Bootstrap 3 Contact Form with Captcha
PHP HTML JavaScript
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
assets Changes for demo Aug 6, 2017
library Bump PHPMailer version to 5.2.21 Jan 5, 2017
.gitignore Changes for demo Aug 6, 2017
LICENSE Real Initial Commit Oct 17, 2013 Update Feb 21, 2018
index.html Minor edit, the final script. May 24, 2016


Bootstrap 3 Contact Form with Google's reCaptcha


Blog Post: Bootstrap 3 Contact Form with Captcha

Follow-Up Blog Post: A Better Contact Form


A simple bootstrap 3 contact form using Google's reCAPTCHA. Submitted messages are sent to a specified email address using SMTP with support for SSL or TLS transport.

A Note On Security: PHPMailer, which this contact form is dependent on, had a major security vulnerability fixed in 5.2.20. It is recommended to update to 1.4.

Version History

Versions Major Enhancement
1.4.1 Bumped PHPMailer version to 5.2.21.
1.4 Add support for cURL when POSTing to verify reCAPTCHA.
1.3 Add support for Bootstrap Validator. If provided, will use it to validate contact form.
1.2 Replaced PHP SecureImage Captcha with Google's reCAPTCHA.
1.1 Used PHPMailer. Support for SSL/TLS transport. Extracted configuration values to environment variables.
1.0 First Version - Used PHP SecureImage and PHP mail function




Setting up reCAPTCHA

You must obtain a Site Key and Secret Key from Google. The Site Key must be entered into the Contact Form HTML in the place of the text your_site_key. The Secret Key should be entered as a configuration value (see next section).

Note: Many web servers now force allow_url_fopen=0 and allow_url_include=0 due to security concerns (see: Issue 26). reCAPTCHA verifying will use cURL is if it is installed. If you are having issues verifying reCAPTCHA, most likely you need to install cURL.


Configuration values to the contact form are passed in via Environment Variables. The following variables need to be defined:

Name Description
FEEDBACK_HOSTNAME Host name for SMTP server
FEEDBACK_EMAIL Email address to authenticate to SMTP server with
FEEDBACK_PASSWORD Password to authenticate to SMTP server with
FEEDBACK_ENCRYPTION If specified will use encryption. Valid values: TLS or SSL
FEEDBACK_SKIP_AUTH Optional If specified, will not authenticate with email/password

Environment variables can be specified in a variety of ways. For example, if using Apache (and mod_env is enabled), they can be specified in .htaccess:

SetEnv FEEDBACK_PASSWORD my!password!
SetEnv RECAPTCHA_SECRET_KEY 7823skdgjksd828sjdgkn

Tip: Environment Variables are used in Sendmail.php. If you don't want to use Environment Variables, you can edit sendmail.php, replacing calls to #getenv with the corresponding configuration value like in this Example Gist.

What If I Don't Want CAPTCHA?

There's a branch for that! Check out the branch: Contact Form without CAPTCHA.