Urgent - form submitting without recaptcha validation

hello, I’m using Blocs v 5.2.6. I have recently faced sql injection attack using forms, 100 of messages were sent to me. So I decided to add recaptcha (site key, etc. are correct) but as I’ve tested multiple times forms are being submitted even if recaptcha is not completed.

Please help.

thanks

Found this is happening when using external mailing system e.g. Gmail and other, it is missing Recaptcha code from php files related forms.

// ================== RECAPTCHA CHECK START ==================
	$captcha   = $_POST['g-recaptcha-response'] ?? '';
	if (!$captcha) {
		// The user did not check the reCAPTCHA box at all
		echo 'capture-error';
		exit;
	}

	$secretKey = 'YOUR_SECRET_KEY'; // <-- Replace with your secret key
	$ip        = $_SERVER['REMOTE_ADDR'];

	$response  = file_get_contents(
	  "https://www.google.com/recaptcha/api/siteverify?secret="
	  . $secretKey
	  . "&response="
	  . $captcha
	  . "&remoteip="
	  . $ip
	);
	$responseKeys = json_decode($response, true);

	if (empty($responseKeys["success"]) || $responseKeys["success"] !== true) {
		// The user did not pass the reCAPTCHA challenge or connection error
		echo 'capture-connection-error';
		exit;
	}
	// ================== RECAPTCHA CHECK END ==================