How To Add Google reCAPTCHA v3 In PHP Contact Form
We will see how to integrate Google reCaptcha v3 in php to protect your web application from a spambot. Google reCaptcha v3 API most popular captcha solution.
Join the DZone community and get the full member experience.
Join For FreeGoogle has introduced another and upgraded form of recaptcha called Google reCAPTCHA v3. It gives greater protection from the spam bot or maltreatment in your web structures or web forms. Google reCAPTCHA v3 API works on the premise of spam score which implies that the reCAPTCHA v3 API restores the spam score of each input given by the client action.
Benefits of Google reCAPTCHA v3
This reCAPTCHA v3 is exceptionally simple to utilize as compared to Google reCAPTCHA v2 on the grounds that the client doesn't have to click on the checkbox which is in the Google reCAPTCHA v2. It just ascertains the spam score dependent on the information and client's movement and chooses whether it is a spam action or not.
Let's See How To Integrate Google reCAPTCHA v3 in PHP Application
In this instructional tutorial, we will see to add Google reCAPTCHA v3 in PHP with the assistance of a contact form. On the other hand, if you have any contact form or some other form like login, signup etc on your site and you are stressed over the spam assault, at that point you are at the ideal spot. We encourage you to peruse this instructional exercise till the end and you will get clear information to shield your forms from spambot attack.
Here I am listing out all the steps which will use in this tutorial to implement Google reCAPTCHA v3 in PHP.
- Create Site key and Secret Key from Google reCAPTCHA Admin console.
- Create a simple contact form in PHP
- Create a PHP file to validate the form using Google reCAPTCHA V3 API
Create Site key and Secret Key From Google reCAPTCHA Admin console
The first step is to generate the site key and secret key for google reCaptcha API. To do so, you need to login into Google reCAPTCHA Admin console and add your site to Google reCaptcha admin console and generate the site key and secret key. It's very simple. However, you can follow the detailed instruction to generate Google reCaptcha site key and secret key here.
After generating the keys, please keep it handy for further use in our application.
Create a Simple Contact Form In PHP
Now we will create a simple contact form in PHP to demonstrate the implementation of Google reCaptcha v3 in PHP.
So let's dive into the code.
<script async src="https://www.google.com/recaptcha/api.js?render=<YOUR_SITE_KEY>"></script>
<input type="text" class="form-control" id="name" placeholder="Enter your name" name="name" required>
<input type="text" class="form-control" id="email" placeholder="Enter your email" name="email" required>
<textarea name="comment" class="form-control" id="comment" placeholder="Enter your comment" required></textarea>
<input type="hidden" name="recaptcha_response" value="" id="recaptchaResponse">
<input type="submit" name="submit" value="Submit" class="btn btn-success btn-lg">
<script>
grecaptcha.ready(function () {
grecaptcha.execute('<YOUR_SITE_KEY>', { action: 'submit' }).then(function (token) {
var recaptchaResponse = document.getElementById('recaptchaResponse');
recaptchaResponse.value = token;
</script>
Here replace 'YOUR_SITE_KEY' with your generated site key. There are no other changes required in it.
Create a PHP file to validate the form using Google reCAPTCHA V3 API
Now we will create a simple PHP file to validate the form input value and call the Google reCaptcha v3 API to calculate the spam score. So let's check the code below:
xxxxxxxxxx
// Do some basic form validation and value sanitization and then process the value below.
if(isset($_POST['name']) && $_POST['name']!="" && isset($_POST['email']) && $_POST['email']!="")
{
// This is Google reCapctha v3 API url. It will use secret key to validate the user request.
$google_recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_secret_key = '<YOUR_SECRET_KEY>'; // Replace with your generated Secret key
$set_recaptcha_response = $_POST['recaptcha_response'];
// Make the request and get the response by making below request.
$get_recaptcha_response = file_get_contents($google_recaptcha_url . '?secret=' . $recaptcha_secret_key .
'&response=' . $set_recaptcha_response);
$get_recaptcha_response = json_decode($get_recaptcha_response);
// Based on the spam score, take your action
if ($get_recaptcha_response->success == true && $get_recaptcha_response->score >= 0.5 &&
$get_recaptcha_response->action == 'submit') {
$success_msg = "You can process your application flow.";
} else {
$err_msg = "Something went wrong. Please try again after sometime.";
}
}
Please note once you call the Google reCaptcha API, you will get the response on below format:
xxxxxxxxxx
{ "success": true, "challenge_ts": "2020-11-24T15:31:26Z", "hostname": "localhost", "score": 0.95, "action": "submit" }
So the based on the 'Score ' value you can process your form or application flow.
That's all about the implementation of Google ReCaptcha in v3. I personally recommend to use it to prevent any kind of abuse.
Published at DZone with permission of Manas Singh. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments