I'm trying to create a CAPTHCA for my forms on a website, but it always gives back "invalid-input-response".
I have the following front code for my form with captcha:
<script src="https://www.google.com/recaptcha/enterprise.js" async defer></script>
<script>
var onloadCallback = function() {
grecaptcha.enterprise.render('html_element', {
'sitekey' : '<?php echo G_RECAPTCHA_SITE_KEY?>',
'callback' : function(response) {
if(response){
// success
}
},
'theme' : 'dark'
});
};
</script>
<form>
...
<div id="html_element"></div>
</form>
<script src="https://www.google.com/recaptcha/enterprise.js?onload=onloadCallback&render=explicit" async defer></script>
End the backend side:
if(isset($_POST['g-recaptcha-response'])){
$captcha=$_POST['g-recaptcha-response'];
}
if(!$captcha){
// error
return false;
}
$secretKey = G_RECAPTCHA_SECRET_KEY;
// post request to server
$url = 'https://www.google.com/recaptcha/api/siteverify'
. '?secret=' . urlencode($secretKey)
. '&response=' . urlencode($captcha);
$response = file_get_contents($url);
$responseKeys = json_decode($response,true);
// should return JSON with success as true
if(!$responseKeys["success"]) {
var_dump($responseKeys);
}
and the output is:
array(2) { ["success"]=> bool(false) ["error-codes"]=> array(1) { [0]=> string(22) "invalid-input-response" } }
G_RECAPTCHA_SITE_KEY and G_RECAPTCHA_SECRET_KEY are defined correctly, i checked them several times.
Do you have any suggestions? Is there something wrong with the code, or is it maybe something wrong with how i set up my reCAPTCHA Enterprise account?
Thanks in advance!
https://www.google.com/recaptcha/api.js, but it should behttps://www.google.com/recaptcha/enterprise.js, according to cloud.google.com/recaptcha-enterprise/docs/instrument-web-pages