PHP Captcha implementation code?

day6
day6 used Ask the Experts™
on
I don't know PHP and a website I manage is a WordPress site which has a custom made contact form that is being brute force attacked. I know how to add a captcha in ColdFusion but don't know how to do that in PHP. Does anyone know how to add a captcha in PHP that would be easy for me to implement?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
https://www.google.com/recaptcha/intro/v3.html provides the starting point for using ReCAPTCHA V3.

Author

Commented:
I'm looking for a captcha code to insert into my existing PHP contact form. The ReCaptcha doesn't show how to insert it into my script so it shows the captcha at the bottom of my form or how to make sure it's properly placed. If someone has an existing form and results page showing how a captcha code works, that's what I need. I am not strong enough of a programmer to just read a website like google and figure things out.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
No relation to PHP. Well, you're inserting a line of Javascript into PHP.

https://codeforgeek.com/google-recaptcha-v3-tutorial/ provides a walk through of each individual step... and... you'll still have to be familiar with how to add a line of Javascript to your PHP file.
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Author

Commented:
I don't understand the point of reCaptcha v3 because there is no captcha visible on the form. I tried V2 and couldn't get the submission page to work right. It submitted my form but the reCaptcha never displayed anything except a check box... no images... no pics to checkbox... etc.

I simply want to have the code snippet to put in my form page and then the code on the page it's submitted to. The current page it submits to is in PHP and I don't understand how to integrate the sample code into a page that already has PHP validating the form data. I understand the Captcha needs to be validated that the user entered or filled out the test captcha properly. Is there not just a simple <script> I can put in the head of the form page and a captcha field in the form and then a simple PHP snippet that checks the captcha field for the right info?

I can do this in Cold Fusion just fine, but am just not understanding Google's captcha V3 since it gives no visible field.
contact form that is being brute force attacked

That's why I don't use them :\

Here's a PHP CAPTCHA tutorial that will walk you through development start to finish -
https://code.tutsplus.com/tutorials/build-your-own-captcha-and-contact-form-in-php--net-5362

Alternately, have you looked at the WordPress CAPTCHA plugins?? -- https://wordpress.org/plugins/search/captcha/

I'd have to image they'd make implementation easier for you


Ken
Terry WoodsIT Guru
Most Valuable Expert 2011

Commented:
Would it be easy to rebuild the contact form using a plugin like the "Contact Form 7" plugin? That has ReCAPTCHA v3 built in. It doesn't take very long to build a contact form with that. Or is the contact form one that would be slow to rebuild or has unusual behaviour?

The ReCAPTCHA v3 works without a visible test because it needs a script snippet added to every page in the site (v2 only requires the script added to a single page). Essentially, the behaviour of the user throughout the whole website helps Google determine whether the user is behaving like a human or a bot.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You said, "I don't understand the point of reCaptcha v3 because there is no captcha visible on the form."

This is correct.

Anything that slows user interaction, reduces conversions.

reCaptcha v3 is a non-intrusive CAPTCHA, meaning there is no human interaction (highest conversions) + better ability to catch/block bots than reCaptcha v2.

The entire point of reCaptcha v3 is non-intrusive function.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
If you're trying to build a form from scratch (you don't have a form yet), then follow the suggestion made by @Terry to use Contact Form 7.

If you prefer a paid solution, Gravity Forms is a great option too.

Author

Commented:
The issue is that the form can't be within the WordPress normal hierarchy because it was specially coded and made to have the results sent to a CRM API. That's why this is so annoying. It's outside the normal WordPress admin and just done in straight PHP. I wanted to just use the Plug In but it won't work on this form.

I'll look at the suggested alternative Captcha process.

Author

Commented:
I just need to find a PHP expert who I can hire to do what I need to fix this issue. There's essentially three pages involved in my registration page.

The registration page itself that has the form.
The form submission page that validates the form data and the captcha and creates whatever error handling messages to the user.
Another page that submits the data to our CRM software API (created in PHP).

Does anyone have the name of a PHP coder I could pay to handle this for me?
Terry WoodsIT Guru
Most Valuable Expert 2011

Commented:
I've pm'ed you, in case I can help with the coding.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
1) The issue is that the form can't be within the WordPress normal hierarchy...

Then you'll just create a directory (mkdir path) + create custom PHP.

2) I just need to find a PHP expert who I can hire to do what I need to fix this issue.

Be in touch with @Terry to do this work for you, on contract.
Commented:
Unfortunately my request for a simple PHP script wasn't met in this post. Pointing to external site tutorials was not my goal. I wanted a solution for a Captcha code posted here, not a tutorial I'd have to read through in PHP which I don't understand... as was posted. I ended up hiring a person to do the job for me. It was custom coded so I don't know what code to even post and it wouldn't be fair to them to post what they programmed since they make money from their code.
Terry WoodsIT Guru
Most Valuable Expert 2011

Commented:
It is unfortunate we couldn't help you further through this question, but also quite expected given the substantial complexity of the required solution.  When I implemented v3 ReCAPTCHA on a custom form for the first time, it took about 4 or 5 hrs to resolve the issues. Glad you got it solved.

Author

Commented:
I appreciate the suggestions and wish my strength in PHP was good enough to have run with them without needing assistance.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
What you're asking is for someone to write your code for you.

This is fine + likely most people will require you engage their services on an hourly basis for this type of work.

You may think slapping together some PHP code is simple. This is rarely the case.

The reason I suggested you enhance your current PHP skills is so you can more quickly implement projects like this.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial