Google Recaptcha v3 Not working

[amirelgohary1990]

Hello

I am receiving a huge amount of spam emails, now I am trying to implement Google Recaptcha V3 in my custom PHP From,

I implemented all the steps for G-Recaptcha,
but I receive error invalid-input-secret

And I am sure that the secret code shout be copied right

 

I added the below to the head tag

<script src="https://www.google.com/recaptcha/api.js?render=6LfyPF0pAAAAAHLxp3315RTN7jrRvBe6kLdHGAiT"></script>
<script>
  grecaptcha.ready(function() {
    grecaptcha.execute('6LfyPF0pAAAAAHLxp3315RTN7jrRvBe6kLdHGAiT', {action: 'submit'}).then(function(token) {
      let recaptchaResponse = document.getElementById("recaptchaResponse");
      console.log(recaptchaResponse);
      recaptchaResponse.value = token;
    });
  });
</script>

 

Then added hidden input before the submit button in the Form

<input type="hidden" name="recaptcha_response" id="recaptchaResponse"> 
<input class="contactInput no-border cursorPointer buttonStyle" name="submitContact" value="Submit" type="submit">

And finally, I implemented the PHP code

 

if(isset($_POST['submitContact']) && $_SERVER['REQUEST_METHOD'] == 'POST'){
     $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
     $recaptcha_secret = '6LfyPF0pAAAAAEsS5lfN_WL3wKHh1XfGo0oE_PYU';
     $recaptcha_response = $_POST['recaptcha_response'];
     $recaptcha = file_get_contents($recaptcha_url."?secret=".$recaptcha_secret."?response=".$recaptcha_response);
     $recaptcha = json_decode($recaptcha);
     if($recaptcha->success ==true){
         if($recaptcha->score >= 0.5){
            echo "Recaptcha Success";
         }else{
             echo"<pre>";
             print_r("Recaptcha Not Verified");
             echo"</pre>";
         }
     }else{
         echo"<pre>";
         print_r($recaptcha);
         echo"</pre>";
     }
}

 

But receiving the below error

stdClass Object ( [success] => [error-codes] => Array ( [0] => invalid-input-secret ) )

Edited January 26 by amirelgohary1990
Removed " and added ' in recaptcha url

[requinix]

1. Thank you for posting your reCAPTCHA secret to a public forum. Please cancel it and generate a new one immediately. And then don't publish it anywhere.
2. The URL you're constructing has two problems, but they're irrelevant because:
3. Per the documentation, you need to send a POST request to /siteverify. Not a GET request. Which typically means using cURL.

If you still have problems, remember to post your updated code.

[amirelgohary1990]

6 hours ago, requinix said:

1. Thank you for posting your reCAPTCHA secret to a public forum. Please cancel it and generate a new one immediately. And then don't publish it anywhere.
2. The URL you're constructing has two problems, but they're irrelevant because:
3. Per the documentation, you need to send a POST request to /siteverify. Not a GET request. Which typically means using cURL.

If you still have problems, remember to post your updated code.

Hello
This secret code will not be published into the live site, just a test copy

The below code worked with me

if(isset($_POST['submitContact']) && $_SERVER['REQUEST_METHOD'] == 'POST'){
   $postdata = http_build_query(["secret"=>"6LfyPF0pAAAAAEsS5lfN_WL3wKHh1XfGo0oE_PYU","response"=>$recaptcha_response]);
    $opts = ['http' =>
        [
            'method'  => 'POST',
            'header'  => 'Content-type: application/x-www-form-urlencoded',
            'content' => $postdata
        ]
    ];
    $context  = stream_context_create($opts);
    $result = file_get_contents('https://www.google.com/recaptcha/api/siteverify', false, $context);
    $recaptcha = json_decode($result);
     if($recaptcha->success ==true){
         if($recaptcha->score >= 0.5){
            echo "Recaptcha Success";
         }else{
             echo"<pre>";
             print_r("Recaptcha Not Verified");
             echo"</pre>";
         }
     }else{
         echo"<pre>";
         print_r($recaptcha);
         echo"</pre>";
     }