Google reCaptcha with php validation

Question

i'm trying to use reCaptcha v2.0 with php, in the server verification i use this code:

if(isset($_POST['Direccion_Email']) AND ($_POST['enviar'])) {
    if(isset($_POST['g-recaptcha-response'])){
    $mensaje_error = "";
    include 'config-formulario.php';
    require_once __DIR__ . '/recaptcha-master/src/autoload.php';
    $recaptcha = new \ReCaptcha\ReCaptcha($secret);
    $resp = $recaptcha->verify($_POST['g-recaptcha-response'], $_SERVER['REMOTE_ADDR']);
if (!$resp->isSuccess()) {
        $mensaje_error .= "Control Anti SPAM no es válido <br />";
        $errors = $resp->getErrorCodes();
    } else {
        //DO SOMETHING;
    }

But when i try to send a simple contact me form with name, email and comments, it's return this warnings:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /home/diego/www/systec/scripts/recaptcha-master/src/ReCaptcha/RequestMethod/Post.php on line 68

Warning: file_get_contents(): Failed to enable crypto in /home/diego/www/systec/scripts/recaptcha-master/src/ReCaptcha/RequestMethod/Post.php on line 68

Warning: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: operation failed in /home/diego/www/systec/scripts/recaptcha-master/src/ReCaptcha/RequestMethod/Post.php on line 68

I'm testing this on localhost.

Any suggestions.

Thanks.

those errors would probably go way on a shared host - maybe easier than adding the ssl cert bundles in to your code base — , Jun 08 '15 at 01:31
Based on `https://www.google.com` and `localhost`, you are probably mixing origins in a way that's disagreeable. You probably need to (1) create a local CA, and (2) issue a certificate for you local machine (and all the DNS names it uses, like `localhost`, `diego-dev`, `diego-dev.example.com` and `192.168.2.12`). Then load the [Google Internet Authority G2](https://pki.google.com/) and your CA in PHP to verify those certificates. — jww, Jun 08 '15 at 10:25
For step (1), see [How do you sign Certificate Signing Request with your Certification Authority?](http://stackoverflow.com/a/21340898/608639). For (2), see [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639). The latter also shows you how to create a signing request (as opposed to a self signed certificate). They are the same steps - the only thing that differs is the *lack* of the `-x509` option for a signing request. — jww, Jun 08 '15 at 10:27

score 1 · Answer 1 · answered May 14 '18 at 12:01

Change

$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");

To

$ch = curl_init("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$verify = curl_exec($ch);

score 0 · Accepted Answer · edited May 23 '17 at 12:00

0

The answer from @jww works form me:

For step (1), see How do you sign Certificate Signing Request with your Certification Authority?. For (2), see How to create a self-signed certificate with openssl?. The latter also shows you how to create a signing request (as opposed to a self signed certificate). They are the same steps - the only thing that differs is the lack of the -x509 option for a signing request.

edited May 23 '17 at 12:00

Community

1
1

answered Sep 11 '15 at 01:07

Diego

493
1
9
26

It does work for me on a server but not on localhost. Why? – Pathros Oct 15 '15 at 01:18
1

It gives you an error? if yes can you post the error? – Diego Oct 15 '15 at 03:34
The error is: `file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed` and on the same line (68). By now the only solution is to delete the cookie. – Pathros Nov 15 '15 at 00:31

Google reCaptcha with php validation

2 Answers2