Integrating Google’s reCaptcha in CodeIgniter’s form validation – the callback way

Created at: April 22, 2015; Last update: April 22, 2015

Well, it’s that time when someone is bombarding you with spam or, who knows, is trying to look for vulnerabilities by filling your site’s form with all sorts of garbage strings. And then the whole Earth falls on you. What to do then?

Captcha image. Simple. There is already a great tutorial about integrating Google’s new reCaptcha system using PHP on 9lessons.info (by the way, that one is a great tutorial site. I sure hope Srinivas Tamada won’t mind if I’ll use a big part of his tutorial on this, including the images…).

So let’s integrate a captcha system into our CodeIgniter application too. How do we do that?

First, let’s get ourselves set up.

Get a (or two…) reCaptcha Key(s)

You first need to have the security keys that will help with the communication between your application and Google’s service.

So go here: https://www.google.com/recaptcha/intro/index.html

…and push the “Get reCAPTCHA” button (I hope you are already logged into Google).

Now you only have to register your website…

1

And you will receive a Google Site Key, which will be used for the form:

2
…and a Google Secret key which will be used for communicating with Google:

3

The form

Now, let’s start by creating the form. In here I will create a bare page, so please don’t jump over me because I’ve not set some “important” html tags. We create a new file named form_view.php inside the views directory:

As you can see, in the head of the page we’ve introduced the api.js script, which will retrieve the captcha zone.

Also, inside the form we’ve introduced the div which is a placeholder for the captcha zone, having “data-sitekey” equal to the Google Site Key, you’ve received.

After this let’s go to our controller and verify if the visitor respected our form validation rules. If he/she did we will act accordingly:

But what about the captcha field? Where is it? Don’t we have to validate that? Of course we have to. That’s the point of this tutorial. But how do we do it.

Validate captcha with a callback

The fastest way would be to create a callback. So let’s just do this. According to the CodeIgniter manual, to create a callback function is pretty simple. We prepend the validation rule with “callback_” string, and create a function (method) with that rule as name. So our controller would now look like this:

As you can see we’ve set an error message named recaptcha, so let’s change the form_view.php too, so that it will echo the error in case there is one.

Ok… so if we fill nothing in the form we will get both errors. All is well… Now let’s just work on our recaptcha() method so that it will verify with Google if the visitor is a robot or not.

OK… Let’s review our code. Why did I give an empty string as fallback for my method? Because I don’t really care what I get, as long as I pass it to Google service. Using curl we can retrieve the result of the CAPTCHA test. If there’s a $res[‘success’] in the response, then that means that the visitor passed the test. If not, then we send the error message.

Let’s see our controller again:

Now let’s look again at our form_view.php:

All done. Hope you enjoyed it.

17 thoughts on “Integrating Google’s reCaptcha in CodeIgniter’s form validation – the callback way

  1. Wouter

    Awesome! I’m gonna give it a try on my own website, which is built with CodeIgniter.
    Love all your tutorials by the way. Very clearly explained. Very useful.

    Reply
  2. Stephen

    Hi,

    Thanks so much for this brilliant article. I have tried it on a linux machine and it works like a charm (CI 3.01).
    However when i host the same on a windows machine (still localhost), It fails. When I var_dump Sres after curl_exec() it says bool (False) and $res after json_decode() is NULL.

    I have curl enabled in php.ini.

    What could be the problem?

    Thanks.

    Reply
    1. avenirer Post author

      Hello. All I can tell you is about the problem I’ve faced (and couldn’t solve…). I also have a localhost on a windows machine and, even though the curl is enabled, it doesn’t work, because (being my work computer…), everything goes through a proxy which may block these calls.

      Reply
  3. vikram

    Unable to access an error message corresponding to your field name

    when trying to use captcha

    public function create_account() {

    $rules = array(

    $this->validation->validation_rule(‘l_fname’,’First Name’,’required’),

    $this->validation->validation_rule(‘l_lname’,’Last Name’,’required’),

    $this->validation->validation_rule(’email’,’Email ID’,’required|valid_email’),

    //$this->validation->validation_rule(‘l_company’,’Name’,’required’),

    $this->validation->validation_rule(‘l_mobile’,’Mobile No’,’required|min_length[10]|max_length[10]|numeric’),

    $this->validation->validation_rule(‘password’,’Password’,’required|alpha_numeric|min_length[8]’),

    $this->validation->validation_rule(‘signup’,”,”)

    ,array(‘field’=>’g-recaptcha-response’,’label’=>’Recaptcha’,’rules’=>’required|callback_getResponse’)

    );
    }

    this is how I am validating

    Reply
    1. avenirer Post author

      Why make a validation rule without rules? What is “signup”? Why put it in there if you didn’t set up the validation rules?

      Reply
  4. cedric

    Hello Avenirer,

    great tuto as usual !
    However I have a question for you.
    My website uses a captcha in different pages. So I tried to put the validation callback function outside of the controller so I can reuse it where I want.
    And that’s the problem… It seems that form_validation doesn’t support having a callback function in a library for example.
    Have you already tried this ?
    Thank you for your help

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

No spam? * Time limit is exhausted. Please reload CAPTCHA.