reCaptcha v2 server side integration help ...Currently I can click send and the form will send without being verified...

[Mark]

Hi

Please help.... Ive wasted a weekend so far on what appears should be an easy thing to do..

When I google all I see are copied examples I don't understand why so many webpages have copied content from Google's own reCaptcha VERSION 2 guide https://developers.google.com/recaptcha/ which is the easy bit,  but no one can help with server side php forms.

I've basically a html form which has worked for years which posts to a php file see example below:

Ive Pasted this snippet before the closing </head> tag on my HTML template:<script src='https://www.google.com/recaptcha/api.js'></script>and Pasted this snippet at the end of the <form> where the reCAPTCHA widget to appears:<div class="g-recaptcha" data-sitekey="mysitekey"></div>

Below is an example of the form

<form action="formnew.php" method="post" name="form" id="ff">
<label><span>Name*:</span><br>
<input type="name" placeholder="Please enter your name" name="name" id="name" required>
</label>
         
<label>
<span>Email*:</span><br>
<input type="email" placeholder="your...@gmail.com" name="email" id="email" required>
</label>
       
<label>
<span>Phone:</span><br>
<input type="phone_number" placeholder="Please enter your phone" name="phone_number" id="phone_number">
</label>
           
<span>Message*:</span><br>
<textarea name="message" rows="3" required id="message" placeholder="Please enter your message"></textarea>      
       
<div class="g-recaptcha" data-sitekey="mysitekey"></div>

            <input name="submit" type="submit" class="submit"  value="Send" />
 
    </form>

 But where below in my php form do I add the verfication code? Currently I can click send and the form will send without being verfied...

Please help..

Thanks Mark

<?php

        $email = $_POST['email'];

$after = "http://www.examplewebsite.co.uk/thankyou.htm";

$oops = "http://www.examplewebsite.co.uk/error.htm";

if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {

    exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");

    }

if( isset($_POST['submit'])) {

$recipient = "mye...@gmail.com";

    $title = "Contact Form";

   

$message .= "Name: {$_POST['name']} \n";

    $message .= "Email: {$_POST['email']} \n";

    $message .= "Phone Number: {$_POST['phone_number']} \n";

     $message .= "Their message: {$_POST['message']} \n";

    $headers .= "Reply-To: $email";

        $headers = "From: $email";

mail($recipient,$title,$message,$headers);

       echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$after\">";

       unset($_SESSION['security_code']);

    } else {

       echo "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=$oops\">";

}

?> 

[bgrantland]

You replace "mysitekey" in the following line of code with the site key or public key you got from Google. <div class="g-recaptcha" data-sitekey="mysitekey"></div>The secret key you got from Google goes in the php form on this line:
$secret='Google Secret Key';

I found this link very helpful.  http://www.9lessons.info/2014/12/google-new-recaptcha-using-php-are-you.html

Now could I ask you a question? It sounds like you have a php driven site too. Where did you put the html code that contains the site key?  I don't have any html pages. Do I create an index.html page as well as my index.php page?  I thought you couldn't use both.