Link to home
Start Free TrialLog in
Avatar of Richard Korts
Richard KortsFlag for United States of America

asked on

I'm a Human captcha checkbox

How do I see the code to implement this?
Avatar of Tahir Qureshi
Tahir Qureshi
Flag of Australia image

This is a beta API for reCAPTCHA. I gather this from the source of their JS API: referencing "API2". And I also found this: Apparently they did an invite-only beta of their "no CAPTCHA reCAPTCHA" So.... You probably won't be able to make it work on your site, yet. I can't find any information on opting into the beta, but if you search for "No CAPTCHA reCAPTCHA beta" you can see a number of people that have mentioned getting the email from Google for them to join.
IMPORTANT EDIT Google introduced the new reCAPTCHA

Google Online Security blog: Are you a robot? Introducing “No CAPTCHA reCAPTCHA”
Google reCAPTCHA: Introducing the new reCAPTCHA!
Avatar of Phil Phillips
It sounds like you are talking about Google's reCAPTCHA.

You can read more and sign up for it here:
The developer docs are here:
More specifically, code examples can be found here:

They actually have a new version of it that just came out - invisible to users. So keep that in mind too when looking through the docs.
Avatar of Richard Korts


Tahir Qureshi

Does not tell implementation details. Says this:

When your users submit the form where you integrated reCAPTCHA, you'll get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a POST request with these parameters:
secret (required)      6LdhSxoUAAAAAJjGNd21boVS-5Ye_STkHR2v156u
response (required)      The value of 'g-recaptcha-response'.
remoteip      The end user's ip address.
The reCAPTCHA documentation site describes more details and advanced configurations.

I'm interpreting this to mean I will get something back when I post the form? What? Where? How?

All all things Google, too complex.
When you add reCAPTCHA to a form, the code will include a parameter named 'g-recaptcha-response' when the user submits the form to your site.  As part of the backend code that processes the form response, you will need to read the value of 'g-recaptcha-response' and then use that to verify the user with Google (via the POST request you included in your comment).
If you let us know what language you're using to handle the backend, we could probably find some examples for you.
Phil Phillips,

I get that; how do I get back to MY code afterwards?

Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I do not like captcha's - I prefer the honeypot - although I use a random field name either from a list of field names or I use a form array name="data[]" so that a search for the field name is made more difficult (the honeypot is then randomly placed in the order of fields and the position recorded on the server so it knows which field to look for). I then hide the field using techniques that don't involve display: none or visbility: none and again use random methods as to where the field is "hidden".

Not foolproof but enough to get around most of the bots and isn't an eyesore. So far has been very effective.

If you have a site that has great value to a "robot" then you will need a human proving method - the ugliness of the captcha / (What... is the air-speed velocity of an unladen swallow?) approach is acceptable in relation to the value of keeping a bot out.
Thanks, I appreciate Julian's comments. I will look at Ray's article, seems like he's into EVERYTHING php.