Source for file ReCaptcha.php
Documentation is available at ReCaptcha.php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
* This file is part of the PEAR Services_ReCaptcha package.
* LICENSE: This source file is subject to the MIT license that is available
* through the world-wide-web at the following URI:
* http://opensource.org/licenses/mit-license.php
* @package Services_ReCaptcha
* @author David Jean Louis <izi@php.net>
* @copyright 2008-2009 David Jean Louis
* @license http://opensource.org/licenses/mit-license.php MIT License
* @link http://pear.php.net/package/Services_ReCaptcha
* @link http://recaptcha.net/apidocs/captcha/client.html
* @since File available since release 0.1.0
require_once 'Services/ReCaptcha/Base.php';
require_once 'HTTP/Request2.php';
* PHP5 interface to the reCATCHA API.
* reCAPTCHA is a freely available CAPTCHA implementation. It distinguishes
* In order to use reCAPTCHA, you need a public/private API key pair. This key
* pair helps to prevent an attack where somebody hosts a reCAPTCHA on their
* website, collects answers from their visitors and submits the answers to
* your site. You can sign up for a key on the
* {@link http://recaptcha.net/api/getkey reCAPTCHA Administration Portal}
* @package Services_ReCaptcha
* @author David Jean Louis <izi@php.net>
* @copyright 2008-2009 David Jean Louis
* @license http://opensource.org/licenses/mit-license.php MIT License
* @version Release: @package_version@
* @link http://pear.php.net/package/Services_ReCaptcha
* @link http://recaptcha.net/apidocs/captcha/client.html
* @since Class available since release 0.1.0
* @example examples/example-01.php Services_ReCaptcha simple example
* @example examples/example-02.php Services_ReCaptcha advanced example
public $apiURL = 'https://www.google.com/recaptcha/api';
* The reCAPTCHA API secure URL, this is URL is used by default when the
* script is running on an https host or when you force it via the 'secure'
* @var string $apiSecureURL
* Url of the ReCaptcha verify API.
* @var string $apiVerifyURL
public $apiVerifyURL = 'http://www.google.com/recaptcha/api/verify';
* The error code used to display the error message in the captcha.
* @see Services_ReCaptcha::getError()
* @see Services_ReCaptcha::setError()
* Options to customize the html, the url and the look and feel of the captcha.
* - secure: whether to force the ssl url (default: false);
* - xhtml: whether the html should be xhtml compliant (default: true);
* - theme: string, defines which theme to use for reCAPTCHA (default: red);
* - lang: string, one of the supported language codes (default: en);
* - custom_translations: array, se this to specify custom translations
* of reCAPTCHA strings (default: null).
* - custom_theme_widget: string, the ID of a DOM element (default: null);
* - tabindex: integer, the tabindex for the reCAPTCHA text area.
* For a full documentation of theses options please consult the
* {@link http://recaptcha.net/apidocs/captcha/client.html API documentation}.
* @see Services_ReCaptcha_Base::getOption()
* @see Services_ReCaptcha_Base::setOption()
* @see Services_ReCaptcha_Base::getOptions()
* @see Services_ReCaptcha_Base::setOptions()
'custom_translations' => null ,
'custom_theme_widget' => null ,
* The HTTP_Request2 instance.
* You can customize the request if you need to (ie: if you use a proxy)
* with the get/setRequest() methods, for example:
* require_once 'Services/ReCaptcha.php';
* $recaptcha = new Services_ReCaptcha('pubkey', 'privkey');
* $recaptcha->getRequest()->setConfig(array(
* 'proxy_host' => 'localhost',
* @var HTTP_Request2 $request
* @see Services_ReCaptcha::getRequest()
* @see Services_ReCaptcha::setRequest()
* Constructor, you must pass a valid public and private API key.
* @param string $pubKey The public API key (mandatory)
* @param string $privKey The private API key (mandatory)
* @param array $options An array of options (optional)
* @see Services_ReCaptcha::$options
public function __construct($pubKey, $privKey, array $options = array ())
* Returns the URL of the script or iframe src attribute.
