It’s right that spamming can be a huge problem. But you can prevent your site from being spammed by following several solutions such as giving the visitor a captcha field to fill in order to verify if he is human. Or by blocking the IP of the spammer with php if you know their IP. Today I will show you how to get started with reCAPTCHA. “reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows. Check out our paper in Science about it”.

Demo | Download

1. Go To reCaptcha.net

Now click on “use reCAPTCHA on your site” and follow the registration steps. Once you are done, click on “My Account” in the left menu. a button appears.

Click on it and add your website. When you finish, you will be redirected to a page contains your “Public Key” and your “Private Key”. keep in your mind that your Private Key is must be kept as secret, so don’t share it with everyone. Also you need to have a key for every website. No matter if it is a sub-domain.

2. Download The Required Files

You have to download the required files to make reCaptcha works on your website.Here is a direct link. You have just to upload them to your website via FTP.

3. Implement The Code With Your Script

<?php

// call the lib..
require_once('recaptchalib.php');

// Get a key from http://recaptcha.net/api/getkey
$publickey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

# was there a reCAPTCHA response?
if ($_POST["submit"]) {
    $response = recaptcha_check_answer($privatekey,
	    $_SERVER["REMOTE_ADDR"],
	    $_POST["recaptcha_challenge_field"],
	    $_POST["recaptcha_response_field"]);

        if ($response->is_valid) {
                echo "Yes, that was correct!";
        } else {
                # set the error code so that we can display it
		echo "Eh, That wasn't right. Try Again.";

        }
}
?>

<form action="index.php" method="post">
<?php echo recaptcha_get_html($publickey, $error); ?>
<input style="width: 317px" type="submit" value="submit" name="submit"/>
</form>

Let’s Explain the code.

require_once(‘recaptchalib.php’);

As you can see I called the “recaptchalib.php” which i downloaded it from reCaptcha.net this is the only file we need to make the script works.

// Get a key from http://recaptcha.net/api/getkey
$publickey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$privatekey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";

Now replace the XXX with your keys from reCaptcha.net

<form action="index.php" method="post">
<?php echo recaptcha_get_html($publickey, $error); ?>
<input type="submit" value="submit" name="submit"/>
</form>

In this form i have set the action to index.php which is the same file we are working with. and the method is set to ‘post’. To get the reCaptcha box you have to call the function recaptcha_get_html() and as you can see it calls the $publickey which is important. The $error isn’t necessary here.

# was there a reCAPTCHA response?
if ($_POST["submit"]) {
    $response = recaptcha_check_answer($privatekey,
	    $_SERVER["REMOTE_ADDR"],
	    $_POST["recaptcha_challenge_field"],
	    $_POST["recaptcha_response_field"]);

        if ($response->is_valid) {
                echo "Yes, that was correct!";
        } else {
                # set the error code so that we can display it
		echo "Eh, That wasn't right. Try Again.";
        }
}

Now we make sure that $_POST["submit"] is not empty. if so, recaptcha_check_answer() is going to do the job. it accepts 4 parameters which are:

$privatekey – Your Private key.
$_SERVER["REMOTE_ADDR"] – The visitors IP Address.
$_POST["recaptcha_challenge_field"] – a hidden reCaptcha input.
$_POST["recaptcha_response_field"] – The returned value from the reCaptcha’s input box.

And then we use $response->is_valid to verify if the entered Captcha is right or wrong. That’s all for this tutorial, leave your comment for any suggestions.

Demo | Download