Using reCAPTCHA in PHP to stop form spam
Are you tired of spambots submitting your “Contact Us” forms? Tired of spambots using your forms to “Tell a friend” with a spam link? Use Google’s reCAPTCHA service!
It’s really easy to implement. Visit the google reCAPTCHA website to sign up for an account, then create a public/private key pair. You can create reCAPTCHA keys for each of your domains, or a single global reCAPTCHA key for all of your domains.
Once you have your public/private reCAPTCHA key pair, download recaptchalib.php from Google’s repository and save it to your server at $WEBROOT/recaptcha/recaptchalib.php
Now you’re all set up and ready to implement the two reCAPTCHA function calls in your form.
The following code allows the reCAPTCHA box to be displayed inside your form. I like to place it as the last item before the Submit button. Be sure to replace MY_PUBLIC_KEY with your public key from your reCAPTCHA account.
<?php
require_once('recaptcha/recaptchalib.php');
$publickey = "MY_PUBLIC_KEY"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
The final step is to add the reCAPTCHA check where the form returns, and either continue to execute as your form expects, or return a reCAPTCHA error. Once again, be sure to replace MY_PRIVATE_KEY with the appropriate value.
<?php
require_once('recaptcha/recaptchalib.php');
$privatekey = "MY_PRIVATE_KEY";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
"(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
// continue form processing or send email, etc...
}
?>
So, here’s what the entire thing might look like:
<?php
if (isset($_POST['comments'])) {
require_once('recaptcha/recaptchalib.php');
$privatekey = "MY_PRIVATE_KEY";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
// Valid reCAPTCHA response - process form data and indicate success.
echo "Your form submission was successful";
} else {
// reCAPTCHA response invalid or no match. Report error and stop processing.
$error = "<br><b>reCAPTCHA error. Please try it again. (reCAPTCHA said: " . $resp->error . "</b>)";
echo $error;
}
} else {
?>
<html>
<head>
<title></title>
</head>
<body bgcolor="#8f8">
<form name="htmlform" method="post">
<table width="450px" align="center">
</tr>
<tr>
<td valign="top">
<label for="first_name">First Name *</label>
</td>
<td valign="top">
<input type="text" name="first_name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top"">
<label for="last_name">Last Name *</label>
</td>
<td valign="top">
<input type="text" name="last_name" maxlength="50" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="email">Email Address *</label>
</td>
<td valign="top">
<input type="text" name="email" maxlength="80" size="30">
</td>
</tr>
<tr>
<td valign="top">
<label for="comments">Comments *</label>
</td>
<td valign="top">
<textarea name="comments" maxlength="1000" cols="25" rows="6"></textarea>
</td>
</tr>
<tr>
<td style="text-align:center" colspan="2">
<?php
require_once('recaptcha/recaptchalib.php');
$publickey = "MY_PUBLIC_KEY"; // you got this from the signup page
echo recaptcha_get_html($publickey);
?>
</td>
</tr>
<tr>
<td colspan="2" style="text-align:center">
<input type="submit" value="Submit">
</td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
I hope you find this to be helpful!