Google just officially released their new Invisible reCAPTCHA.Today I will show you easiest way to integrate new google Invisible reCAPTCHA version in your PHP project. Now google taking it a step further and making it invisible. Human users will be let through without seeing the "I'm not a robot" checkbox, while suspicious ones and bots still have to solve the challenges.The new google Invisible reCAPTCHA help to protect your site from bot attacks and spams. It will ensure that only human can use your site.
The official video of google Invisible reCAPTCHA is given below
Now before we start coding we need to register our site and get a client key and secret key from google. You can register your site for free from https://www.google.com/recaptcha/admin. The registration process is fairly simple and straight forward so I am skipping it.
Inside your config.php file
<?php
return [
'client-key' => 'your client key',
'secret-key' => 'your secret key'
];
Codes for login.php file (View Page)
<?php
$config = require('config.php');
?>
<html>
<head>
<title>reCAPTCHA demo</title>
<script src='https://www.google.com/recaptcha/api.js'></script>
<script>
function onSubmit(token) {
document.getElementById("demo-form").submit();
}
</script>
</head>
<body>
<form action="admin.php" method="POST" id="demo-form">
<br>
<button class="g-recaptcha"
data-sitekey="<?php echo $config['client-key']; ?>"
data-callback="onSubmit">Submit
</button>
</form>
</body>
</html>
Codes for admin.php file (form action)
<?php
require 'Recaptcha.php';
$recaptcha = $_POST['g-recaptcha-response'];
$object = new Recaptcha();
$response = $object->verifyResponse($recaptcha);
if(isset($response['success']) and $response['success'] != true) {
echo "An Error Occured and Error code is :".$response['error-codes'];
}else {
echo "Correct Recaptcha";
}
Now the main reCAPTCHA PHP library created by me.
<?php
class Recaptcha{
public function __construct(){
$this->config = require('config.php');
}
public function verifyResponse($recaptcha){
$remoteIp = $this->getIPAddress();
// Discard empty solution submissions
if (empty($recaptcha)) {
return array(
'success' => false,
'error-codes' => 'missing-input',
);
}
$getResponse = $this->getHTTP(
array(
'secret' => $this->config['secret-key'],
'remoteip' => $remoteIp,
'response' => $recaptcha,
)
);
// get reCAPTCHA server response
$responses = json_decode($getResponse, true);
if (isset($responses['success']) and $responses['success'] == true) {
$status = true;
} else {
$status = false;
$error = (isset($responses['error-codes'])) ? $responses['error-codes']
: 'invalid-input-response';
}
return array(
'success' => $status,
'error-codes' => (isset($error)) ? $error : null,
);
}
private function getIPAddress(){
if (!empty($_SERVER['HTTP_CLIENT_IP']))
{
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
private function getHTTP($data){
$url = 'https://www.google.com/recaptcha/api/siteverify?'.http_build_query($data);
$response = file_get_contents($url);
return $response;
}
}
The server-side integration is a little tricky you need to verify the client side response by sending it to https://www.google.com/recaptcha/api/siteverify and google will verify it and will return a JSON response.
It is tricky so what I do is call a function for HTTP call in above URL and JSON decode above response from google as given above.
The above view and form action pages are extremely simplified one. You need to modify it according to your login requirements.
You can also download above codes from my GitHub. The download link is given below