V9: How to verify reCAPTCHA v3 through AJAX?

Do I have to add anything specific to my form, any particular field in order to pass something what’s required for verifying a reCAPTCHA v3?


$captcha = $app->make('helper/validation/captcha');


$captcha = $this->app->make('helper/validation/captcha');

if (!$captcha->check()) {
    array_push($this->form_errors, t('Captcha failed'));

and that always fails. If I use a Concrete form with reCAPTCHA, it passes. But the form code is exactly the same as mine. What am I missing?

Did you configure reCaptcha v3, using valid keys, through the Concrete dashboard settings?

@dbuonomo , of course I did. The Concrete form works. Mine with the same code doesn’t.

I recently added reCaptcha v3 to the login form. The only difference from your code is I used:

$captcha = \Core::make(“captcha”);

See Anti-Spam and Captcha

@linuxoid I was just going to ask if $app was being set properly…

@enlil , yes, the $app is set properly, I use it for other things on the page and form and it works fine.

I assume as the Concrete form block works when it posts data, I’m need to add something to my ajax data array. But I don’t see anything particular to the captcha. Any idea what variable is posted for the captcha check in the form?

Before we submit we run this code:

RecaptchaV3.execute($(jqueryMap.$forms[ 0 ]), function () {

var formData = new FormData(jqueryMap.$forms[ 0 ])
        formData.append(configMap.tokenName, configMap.token)

            url: configMap.submitFormUrl,
            method: 'POST',
            data: formData,
            processData: false,
            contentType: false,

Does this help?

The first thing you should do is check that your $_POST ($this->app->request->request->all()) in the controller actually contains the captcha value submitted. If not you’re doing something wrong when submitting your form.

That’s what I’m asking - what variable should I send through ajax to the controller to check? The post array contains all the form variables, like name, email etc. - all that I’m sending. But I’m not sending anything else. What should that be?

Just to be clear, I’m using the Google reCaptcha3, not the core Securimage.