Adding a google reCAPTCHA in a Web-to-Lead form

Document created by Andre Serrazina Employee on Sep 26, 2018Last modified by Andre Serrazina Employee on Oct 4, 2018
Version 5Show Document
  • View in full screen mode

The Web-To-Lead Form is placed on a public website where you generate leads from prospective customers who visit the site.

To avoid spam bots to enter leads in Sugar a common solution is to add a reCAPTCHA in the form. 


We can add custom code to the lead capture process by creating the file SugarRoot/leadCapture_override.php. 

However, due to the open defect #78741 the leadCapture_override.php is currently not being read.


As we need this file to implement the server side of the reCAPTCHA, first of all, we have to override the "WebToLeadCapture" entry point to use a custom file that will include the SugarRoot/leadCapture_override.php file. 


Step 1: Create the file SugarRoot/custom/Extension/application/Ext/EntryPointRegistry/WebToLeadCapture.php with the content: 


$entry_point_registry['WebToLeadCapture'] = array(
    'file' => 'custom/WebToLeadCaptureOverride.php',
    'auth' => false


Step 2: 


- Create the file SugarRoot/custom/WebToLeadCaptureOverride.php and copy all the content of the core file modules/Campaigns/WebToLeadCapture.php to inside that file 


Step 3: 


Add the following lines to the file SugarRoot/custom/WebToLeadCaptureOverride.php just after the last require_once() and run a Quick Repair and Rebuild. 


//Added to include leadCapture_override.php if exists

if (file_exists('leadCapture_override.php')) {


At the time that the #78741 gets solved the steps above will not be needed and we can start with step 4.


Step 4:


Generate a new Web-to-Lead form


Step 5: 


Go through all the steps of the form generation as explained here and download the form.




Step 6:


Access, Navigate to My reCAPTCHA and register a new website. 

Choose the reCAPTCHA type, insert the domain where the form will be hosted and press Register. 




Step 7:


Open the Web-to-Lead file in a text editor and copy the lines in the Client Side integration into your web to lead form: 





Step 8: 


Create the SugarRoot/leadCapture_override file with the code below, replace the reCaptcha_secret with the value of your reCAPTCHA secret. 



// Checking reCAPTCHA

$recaptcha_site_secret ="Secret key";

if (isset($_POST) && !empty($_POST)) {

$captcha_response = htmlspecialchars($_POST['g-recaptcha-response']);
$curl = curl_init();
$captcha_verify_url = "";

        curl_setopt($curl, CURLOPT_URL,$captcha_verify_url);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_POSTFIELDS, "secret=".$recaptcha_site_secret."&response=".$captcha_response);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

        $captcha_output = curl_exec ($curl);
        curl_close ($curl);

        $decoded_captcha = json_decode($captcha_output);
        $captcha_status = $decoded_captcha->success;
        if($captcha_status === FALSE){
              //Landing page for when the Captcha fails



Step 9 


Place your Web-To-Lead form on your website


Note: For Sugar Cloud installations a package will have to be created and uploaded via Module Loader. 

Check here how to create a package that copies files.

2 people found this helpful