$secret, 'response' => $token, 'remoteip' => $_SERVER['REMOTE_ADDR'] ?? null, // optional ]; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query($data) ] ]; $context = stream_context_create($options); $result = file_get_contents($verifyUrl, false, $context); if ($result === false) { http_response_code(500); exit('Verification request failed.'); } $resp = json_decode($result, true); // For v2: check "success" // For v3: also check "score" and "action" if (!empty($resp['success'])) { // v3 extra checks (optional but recommended) if (isset($resp['score'])) { // Decide your threshold (e.g., 0.5) if ($resp['score'] < 0.5 || ($resp['action'] ?? '') !== 'contact') { http_response_code(403); exit('reCAPTCHA score too low or action mismatch.'); } } // Continue with your normal form handling: // validate fields, send email (e.g., PHPMailer), save to DB, etc. exit('Form submitted successfully.'); } else { http_response_code(403); exit('reCAPTCHA verification failed.'); }