Google reCAPTCHA
The Google reCAPTCHA module integrates Google's reCAPTCHA service into the application, providing an additional layer of security to prevent spam and abuse.
Overview
This module protects your application's login and registration forms from automated bots and spam submissions by implementing Google reCAPTCHA v2 checkbox verification.
Features
- reCAPTCHA v2 Checkbox: "I'm not a robot" checkbox verification on forms
- Login Protection: Protect the login form from brute force attacks
- Registration Protection: Block spam account creation
- Configurable via Settings: Enable/disable and configure API keys through the admin settings page
Requirements
- Open Core Business Suite (Base System)
- Google reCAPTCHA v2 API keys (Site Key and Secret Key)
- No additional module dependencies
Installation
Enable via Admin Panel
- Log in as administrator
- Navigate to Settings > Addons
- Find Google reCAPTCHA and click Enable
- Run migrations if prompted
Enable via Command Line
php artisan module:enable GoogleReCAPTCHA
php artisan migrate
Configuration
Obtaining API Keys
- Visit the Google reCAPTCHA Admin Console
- Click + to create a new site
- Enter a label for your site
- Select reCAPTCHA v2 ("I'm not a robot" Checkbox)
- Add your domain(s)
- Accept the terms of service
- Copy the Site Key and Secret Key
Module Settings
Access reCAPTCHA settings through the module settings page at /googlerecaptcha/settings:
| Setting | Description | Default |
|---|---|---|
| Enable reCAPTCHA | Enable/disable reCAPTCHA on login and registration forms | Disabled |
| Site Key | Your Google reCAPTCHA site key | - |
| Secret Key | Your Google reCAPTCHA secret key | - |
Usage
Once enabled and configured with valid API keys, reCAPTCHA v2 checkbox verification will automatically appear on the login and registration forms. Users must complete the "I'm not a robot" challenge before submitting these forms.
Server-Side Verification
The module includes a ReCaptchaService that handles verification of the reCAPTCHA response with Google's API. When reCAPTCHA is disabled, verification is automatically bypassed.
Troubleshooting
reCAPTCHA Not Displaying
- Verify Site Key is correct
- Check domain is registered in Google Console
- Ensure JavaScript is enabled and loading
Verification Always Failing
- Verify Secret Key is correct
- Check server can reach Google's API (
https://www.google.com/recaptcha/api/siteverify)
localhost Development
- Register localhost in Google Console
- Use test keys provided by Google for development:
- Site Key:
6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI - Secret Key:
6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
- Site Key:
Changelog: View version history