Click here to Skip to main content
16,019,976 members
Articles / Security
Tip/Trick

CAPTCHA - How to Prevent Robot or Digital Entry on a Form which Could Lead to Causing Damages to Data

Rate me:
Please Sign up or sign in to vote.
3.29/5 (4 votes)
26 Jun 2023CPOL1 min read 7.9K   16   2  
Google Captcha usage and integration snippet
This snippet on Google Captcha usage and integration will help you in your project when you want to use Google CAPTCHA.

Introduction

My simple snippet will show you how I have used Google captcha in my login form. The form cannot be submitted until it has been verified that the user is not a robot but human.

Using the Code

To begin, go to this link to get your reCAPTCHA keys. After you have done the registration and not have the keys, follow the guide below.

The two keys needed are the Secret key and data-sitekey.

  1. Within your php tag, set your variable ($secretKey) to the secret key string gotten from Google key generation page. 
  2. Write form request method ((($_SERVER['REQUEST_METHOD']=='POST'))) to check when the form is submitted just like in the code section.
  3. And thirdly, within your form tag is to display the CAPTCHA using the data-sitekey with the g-recaptcha class as seen in the code section.

This tip content was mostly copied from: 

PHP
<?php

if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
 
$secretKey = "6LeRwsklAAAAAJaFVyT1UJUDZnsZCFFVk7Q_uFJQ";

 if(($_SERVER['REQUEST_METHOD']=='POST'))
           {
// Section to validate reCAPTCHA entry during form submittion
    $message ="";    
    if(isset($_POST['g-recaptcha-response']) && 
             !empty($_POST['g-recaptcha-response'])){            
     
        $response   = isset($_POST["g-recaptcha-response"]) ? 
                            $_POST['g-recaptcha-response'] : null;

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
    'secret' => $secretKey,
    'response' => $response,
    'remoteip' => $_SERVER['REMOTE_ADDR']
));

$message = json_decode(curl_exec($ch));
curl_close($ch);
               
         if ($message->success === true) {
            
$username = $password  = "";             
$username=test_input($_POST['username']);    
$password=test_input($_POST['password']);
          login($username, $password);
        }
        
        }
           
    else{ 

    echo '<script>alert("The Captcha verification did not work")</script>';
            
        } 
                   
        }    
?>

<!DOCTYPE html>

<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta >
<link href="" />
<title></title>
<meta name="">
<meta name=" content="">

</head>
<body>

<form id="form-send-money" method="post" autocomplete="off" 
      action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" > 
     <label>Enter Username(email address)</label>  
     <input type="text" name="username" class="form-control" 
      maxlength = "" required="" />  
     <br />  
     <label>Enter Password</label>  
     <input type="password" name="password" class="form-control" 
      maxlength = "" required="" />  
     <br />  
     <div class="g-recaptcha" data-sitekey="6LeRw555AAAAAGO5555JYkWVTZdF"></div>
                      
     <div>  <input type="submit" name="login" value="Login" 
             class="btn btn-primary btn-block" />   
     </div>       
     </form>
</body>
</html>

Points of Interest

It is very important to understand that, until the CAPTCHA is clicked, your form can never be submitted. This is just its way to check that there is no script/robot trying to do the form submission.

The Google CAPTCHA after several logins or invalid logins is able to produce other types of hurdles to further check it is actually not a Robot trying to submit. This is mostly selecting a matching photo from a list of photos.

History

  • 4th June, 2023: Initial version

Updated code will be shared when there is any improvement.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Business Analyst Personal
Nigeria Nigeria
I have experience in application development in the use of .Net, PHP, MSSQL, JAVA....

Comments and Discussions

 
-- There are no messages in this forum --