Google Recaptcha v3 example demo
Until now, I was working with Google Recaptcha v2, but now I want to update my WebApp using the lastest version (v3).
Is it possible to anyone add a fully working Go
-
I have seen most of the articles that don't work properly that's why new developers and professional developers get confused about it.
I am explaining to you in a very simple way. In this code, I am generating a google Recaptcha token at the client side at every 3 seconds of time interval because the token is valid for only a few minutes that's why if any user takes time to fill the form then it may be expired.
First I have an index.php file where I am going to write HTML and JavaScript code.
<!DOCTYPE html> <html> <head> <title>Google Recaptcha V3</title> </head> <body> <h1>Google Recaptcha V3</h1> <form action="recaptcha.php" method="post"> <label>Name</label> <input type="text" name="name" id="name"> <input type="hidden" name="token" id="token" /> <input type="hidden" name="action" id="action" /> <input type="submit" name="submit"> </form> <script src="https://www.google.com/recaptcha/api.js?render=put your site key here"></script> <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ setInterval(function(){ grecaptcha.ready(function() { grecaptcha.execute('put your site key here', {action: 'application_form'}).then(function(token) { $('#token').val(token); $('#action').val('application_form'); }); }); }, 3000); }); </script> </body> </html>Next, I have created recaptcha.php file to execute it at the server side
<?php if ($_POST['submit']) { $name = $_POST['name']; $token = $_POST['token']; $action = $_POST['action']; $curlData = array( 'secret' => 'put your secret key here', 'response' => $token ); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://www.google.com/recaptcha/api/siteverify"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($curlData)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $curlResponse = curl_exec($ch); $captchaResponse = json_decode($curlResponse, true); if ($captchaResponse['success'] == '1' && $captchaResponse['action'] == $action && $captchaResponse['score'] >= 0.5 && $captchaResponse['hostname'] == $_SERVER['SERVER_NAME']) { echo 'Form Submitted Successfully'; } else { echo 'You are not a human'; } }Source of this code. If you would like to know the explanation of this code please visit. Google reCAPTCHA V3 integration in PHP
讨论(0) -
if you are newly implementing recaptcha on your site, I would suggest adding api.js and let google collect behavioral data of your users 1-2 days. It is much fail-safe this way, especially before starting to use score.
讨论(0) -
Simple code to implement ReCaptcha v3
The basic JS code
<script src="https://www.google.com/recaptcha/api.js?render=your reCAPTCHA site key here"></script> <script> grecaptcha.ready(function() { // do request for recaptcha token // response is promise with passed token grecaptcha.execute('your reCAPTCHA site key here', {action:'validate_captcha'}) .then(function(token) { // add token value to form document.getElementById('g-recaptcha-response').value = token; }); }); </script>The basic HTML code
<form id="form_id" method="post" action="your_action.php"> <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response"> <input type="hidden" name="action" value="validate_captcha"> .... your fields </form>The basic PHP code
if (isset($_POST['g-recaptcha-response'])) { $captcha = $_POST['g-recaptcha-response']; } else { $captcha = false; } if (!$captcha) { //Do something with error } else { $secret = 'Your secret key here'; $response = file_get_contents( "https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $_SERVER['REMOTE_ADDR'] ); // use json_decode to extract json response $response = json_decode($response); if ($response->success === false) { //Do something with error } } //... The Captcha is valid you can continue with the rest of your code //... Add code to filter access using $response . score if ($response->success==true && $response->score <= 0.5) { //Do something to denied access }You have to filter access using the value of $response.score. It can takes values from 0.0 to 1.0, where 1.0 means the best user interaction with your site and 0.0 the worst interaction (like a bot). You can see some examples of use in ReCaptcha documentation.
讨论(0) -
We use recaptcha-V3 only to see site traffic quality, and used it as non blocking. Since recaptcha-V3 doesn't require to show on site and can be used as hidden but you have to show recaptcha privacy etc links (as recommended)
Script Tag in Head
<script src="https://www.google.com/recaptcha/api.js?onload=ReCaptchaCallbackV3&render='SITE KEY' async defer></script>Note: "async defer" make sure its non blocking which is our specific requirement
JS Code:
<script> ReCaptchaCallbackV3 = function() { grecaptcha.ready(function() { grecaptcha.execute("SITE KEY").then(function(token) { $.ajax({ type: "POST", url: `https://api.${window.appInfo.siteDomain}/v1/recaptcha/score`, data: { "token" : token, }, success: function(data) { if(data.response.success) { window.recaptchaScore = data.response.score; console.log('user score ' + data.response.score) } }, error: function() { console.log('error while getting google recaptcha score!') } }); }); }); }; </script>HTML/Css Code:
there is no html code since our requirement is just to get score and don't want to show recaptcha badge.Backend - Laravel Code:
Route: Route::post('/recaptcha/score', 'Api\\ReCaptcha\\RecaptchaScore@index'); Class: class RecaptchaScore extends Controller { public function index(Request $request) { $score = null; $response = (new Client())->request('post', 'https://www.google.com/recaptcha/api/siteverify', [ 'form_params' => [ 'response' => $request->get('token'), 'secret' => 'SECRET HERE', ], ]); $score = json_decode($response->getBody()->getContents(), true); if (!$score['success']) { Log::warning('Google ReCaptcha Score', [ 'class' => __CLASS__, 'message' => json_encode($score['error-codes']), ]); } return [ 'response' => $score, ]; } }we get back score and save in variable which we later user when submit form.
Reference: https://developers.google.com/recaptcha/docs/v3 https://developers.google.com/recaptcha/
讨论(0) -
I thought a fully-functioning reCaptcha v3 example demo in PHP, using a Bootstrap 4 form, might be useful to some.
Reference the shown dependencies, swap in your email address and keys (create your own keys here), and the form is ready to test and use. I made code comments to better clarify the logic and also included commented-out console log and print_r lines to quickly enable viewing the validation token and data generated from Google.
The included jQuery function is optional, though it does create a much better user prompt experience in this demo.
PHP file (
mail.php):Add secret key (2 places) and email address where noted.
<?php if ($_SERVER["REQUEST_METHOD"] == "POST") { # BEGIN Setting reCaptcha v3 validation data $url = "https://www.google.com/recaptcha/api/siteverify"; $data = [ 'secret' => "your-secret-key-here", 'response' => $_POST['token'], 'remoteip' => $_SERVER['REMOTE_ADDR'] ]; $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data) ) ); # Creates and returns stream context with options supplied in options preset $context = stream_context_create($options); # file_get_contents() is the preferred way to read the contents of a file into a string $response = file_get_contents($url, false, $context); # Takes a JSON encoded string and converts it into a PHP variable $res = json_decode($response, true); # END setting reCaptcha v3 validation data // print_r($response); # Post form OR output alert and bypass post if false. NOTE: score conditional is optional # since the successful score default is set at >= 0.5 by Google. Some developers want to # be able to control score result conditions, so I included that in this example. if ($res['success'] == true && $res['score'] >= 0.5) { # Recipient email $mail_to = "youremail@domain.com"; # Sender form data $subject = trim($_POST["subject"]); $name = str_replace(array("\r","\n"),array(" "," ") , strip_tags(trim($_POST["name"]))); $email = filter_var(trim($_POST["email"]), FILTER_SANITIZE_EMAIL); $phone = trim($_POST["phone"]); $message = trim($_POST["message"]); if (empty($name) OR !filter_var($email, FILTER_VALIDATE_EMAIL) OR empty($phone) OR empty($subject) OR empty($message)) { # Set a 400 (bad request) response code and exit http_response_code(400); echo '<p class="alert-warning">Please complete the form and try again.</p>'; exit; } # Mail content $content = "Name: $name\n"; $content .= "Email: $email\n\n"; $content .= "Phone: $phone\n"; $content .= "Message:\n$message\n"; # Email headers $headers = "From: $name <$email>"; # Send the email $success = mail($mail_to, $subject, $content, $headers); if ($success) { # Set a 200 (okay) response code http_response_code(200); echo '<p class="alert alert-success">Thank You! Your message has been successfully sent.</p>'; } else { # Set a 500 (internal server error) response code http_response_code(500); echo '<p class="alert alert-warning">Something went wrong, your message could not be sent.</p>'; } } else { echo '<div class="alert alert-danger"> Error! The security token has expired or you are a bot. </div>'; } } else { # Not a POST request, set a 403 (forbidden) response code http_response_code(403); echo '<p class="alert-warning">There was a problem with your submission, please try again.</p>'; } ?>
