Please please help. Can submit form without clicking on "I'm not a robot"

[taz...@gmail.com]

Please tell me what I did wrong. I've limited my site and secret keys on purpose.  Hopefully, I have explained enough.  Thank you for any assistance.

 I have this code before the </head>

<script src='https://www.google.com/recaptcha/api.js'></script>

I have this code for the widget. Just before the </form>

<div class="g-recaptcha" data-sitekey="6.......UbdPAZ"></div>

At the end of the html page, I have this code after the end of </html>

<?php

  
    if($_SERVER["REQUEST_METHOD"] === "POST")
    {
        //form submitted

        //check if other form details are correct

        //verify captcha
        $recaptcha_secret = "";
        $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$6L.....eC."&response=".$_POST['g-recaptcha-response']);
        $response = json_decode($response, true);
        if($response["success"] === true)
        {
            echo "Requested Submitted Successfully";
        }
        else
        {
            echo "You are a robot";
        }
    }

This data entered on the form passes to a PHP page,  the customer is then sent to a thankyou.html page.

[Seth Munroe]

The code that you put after the end of your html should actually be on the page that receives the form data. The validation has to happen after the form is submitted.

-Seth