New Google Recaptcha - PHP not executing

Question

I'm a PHP noob and I am trying to incorporate the new google recaptcha into a site. There is a form in the html doc that calls on a "sendemail.php" file (code below). The problem is that the form is working, regardless of whether or not the recaptcha done properly by the user. In my code, it will always execute "codeB", regardless of users' failure to complete the recaptcha.

What am I screwing up?

<?php
$captcha=$_POST['g-recaptcha-response'];
$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=##########11&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
if($response.success==false)
{
    //codeA that I want to execute if the recaptcha fails
    echo '<p>Please Go Back And Try Again</p>';
}
else
{
    //codeB that I want to execute upon success of the recaptcha
}
?>

Answer 1

One thing to perhaps check is if the fopen values are turned on in your php.ini. I have been having all sorts of problems incorporating the recaptcha into this one particular site. It worked fine on others, and I couldn't figure out why. Then I saw mention of 'fopen' in another post on this site, and low and behold, the setting was off.

Look for:

allow_url_fopen
allow_url_include

I changed them both from Off to On and then the code worked!

Answer 2

This is a from a tutorial:-

 $email;$comment;$captcha;
    if(isset($_POST['email'])){
      $email=$_POST['email'];
    }if(isset($_POST['comment'])){
      $email=$_POST['comment'];
    }if(isset($_POST['g-recaptcha-response'])){
      $captcha=$_POST['g-recaptcha-response'];
    }
    if(!$captcha){
      echo '<h2>Please check the the captcha form.</h2>';
      exit;
    }
    $response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR SECRET KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);
    if($response.success==false)
    {
      echo '<h2>You are spammer ! Get the @$%K out</h2>';
    }else
    {
      echo '<h2>Thanks for posting comment.</h2>';
    }

hope this helps..

Answer 3

You need to use function json_encode:

$response=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=YOUR SECRET KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);

$response = json_encode($response);
if($response->success==false){
echo 'spamer';
}
else{
echo 'ok';
}

Answer 4

There's 2 mistakes with your code, first one is which someone above mentioned that you need to use json_decode. Second of all, you cannot check the value by adding .success infront of $response.

Here is the correct code which works:

$captchaSecretCode = 'placeYourSecretCodeHere';
$response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$captchaSecretCode."&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']), true);

if($response['success'] == true)
{
    echo 'true';
}else{
    echo 'false';
}

Answer 5

In the PHP .INI file on Plesk, there are two lines of code that enable these settings

;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On

; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = On