Skip to Content
integrate captcha checkbox with hcaptcha using php
php code / September 11, 2021

CAPTCHA is a technique for determining whether or not a user is human. The CAPTCHA is typically used in web forms to prevent spam submission. Without a CAPTCHA, bots can fill your site with just data by submitting spam information via automated form submission. Including CAPTCHA on your website is always a smart idea for preventing spam in online forms.

For the verification process, other sorts of Captcha can be utilised, such as questions, number calculations, checkboxes, and so on. The user must overcome the CAPTCHA before submitting the form to confirm that they are not a robot. Using PHP, you can simply implement CAPTCHA functionality into a web form. Checkbox Captcha is the greatest solution if you want to provide a user-friendly method.

You can utilise a third-party API to make the CAPTCHA integration process simple and safe. hCaptcha is a PHP library that makes it simple to add CAPTCHA to a webform. The greatest alternative to Google’s reCAPTCHA Checkbox is hCaptcha. We’ll show you how to use PHP to incorporate CAPTCHA functionality with hCaptcha in this tutorial.

hCaptcha API Keys can be generated.
To utilise the hCaptcha API, you’ll need the Site and Secret keys. You must first register your site and obtain the API credentials before you can add the CAPTCHA checkbox.

Visit the hCaptcha website and create an account.
Log in to your account and select Add New Site from the drop-down menu.
Name – This will aid in the identification of your registered site in the future.
Hostnames – This is where you specify your website’s domain.

HTML Form with hCaptcha Widget

Include the hCaptcha API JavaScript library first.

<script src="" async defer></script>

In the HTML form where you want the hCaptcha checkbox widget to appear, add the h-captcha tag element.

The h-captcha is a type of security check. The h-captcha class and data-sitekey properties are both present in the DIV element.
The data-sitekey element will be used to specify the hCaptcha API’s Site Key.

<!-- Form fields -->
<form action="" method="post">
<div class="input-group">
<input type="text" name="name" value="" placeholder="Your name" required="" />
<div class="input-group"> 
<input type="email" name="email" value="" placeholder="Your email" required="" />
<div class="input-group">
<textarea name="message" placeholder="Type message..."></textarea>
<!-- Add hCaptcha CAPTCHA box -->
<div class="h-captcha" data-sitekey="Your_hCAPTCHA_Site_Key"></div>
<!-- Submit button -->
<input type="submit" name="submit" value="SUBMIT">

Check the hCaptcha response (Server-side Validation)
The input data will be sent to the server-side script after the form is submitted to verify the user’s response and execute the form submission request.

Validate form fields to see if the user has filled in all of the needed fields.
Check whether the user has selected the CAPTCHA checkbox using the h-captcha-response POST option.
Using hCaptcha and PHP, verify the CAPTCHA challenge.
POST the needed parameters to the hCaptcha API using a PHP cURL request.
secret – Secret Key response – $_POST[‘h-captcha-response’] receives the user’s response.
remoteip – The IP address of the user.

// hCAPTCHA API key configuration 
$secretKey = 'Insert_hCaptcha_Secret_Key'; 
// If the form is submitted 
$statusMsg = ''; 
// Validate form fields 
if(!empty($_POST['name']) && !empty($_POST['email'])){ 
// Validate hCAPTCHA checkbox 
// Verify API URL 
$verifyURL = ''; 
// Retrieve token from post data with key 'h-captcha-response' 
$token = $_POST['h-captcha-response']; 
// Build payload with secret key and token 
$data = array( 
'secret' => $secretKey, 
'response' => $token, 
'remoteip' => $_SERVER['REMOTE_ADDR'] 
// Initialize cURL request 
// Make POST request with data payload to hCaptcha API endpoint 
$curlConfig = array( 
CURLOPT_URL => $verifyURL, 
CURLOPT_POST => true, 
$ch = curl_init(); 
curl_setopt_array($ch, $curlConfig); 
$response = curl_exec($ch); 
// Parse JSON from response. Check for success or error codes 
$responseData = json_decode($response); 
// If reCAPTCHA response is valid 
// Posted form data 
$name = !empty($_POST['name'])?$_POST['name']:''; 
$email = !empty($_POST['email'])?$_POST['email']:''; 
$message = !empty($_POST['message'])?$_POST['message']:''; 
// Code to process the form data goes here... 
$statusMsg = 'Your contact request has submitted successfully.'; 
$statusMsg = 'Robot verification failed, please try again.'; 
$statusMsg = 'Please check on the CAPTCHA box.'; 
$statusMsg = 'Please fill all the mandatory fields.'; 
echo $statusMsg; 

Note :

The custom PHP library, as well as the third-party API, can be used to add CAPTCHA functionality to the website. The hCaptcha is the simplest way to add a CAPTCHA challenge to a web form without having to use a library. It is the most equivalent to Google reCAPTCHA and the finest CAPTCHA checkbox option. You can use PHP to integrate a contact form with CAPTCHA and email capabilities on your website by following our example code.


PHPCODE © 2024