Still getting spam emails after installing reCaptcha v2 Checkbox

Question

I am using reCaptcha v2 ( Checkbox ) at form but still i am getting spam email.

Code that is i am using

in form page

    <script type="text/javascript">
  var onloadCallback = function() {
    grecaptcha.render('g-recaptcha', {
      'sitekey' : 'KEY'
    });
  };
</script>

in form to show recapth

<div class="form-group"><div id="g-recaptcha"></div></div>

and script file

<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit" async defer></script>

Here is server side code in php file

if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])){
    $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={KEY}&response=".$_POST['g-recaptcha-response']."&remoteip=".$_SERVER['REMOTE_ADDR']);
    $arr = json_decode($response,true);
    if(isset($arr['success'])){
    
/* here i am sending email using SMTP */

}else { /* error */ }
}else { /* error */ }

Now what to do next to stop spam ?

Answer 1

This is how I solved the problem: Add this code to your form

<input type="hidden" id="challenge" name="challenge" value="0">

Above the closing body tag, add this script :

<script>
  document.addEventListener("DOMContentLoaded", function () {
      document.getElementById("challenge").value = "passed";
      });
</script>`

In your php file add this code:

if (!isset($_POST["challenge"]) || $_POST["challenge"] !== "passed") {
    die("Bot detected! Submission rejected.");
}

Most bots will not run Javascript, so it will check the "hidden" input and cause a failed attempt.

Answer 2

isset means the property exists and not null. You should change your condition to:

isset($arr['success']) && $arr['success']