HTML
<head>Bootstrap CSS dependency and reCaptcha client-side validation Place between
<head>tags - paste your own site-key where noted.<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"> <script src="https://www.google.com/recaptcha/api.js?render=your-site-key-here"></script>
HTML
<body>Place between
<body>tags.<!-- contact form demo container --> <section style="margin: 50px 20px;"> <div style="max-width: 768px; margin: auto;"> <!-- contact form --> <div class="card"> <h2 class="card-header">Contact Form</h2> <div class="card-body"> <form class="contact_form" method="post" action="mail.php"> <!-- form fields --> <div class="row"> <div class="col-md-6 form-group"> <input name="name" type="text" class="form-control" placeholder="Name" required> </div> <div class="col-md-6 form-group"> <input name="email" type="email" class="form-control" placeholder="Email" required> </div> <div class="col-md-6 form-group"> <input name="phone" type="text" class="form-control" placeholder="Phone" required> </div> <div class="col-md-6 form-group"> <input name="subject" type="text" class="form-control" placeholder="Subject" required> </div> <div class="col-12 form-group"> <textarea name="message" class="form-control" rows="5" placeholder="Message" required></textarea> </div> <!-- form message prompt --> <div class="row"> <div class="col-12"> <div class="contact_msg" style="display: none"> <p>Your message was sent.</p> </div> </div> </div> <div class="col-12"> <input type="submit" value="Submit Form" class="btn btn-success" name="post"> </div> <!-- hidden reCaptcha token input --> <input type="hidden" id="token" name="token"> </div> </form> </div> </div> </div> </section> <script> grecaptcha.ready(function() { grecaptcha.execute('your-site-key-here', {action: 'homepage'}).then(function(token) { // console.log(token); document.getElementById("token").value = token; }); }); </script> <!-- References for the opitional jQuery function to enhance end-user prompts --> <script src="https://code.jquery.com/jquery-3.3.1.min.js"></script> <script src="form.js"></script>
Optional jQuery function for enhanced UX (
form.js):(function ($) { 'use strict'; var form = $('.contact_form'), message = $('.contact_msg'), form_data; // Success function function done_func(response) { message.fadeIn() message.html(response); setTimeout(function () { message.fadeOut(); }, 10000); form.find('input:not([type="submit"]), textarea').val(''); } // fail function function fail_func(data) { message.fadeIn() message.html(data.responseText); setTimeout(function () { message.fadeOut(); }, 10000); } form.submit(function (e) { e.preventDefault(); form_data = $(this).serialize(); $.ajax({ type: 'POST', url: form.attr('action'), data: form_data }) .done(done_func) .fail(fail_func); }); })(jQuery);讨论(0) -
I am assuming you have site key and secret in place. Follow this step.
In your HTML file, add the script.
<script src="https://www.google.com/recaptcha/api.js?render=put your site key here"></script>Also, do use jQuery for easy event handling.
Here is the simple form.
<form id="comment_form" action="form.php" method="post" > <input type="email" name="email" placeholder="Type your email" size="40"><br><br> <textarea name="comment" rows="8" cols="39"></textarea><br><br> <input type="submit" name="submit" value="Post comment"><br><br> </form>You need to initialize the Google recaptcha and listen for the ready event. Here is how to do that.
<script> // when form is submit $('#comment_form').submit(function() { // we stoped it event.preventDefault(); var email = $('#email').val(); var comment = $("#comment").val(); // needs for recaptacha ready grecaptcha.ready(function() { // do request for recaptcha token // response is promise with passed token grecaptcha.execute('put your site key here', {action: 'create_comment'}).then(function(token) { // add token to form $('#comment_form').prepend('<input type="hidden" name="g-recaptcha-response" value="' + token + '">'); $.post("form.php",{email: email, comment: comment, token: token}, function(result) { console.log(result); if(result.success) { alert('Thanks for posting comment.') } else { alert('You are spammer ! Get the @$%K out.') } }); }); }); }); </script>Here is the sample PHP file. You can use Servlet or Node or any backend language in place of it.
<?php $email;$comment;$captcha; if(isset($_POST['email'])){ $email=$_POST['email']; }if(isset($_POST['comment'])){ $comment=$_POST['comment']; }if(isset($_POST['token'])){ $captcha=$_POST['token']; } if(!$captcha){ echo '<h2>Please check the the captcha form.</h2>'; exit; } $secretKey = "put your secret key here"; $ip = $_SERVER['REMOTE_ADDR']; // post request to server $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($secretKey) . '&response=' . urlencode($captcha); $response = file_get_contents($url); $responseKeys = json_decode($response,true); header('Content-type: application/json'); if($responseKeys["success"]) { echo json_encode(array('success' => 'true')); } else { echo json_encode(array('success' => 'false')); } ?>Here is the tutorial link: https://codeforgeek.com/2019/02/google-recaptcha-v3-tutorial/
Hope it helps.
讨论(0)
加载中...
- 热议问题