Offcode ltd logo
World-class examples brought to you by Offcode ltd
Getting started Upload to server Image server Image manipulation Image cache reCAPTCHA Front Page

Handling reCAPTCHA with a shell script

reCAPTCHA view
reCAPTCHA view

Here we'll show you how to implement a reCAPTCHA verifier with a simple linux shell script. It uses curl for sending the data to Google's server which then replies the final verdict. If the submit button in pressed again, Google finds it's a duplicate and we get an error as well. All in all, this is quite a robust way of sorting out the bots that wish to spam.

We use ajax for sending the request. Using plain submit will tend to direct to a new page which will cause unnecessary trouble. Now we just get the response code and thus determine if this was a success. This is a sample commenting section using Google's reCAPTCHA. We expect you have registered reCAPTCHA services in Google already.

HTML AJAX script code for reCAPTCHA

This is how the HTML script section code looks like:

<script src="" async defer></script>
$("#comment").submit(function(event) {
    var token = window.grecaptcha.getResponse(recaptchaId);

    if (!token) {
        alert("Not Verified");

    var formData = $('textarea#feedback').val();
    var uploadData = formData+"g-recaptcha-response="+token;

          url: '/s/comment',
          type: 'POST',
          data: uploadData,
        }).done(function(data) {
        }).fail(function(data) {
          alert("Error sending the feedback");
window.onScriptLoad = function () {
    var htmlElement = document.querySelector('.g-recaptcha');

    var captchaOptions = {
      sitekey: 'thisIsYourSiteKeyFromGoogleDontUseThis',
      callback: window.onUserVerified

    recaptchaId = window.grecaptcha.render(htmlElement, captchaOptions, true);

window.onUserVerified = function (token) {
    console.log('token=', token);

HTML code for the ajax script

The code below is the HTML portion of the page. It declares a simple form:

<form id="comment" action="/s/comment" method="post">
  <textarea id="feedback" name="feedback">Your comment</textarea>
  <div class="g-recaptcha" data-sitekey="YourSiteKeyFromGoogleJPrmUuglRqdYVGScq"></div>
  <input type="submit" name="submit" value="Submit" />

Shell script for verifying the reCAPTCHA

The shell script below gets the AJAX post feedback with the appropriate data. The curl command sends all what's required to Google's server for verification. Eventually, if this output is a success, it echoes a simple "Thanks for uploading". That data is not stored anywhere but it's considered as a successful case. Otherwise an error alert is seen on the screen. This scripts doesn't yet store the comment anywhere. It only validates it. Later we'll show how to add data into a file that is used by the original HTML page containing the user comments. Let's first create the script with our favarite text editor (pico!):

root@server261583:/usr/lib/s# pico comment

The file 'comment' would look like:


cd /home/imageserviceagent/ 2>/dev/null > /dev/null

if [ $? -eq 0 ]; then
  /bin/dd count=$CONTENT_LENGTH bs=1M 2>/dev/null > comment.bin

  # Remove all lines until match, and all before the match
  RESPONSE=`cat comment.bin | sed -n '/g-recaptcha-response=/,$p' | sed 's/^.*g-recaptcha-response=//'`

  # For your debug purposes. Check this file for finding potential errors in the HTML code
  echo "$RESPONSE" > resp.txt

  GOOGLE_REPLY=`curl -X POST --data-binary "secret=YOUR-SECRET-FROM-GOOGLE-XT9uuTgC1aN7fazyn27E6&response=$RESPONSE"`
  echo "$GOOGLE_REPLY" | grep "\"success\": true," 2>/dev/null >/dev/null
  if [ $? -eq 0 ]; then
    /bin/echo "Content-type: text/html"
    /bin/echo ""
    /bin/echo "<html><h2>Thanks for uploading!</h2></html>"
    /bin/echo ""
  echo "$GOOGLE_REPLY" >> error.txt

# This propagates an error

Curl command for Google reCAPTCHA

Let's have a detailed look at the curl command we just used.

GOOGLE_REPLY=`curl -X POST --data-binary "secret=YOUR-SECRET-FROM-GOOGLE-XT9uuTgC1aN7fazyn27E6&response=$RESPONSE"`

Between "secret= and &response= you must put your secret from the Google reCAPTCHA console. $RESPONSE contains the response we just parsed with the sed.

Written on April 2018 by Eero Nurkkala

contact information