About reCaptcha and contact form


One simple question: it’s possible to use the “new” reCaptcha with a Kirby form?
I need some spam protection, but I don’t know how to proceed.

For reference, i’d like to use a form like this one (thanks a lot, Bastian!).
Someone has alredy done this kind of integration? Any advice?

Thanks in advance.

Yep, I did it for one client, but not in the most clean way (I guess :slight_smile: ).

What I did: Downloaded the recaptcha library and added it to the site (in my case: assets/includes/recaptcha) : https://github.com/google/recaptcha/tree/master/src

Added the site to the reCaptcha site to obtain a site key and secret: https://www.google.com/recaptcha/

You need to require the recaptcha library:

// Require the recaptcha library and set the site settings

// Set the siteKey and secret
$siteKey 		= "Your key here";
$secret 		= "Your secret here";
$recaptcha 	= new \ReCaptcha\ReCaptcha($secret);

Adding the recaptcha element to the form itself:

<div class="g-recaptcha" data-sitekey="your-site-key"></div>

Now, when the form is submitted, you can use a controller to do these things (in my case, I didn’t do that nicely, I just used a page, so I’m going to refactor that, someday :slight_smile: ). For now, you’ll need these bits of code:

// Check if we have all the form values we need. You will need to place the rest of the logic in this if :smile: 
<?php if(get('name') && get('email') && get('message') && get('g-recaptcha-response')): ?>

        // Verify the response from the Recaptcha
        $resp = $recaptcha->verify(get('g-recaptcha-response'), $_SERVER['REMOTE_ADDR']);

    <?php if($resp->isSuccess()): ?>
        <!-- Do your things here, all is well -->
    <?php else: ?>
        <!-- Oh no, something went wrong -->
    <?php endif ?>

<?php endif ?>

Does this help? :smile:

1 Like

Instead of using the public accessible assets/ folder I’d suggest you wrap this stuff up in the plugins/ folder for example within an plugins/recaptcha folder :thumbsup:

That’s even better :slight_smile:

I think you don’t need to check for all the other fields that early. It’s totally fine to validate the other fields after the captcha check passed. With the change @JimmyRittenborg suggested, it looks totally fine.

I did create a Kirby Captcha plug-in once;


Maybe it’s outdated due to the update from Kirby 2.1 to Kirby 2.2.3 - but the Captcha library is still working (I use it for my panel log-in forms).

But your plugin applies to the Panel login, not to arbitrary (contact) forms, right?

That’s 100% correct - sir!

But the plug-in uses a library (and CSS / JS assets) that are “universal”.

So it’s not a 100% out-of-the-box solution, but maybe one can use it to “fork” it to a form-solution;

The plug-in is tested with Kirby, and the (visual) appereance are all matching the (basic) Kirby styling - so may be it is a handy kick-off.

If you think this message is not correct, or in the wrong place - please let me know.