DEV Community

Cover image for Google Can Now Separate Humans from Bots Using Invisible Powers of AI
Geordy James
Geordy James

Posted on

Google Can Now Separate Humans from Bots Using Invisible Powers of AI

No more clicking "I'm not a robot" checkbox, google step ahead and officially released it's most secure and innovative Invisible reCAPTCHA service ever.Google used their advanced machine learning algorithms and advanced risk analysis to make it invisible.Human users will be let through without seeing the "I'm not a robot" checkbox, while suspicious ones and bots still have to solve the challenges.The new google Invisible reCAPTCHA help to protect your site from bot attacks and spams.

The official video of google Invisible reCAPTCHA is given below

Now let's look at how to easily implement new google Invisible reCAPTCHA in our website.

Now before we start coding we need to register our site and get a client key and secret key from google. You can register your site for free from Google. The registration process is fairly simple and straight forward so I am skipping it.

The client side integration is fairly easy

Paste this snippet before the closing tag on your HTML template:

<script src='https://www.google.com/recaptcha/api.js'></script>

then Paste this snippet at the end of the

to create a button protected by the Invisible reCAPTCHA. You will need to create a callback function to handle the result.
<button
class="g-recaptcha"
data-sitekey="6Lc8xBgUAAACBD8a6QoJsCLdevUFF1LEeJ0iN5_m"
data-callback="YourOnSubmitFn">
Submit
</button>

The server-side integration is a little tricky

you need to verify the client side response by sending it to https://www.google.com/recaptcha/api/siteverify and google will verify it and will return a JSON response.

It is tricky so what I do is call a function for HTTP call in above URL and JSON decode above response from google like below

 $getResponse = $this->getHTTP(
    array(
        'secret' => $this->config['secret-key'],
        'remoteip' => $remoteIp,
        'response' => $recaptcha,
    )
 );

// get reCAPTCHA server response
$responses = json_decode($getResponse, true);


private function getHTTP($data)
{

$url =    'https://www.google.com/recaptcha/api/siteverify?'.http_build_query($data);
 $response = file_get_contents($url);

return $response;
}

You can download the complete code and library by visiting this link.

Top comments (2)

Collapse
 
joelbennett profile image
Joel Bennett

So other than saying "it's magic!", do we know how it actually works on Google's side? Is it relying on things like timing, user agent strings, lack of certain HTTP headers, etc.?

Collapse
 
geordyjames profile image
Geordy James

Joel if you use proxy servers to access the forms protected by reCAPTCHA you will be asked for image verifications. I think google uses the browser and trusted user IP's for this. Also, you will be asked for verification if you increase sudden traffic. I check myself both situation and it works for me.