Authentication using Google reCAPTCHA in PHP

In the modern online world, website security and user privacy protection have become increasingly important topics. Among them, the technical method of human-machine verification has become one of the indispensable ways to prevent malicious attacks. Google reCAPTCHA is a tool that is widely used for human-machine verification. Its concept has been deeply rooted in the hearts of the people, and its presence can even be seen on many websites we use every day. In this article, we will explore how to use Google reCAPTCHA for verification in PHP.

How Google reCAPTCHA works

Google reCAPTCHA was originally a human anti-bot computer program developed by a research team at Carnegie Mellon University, and was later acquired and improved by Google.

It works by presenting the user with a complex question containing text, images or audio and asking the user to answer the question, thereby identifying that a human rather than a robot is visiting the website. In addition, Google reCAPTCHA can also classify visitors into three levels: low risk, medium risk, and high risk based on factors such as user behavior patterns and browser fingerprints, thereby improving the accuracy of verification and preventing malicious attacks.

Using Google reCAPTCHA for verification in PHP

Before using Google reCAPTCHA for verification, we need to first download it from the official website of Google reCAPTCHA (https://www.google.com/recaptcha/about ) Apply for a reCAPTCHA Site Key and Secret Key. Site Key is used to display verification information on the user side, and Secret Key is used to verify the user's submitted information in the background. This information is necessary to use reCAPTCHA, and we need to keep it properly.

Next, we will focus on how to use Google reCAPTCHA for verification in PHP. Let's take a simple registration form as an example, which requires the user to enter a username, password and verification code to register. The specific steps are as follows:

1. Embed the JavaScript code of Google reCAPTCHA in HTML

<head>
    <script src="https://www.google.com/recaptcha/api.js" async defer></script>
</head>
<body>
    <form>
        <!--其他表单元素-->
        <div class="g-recaptcha" data-sitekey="在这里填入你的Site Key"></div>
        <button type="submit" name="submit">注册</button>
    </form>
</body>

The above code introduces the JavaScript file of Google reCAPTCHA and adds a The class is "g-recaptcha" and the data-sitekey attribute value is the div element of the Site Key we applied for on the reCAPTCHA official website. We embed this element into the form, so that when the user clicks the "Register" button, the verification function of Google reCAPTCHA will be triggered to complete the judgment of whether the user is a human.

2. Verify whether the verification code is correct

<?php
if(isset($_POST['submit'])){//当用户按下注册按钮
    $username = $_POST['username'];
    $password = $_POST['password'];
    $captcha = $_POST['g-recaptcha-response'];
    
    $url = "https://www.google.com/recaptcha/api/siteverify";//Google reCAPTCHA的工作URL
    $data = array(
        'secret' => '在这里填入你的Secret Key',
        'response' => $captcha
    );
    $options = array(
        'http' => array(
            'header' => "Content-type: application/x-www-form-urlencoded
",
            'method' => 'POST',
            'content' => http_build_query($data)
        )
    );
    $context = stream_context_create($options);
    $result = file_get_contents($url, false, $context);//向Google服务器发送POST请求

    $response = json_decode($result);//解码JSON响应
    if($response->success){//如果验证码正确
        //将用户信息插入数据库
    }
    else{
        echo "验证码出错，请检查输入";
    }
}
?>

In the above code, in the registered PHP processing script, we first obtain the user name, password, and reCAPTCHA verification code entered by the user. (i.e. $_POST['username'], $_POST['password'], and $_POST['g-recaptcha-response']), then Construct a POST request to the URL of Google reCAPTCHA, where the request data contains the Secret Key we applied for and the verification code submitted by the user.

Next, we use the file_get_contents() function to send a POST request to the Google reCAPTCHA server and decode the response. The return value of the response is a JSON format object, in which the success field indicates whether the user's verification code is correct. If the verification code is correct, the user information will be inserted into the database; otherwise, an error message will be output.

Conclusion

Google reCAPTCHA can provide security for the website simply and quickly. When we implement Google reCAPTCHA in the code, we only need a few lines of code to add powerful security to our website. Verification mechanism!

The above is the detailed content of Authentication using Google reCAPTCHA in PHP. For more information, please follow other related articles on the PHP Chinese website!