Re: Recaptcha V2 hopefully made simple. Both HTML and PHP code included here

Donna, you really taught me something. I kept saying things like "unless you want to parse it as a string" as though that were the last thing in the world you would want to do with it. Now it turns out that's the easiest thing to do with it!I agree with you about bouncing ideas. Ideas are maybe the only things that bounce higher with every bounce!On Friday, July 17, 2015 at 1:22:04 AM UTC-4, Donna S wrote: The STRPOS code actually works just fine. I don't check for "success" I check for 'false' but you can check for 'true' as well depending on how you want to proceed in your code. I'm absolutely certain doing the json_decode would work but this is just so much more simple. That's the wonderful thing about coding ... there are many ways to solve the same problem. I just think it's incredibly unfortunate that Google has not provided very clear coding examples that the non-coder can understand or at least follow. So many of us have obviously wasted hours searching for help that could be avoided by Google doing their job better.I usually work alone but I really enjoy opportunities to bounce ideas off others and get a different perspective. Thank you!On Thursday, July 16, 2015 at 5:07:57 PM UTC-7, kh99 wrote: Martin, What you wrote sounds right to me. I also saw your comment at codeforgeek.com. I also tried to leave a comment, but for some reason it wasn't posted (maybe they thought I was a spammer :) .  But I had said basically the same thing you said, so we'll see if the guy responds. By the way, I didn't see Donna's last post before responding. I think the strpos method also works. as long as the 'success' doesn't appear in an error message (and I can't see why it would). But it's easy enough to use json_decode() to get an array, and then you have access to the error messages, so I think that's a better method. I don't know if there is any way to make it an actual object, but it's not necessary. Also, I unfortunately made a typo in my previous post, and I misspelled g-recaptcha-response in the hidden input tag I suggested to use as a test, which would make the script fail. So if anyone actually wants to try that, make sure to add the missing 's' to 'g-recaptcha-reponse'. On Thursday, July 16, 2015 at 2:14:05 PM UTC-4, Martin Brilliant wrote: Thanks, kh99, for pointing out an issue I was staring at for weeks without seeing it. I was looking at that dot and thinking it was an object property pointer. It is in some languages, but not in PHP. The result of $response.'success' is a non-empty string, which will always evaluate to true.A correct PHP object property pointer won't work anyway. According to Google's documentation, $response is a JSON object. A JSON object in PHP is just a string, and in order to do anything sensible with it (other than parsing it as a string) you have to convert it to something else. A commenter on the codeforgeek.com page recommended converting it to an associative array, and that's what I did. I found another site that show how to convert it to a PHP object. But treating the JSON string as an object in PHP, without converting it, won't play.I must confess I don't know PHP. I'm trying to get along by using and adapting other people's code and rummaging around for explanations. I think what I just wrote makes sense.On Wednesday, July 15, 2015 at 1:16:00 AM UTC-4, kh99 wrote: Martin is right, I think. This line is a problem: if($response.'success'==true)   {  echo '

Thanks for posting comment.

';   } A '.' is string concatenation, so you're checking whatever string is in $response, with 'success' tacked on the end. The resulting string is always evaluating to true. If you want to verify this, try temporarily changing your html. Comment out the div like this: and insert this instead:

which will send "anything" as g-recaptcha-response, and you'll see that it succeeds, even though you have not even displayed a recaptcha widget.On Monday, July 13, 2015 at 3:19:16 PM UTC-4, Donna S wrote: I had been using ReCaptcha V1 for a number of years with no real problem. Figuring out how the heck to get V2 running became a nightmare. As much as anyone would like to think it's well documented, IT'S NOT unless you happen to be a master coder. These days I scrape by on coding, so having a very clear, simple and straight forward example would be wonderful. I found a lot of examples of people using Curl and other fun ways to implement this. All of those examples ended up with the stupid recaptcha always being SUCCESS : FALSE and I still don't understand why. Anyway, I do now having it working and hopefully someone can benefit from these short example files I'm attaching. I certainly don't claim to be a great coder, but this actually does work consistently.I happen to use sessions in my forms but code still works the same with or without session enabled.Here's the HTML (again, if you don't want sessions, eliminate the PHP line at the top and call your file cap_test.html). I got this code from codeforgeek so I definitely thank them so much!!CAP_TEST.PHP                 

Google reCAPTHA V2 Demo

   

     

     

      

          

 CAP_PROCESS.PHPPlease check the the captcha form.';              exit;           }// This gets the response and checks it for being true. If it is it prints thanks for posting the comment and exits.       $response = file_get_contents("http://bit.ly/1eXekEZ".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);if($response.'success'==true)   {  echo '

Thanks for posting comment.

';   }?>So this is fun for testing. In my real form, I don't really care whether they tried to bypass the captcha or if it failed for some reason, I'm still going to make them try again, so this is a small bit of the actual code I use in my PHP processing script:// Set errorflag variable to false so we'll assume this will run with no errors$_SESSION["errorflag"] = "false";// Now go check if the recaptcha was entered correctly// If $_POST['g-recaptcha-response'] is not set, that means the user hit submit without completing the recapcha and we'll send it backif(isset($_POST['g-recaptcha-response'])){ $captcha=$_POST['g-recaptcha-response']; }// So if $captcha was set, lets go see if it was successfull by getting the response and putting the answer into $responseif($captcha){$response=file_get_contents("http://bit.ly/1eXekEZ".$captcha."&remoteip=".$_SERVER['REMOTE_ADDR']);}// So now if either the $captcha was not set OR we did not get a success from recaptcha// we'll set the error flag to indicate that recaptcha was bad// and load the sanitized form data into session variables and go on back to the formif ((!$captcha) or ($response."success"==false)) {    $_SESSION["applocation"] = $applocation;    $_SESSION["firstname"] = $firstname; -- You received this message because you are subscribed to the Google Groups "reCAPTCHA" group. To unsubscribe from this group and stop receiving emails from it, send an email to recaptcha+unsubscribe@googlegroups.com. To post to this group, send email to recaptcha@googlegroups.com. Visit this group at http://bit.ly/1dkFnYd. For more options, visit http://bit.ly/P65DvS.