Recaptcha V2.0 always returns bool(false)

Question

I have a problem with Recaptcha V2.0 always returning false or bool(false). It feels like it doesn't validate through the right keys, but I have quadruple checked the domains I added and the keys I am using in my code. Maybe I've just done something wrong code wise.

The HTML form:

<form method="post" action="/php/emailCode.php">
        Your Name <label><input type="text" name="name"></label>
        <br/>
        Email Address <label><input type="text" name="email"></label>
        <br/>
        Message <label><textarea name="message"></textarea></label>
        <br />
        <div id="captcha" data-sitekey="xxxxxxxxxxxxxxxxxxxxxxx"></div>
        <br />
        <input id="submitButton" type="submit">
    </form>
    <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>

The PHP:

<?php
if(isset($_POST['g-recaptcha-response']) && $_POST['g-recaptcha-response']){
    $secret = "xxxxxxxxxxxxxxxxxx";
    $ip = $_SERVER['REMOTE_ADDR'];
    $captcha = $_POST['g-recaptcha-response'];
    $rsp  = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=" . $secret . "&response=" . $captcha . "&remoteip=" . $ip);

    var_dump($rsp);
    $arr = json_decode($rsp);
    if($arr->success === true){
        $EmailFrom = "example@example.com";
        $EmailTo = "example@gmail.com";
        $Subject = $_POST['email'];
        $Name = $_POST['name'];
        $Message = $_POST['message'];

        // prepare email body text
        $Body = "";
        $Body .= "Name: ";
        $Body .= $Name;
        $Body .= "\n";
        $Body .= "Message: ";
        $Body .= $Message;
        $Body .= "\n";

        // send email
        $success = mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>");
    }else{
        echo 'Failure';
    }

}

Also in the head I run this:

<script type="text/javascript">
    var onloadCallback = function() {
        grecaptcha.render('captcha', {
            'sitekey' : 'xxxxxxxxxxxxxxxxxxxxxx'
        });
    };
</script>

I literally have no clue why it would return false. Thank you for your help in advance!

json_decode doesn't give you true booleans, so === won't work as expected. — Jerry, Oct 28 '15 at 23:28
There is also a composer-installable library that looks easier than implementing this yourself https://github.com/google/recaptcha — user49438, Oct 28 '15 at 23:29
Jerry, thanks for that, but that doesn't explain why the response is always false — Anongnito, Oct 28 '15 at 23:31
user49438 That is true, but I am also doing this for learning purposes, thus why I kind of what to implement this myself. — Anongnito, Oct 28 '15 at 23:33
Can you please paste the contents of `var_dump($arr);` after `$arr = json_decode($rsp);` — skrilled, Oct 29 '15 at 00:12
@skrilled it's just NULL. I also did var_dump($captcha) and it gave me the nice long string like it should. — Anongnito, Oct 29 '15 at 00:17
It's been a long time, but for readers who are wondering why this doesn't work: it's because you're sending a `GET` request. You lack the stream context to support a `POST` request using the `file_get_contents` function. If you're wondering how to go about that, then [you can find your answer here](http://stackoverflow.com/questions/2445276/how-to-post-data-in-php-using-file-get-contents) — Ohgodwhy, Nov 23 '16 at 21:20

Combine · Answer 1 · 2016-04-02T07:35:56.893

In recaptcha you have two keys:

Site key Use this in the HTML code your site serves to users.

and

Secret key Use this for communication between your site and Google. Be sure to keep it a secret.

So in my case the problem was that for some reason I used one key for both the client and the server side which is wrong. You have one key for the html form (client side) (which is SITE KEY) and another for the server side. (which is SECRET KEY)

Go to https://www.google.com/recaptcha/admin#list and click your site and read "Adding reCAPTCHA to your site"

edit: in your client side :

  .
  ..
  ...
  <div id="captcha" data-sitekey="SITE KEY"></div>
  ...
  ..
  .

in your server side :

.
..
...
$secret = "SECRET KEY";
...
..
.

score 0 · Answer 2 · answered Nov 03 '16 at 09:33

  <?php include_once "recaptchalib.php";  ?> //library to be added
<form action='' method=''>
<input type="text" id="myphn" placeholder="Email/Username">
        <input type="Password" id="mypass" placeholder="Password">
        <div class="g-recaptcha" data-sitekey="6Ldd7AoUAAAAAGMNn1YkptZO7s9TY2xHe7nW45ma" id='recaptcha'></div>
//contains the key   
<input type='submit'>
</form>

 $response=$_POST['g-recaptcha-response']
    $secret = '6Ldd7AoUAAAAAGpSbJYqM9Tsh04NG_1vCPeRlFOe';

            $rsp=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=$secret&response=$response");
            $arr= json_decode($rsp,TRUE);
            if($arr['success'] == TRUE){
            //var_dump($rsp); die;
}else{ echo 'not done';
}

add library, required div, after posting the value will be in $_POST['g-recaptcha-response'] — vishal, Nov 03 '16 at 09:34

Recaptcha V2.0 always returns bool(false)

2 Answers2

So in my case the problem was that for some reason I used one key for both the client and the server side which is wrong. You have one key for the html form (client side) (which is SITE KEY) and another for the server side. (which is SECRET KEY)