EU CAPTCHA for PHP

Frequently Asked Questions

• How do I verify a CAPTCHA token in PHP?

  Install the EU CAPTCHA PHP client via Composer. In your form handler, read the eu-captcha-response value from $_POST, then call the client's verification method with your secret key and the token. The client sends a POST request to the EU CAPTCHA API and returns a result that tells you whether the submission is from a human or a bot.

• Is there an official PHP module for EU CAPTCHA?

  Yes. EU CAPTCHA provides an official PHP client library available via Composer. It supports PHP 7.4 and later and works with raw PHP, Laravel, Symfony, and any other PHP framework. The module abstracts the API call, handles authentication, and parses the JSON response from the verification endpoint.

• Does EU CAPTCHA work with any PHP framework?

  Yes. The EU CAPTCHA PHP module is framework-agnostic. It works with raw PHP, Laravel, Symfony, Slim, CodeIgniter, and any other PHP framework. The verification logic is a single method call that you can integrate into controllers, middleware, service classes, or any other part of your application's request handling pipeline.

• How do I add EU CAPTCHA to a PHP contact form?

  Add the verify.js script tag to your HTML form template and place the EU CAPTCHA widget div with your sitekey inside the form. In your PHP handler that processes the form POST, read $_POST['eu-captcha-response'], verify it using the EU CAPTCHA PHP client with your secret key, and only send the contact email or store the data if verification succeeds.

• How do I install the EU CAPTCHA PHP client via Composer?

  Run composer require eu-captcha/php-client in your project directory. Then configure the client by instantiating it with your secret key, which you should store as an environment variable rather than hardcoding it. The package is available on Packagist and is compatible with standard Composer autoloading.

• How do I handle CAPTCHA verification failure in PHP?

  If the EU CAPTCHA client returns a failed verification result, redirect the user back to the form with an error message, or return a JSON error response if you are handling an AJAX form. Do not process the submitted data — bot submissions that fail verification should be silently discarded or logged for monitoring purposes.

• Is EU CAPTCHA GDPR compliant for PHP websites?

  Yes. EU CAPTCHA is operated by an EU-based company, is hosted entirely in Germany, and does not rely on US cloud providers or infrastructure subject to US surveillance laws. The service processes only the data necessary to provide and verify the CAPTCHA (such as IP address and technical browser or device information) in line with the requirements of the GDPR. Your organization remains responsible for providing transparent privacy information, selecting an appropriate legal basis, and obtaining any required consent for your specific PHP implementation. This information does not constitute legal advice; please consult your legal counsel for an assessment of your individual case.