Re: Recaptcha V2 hopefully made simple. Both HTML and PHP code included here

Martin I tried the same test (failing to select correct pics and then hitting submit) on my live site and it does indeed FAIL and tell me to retry the recaptcha. Are you convinced  yet?  I feel good enough about this to live my code up and running.DonnaOn Tuesday, July 14, 2015 at 1:35:25 PM UTC-7, Martin Brilliant wrote: Donna, It's my turn to thank you for making me revisit the code (which we both got independently from codeforgeek.com).I agree with you up to a point. Your test for (!$captcha) does correctly check whether it exists or not. When you echo $response you verify, as I did, that $response really has valid information as to whether the user did or did not complete the captcha correctly. So far, so good. But echo $response is only human-readable; it can't control what the code does next.What I want to know is, when your echo $response came back with false, missing input response, what did if($response.'success'==true) tell you? If that test failed, then you're OK. But for me, that test always succeeded, even when I clicked Submit without doing the captcha.BTW I submitted a later post in this thread that says if I first decode the JSON object, and then test the resulting associative array, I get a test that works.Anyway, that page on codeforgeek.com had a lot of disagreeing comments, some saying you have to json_decode(), others saying you don't. Apparently, for reasons I don't understand, different users can get different results with what looks like the same code. "Your mileage may vary." On Tuesday, July 14, 2015 at 1:14:56 PM UTC-4, Donna S wrote: I think I'm going to have to disagree with you about the code in my original post. Here's what I did to test it so you can try and recreate it. When I got to the recaptcha, I got the series of pictures but I picked the wrong photos intentionally, so it gave me a new set. While those new pics were up on the screen, I clicked the submit button and I got the error message to check the recaptcha. If I go back to the process routine and have it dump $captcha it in fact is null. So then I commented out the the code which checks for  !$captcha and let it fall through and execute the $response = file_get_contents("https ... andjust had it echo $response and here was what I got when I repeated the same test of not answering the pictures correctly:{ "success": false, "error-codes": [ "missing-input-response" ] }So I would say the code in fact works just fine. The HOWEVER I would put in there is if in fact you wanted to find out what the error code was (in my case I don't care), you could then use EXPLODE or some other code to go extract the error code.Again I don't take credit for this code as it was not in fact mine but I love the simplicity of it. Thanks for looking and making me look at the code closer. DonnaOn Monday, July 13, 2015 at 6:45:30 PM UTC-7, Martin Brilliant wrote: I looked on the web and I think I have a working test. Since $response is a JSON object, it should be decoded to an associative array, and then the appropriate element of the array should be tested. So we need, first,      $response = json_decode($response, true);and then the test should be      if($response['success'])With those changes, I got "You have been identified as a robot" when the secret key was wrong, and "Thanks for getting it right" after I restored the correct secret key.I'm waiting for somebody else to verify that this code is OK before I use it. Meanwhile I'm still using V1.BTW I got a new key pair for V2, different from the pair I was using for V1. I have a vague recollection that I tried the same code before, but using the same key pair as for V1, and it always tested false. If so, you need a new key pair for V2. But I could be mistaken.On Monday, July 13, 2015 at 9:14:24 PM UTC-4, Martin Brilliant wrote: How carefully did you test this code? I added some debugging statements, and then tested it by altering the secret key. The debugging showed false, but the test always succeeded. So, meanwhile, I'm still using V1.Here is my code (after getting the POST parameters and the $response to the file_get_contents statement):