Veerasundaravel's Ruby on Rails Weblog

May 13, 2011

Google Recaptcha in Rails

Filed under: Gems, Plugin, Ruby, Ruby On Rails — Tags: , , , , , , , , — Veerasundaravel @ 3:43 pm
The logo of reCAPTCHA

Image via Wikipedia

A CAPTCHA is a program that can tell whether its user is a human or a computer. You’ve probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from “bots,” or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs. reCAPTCHA  is google product and its a better and alternate solution to the existing image captchas. You can read the complete story about Recaptcha using this link.

Lets Kick Start:

In order to use google recaptcha, we need to register our site in google recaptcha site. Refer this link for registerting your application Refer the screenshot below for further assistance.

Once after entering you domain name, you can click on the Create Key button. Which will create the required API keys and redirect you to the next listing page where you can get the API details as below:

ReCaptcha helpers for Rails apps:

So when you are ready with API keys, you can start the reCAPTCHA integration into you Rails application. We have rails Plugin called recaptcha, it is more useful and easier for the integration with Rails.

This plugin adds helpers for the ReCAPTCHA API. In your views you can use the recaptcha_tags method to embed the needed javascript, and you can validate in your controllers with verify_recaptcha.

See the RDOC documentation for more information on usage.

Rails Installation:

reCAPTCHA for Rails can be installed as a gem:

                       config.gem “ambethia-recaptcha”, :lib => “recaptcha/rails”, :source => “”

Or, as a standard rails plugin:

                       script/plugin install git://

Setting up your API Keys:

There are two ways to setup your reCAPTCHA API keys . You can pass in your keys as options at runtime, for example:

                       recaptcha_tags :public_key => ‘6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy’

and later,

                       verify_recaptcha :private_key => ‘6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx’

Or, preferably, you can keep your keys out of your code base by exporting the environment variables mentioned earlier. You might do this in the .profile/rc, or equivalent for the user running your application:

                       export RECAPTCHA_PUBLIC_KEY  = ‘6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy’ export RECAPTCHA_PRIVATE_KEY = ‘6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx’

If that‘s not your thing, and dropping things into config/environment.rb is, you can just do:

                       ENV[‘RECAPTCHA_PUBLIC_KEY’]  = ‘6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy’ ENV[‘RECAPTCHA_PRIVATE_KEY’] = ‘6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx’

Displaying reCAPTCHA form:

Recaptcha gem offers you a helper method called recaptcha_tags which can display the reCaptcha form for you in your view files as follows:

Some of the options available with recaptcha_tags:

:ssl ==>    Uses secure http for captcha widget (default false)
:noscript ==>    Include <noscript> content (default true)
:display ==> Takes a hash containing the theme and tabindex options per the API. (default nil)
:ajax ==>    Render the dynamic AJAX captcha per the API. (default false)
:public_key ==> Your public API key, takes precedence over the ENV variable (default nil)
:error ==>    Override the error code returned from the reCAPTCHA API (default nil)

You can also override the html attributes for the sizes of the generated textarea and iframe elements, if CSS isn‘t your thing. Inspect the source of recaptcha_tags to see these options.

Verifying ReCaptcha:

Using verify_recaptcha method you can easily find out the correct input from user for the displayed captcha.

This method returns true or false after processing the parameters from the reCAPTCHA widget. Why isn‘t this a model validation? Because that violates MVC. Use can use it like this, or how ever you like. Passing in the ActiveRecord object is optional, if you do—and the captcha fails to verify—an error will be added to the object for you to use.

Some of the options available:

:model ==>    Model to set errors
:message ==> Custom error message
:private_key ==> Your private API key, takes precedence over the ENV variable (default nil).
:timeout ==> The number of seconds to wait for reCAPTCHA servers before give up. (default +3+)

respond_to do |format|
    if verify_recaptcha(:model => @post, :message => ‘Oh! It’s error with reCAPTCHA!’) &&
        # …
        # …

%d bloggers like this: