Posted by Arjun on Monday 12th March 2018

How to Integrate Google reCAPTCHA

How to reCaptcha Google

In this post, I would like to show you how to integrate Google reCAPTCHA. Google reCAPTCHA is more user-friendly and reliable which protects your websites form spams and robots.

What is reCAPTCHA?

If Google feels that you are not human, it will give the second prompt and it will ask you to fill the captcha. Once you verify that it lets you access the resource.

How to integrate?

Integrate Google reCAPTCHA you need followings.

  • A Gmail account. If not, please create it for you.
  • Basic Knowledge of HTML, JavaScript and also PHP

Below are the simple steps to integrate reCAPTCHA...

Step 1:
Get the API key by visit this link https://www.google.com/recaptcha/admin
google recaptcha app registration

google_recaptcha_grab_keys

Client-side Integration: Step 2:
Underneath these keys, there are some scripts that will be added to the client side. You can also define the language for reCaptcha.English is default language. Add the script line at footer or just below the form.

Paste this snippet before the closing tag on your HTML template:

<script src='https://www.google.com/recaptcha/api.js'></script>

Paste this snippet at the end of the

where you want the reCAPTCHA widget to appear:

<div class="g-recaptcha" data-sitekey="6LeOFEwUAAAAAKD1klNqNALZrjztUjFoP4Qw5Nzx"></div>

Here - The data-sitekey is key of your own site-key which is generated by Google for you.

Step 4:

<!doctype html>
<html>
<head>
    <title>How to Integrate No CAPTCHA reCAPTCHA </title>
</head>
 <body class="container">
   
  <form method="post" action="contact.php">
  <div class="form-group">
    <label for="email">Email address</label>
    <input type="email" name="email" class="form-control" id="email" placeholder="[email protected]">
  </div>
  <div class="form-group">
    <label for="message">Message</label>
    <textarea class="form-control" id="message" name="message" rows="3"></textarea>
  </div>

 <div class="form-group">
  <div class="g-recaptcha" data-sitekey="6LeOFEwUAAAAAKD1klNqNALZrjztUjFoP4Qw5Nzx"></div>
</div>

  <button type="submit" class="btn btn-primary">Submit</button>

</form>
<script src='https://www.google.com/recaptcha/api.js'></script>
  </body>

</html>

To ensure that reCAPTCHA is working properly, we will run some server-side checks. Save this file as contact.php (If you want to use different name dont fogot to update form action).

<?php

$contact_form_reqeust = $_POST;

if(!count($_POST)) {
    die('you can not access this page');
}

$payload = [
    'secret' => 'YOUR-GOOGLE-RECAPTCHA-SECREAT-KEY', // Secret key
    'response' => $contact_form_reqeust['g-recaptcha-response'],
    'remoteip' => get_user_ip()
];

$response = curl_post('https://www.google.com/recaptcha/api/siteverify',$payload);

$response = json_decode($response);

if($response->success) {
    // print_r($contact_form_reqeust)
    echo 'valid request';
} else {
    echo 'invalid request';
}

function curl_post($url, $payload) {
    // initiate cURL resource
    $ch = curl_init();    
    curl_setopt($ch, CURLOPT_URL,$url);
    // tell curl you want to post something
    curl_setopt($ch, CURLOPT_POST, true);  
    // define what you want to post
    curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
    // return the output in string format
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    // execute post
    $output = curl_exec ($ch);
    // close the connection to free up memory
    curl_close ($ch);

    return $output;
}

function get_user_ip() {
    if (isset($_SERVER['HTTP_CLIENT_IP']))
         $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
     else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
         $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
     else if(isset($_SERVER['HTTP_X_FORWARDED']))
         $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
     else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
         $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
     else if(isset($_SERVER['HTTP_FORWARDED']))
         $ipaddress = $_SERVER['HTTP_FORWARDED'];
     else if(isset($_SERVER['REMOTE_ADDR']))
         $ipaddress = $_SERVER['REMOTE_ADDR'];
     else
         $ipaddress = 'UNKNOWN';
 
     return $ipaddress; 
}