with your site and 0.0 the worst interaction (like a bot). You can see some examples of use in ReCaptcha documentation.
You only have to add your keys, no more changes needed:
src="https://www.google.com/recaptcha/api.js?render=your reCAPTCHA site key here"
grecaptcha.execute('your reCAPTCHA site key here'
and
$secret = 'Your secret key here';
Obviously you also have to change the action of the form, in this example:
action = "your_action.php"
kikerrobles
I'm a full stack developer from Spain. Most of my web applications were deployed with Laravel as PHP framework.
Updated on June 14, 2022Comments
-
kikerrobles about 2 years
I would like to insert a contact form the new version (V3) of Recaptcha.
I have looked for different solutions, but they only show part of the code, they are incomplete or I get an error, and most of the solutions found are very complicated for something so simple and I do not understand the code.
-
GrumpyCrouton over 5 yearsThank you for contributing!
-
VenomRush over 5 yearsGoogle needs to have more thorough documentation for reCaptcha. I spent hours trying to figure out why I wasn't getting it to work, only to find out that they failed to mention adding a hidden form field for the token to be added to.
-
a coder almost 5 yearsCan you explain what
{action:'validate_captcha'}
does on theexecute
line of the JS? The only other reference is this hidden field:<input type="hidden" name="action" value="validate_captcha">
. Trying to debug my instance and I'm unsure what this is doing. -
kikerrobles almost 5 yearsIt's just for adding actions, in this code it's making nothing. You can have more information in developers.google.com/recaptcha/docs/v3 in Actions.
-
Els den Iep over 4 yearsAfter using your code: how can we test if the recaptcha is working?
-
kikerrobles over 4 yearsYou can add an else condition after if($response.success==false), but if $response.success is true means that it's working. You can use $response->score too to do some actions.
-
clayRay almost 4 yearsThis code needs to be changed. ReCaptcha times out after 2 minutes, so
grecaptcha.execute()
needs to be called when the form is submitted, not ongrecaptcha.ready()