Reputation: 21
Recaptcha Error Code - Verification Error/Setup
I am very much a novice when it comes to adding Recaptcha but have a site that is needing it due to bots spamming the contact form. I have it installed on the form and that looks fine with the checkbox and submit button working.
However, I do not understand the server side verification and what it is asking me to do.
I need someone to help me understand what needs to be done to verify on the backend so that this works and the form stops spamming every couple of min.
For step 2, verification it says to do this:
- Create the request body and save it in a file named request.json . Be sure to make the following replacements:
TOKEN: The token returned from the grecaptcha.enterprise.execute() call.
USER_ACTION: Optional. The user-initiated action specified in the grecaptcha.enterprise.execute() call. Learn more about actions
{ "event": { "token": "TOKEN", "expectedAction": "USER_ACTION", "siteKey": "6LeMq2cqAAAAAPBeXXbtOmywRCm19nqtiVNjsM4f", } }2. Send an HTTP POST request with the saved JSON data to the url below. Be sure to make the following replacements:
API_KEY: The API key associated with the current project. Learn more about authenticating with API keys .https://recaptchaenterprise.googleapis.com/v1/projects/my-project-5516-1729255665478/assessments?key=API_KEYReview: Trigger an event to run reCAPTCHA and confirm that your frontend and backend are configured correctly. Note that it can take a few minutes after your site requests a score for activity to start appearing in the Overview tab.
I created a file and uploaded it into my server called request.json that looks like this...
{
"event": {
"token": "SUBMIT",
"expectedAction": "USER_ACTION",
"siteKey": "6LeMq2cqAAAAAK0KBDOjvRmBDkTTZIlw-XqtGrfL",
}
}
I have no clue what "Send an HTTP POST request means" but went to Postman.com and put in this url with the secret key
https://www.google.com/recaptcha/api/siteverify?secret="put in my secret key"&response=
and it gave me back this response
{
"success": false,
"error-codes": [
"invalid-input-response"
]
}
It does say:
200 OK Request successful. The server has responded as required.
However, spam keeps pouring in, so I am sure nothing is right with what I am doing to get this set up on the server side. I literally have no idea what to enter there or the proper way to get it set there. Looking at the instructions and it doesn't make sense to me.
Any help is appreciated.
This is also a very old ExpressionEngine site, running on version 1.7.1.
UPDATE:
Found this file in my root on the server titled, "vendor_autoload.php". I don't know what any of this means in here, so help is appreciated.
<?php
require 'vendor/autoload.php';
// Include Google Cloud dependencies using Composer
use Google\Cloud\RecaptchaEnterprise\V1\RecaptchaEnterpriseServiceClient;
use Google\Cloud\RecaptchaEnterprise\V1\Event;
use Google\Cloud\RecaptchaEnterprise\V1\Assessment;
use Google\Cloud\RecaptchaEnterprise\V1\TokenProperties\InvalidReason;
/**
* Create an assessment to analyze the risk of a UI action.
* @param string $recaptchaKey The reCAPTCHA key associated with the site/app
* @param string $token The generated token obtained from the client.
* @param string $project Your Google Cloud Project ID.
* @param string $action Action name corresponding to the token.
*/
function create_assessment(
string $recaptchaKey,
string $token,
string $project,
string $action
): void {
// Create the reCAPTCHA client.
// TODO: Cache the client generation code (recommended) or call client.close() before exiting the method.
$client = new RecaptchaEnterpriseServiceClient();
$projectName = $client->projectName($project);
// Set the properties of the event to be tracked.
$event = (new Event())
->setSiteKey($recaptchaKey)
->setToken($token);
// Build the assessment request.
$assessment = (new Assessment())
->setEvent($event);
try {
$response = $client->createAssessment(
$projectName,
$assessment
);
// Check if the token is valid.
if ($response->getTokenProperties()->getValid() == false) {
printf('The CreateAssessment() call failed because the token was invalid for the following reason: ');
printf(InvalidReason::name($response->getTokenProperties()->getInvalidReason()));
return;
}
// Check if the expected action was executed.
if ($response->getTokenProperties()->getAction() == $action) {
// Get the risk score and the reason(s).
// For more information on interpreting the assessment, see:
// https://cloud.google.com/recaptcha-enterprise/docs/interpret-assessment
printf('The score for the protection action is:');
printf($response->getRiskAnalysis()->getScore());
} else {
printf('The action attribute in your reCAPTCHA tag does not match the action you are expecting to score');
}
} catch (exception $e) {
printf('CreateAssessment() call failed with the following error: ');
printf($e);
}
}
// TODO: Replace the token and reCAPTCHA action variables before running the sample.
create_assessment(
'6LeMq2cqAAAAAPBeXXbtOmywRCm19nqtiVNjsM4f',
'YOUR_USER_RESPONSE_TOKEN',
'my-project-5516-1729255665478',
'YOUR_RECAPTCHA_ACTION'
);
?>
Upvotes: 2
Views: 163
Answers (0)
Related Questions
- Recaptcha secret key, where is it in my Google Cloud Recaptcha account?
- reCAPTCHA - error-codes: 'missing-input-response', 'missing-input-secret' when verifying user's response (missing details on POST)
- Using reCAPTCHA on localhost
- Error: No reCAPTCHA clients exist (reCAPTCHA v3)
- Will enabling additional features from Google in ReCAPTCHA Enterprise affect the site-verify response?
- Cloud Armor + Recaptcha with domain validation
- ReCaptcha Request contains an invalid argument