Making first call to Google for getting the token from contact_m.cfm
and submitting it to the same page for verifying it. Using ColdFusion call next to protect secret key. Calling the function remotely to invoke the ColdFusion function. Doing this as realized ColdFusion renders and do not look for changes.
grecaptcha.ready(function() {
grecaptcha.execute('token', {action: 'contact'}).then(function(token) {
$.ajax(
{
url: "./contact_m.cfm",
type: "post",
contentType: "application/json",
data: JSON.stringify( {googleToken: token} ),
success: function(result){
$.get('./contact_m.cfm?func=googleVerification', function (r) {
});
}
});
});
});
Verifying the token with Google:
<cffunction access="public" name="googleVerification">
<cfargument required="true" type="any" name="myArgument">
<cfset requestBody = toString( getHttpRequestData().content ) />
<cfif isJSON( requestBody )>
<cfset token = DeserializeJSON(#requestBody#)/>
<cfhttp method="post" url="https://www.google.com/recaptcha/api/siteverify" result="googleResult">
<cfhttpparam name="secret" type="formField" value="6Lf9IrAUAAAAAOhEdBvk1ZyIKX6eUqS06GaSXG_F">
<cfhttpparam name="response" type="formField" value="#token.googleToken#">
</cfhttp>
<cfset googleResponse = DeserializeJSON(#googleResult.FileContent#)/>
<cfset isHuman = #googleResponse.success#/>
</cfif>
</cffunction>
And JavaScript function to check if Google success or fail:
<script>
function validateHuman(){
<cfoutput>
var #toScript(isHuman, "isHuman")#;
</cfoutput>
console.log(isHuman);
if (isHuman == 'YES') {
return true;
} else return false;
}
</script>
And allow user to submit the form if Google verifies:
<form id="form3" action="contact_m.cfm" method="post" onsubmit="return validateHuman();">
I get error which says: isHuman
is undefined.
Related Question: reCaptcha v3 with ColdFusion
Maybe late here, but in case a workable solution was not found, the following may help (or for future readers).
Seems what was desired was code to use reCaptcha v3 with Coldfusion. Here's a simple file (form.cfm) form that uses v3 to validate if a human is processing the form. You can expand on it for your specific purpose.
These lines went in the Application.cfm or Application.cfc file
<cfset application.SiteKey = "_Your_Site_Key_from_Google_">
<cfset application.SecretKey = "_Your_Secret_Key_from_Google_">
These lines were saved in a file I called form.cfm.
<!DOCTYPE html>
<html lang="en">
<head>
<script src="https://www.google.com/recaptcha/api.js?render=<cfoutput>#application.SiteKey#</cfoutput>"></script>
</head>
<body>
<cfif ISDEFINED('FORM.FirstName')> <!--- check if form was submitted and if so run code below --->
<cfhttp url="https://www.google.com/recaptcha/api/siteverify?secret=#application.SecretKey#&response=#FORM['g-recaptcha-response']#" result="Response" />
<cfset Return = deserializeJSON(Response.FileContent) />
<cfif Return.success IS 'true' AND Return.score GT 0.5> <!--- check if true and if score is greater than 0.5. Run code below if all good. --->
<cfoutput>Human: #FORM.FirstName# #FORM.LastName#</cfoutput>
<!--- you can do database entry and/or email results here --->
<cfelse> <!--- if not a human, do this. I usually remove the else part completely, but if you need to do something with the robot, do it here. --->
Most likely a robot.
</cfif>
<cfelse> <!--- show form --->
<form method="post" action="/form.cfm"> <!--- submit form back to itself --->
First Name: <input name="FirstName" type="text"><br>
Last Name: <input name="LastName" type="text"><br>
<input name="submit" type="submit">
<input name="g-recaptcha-response" id="g-recaptcha-response" type="hidden" /> <!--- javascript below gives this a value from google. --->
</form>
<script>
grecaptcha.ready(function() {
grecaptcha.execute('<cfoutput>#application.SiteKey#</cfoutput>', {action: 'homepage'})
.then(function(token) {
document.getElementById('g-recaptcha-response').value=token;
});
});
</script>
</cfif>
</body>
</html>
This is an adaptation of this tutorial from PHP to CF: https://www.youtube.com/watch?v=zGNH_lbpmm8
If you get a lot of false positives when using this on your form, then increase the acceptable Score (0.6 or higher... 1.0 is max). Don't go too high, or you'll filter out legit submissions. This # would replace the "0.5" in the cfif statement Return.score GT 0.5
.
Hope this helps someone. Please correct me if that was not what you were looking for.