Google ReCaptcha V2 not working with old PHP Code

Question

I have a small website that I use for an organisation and recently we have been flooded with spam email from our contact page. I wish to add Googl ReCapture and I am having some issues with verifying and it submiting the form.

So the website would check the fields are not empty and then allow the user to send a message. But now it won't error check the fields and won't submit or send the email. Also when you visit the contact us page it displays the message "Thank you for contacting... UK, we will get back to you shortly." before even entering or clicking submit.

<?php
include ('includes/config.php');
$error = array();
$name = '';
$email = '';
$telephone = '';
$message = '';

//I have blanked my sitekey and secret key out
$siteKey = 'MY_SITE_KEY';
$secretKey = 'MY_SECRET_KEY';

if (isset($_POST['Send']))
{
    // Assign form data
    $name = $_POST['Name'];
    $email = $_POST['Email'];
    $telephone = $_POST['Telephone'];
    $message = $_POST['Message'];

    // Validate reCAPTCHA box 
        if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){ 
            // Google reCAPTCHA API secret key 
            $secretKey = 'Your_reCAPTCHA_Secret_Key'; 

            // Verify the reCAPTCHA response 
            $verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secretKey.'&response='.$_POST['g-recaptcha-response']);  
            // Decode json data 
            $responseData = json_decode($verifyResponse); 

            // If reCAPTCHA response is valid 
            if($responseData->success){ 

    // Check for errors
    if (empty($name)) { $error[] = 'Name'; }
    if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { $error[] = 'Email'; }
    if (empty($telephone)) { $error[] = 'Telephone'; }
    if (empty($message)) { $error[] = 'Message'; }

    // If no errors
    if (sizeof($error) < 1) {
        // Build message
        $message = "Name: $name \n Email: $email \n Telephone: $telephone \n" . $message;

        // Send email
        mail('info@MYEMAIL.co.uk', "Message From $name", $message);

        // Reset form
        $name = '';
        $email = '';
        $telephone = '';
        $message = '';
    }
}}}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script src="https://www.google.com/recaptcha/api.js" async defer></script>

</head>
<body>
<?php include ('includes/header.php'); ?>
<div id="wrapper">
    <div id="main">
        <h1>Contact Us</h1>
        <?php
        if (sizeof($error) > 0)
        {
            echo '<p>There were errors for the following fields:</p><ul>';
            foreach ($error as $val) {
                echo "<li>$val</li>";
            }
            echo '</ul>';
        }
        else
        {
            echo '<p>Thank you for contacting ... UK, we will get back to you shortly.</p>';
        }
        ?>
        <table cellpadding="5" cellspacing="0">
        <form method="post" action="">
            <tr>
                <td width="150"><label for="Name">Name: </label></td>
                <td><input type="text" name="Name" value="<?=$name?>" /></td>
            </tr>
            <tr>
                <td><label for="Email">Email: </label></td>
                <td><input type="text" name="Email" value="<?=$email?>" /></td>
            </tr>
            <tr>
                <td><label for="Telephone">Telephone: </label></td>
                <td><input type="text" name="Telephone" value="<?=$telephone?>" /></td>
            </tr>
            <tr>
                <td valign="top"><label for="Message">Message: </label></td>
                <td><textarea name="Message" rows="10" cols="55"><?=$message?></textarea></td>
            </tr>
            <tr>
                <div class="g-recaptcha" data-sitekey="<?php echo $siteKey; ?>"></div>
            </tr>
            <tr>
                <td></td>
                <td><button type="submit" name="Send">Send Message</button></td>
            </tr>
        </form>
        </table>
    </div>
<?php include ('includes/footer.php'); ?>
</div>
</body>
</html>

What I need it to do is check that the fields are correct and the ReCapture has been verified and when the user clicks submit an email is sent.

Answer 1

This is how I do it, in a working fashion. First of all, my page which displays the recaptcha. I don't have any form fields as I don't need them for this application, but you could easily add them:

<?php
$mailid = $_GET['mailid']; // which email address is needed?
?>

<html>
  <head>
    <title>My test contact verification</title>
     <script src="https://www.google.com/recaptcha/api.js" async defer></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js" crossorigin="anonymous"></script>
  </head>
  <body>
  <h1>Please confirm you are not a robot</h1>
    <form action="?" method="POST">
      <input type="hidden" name="mailid" id="mailid" value="<?php echo $mailid;?>">

      <div class="g-recaptcha" data-sitekey="my-site-key" data-callback="cbtest"></div>
      <br/>
    </form>
    <br />
    <br />
    <div id="result"></div>

    <script type="text/javascript">
    function cbtest(response) {
    // now, send the response to be verified
    var dispdiv = document.getElementById("result");
    dispdiv.innerHTML = "<p>Retrieving the contact details</p>";
    var contact = document.getElementById("mailid");
    var contactsel = contact.value;
    $.ajax({
    url: "http://www.example.com/recaptcha_verify.php",
    type: "POST",
    data: {source: contactsel, response: response},
      }).done(function(data, status, xhr) {
      var ver = data.substring(0,2);
      if (ver == "no") {
      dispdiv.innerHTML = "<p>Sorry, there was a verification problem.</p>";
      } else if (ver == "OK") { 
      var out = data.substring(3);
      dispdiv.innerHTML = "<p>The contact details you requested are:<br />" + out + "</p>";
      } // end of verification response check
      })
      };

    </script>
  </body>
</html>

and my verification code

<?php
if (isset($_POST['response'])) { 
$response = $_POST['response']; }
else {
        echo "no1";
    exit;
}

if (isset($_POST['source'])) {
$source = $_POST['source']; }
else {
    echo "no2";
    exit;
}

$url = "https://www.google.com/recaptcha/api/siteverify";

$secret = "my-secret";

$emails = array(
   "hidden email 1",
   "hidden email 2",
   "hidden email 3");

// is the source reference a valid one?

if ($source < 0 || $source > count($emails)) {
echo "no";
exit;
}

// create the output

 $url = $url."?secret=".$secret. "&response=".$response;

        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($curl, CURLOPT_TIMEOUT, 15);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, TRUE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, TRUE); 
        $curlData = curl_exec($curl);

        curl_close($curl);

$out = $emails[$source]; 

// send the response to the verifier

   $captcha_success = json_decode($curlData, TRUE);


   if ($captcha_success['success'] == false) {
       echo "noF";
   }
   else if ($captcha_success['success'] == true) {
       echo "OK|" . $out;
   }

?>

(I've trimmed what I think was spurious code out of the above, hopefully I haven't taken too much out).

I present the user with a screen that just has text and a recaptcha, the incoming variable is passed through to tell my code which hidden email address is needed, obviously you'll add your form fields.