I need a captcha for my form, and I am having some troubles with the server-side integration.

The form takes in four types of data:

1. name
2. email
3. comment.

After making sure that none of them are empty, I want to verify the captcha. However, for some reason, it always returns success == false.

Can somebody help me spotting what's wrong with my code?

function validate($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$nameMsgErr = $emailErr = $msgSuccess = $error = "";

if(!empty($_POST['name_msg']) && !empty($_POST['email']) && !empty($_POST['subject']) && !empty($_POST['message'])) {

    $url = 'https://www.google.com/recaptcha/api/siteverify';
    $private_key = '------Private Key--------';

    $response = file_get_contents($url . "?secret=" . $private_key . "&response=" . $_HOST['g-recaptcha-response'] . "&remoteip=" . $_SERVER['REMOTE_ADDR']);

    $data = json_decode($response);

    if(isset($data->success) AND $data->success == true) {

        $name = validate($_POST['name_msg']);
        $email = validate($_POST['email']);
        if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
            $emailErr = "Wrong email format";
        } else {

            $subject = validate($_POST['subject']);
            $msg = validate($_POST['message']);
            $msg .= "\r\n" . $name;
            $msg = wordwrap($msg, 70, "\r\n");
            $header = "From: " . $email;

            mail("myemail9@gmail.com", $subject, $msg, $header);

            $msgSuccess = "Message successfully sent";

        }
    } else {
        $error = "Error";
    }
}

You are using the wrong HTTP method to verify the user response. In your code, you use file_get_contents and it is sending a GET request, which returns false everytime.

As stated in the documentation, you need to send a POST request to the google recaptcha api.

See this answer on sending a POST request using file_get_contents

Note: cURL is the more common method of sending POST requests, and may be much simpler to grasp and implement. I would suggest using cURL to start.

Edit (Added specific example, not tested):

$postdata = http_build_query(
    array(
        'secret'    =>  $private_key,
        'response'  =>  $_HOST["g-recaptcha-response"],
        'remoteip'  =>  $_SERVER["REMOTE_ADDR"]
    )
);
$opts = array('http' =>
    array(
        'method'  => 'POST',
        'header'  => 'Content-type: application/x-www-form-urlencoded',
        'content' => $postdata
    )
);

$context  = stream_context_create($opts);

$response = file_get_contents('https://www.google.com/recaptcha/api/siteverify', FALSE, $context); 

This is what I added:

opts = array('http' =>
            array(
                'method'  => 'POST',
                'header'  => 'Content-type: application/x-www-form-urlencoded',
                'content' => 'https://www.google.com/recaptcha/api/siteverify/secret='.$private_key.'&response='.$_HOST["g-recaptcha-response"].'&remoteip='.$_SERVER["REMOTE_ADDR"]
            )
        );

        $context  = stream_context_create($opts);

        $response = file_get_contents($context);