Verify A Recaptcha V3 Token. - Gists · GitHub

Skip to content Search Gists Search Gists All gists Back to GitHub Sign in Sign up Sign in Sign up Dismiss alert {{ message }}

Instantly share code, notes, and snippets.

NachoToast/captcha.php Created April 27, 2021 06:43 Show Gist options

• Download ZIP

• Star 2 (2) You must be signed in to star a gist
• Fork 2 (2) You must be signed in to fork a gist

• Embed Select an option
  • Embed Embed this gist in your website.
  • Share Copy sharable link for this gist.
  • Clone via HTTPS Clone using the web URL.

  No results found

  Learn more about clone URLs Clone this repository at <script src="https://gist.github.com/NachoToast/f54bcf275a85b242a82d1a9f9e027321.js"></script>
• Save NachoToast/f54bcf275a85b242a82d1a9f9e027321 to your computer and use it in GitHub Desktop.

Code Revisions 1 Stars 2 Forks 2 Embed Select an option

• Embed Embed this gist in your website.
• Share Copy sharable link for this gist.
• Clone via HTTPS Clone using the web URL.

No results found

Learn more about clone URLs Clone this repository at <script src="https://gist.github.com/NachoToast/f54bcf275a85b242a82d1a9f9e027321.js"></script> Save NachoToast/f54bcf275a85b242a82d1a9f9e027321 to your computer and use it in GitHub Desktop. Download ZIP Verify a recaptcha v3 token. Raw captcha.php This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters

<?php

function verify_captcha($token) {

$threshold = 0.5; // Score must be > threshold to pass captcha.

// Default is 0.5, although the majority of users will get 0.9

$sites = ["localhost", "nachotoast.com", "ntgc.ddns.net"]; // Site names string, e.g. sub.domain.com:8080

$secret = "Put your client secret here.";

$url = "https://www.google.com/recaptcha/api/siteverify";

$data = array("secret" => $secret, "response" => $token);

$options = array(

"http" => array(

"header" => "Content-type: application/x-www-form-urlencoded\r\n",

"method" => "POST",

"content" => http_build_query($data)

)

);

$context = stream_context_create($options);

$response = file_get_contents($url, false, $context);

$response_keys = json_decode($response, true);

// error checks

if (isset($response_keys["error-codes"])) {

if (in_array("timeout-or-duplicate", $response_keys["error-codes"])) return "expired";

return $response_keys["error-codes"];

}

// success check (theoretically not needed due to above error checks)

if ($response_keys["success"] !== true) return "invalid-token";

// score check

if ($response_keys["score"] < $threshold) return "failed";

// hostname check

if (!in_array($response_keys["hostname"], $sites)) return "wrong-site";

// action check

if ($response_keys["action"] !== "submit") return "wrong-action";

return true;

}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment You can’t perform that action at this time.