Skip to main content

1. Create a textbox control on the form or view and set its Name property to "txtReturnValue" and uncheck its Visible property.

2. Create a data label control on the form or view and set its Expression property to the following, replacing the sitekey attribute's value with your reCAPTCHA Google api site key:

<script type="text/javascript">var recaptchaCallback = function(response) {$('input[name="txtReturnValue"]').trigger("focus").val(response).trigger("blur");};</script><script src='https://www.google.com/recaptcha/api.js' ></script> <div class="g-recaptcha" data-sitekey="your-google-recaptcha-sitekey" data-callback="recaptchaCallback"></div>

3. Create one or more Changed Event rules on the txtReturnValue control to implement the logic that only allows the form from being submitted when the reCaptcha has been successfully processed. For example you could enable the Submit button which has is disabled by default.

4. In addition to or as an alternative, add conditions to any rules on form buttons controls to check the txtReturnValue control has a value. For example, only perform the desired actions on the Submit button when the txtReturnValue control has a value.

 

Google's api responds with a long string value when the user has successfully validated they are not a robot. What the value is that is put into the txtReturnValue textbox doesn't matter, just don't allow the users to access or view that control.

Thank you for this solution! I've been working with K2 to figure out a captcha custom control but this way is so much simpler and I plan on using it.

 

I did notice 2 things this solution doesn't address and thought I'd just mention them.

 

It the captcha expires there doesn't seem to be away to catch the expire event and clear out the txtReturnValue field. Ideally if the captcha expires you'd want to prevent the user from submitting the form. 

 

Also, Google has you validate the response on the server-side because the client-side validation does not keep your site safe from HTTP client request forgery. Anyone with HTTP POST knowledge could put random data inside of the g-recaptcha-response form field, and fool your site to make it thing that this field was provided by the google widget. So you have to validate this token in the txtReturnValue field.

http://stackoverflow.com/questions/27297067/google-recaptcha-how-to-get-user-response-and-validate-in-the-server-side

 

 

 

 

FYI

 

After the 4.6.9 upgrade this solution no longer works for me. 

 

I was using built in validation rule and configuration to make the hidden control txtReturnValue required. Before the upgrade the validation worked beautifully. Now it doesn't recognize that the value for txtReturnValue has been set by the custom JavaScript and will not validate it.

 

I have not found a new solution yet and have removed this Google Captcha from my form.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings