Recaptcha Error Code - Verification Error/Setup
Development and Programming
I am very much a novice when it comes to adding Recaptcha but have a site that is needing it due to bots spamming the contact form. I have it installed on the form and that looks fine with the checkbox and submit button working.
However, I do not understand the server side verification and what it is asking me to do.
I need someone to help me understand what needs to be done to verify on the backend so that this works and the form stops spamming every couple of min.
For step 2, verification it says to do this:
Create the request body and save it in a file named request.json . Be sure to make the following replacements: TOKEN: The token returned from the grecaptcha.enterprise.execute() call.
USER_ACTION: Optional. The user-initiated action specified in the grecaptcha.enterprise.execute() call. Learn more about actions
{ “event”: { “token”: “TOKEN”, “expectedAction”: “USER_ACTION”, “siteKey”: “6LeMq2cqAAAAAPBeXXbtOmywRCm19nqtiVNjsM4f”, } } 2. Send an HTTP POST request with the saved JSON data to the url below. Be sure to make the following replacements:
API_KEY: The API key associated with the current project. Learn more about authenticating with API keys .https://recaptchaenterprise.googleapis.com/v1/projects/my-project-5516-1729255665478/assessments?key=API_KEY Review: Trigger an event to run reCAPTCHA and confirm that your frontend and backend are configured correctly. Note that it can take a few minutes after your site requests a score for activity to start appearing in the Overview tab.
I created a file and uploaded it into my server called request.json that looks like this…
{ “event”: { “token”: “SUBMIT”, “expectedAction”: “USER_ACTION”, “siteKey”: “6LeMq2cqAAAAAK0KBDOjvRmBDkTTZIlw-XqtGrfL”, } } I have no clue what “Send an HTTP POST request means” but went to Postman.com and put in this url with the secret key
https://www.google.com/recaptcha/api/siteverify?secret=”put in my secret key”&response;=
and it gave me back this response
{ “success”: false, “error-codes”: [ “invalid-input-response” ] }
It does say:
200 OK Request successful. The server has responded as required.
However, spam keeps pouring in, so I am sure nothing is right with what I am doing to get this set up on the server side. I literally have no idea what to enter there or the proper way to get it set there. Looking at the instructions and it doesn’t make sense to me.
Any help is appreciated.
This is also a very old ExpressionEngine site, running on version 1.7.1.
Ah, I was about to explain that EE supports google reCaptcha natively. But not in 1.7.1.
My best advice- that site needs to be upgraded. I’m impressed it’s still running. EE v1 was super solid code for its time, but it runs on PHP and v1 isn’t compatible with modern versions of PHP. That’s why I’m impressed it’s running- most hosts don’t run versions of PHP that it would work on. Honestly, they shouldn’t be running versions of PHP it works on- there are security concerns with using really old software.
That said, upgrading from v1 is often difficult- it’s mostly going to be down to the add-ons. But also, modern EE isn’t going to run on the version of PHP the site is currently on. So even with no add-ons, you probably can’t just drop in a new version and update.
My very best advice is to either talk to your developer or reach out to a few of our Partners who specialize in upgrades. You seriously need to do this. If your host does upgrade PHP- which I can’t believe they haven’t- the site will just completely break. Plus there are a ton of security improvements in both EE and PHP that have happened since EE 1.7.1. That was released in 2011.
The code you’re showing is overly complicated. For your old ExpressionEngine site, you need a simple reCAPTCHA v2 implementation. Get a standard site key and secret key from Google, then use a basic PHP verification script to check the captcha response.