How to redirect automatically after submit Google Recaptcha?

Question

I want to create a form with Google Recaptcha, but I don't know how to implement this case.

This is my HTML code

<form action="redirect.php" method="post">
    <div class="g-recaptcha" data-sitekey="xxxxxxxxxx"></div>
    <input type="submit" value="Submit" >
</form>

How to redirect to a page after submitting Google Recaptcha?

Answer 1

Read the docs:

https://developers.google.com/recaptcha/docs/verify

Verifying the user's response

This page explains how to verify a user's response to a reCAPTCHA challenge from your application's backend. When a reCAPTCHA is solved by end user, a new field (g-recaptcha-response) will be populated in HTML. You can get the user's response in one of three ways:

g-recaptcha-response POST parameter when the user submits the form on your site grecaptcha.getResponse(opt_widget_id) after the user completes the CAPTCHA challenge As a string argument to your callback function if data-callback is specified in either the g-recaptcha tag attribute or the callback parameter in the grecaptcha.render method Each reCAPTCHA response is a token that should be used only once. If a verification attempt has been made with a particular token, it cannot be used again. You will need to call grecaptcha.reset() to ask the end user to verify with reCAPTCHA again.

After you get the response token, you need to verify it with reCAPTCHA using the following API to ensure the token is valid.

API Request

URL: https://www.google.com/recaptcha/api/siteverify

METHOD: POST

POST Parameter Description secret Required. The shared key between your site and reCAPTCHA. response Required. The user response token provided by reCAPTCHA, verifying the user on your site. remoteip Optional. The user's IP address. API Response

The response is a JSON object:

{
  "success": true|false,
  "challenge_ts": timestamp,  // timestamp of the challenge load (ISO format yyyy-MM-dd'T'HH:mm:ssZZ)
  "hostname": string,         // the hostname of the site where the reCAPTCHA was solved
  "error-codes": [...]        // optional
}

---

PHP example:

// set post fields
$post = [
    'secret' => $secret,
    'response' => $_POST['g-recaptcha-response'],
    'remoteip'   => $_SERVER['REMOTE_ADDR']
];

$ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

// do anything you want with your response
var_dump(json_decode($response));

Answer 2

In javascript, google recaptcha has a callback response method grecaptcha.getResponse() . you can check its length which is > 0 if captcha was successful.

if(grecaptcha.getResponse().length === 0) { //redirect code here }

Answer 3

here is a full working example for php v7.x using reCaptchaV2; wrote based under the reply from this own page from "meda", "Alive to Die" under the page How to json decode in php and the Google reCaptcha v2 own example from https://developers.google.com/recaptcha/docs/display . i just have put the pieces together and then i got that. Tks to the contributors!

    <html>
      <head>
        <title>reCAPTCHA V2 demo by softlivre.com.br</title>
         <script src="https://www.google.com/recaptcha/api.js" async defer></script>
      </head>
      <body>
        <form action="./index.php" method="POST">
          <!-- here you must input the site key, not the secret key -->
          <div class="g-recaptcha" data-sitekey="xxxxxxxxxxxx"></div>
          <br/>
          <input type="submit" value="Submit">
        </form>
      </body>

    <?php
    // here you must input the secret key, not the site key
    // don´t worry, it is server side protected and won´t be
    // visible under the page source, it´s php code from now on...
    $secret = "yyyyyyyyyyyyy";

    // set post fields
    $post = [
        'secret' => $secret,
        'response' => $_POST['g-recaptcha-response'],
        'remoteip'   => $_SERVER['REMOTE_ADDR']
    ];

    $ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

    // execute!
    $response = curl_exec($ch);

    // close the connection, release resources used
    curl_close($ch);

    // do anything you want with your response
    // var_dump(json_decode($response)); // uncomment this to get the json full response
    $array = json_decode($response,true);
    //echo "<pre/>";print_r($array); // uncomment this to get the json to array full response/results

    if($array['success'] == 1){
    // here we have confirmed the chalenge, do whatever you want here, as redirecting to another
    // page. i suggest using $_SESSION in order for really protecting the other page to be
    // redirected from here to be safe, else anyone may access the other page directly 
    // without passing by the recapctha challenge, so there won´t be any point in this effort!
        echo "success!" ;
    }
    else{
        echo "Challenge not accepted so far....";
    }
    ?>

    </html>

Answer 4

<html>
  <head>
    <title>reCAPTCHA V2 demo by softlivre.com.br</title>
     <script src="https://www.google.com/recaptcha/api.js" async defer></script>
  </head>
  <body>
    <form action="./index.php" method="POST">
      <!-- here you must input the site key, not the secret key -->
      <div class="g-recaptcha" data-sitekey="xxxxxxxxxxxx"></div>
      <br/>
      <input type="submit" value="Submit">
    </form>
  </body>

<?php
// here you must input the secret key, not the site key
// don´t worry, it is server side protected and won´t be
// visible under the page source, it´s php code from now on...
$secret = "yyyyyyyyyyyyy";

// set post fields
$post = [
    'secret' => $secret,
    'response' => $_POST['g-recaptcha-response'],
    'remoteip'   => $_SERVER['REMOTE_ADDR']
];

$ch = curl_init('https://www.google.com/recaptcha/api/siteverify');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

// execute!
$response = curl_exec($ch);

// close the connection, release resources used
curl_close($ch);

// do anything you want with your response
// var_dump(json_decode($response)); // uncomment this to get the json full response
$array = json_decode($response,true);
//echo "<pre/>";print_r($array); // uncomment this to get the json to array full response/results

if($array['success'] == 1){
// here we have confirmed the chalenge, do whatever you want here, as redirecting to another
// page. i suggest using $_SESSION in order for really protecting the other page to be
// redirected from here to be safe, else anyone may access the other page directly 
// without passing by the recapctha challenge, so there won´t be any point in this effort!
    echo "success!" ;
}
else{
    echo "Challenge not accepted so far....";
}
?>

</html>