$secretKey, 'response' => $captcha); $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data) ) ); $context = stream_context_create($options); $response = file_get_contents($url, false, $context); $responseKeys = json_decode($response, true); // From the server we get an answer about the scores - from 0 to 1. // 1 means it’s definitely a person, and 0 means it’s a bot // You can set any threshold for “passing”. I use 0.5 if ($responseKeys["success"] AND $responseKeys["score"] > 0.5 AND $responseKeys["action"] == 'homepage') { $checked = 1; // If this is a person, then we simply do nothing. } else { // And if this is a bot, then we terminate the work. Before the quit, you can show the bot some message. exit; } } // Initialize the variable $captcha = ''; // Check if there is a token and assign its value to the variable. if (isset($_GET["token"])) { $captcha = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); } elseif (isset($_POST["token"])) { $captcha = filter_input(INPUT_POST, 'token', FILTER_SANITIZE_STRING); } // This section only works if the blocking of bots to pages is enabled. if ($blockPageAccess) { // Check if the value is empty if (!$captcha) { // If the token is missing, then you need to show the token generating page. // The initial request may have GET parameters - we collect them to pass to the final page $get = ''; foreach ($_GET as $key => $value) { $get = $get . "&$key=$value"; } // Print the token generating code echo '