* @param string $path Set this to "noscript" to get the iframe URL instead
* @return string The URL of the script or iframe src attribute
public function getURL($path = 'challenge')
// in order to avoid getting browser warnings, if we have an SSL web
// site we use the secure url
|| (isset ($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
if ($this->error !== null ) {
* Returns the HTML code to insert into your form.
* Instead of this method you can use the __toString() magic method to get
* the HTML code, for example:
* require_once 'Services/ReCaptcha.php';
* $recaptcha = new Services_ReCaptcha('pubkey', 'privkey');
* // both are equivalents:
* $html = $recaptcha->getHTML();
* $html = (string) $recaptcha;
* @return string The HTML to include in your webpage
* @see Services_ReCaptcha_Base::__toString()
// we use array_slice to get only look and feel options, and
// array_filter to filter null keys
// whether to be xhtml or html compliant
<script type="text/javascript">
var RecaptchaOptions = $opts;
$iframeURL = $this->getURL('noscript');
<script type="text/javascript" src="{ $scriptURL}"></script>
<iframe src="{ $iframeURL}" height="300" width="500" frameborder="0">
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea>
<input type="hidden" name="recaptcha_response_field" value="manual_challenge" $end
* Validates the challenge response typed by the user and returns true if
* the challenge response is ok or false otherwise.
* You can explicitely pass the challenge, response and ip values if for
* some reason you need to do so.
* @param string $challenge Value of the challenge field, if not given, the
* method will look for the value in $_POST array
* @param string $response Value of the response field, if not given, the
* method will look for the value in $_POST array
* @param int $ip The user IP address, if not given, the method
* will use $_SERVER['REMOTE_ADDR']
* @return bool Whether the challenge response is valid or not
* @throws Services_ReCaptcha_Exception When the request cannot be sent
* @throws Services_ReCaptcha_HTTPException When the server returns an
public function validate($challenge = null , $response = null , $ip = null )
if ($challenge === null && isset ($_POST['recaptcha_challenge_field'])) {
$challenge = $_POST['recaptcha_challenge_field'];
if ($response === null && isset ($_POST['recaptcha_response_field'])) {
$response = $_POST['recaptcha_response_field'];
if ($ip === null && isset ($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
if (!$challenge || !$response) {
// Don't send a request if challenge or response is empty
$this->setError('incorrect-captcha-sol');
$request->setMethod (HTTP_Request2 ::METHOD_POST );
'challenge' => $challenge,
$request->addPostParameter ($params);
$httpResponse = $request->send ();
} catch (Exception $exc) {
if ($httpResponse->getStatus () != 200 ) {
$httpResponse->getReasonPhrase (),
$httpResponse->getStatus (),
$body = explode("\n", $httpResponse->getBody (), 2 );
if ($body[0 ] != 'true') {
* Returns the current error code.
* @return string The error code
* @see Services_ReCaptcha::$error
* Sets the error code to display in the captcha and returns the current
* Services_ReCaptcha instance.
* @param string $error The error message
* @return Services_ReCaptcha
* @see Services_ReCaptcha::$error
* Returns the HTTP_Request2 instance, if it's not yet set it is
* instanciated on the fly.
* @return HTTP_Request2 The request instance
* @see Services_ReCaptcha::$request
if (!$this->request instanceof HTTP_Request2 ) {
$this->request = new HTTP_Request2 ();
* Sets the HTTP_Request2 instance and returns the current
* Services_ReCaptcha instance.
* @param HTTP_Request2 $request The request to set
* @return Services_ReCaptcha
* @see Services_ReCaptcha::$request
public function setRequest(HTTP_Request2 $request)
Documentation generated on Mon, 11 Mar 2019 15:43:39 -0400 by phpDocumentor 1.4.4. PEAR Logo Copyright © PHP Group 2004.
|