+880 1728-091199
md.tazbinur.rahaman@gmail.com
Talaimary, Rajshahi-6204, Bangladesh
Tazbinur Rahaman 2 July, 2020

Adding Google reCAPTCHA in php form

If you ever created any contact form on any public website, you might notice that many spam messages/ offer messages come in your database out of nowhere (technically form any bot actually ). The number of this spam sometimes is so huge that the original messages/ contacts from the user are hard to find among those & it's hard to find actual messages. Google reChaptcha is a very good solution to stop & validate those bot-generated spam messages.

Mainly promotional agencies develop those bots to promote their products & offers to you via your website forms. These bots are developed in such a way that they can fill your form exactly as your each form field requires. To stop this you need to implement a I'm not a robot type validation. To do so, first go to https://www.google.com/recaptcha/intro/v3.html link and click on Admin Console button from the top right side. A new cames in with some fields. Put a Label that will make it easy for you to identify the site in the future. Then select the reChaptcha type you want. I'm adding here reCAPTCHA v2 with "I'm not a robot" Checkbox. After that enter your domain name where you want to use your captcha, accept the Accept the reCAPTCHA Terms of Service and click submit.

You will be redirected to a new page with a SITE KEY & SECRET KEY for your site. The site key is used in frontend & the secret key is in the backend to validate the response. You got all your credentials now time to implement!

            <script src="https://www.google.com/recaptcha/api.js" async defer></script>
        
Put this API source in your head tag.

              <div class="g-recaptcha" data-sitekey="your_site_key"></div>
        
Then put this div where you want to show your captcha. your_site_key must be replaced with the SITE KEY you got earlier. The complete code looks like this.

          <html>
          <head>
            <title></title>
            <script src="https://www.google.com/recaptcha/api.js" async defer></script>
          </head>
          <body>
            <form action="?" method="POST">
              <div class="g-recaptcha" data-sitekey="your_site_key"></div>
              <br/>
              <input type="submit" value="Submit">
            </form>
          </body>
        </html>
        
Now put this code in your form submission PHP block:

       $secretKey = secret_key;
       $responseKey = $_POST['g-recaptcha-response'];
       $userIP = $_SERVER['REMOTE_ADDR'];
       $url = "https://www.google.com/recaptcha/api/siteverify?
       secret=$secretKey&response=$responseKey&remoteip=$userIP";

       $response = file_get_contents($url);
       $response = json_decode($response);
        
You must replace the secret_key with the SECRET_KEY you got earlier. Now you are all good to go.

       if( $response->success ){
         // insert data
       } else{
          // do not insert data
       }
        
Now just check the value of response like this; if the value is true, it means an actual request is from a valid user; if it is false that means the request is coming from a bot so refuse it.

Copyright: Thumbnail image & instruction taken from https://www.google.com/recaptcha/intro/v3.html