CAPTCHA - How to Prevent Robot or Digital Entry on a Form which Could Lead to Causing Damages to Data
3.29/5 (4 votes)
Google Captcha usage and integration snippet
Introduction
My simple snippet will show you how I have used Google captcha in my login form. The form cannot be submitted until it has been verified that the user is not a robot but human.
Using the Code
To begin, go to this link to get your reCAPTCHA keys. After you have done the registration and not have the keys, follow the guide below.
The two keys needed are the Secret key and data-sitekey.
- Within your
phptag, set your variable ($secretKey) to the secret key string gotten from Google key generation page. - Write form request method (
(($_SERVER['REQUEST_METHOD']=='POST'))) to check when the form is submitted just like in the code section. - And thirdly, within your
formtag is to display the CAPTCHA using thedata-sitekeywith theg-recaptchaclass as seen in the code section.
This tip content was mostly copied from:
<?php
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] === true){
$secretKey = "6LeRwsklAAAAAJaFVyT1UJUDZnsZCFFVk7Q_uFJQ";
if(($_SERVER['REQUEST_METHOD']=='POST'))
{
// Section to validate reCAPTCHA entry during form submittion
$message ="";
if(isset($_POST['g-recaptcha-response']) &&
!empty($_POST['g-recaptcha-response'])){
$response = isset($_POST["g-recaptcha-response"]) ?
$_POST['g-recaptcha-response'] : null;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify");
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'secret' => $secretKey,
'response' => $response,
'remoteip' => $_SERVER['REMOTE_ADDR']
));
$message = json_decode(curl_exec($ch));
curl_close($ch);
if ($message->success === true) {
$username = $password = "";
$username=test_input($_POST['username']);
$password=test_input($_POST['password']);
login($username, $password);
}
}
else{
echo '<script>alert("The Captcha verification did not work")</script>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta >
<link href="" />
<title></title>
<meta name="">
<meta name=" content="">
</head>
<body>
<form id="form-send-money" method="post" autocomplete="off"
action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" >
<label>Enter Username(email address)</label>
<input type="text" name="username" class="form-control"
maxlength = "" required="" />
<br />
<label>Enter Password</label>
<input type="password" name="password" class="form-control"
maxlength = "" required="" />
<br />
<div class="g-recaptcha" data-sitekey="6LeRw555AAAAAGO5555JYkWVTZdF"></div>
<div> <input type="submit" name="login" value="Login"
class="btn btn-primary btn-block" />
</div>
</form>
</body>
</html>
Points of Interest
It is very important to understand that, until the CAPTCHA is clicked, your form can never be submitted. This is just its way to check that there is no script/robot trying to do the form submission.
The Google CAPTCHA after several logins or invalid logins is able to produce other types of hurdles to further check it is actually not a Robot trying to submit. This is mostly selecting a matching photo from a list of photos.
History
- 4th June, 2023: Initial version
Updated code will be shared when there is any improvement.