Validate reCAPTCHA response in PHP

Simple solution

This is a copy of the code at https://gist.github.com/jonathanstark/dfb30bdfb522318fc819

//----- VERIFY THE RECAPTCHA -----
$post_data = http_build_query(
    array(
        'secret' => CAPTCHA_SECRET,
        'response' => $_POST['g-recaptcha-response'],
        //'remoteip' => $_SERVER['REMOTE_ADDR']
        'remoteip' => (isset($_SERVER["HTTP_CF_CONNECTING_IP"]) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER['REMOTE_ADDR'])    //Needed for cloudflare users
    )
);
$opts = array('http' =>
    array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
        'content' => $post_data
    )
);
$context  = stream_context_create($opts);
$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
$result = json_decode($response);
if (!$result->success) {
    throw new Exception('CAPTCHA verification failed.', 1);
}

Really fast solution using CURL if available

This is a copy of CreativForm’s nifty code from https://gist.github.com/jonathanstark/dfb30bdfb522318fc819

//****************************************
//****************************************
//********** VALIDATE RECAPTCHA **********
//****************************************
//****************************************
function ValidateRechapcha($response){
	// Verifying the user's response (https://developers.google.com/recaptcha/docs/verify)
	$verifyURL = 'https://www.google.com/recaptcha/api/siteverify';
	
	// Collect and build POST data
	$post_data = http_build_query(
		array(
			'secret' => 'YOUR_SECRET_KEY',
			'response' => $response,
			'remoteip' => (isset($_SERVER["HTTP_CF_CONNECTING_IP"]) ? $_SERVER["HTTP_CF_CONNECTING_IP"] : $_SERVER['REMOTE_ADDR'])
		)
	);
	
	// Send data on the best possible way
	if(function_exists('curl_init') && function_exists('curl_setopt') && function_exists('curl_exec')) {
		// Use cURL to get data 10x faster than using file_get_contents or other methods
		$ch =  curl_init($verifyURL);
			curl_setopt($ch, CURLOPT_POST, 1);
			curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
			curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
			curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
			curl_setopt($ch, CURLOPT_TIMEOUT, 5);
			curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json', 'Content-type: application/x-www-form-urlencoded'));
			$response = curl_exec($ch);
		curl_close($ch);
	} else {
		// If server not have active cURL module, use file_get_contents
		$opts = array('http' =>
			array(
				'method'  => 'POST',
				'header'  => 'Content-type: application/x-www-form-urlencoded',
				'content' => $post_data
			)
		);
		$context  = stream_context_create($opts);
		$response = file_get_contents($verifyURL, false, $context);
	}

	// Verify all reponses and avoid PHP errors
	if($response) {
		$result = json_decode($response);
		if ($result->success===true) {
			return true;
		} else {
			return false;
		}
	}

	// Dead end
	return false; 
}

Call with this

  //----- CHECK THE RECAPTCHA -----
  if (!ValidateRechapcha($_POST['g-recaptcha-response']))
  {
    wp_redirect( home_url( '/' ) );
    die;
  }
Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.

Comments

Your email address will not be published. Required fields are marked *