Implementing Google reCAPTCHA v2 in PHP involves several steps, including creating a reCAPTCHA API key and integrating it into your website’s HTML form and PHP backend. Here’s a step-by-step example tutorial to guide you through the process:
Step 1: Sign up for a reCAPTCHA API Key
- Go to the reCAPTCHA website: https://www.google.com/recaptcha
- Click on “Admin Console” in the top right corner.
- Sign in with your Google account (or create a new one if needed).
- Register a new site by providing a label (for your reference) and the domain where you will use reCAPTCHA. You can also specify the type of reCAPTCHA (v2 Checkbox in this case).
- After registration, you’ll get two keys: Site Key (public) and Secret Key (private). Keep these keys safe as you’ll need them later.
Step 2: Include reCAPTCHA Script in HTML
Include the Google reCAPTCHA script in your HTML form where you want the reCAPTCHA widget to appear:
<!DOCTYPE html>
<html>
<head>
<title>Google reCAPTCHA v2 Example</title>
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
<h1>Contact Form</h1>
<form action="submit_form.php" method="post">
<!-- Your form fields go here -->
<!-- The reCAPTCHA widget -->
<div class="g-recaptcha" data-sitekey="YOUR_SITE_KEY"></div>
<br>
<input type="submit" value="Submit">
</form>
</body>
</html>Replace YOUR_SITE_KEY with your actual Site Key obtained from the reCAPTCHA admin console.
Step 3: Validate reCAPTCHA Response on the Server (PHP)
Create a PHP script (e.g., submit_form.php) that will validate the reCAPTCHA response and process the form submission:
<?php
// Replace "YOUR_SECRET_KEY" with your actual Secret Key obtained from the reCAPTCHA admin console.
$secretKey = "YOUR_SECRET_KEY";
if ($_SERVER["REQUEST_METHOD"] === "POST") {
// Check if the reCAPTCHA response is present
if (isset($_POST["g-recaptcha-response"])) {
$captchaResponse = $_POST["g-recaptcha-response"];
// Send a POST request to the reCAPTCHA API for verification
$url = "https://www.google.com/recaptcha/api/siteverify";
$data = array(
"secret" => $secretKey,
"response" => $captchaResponse
);
$options = array(
"http" => array(
"method" => "POST",
"header" => "Content-Type: application/x-www-form-urlencoded\r\n",
"content" => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
// Check if the reCAPTCHA verification succeeded
if ($result !== false) {
$responseData = json_decode($result, true);
if ($responseData["success"] === true) {
// reCAPTCHA verification successful
// Process the form submission here
echo "Form submitted successfully!";
} else {
// reCAPTCHA verification failed
echo "reCAPTCHA verification failed. Please try again.";
}
} else {
// Error sending request to the reCAPTCHA API
echo "Error verifying reCAPTCHA. Please try again.";
}
} else {
// reCAPTCHA response is missing
echo "reCAPTCHA validation is required.";
}
}
?>Replace "YOUR_SECRET_KEY" with your actual Secret Key obtained from the reCAPTCHA admin console.
Step 4: Complete the Form
Add the necessary form fields you want to collect from the user in the index.html file, and make sure to set the action the attribute of the form to point to the PHP script (submit_form.php in this example).
That’s it! Now you have a working example of Google reCAPTCHA v2 in PHP. When users submit the form, the reCAPTCHA response will be validated, and the form submission will be processed only if the reCAPTCHA verification succeeds.
Make sure to handle form submissions securely and validate other form fields as needed to prevent any misuse.