We help IT Professionals succeed at work.

I'm a Human captcha checkbox

Richard Korts
on
242 Views
Last Modified: 2017-03-25
How do I see the code to implement this?
Comment
Watch Question

Tahir QureshiSystem Analyst

Commented:
This is a beta API for reCAPTCHA. I gather this from the source of their JS API: https://www.google.com/recaptcha/api.js referencing "API2". And I also found this: http://jaswsinc.com/recaptcha-ads/ Apparently they did an invite-only beta of their "no CAPTCHA reCAPTCHA" So.... You probably won't be able to make it work on your site, yet. I can't find any information on opting into the beta, but if you search for "No CAPTCHA reCAPTCHA beta" you can see a number of people that have mentioned getting the email from Google for them to join.
Tahir QureshiSystem Analyst

Commented:
IMPORTANT EDIT Google introduced the new reCAPTCHA

Google Online Security blog: Are you a robot? Introducing “No CAPTCHA reCAPTCHA”
Google reCAPTCHA: Introducing the new reCAPTCHA!
Phil PhillipsLead Platform Engineer
CERTIFIED EXPERT

Commented:
It sounds like you are talking about Google's reCAPTCHA.

You can read more and sign up for it here: https://www.google.com/recaptcha/intro/
The developer docs are here: https://developers.google.com/recaptcha/intro
More specifically, code examples can be found here: https://developers.google.com/recaptcha/docs/display

They actually have a new version of it that just came out - invisible to users. So keep that in mind too when looking through the docs.
Richard KortsBusiness Owner / Chief Developer

Author

Commented:
Tahir Qureshi

Does not tell implementation details. Says this:

When your users submit the form where you integrated reCAPTCHA, you'll get as part of the payload a string with the name "g-recaptcha-response". In order to check whether Google has verified that user, send a POST request with these parameters:
URL: https://www.google.com/recaptcha/api/siteverify
secret (required)      6LdhSxoUAAAAAJjGNd21boVS-5Ye_STkHR2v156u
response (required)      The value of 'g-recaptcha-response'.
remoteip      The end user's ip address.
The reCAPTCHA documentation site describes more details and advanced configurations.

I'm interpreting this to mean I will get something back when I post the form? What? Where? How?

All all things Google, too complex.
Phil PhillipsLead Platform Engineer
CERTIFIED EXPERT

Commented:
When you add reCAPTCHA to a form, the code will include a parameter named 'g-recaptcha-response' when the user submits the form to your site.  As part of the backend code that processes the form response, you will need to read the value of 'g-recaptcha-response' and then use that to verify the user with Google (via the POST request you included in your comment).
Phil PhillipsLead Platform Engineer
CERTIFIED EXPERT

Commented:
If you let us know what language you're using to handle the backend, we could probably find some examples for you.
Richard KortsBusiness Owner / Chief Developer

Author

Commented:
Phil Phillips,

I get that; how do I get back to MY code afterwards?

Richard
Richard KortsBusiness Owner / Chief Developer

Author

Commented:
php
CERTIFIED EXPERT
Most Valuable Expert 2017
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Fixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
CERTIFIED EXPERT
Most Valuable Expert 2017
Distinguished Expert 2019

Commented:
I do not like captcha's - I prefer the honeypot - although I use a random field name either from a list of field names or I use a form array name="data[]" so that a search for the field name is made more difficult (the honeypot is then randomly placed in the order of fields and the position recorded on the server so it knows which field to look for). I then hide the field using techniques that don't involve display: none or visbility: none and again use random methods as to where the field is "hidden".

Not foolproof but enough to get around most of the bots and isn't an eyesore. So far has been very effective.

If you have a site that has great value to a "robot" then you will need a human proving method - the ugliness of the captcha / (What... is the air-speed velocity of an unladen swallow?) approach is acceptable in relation to the value of keeping a bot out.
Richard KortsBusiness Owner / Chief Developer

Author

Commented:
Thanks, I appreciate Julian's comments. I will look at Ray's article, seems like he's into EVERYTHING php.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions