Recaptcha Not Verifying with file_get_contents

The reCaptcha documentation specifically specifies that the parameters for the request to https://www.google.com/recaptcha/api/siteverify must be sent via POST. You can use CURL for this.

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => [
        'secret' => $secretKey,
        'response' => $captcha,
        'remoteip' => $_SERVER['REMOTE_ADDR']
    ],
    CURLOPT_RETURNTRANSFER => true
]);

$output = curl_exec($ch);
curl_close($ch);

$json = json_decode($output);

// check response...

if(isset($_POST['g-recaptcha-response'])){  
    $captcha=$_POST['g-recaptcha-response'];  
}  
$recaptcha_secret = '(secret-key)';  
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$recaptcha_secret."&response=".$captcha);  
$response = json_decode($response, true);  
if(!empty($response["success"]))  
{  
    echo 'Thanks for your message!';  
} else {  
    echo 'Error';  
}

Don't use file_get_contents. Google suggests using POST requests. You may use something in the lines of the following

$curl = curl_init();
curl_setopt_array($curl, array(
    CURLOPT_RETURNTRANSFER => 1,
    CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
    CURLOPT_POST => 1,
    CURLOPT_POSTFIELDS => array(
        'secret' => $secretKey,
        'response' => $captcha
    )
));
$response = curl_exec($curl);
curl_close($curl);

if(strpos($response, '"success": true') !== FALSE) {
    echo '<h3>Thanks for your message!</h3>';
} else {
    echo "<h3>Error</h3>";
}

EDIT

Yemiez answer (just got me at the corner) is better at handling the response part, by using the json_decode function.

EDIT just fixed a typo

Recaptcha Not Verifying with file_get_contents

Tags:

Php

Forms

Recaptcha

Related

Recent Posts