2

Hi currently i have implemented recaptcha v2 in my php website and everything is working fine. I have added 2 text box where I can insert site key and secret key. But the problem is even the keys are wrong still recaptcha is showing and for wrong keys recaptcha v2 always fail.

  1. So I want to know, how can I verify site key and secret key of a website is correct or not via code ?

  2. Also is there any way I can know the recaptcha is working or not via code ?

I have read this documentation but there is no ReCaptchaResponse for site key and secret key is wrong .

Example of wrong keys

Actual keys

Site Key: 7LeAbKcdAAAAAOezcfoFK-tekV_H2V0IzTy5rUn-

secret Key: 7LeAbKcdAAAAAMfyCxR7teg5VzB1Am5Q1jk_I6Tb

Wrong keys

Site Key: 7LeAbKcdAAAAAOezcfoFK-tekV_H2V0IzTy5rUn-

secret Key: 7LeAbKcdAAAAAMfyCxR7teg5VzB1Am6Q1jk_I6Tb

Here in wrong keys, i just changed one number but still the recaptcha keep showing . Actually if the site key and secret key is wrong then it should not display.

I have seen this link and it is very helpful. But for my case even if both site key and secret key is correct i am getting ERROR for site owner: Invalid domain for site key

Please help to find a solution.

Improve this question

2 Answers 2

Reset to default
0

Google does not provide methods to verify site keys or secret keys. You should make sure your secret key and the site key match each other before entering.

Improve this answer
1
  • 2
    Thank you . I think so. But if i make a solution where user need to enter their site key and secret key and if they enter wrong key i need to notify that your keys are in correct. I am looking for a solution for this.
    – Abilash Erikson
    Commented Feb 21, 2022 at 7:02
0

There's an answer to this where we can verify the recaptcha on the server side (https://stackoverflow.com/a/27439796/7275579)


<?php
    $captcha;

    if(isset($_POST['g-recaptcha-response']))
        $captcha=$_POST['g-recaptcha-response'];

    if(!$captcha){
        echo '<h2>Please check the the captcha form.</h2>';
        exit;
    }

    $response = json_decode(file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=SECRET_KEY&response=".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']), true);

    if($response['success'] == false)
    {
        echo 'Invalid';
    }
    else
    {
        // Proceed
    }

Also make sure to encode the captcha using urlencode

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.