I'm trying to add Google reCaptcha V3 to a form, I searched about it and found some articles and some code snippets from another question.
It's not the one with a checkbox, It shows at the bottom right or the page.
Here is the HTML code:
<script src='https://www.google.com/recaptcha/api.js?render=My Website Key'></script>
</head>
The JS code:
<body>
<script>
//When page is loaded
$(document).ready(function() {
//When recaptcha is ready
grecaptcha.ready(function() {
grecaptcha.execute('The Website Key', {action: 'homepage'}).then(function(token) {
//Add token element at the end of the form
$('#mailForm').prepend('<input type="hidden" name="token" value="' + token + '">');
//Add action element at the end of the form
$('#mailForm').prepend('<input type="hidden" name="action" value="homepage">');
});
}); //Recaptcha ready
}); //Page is loaded
</script>
The form:
<form action='php/mail.php' method="post" id='mailForm' enctype='multipart/form-data'>
//Some inputs
</form>
The PHP code:
if(isset($_POST['g-recaptcha-response']) && !empty($_POST['g-recaptcha-response'])) {
$secret = 'My Secret Key';
//get verify response data
$verifyResponse = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret='.$secret.'&response='.$_POST['g-recaptcha-response']);
$responseData = json_decode($verifyResponse);
if($responseData->success){
//Send the mail
}else{
echo 'Please check reCaptcha';
}
}else{
echo 'Please check reCaptcha';
}
So the token is updated when the page is loaded, So if the user tries again for any reason, It won't work and he would get an error message.
So should I update the token when the user submits the form? Or that may lead to spam? Or what should I do in this case?