How to Use ReCaptcha with PHP Comment Form Using Single Page Verification

Question

I have successfully used ReCaptcha in my email form, but my comments section keeps getting spammed so I wanted to use it there.

However, I'm not sure how to implement the validation code for reCaptcha.

My email form uses a second page to post the data, so it works out fine, but my comment form has all the php code for posting the form on the same page.

When I tried to put in reCaptcha's verification code the way I did it before, but with the posting code on the same page, it caused the whole page to go blank upon loading.

Error reporting says:

Notice: Undefined index: recaptcha_challenge_field in /_assets/commentBox/podcastHeader.php on line 36

Notice: Undefined index: recaptcha_response_field in /_assets/commentBox/podcastHeader.php on line 37

The reCAPTCHA wasn't entered correctly. Go back and try it again.(reCAPTCHA said: incorrect-captcha-sol)

So I guess it's trying to find the reCaptcha form right away and fails because nothing is filled out yet.

This is the relevant code I use for my form:

<?php
require_once('../../_assets/recaptchalib.php');
$privatekey = "xxxxxx ";
$resp = recaptcha_check_answer ($privatekey,
                            $_SERVER["REMOTE_ADDR"],
                            $_POST["recaptcha_challenge_field"],
                            $_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {
// What happens when the CAPTCHA was entered incorrectly
die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
     "(reCAPTCHA said: " . $resp->error . ")");
} else {
// Your code here to handle a successful verification
if (isset($_POST['submit'])) {
$required_fields = array("author", "body");
validate_presences($required_fields);

if (empty($errors)) {
    $author = mysql_prep($_POST['author']);
    $body = mysql_prep($_POST['body']); 
    $page_name = ($_POST['page_name']);
    $current_time = date("Y-m-d H-i-s");
    
    $query  = "INSERT INTO comments (";
    $query .= "  author, body, page_name, created";
    $query .= ") VALUES (";
    $query .= "  '{$author}', '{$body}', '{$page_name}', '{$current_time}'";
    $query .= ")";
    $result = mysqli_query($connection, $query);
    
    if ($result) {
        redirect_to("{$url}{$anchor}");
    } else {
            // Failure
            $_SESSION["message"] = "There was an error that prevented the comment from being saved.";
    }
}
} else {
    $author = "";
    $body = "";
}
}
$display_comments = find_comments();
?>

This is the comment form:

<div id="newComment">
    <h3 id="leaveComment">Leave a Comment!</h3>
    <?php echo message();  ?>
    <?php echo form_errors($errors); ?>
    <form action="<?php echo $url; ?>#comments" method="post">
    <input type="hidden" name="page_name" value="<?=$_SERVER['REQUEST_URI']?>" />
    <input type="text" name="author" placeholder="Nickname" value="<?php echo $author; ?>" /><br>
    <textarea name="body" style="margin-top:5px" cols="40" rows="8" placeholder="What's on your mind?"><?php echo $body; ?></textarea><br>
    
    <div style="margin-top: 6px">
        <?php
            require_once('../../_assets/recaptchalib.php');
            $publickey = "xxxxxx";
            echo recaptcha_get_html($publickey);
        ?>
    </span>
    <input type="submit" style="margin-top:10px" name="submit" value="Submit" />
        <span style="margin-left: 8px">
        <a href="#title">Return to top</a>
        </div>
</form>
 </div>

Answer 1

$resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);

This line checks the result immediately and since there was no check for POST data before, the page will die before doing anything.

Put the check inside the conditional:

if (isset($_POST['submit'])) {
    $resp = recaptcha_check_answer(...);
    if (!$resp->is_valid) {
        // Wrong captcha
    }
}