Created
February 1, 2026 06:42
-
-
Save opentechnologist/da4fc29de63c5cec7fd4eed5fb692c8c to your computer and use it in GitHub Desktop.
a simple php script to determine if recaptcha setup is working properly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Simple reCAPTCHA Setup Testing | |
| * Author: Mario Flores Rey II <mr3y2@yahoo.com> | |
| * | |
| * Minimal, pure-PHP script for testing a Google reCAPTCHA setup. | |
| * Compatible with PHP 5.6.40+. Remembers verification for N minutes. | |
| * Maximizes verification request that is currently at 10K usage cap. | |
| * | |
| * Limitation Notes: | |
| * - Not secure - all sensitive infos are embedded. | |
| * - Used for short term testing only - remove immediately when finished. | |
| * - Avoid production use at all cost. | |
| */ | |
| $verifyUrl = 'https://www.google.com/recaptcha/api/siteverify'; | |
| $siteKey = 'REPLACE_THIS_WITH_ACTUAL_RECAPTCHA_SITE_KEY'; | |
| $secretKey = 'REPLACE_THIS_WITH_ACTUAL_RECAPTCHA_SECRET_KEY'; | |
| $cookieName = 'captcha_verified'; | |
| $cookieExpiration = 300; // verified for 5 minutes | |
| $HmacSecret = 'REPLACE_THIS_WITH_A_VERY_LONG_STRING_OF_RANDOM_CHARACTERS'; | |
| $isVerified = false; | |
| $isSubmitted = $_SERVER['REQUEST_METHOD'] === 'POST'; | |
| $page = $_SERVER['REQUEST_URI']; | |
| if ($isSubmitted) { | |
| $response = isset($_POST['g-recaptcha-response']) ? $_POST['g-recaptcha-response'] : ''; | |
| $data = http_build_query([ | |
| 'secret' => $secretKey, | |
| 'response' => $response, | |
| 'remoteip' => $_SERVER['REMOTE_ADDR'], | |
| ]); | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_URL, $verifyUrl); | |
| curl_setopt($ch, CURLOPT_POST, true); | |
| curl_setopt($ch, CURLOPT_POSTFIELDS, $data); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); | |
| curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // local dev only | |
| $result = curl_exec($ch); | |
| if ($result === false) { | |
| print('<pre>'); | |
| print(sprintf('<a href="%s">Home</a>', $page));print(PHP_EOL); | |
| print('<hr/>'); | |
| var_dump($response);print(PHP_EOL); | |
| print(curl_errno($ch));print(PHP_EOL); | |
| print(curl_error($ch));print(PHP_EOL); | |
| print('</pre>'); | |
| die(); | |
| } else { | |
| $json = json_decode($result, true); | |
| if (isset($json['success']) && $json['success']) { | |
| $expiration = time() + $cookieExpiration; | |
| $payload = $expiration; | |
| $hmac = hash_hmac('sha256', $payload, $HmacSecret); | |
| $cookie = base64_encode($payload . ':' . $hmac); | |
| setcookie($cookieName, $cookie, $expiration, "/"); | |
| $isVerified = true; | |
| } | |
| } | |
| curl_close($ch); | |
| } elseif (isset($_COOKIE[$cookieName])) { | |
| $cookie = base64_decode($_COOKIE[$cookieName]); | |
| if ($cookie !== false) { | |
| list($payload, $hmac) = explode(':', $cookie); | |
| $expectedHmac = hash_hmac('sha256', $payload, $HmacSecret); | |
| if ($payload >= time() && hash_equals($expectedHmac, $hmac)) { | |
| $isVerified = true; | |
| } | |
| } | |
| } | |
| ?><!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Simple reCAPTCHA Demo</title> | |
| <script src="https://www.google.com/recaptcha/api.js" async defer></script> | |
| </head> | |
| <body> | |
| <a href="<?php echo $page; ?>">Home</a> | |
| <?php if ($isVerified): ?> | |
| <p>Congratulations, you are verified!</p> | |
| <?php else: ?> | |
| <?php if ($isSubmitted): ?> | |
| <p>Sorry, verification failed.</p> | |
| <?php endif; ?> | |
| <form method="post"> | |
| <div class="g-recaptcha" data-sitekey="<?php echo $siteKey; ?>"></div> | |
| <br/> | |
| <input type="submit"> | |
| </form> | |
| <?php endif; ?> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment