Problem with NoCaptcha

[joit]

Hi,

I want to use NoCaptcha for registering new users. When I click the NoCaptcha's checkbox, there is this green checked icon.
Whenever I send the form, I get the error message " Bitte stellen sie sicher, dass die eingegebenen Zeichen mit den Zeichen auf dem Bild ?bereinstimmen."
which is probably the error message of reCaptcha, saying you have to make sure that there is no mistypo in the letter.
Any idea?
Thanks

 

[troester]

Is this also with the Protostar template?
Do you have a validation added to this captcha?
Did you switch the element from reCaptcha to NoCaptcha (so maybe there is a "sticky" param somewhere)?

 

[joit]

yep, same prop with protostar
no validation
well, there is no extra tab in the captcha plugins settings to specify the key for noCaptcha, so I used reCaptcha for that

 

[troester]

"Bitte stellen sie sicher, dass die eingegebenen Zeichen mit den Zeichen auf dem Bild ?bereinstimmen." is (also) the NoCaptcha error message if the validation is failing. This is PLG_ELEMENT_CAPTCHA_FAILED text, there are no different texts for the different captcha options. I think it could be a bit more "neutral". You can change it via language override.

But you shouldn't get it if the captcha has the green checked icon...

 

[cheesegrits]

there are no different texts for the different captcha options

Correct, just a generic one. I'm making a few changes to the code atm (removing the old Play Through stuff), I'll probably add some language specific to each method.

well, there is no extra tab in the captcha plugins settings to specify the key for noCaptcha, so I used reCaptcha for that

Correct, use the recaptcha settings for the keys for nocaptcha.

If you enable J! debugging (J! global settings) and submit, does it give you an additional error message? With debug enabled, we should give you some additional feedback on the exact error response coming back from Google.

-- hugh

 

[joit]

ok, this is the message I get with debugging:
noCaptcha error: invalid-json

 

[cheesegrits]

Hmmm, all I can find about that is that it may be to do with your allow_url_fopen setting in PHP ini.

Try this:

Around line 336 in ./plugins/fabrik_element/captcha/captcha.php, find this line:

                $noCaptcha  = new \ReCaptcha\ReCaptcha($privateKey);

... and try ...

                $noCaptcha  = new \ReCaptcha\ReCaptcha($privateKey, new \ReCaptcha\RequestMethod\CurlPost());

... if that doesn't work, try ...

                $noCaptcha  = new \ReCaptcha\ReCaptcha($privateKey, new \ReCaptcha\RequestMethod\SocketPost());

-- hugh

 

[joit]

for the first try I get this error:

Class 'ReCaptcha\RequestMethod\CurlPost' not found

Call stack
#    Function    Location
1    JApplicationCms->execute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/index.php:49
2    JApplicationSite->doExecute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/cms.php:261
3    JApplicationSite->dispatch()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/site.php:230
4    JComponentHelper::renderComponent()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/site.php:191
5    JComponentHelper::executeComponent()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/component/helper.php:380
6    require_once()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/component/helper.php:405
7    JControllerLegacy->execute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/fabrik.php:181
8    FabrikControllerForm->process()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/legacy/controller/legacy.php:702
9    FabrikFEModelForm->validate()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/controllers/form.php:298
10    PlgFabrik_ElementCaptcha->validate()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/models/form.php:2259

and for the other try I get get this error:

Class 'ReCaptcha\RequestMethod\SocketPost' not found

Call stack
#    Function    Location
1    JApplicationCms->execute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/index.php:49
2    JApplicationSite->doExecute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/cms.php:261
3    JApplicationSite->dispatch()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/site.php:230
4    JComponentHelper::renderComponent()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/application/site.php:191
5    JComponentHelper::executeComponent()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/component/helper.php:380
6    require_once()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/cms/component/helper.php:405
7    JControllerLegacy->execute()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/fabrik.php:181
8    FabrikControllerForm->process()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/libraries/legacy/controller/legacy.php:702
9    FabrikFEModelForm->validate()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/controllers/form.php:298
10    PlgFabrik_ElementCaptcha->validate()    /pages/8f/e2/d0012659/home/htdocs/websites/sipnix/161121/components/com_fabrik/models/form.php:2259

BTW, in my case it is in line 354

 

[cheesegrits]

Ah, OK, prolly need to include some other files from their library. I'll look at it when I get home. Meanwhile, can you check your php in, and see if that allow_url_fopen is set or not?

 

[cheesegrits]

OK, yeah, add ...

                require_once JPATH_SITE . '/plugins/fabrik_element/captcha/libs/ReCaptcha/RequestMethod/Socket.php';
                require_once JPATH_SITE . '/plugins/fabrik_element/captcha/libs/ReCaptcha/RequestMethod/SocketPost.php';

... right after the Post.php require. And use the SocketPost() method, not the curl one.

At some point I'll move the recaptcha stuff to our Composer lib, so it autoloads and we won't need the explicit requires.

-- hugh

 

[joit]

It does work like a charm!
are you gonna add this to gh?
btw, I have allow_url_fopen and allow_url_include OFF

 

[cheesegrits]

Yeah, I'll commit it when I wake up. I'm asleep atm.

Sent from my HTC 10 using Tapatalk

 

[troester]

Obviously sleepwalking

allow_url_fopen is a "Sub-requirement" for Joomla ("optional technical requirements which aren't required to actually install and run Joomla! but are required for some dependencies running different internal APIs.")
So maybe you'll run into other issues, too, if it's disabled.
https://docs.joomla.org/Optional_Technical_Requirements

 

[cheesegrits]

Obviously sleepwalking

Yup, it was about 5am, I was still technically awake, but not near a computer. I'm going through another one of my serious insomniac phases, not getting to sleep before dawn.

allow_url_fopen is a "Sub-requirement" for Joomla ("optional technical requirements which aren't required to actually install and run Joomla! but are required for some dependencies running different internal APIs.")
So maybe you'll run into other issues, too, if it's disabled.
https://docs.joomla.org/Optional_Technical_Requirements

[/quote]

Correct. It's OK to leave it off, but you are likely to run into issues. And not everyone is as accommodating about working round it as we are.

Just so's you know ... what enabling it allows is to use the built in PHP function get_file_contents() to access URL's as well as local files. So with it enabled, code can file_get_contents("http://example.com/index.php") and get the content of a web page ... or in this case, the response from a Google captcha challenge. With it disabled, the code to grab a remote page is more complex. So quite a lot of code out there just assumes you'll enable it.

-- hugh

 

[joit]

ok. So if I enable it, will it load stuff faster because there aren't so many workarounds necessary?
are athere any security issues to consider if I enable it?

 

[cheesegrits]

It's not really a question of loading faster - there's no difference in speed. It's just that a lot of code simply assumes that it'll be enabled, and uses things like file_get_contents() on URL's, and will break if it isn't enabled.

Having it enabled does pose a risk of injection attacks, but the J! code is mature enough that obvious vulnerabilities like that have long since been removed. Although of course the same can't be said of all 3rd party components.

If it worries you, leave it off, and just solve issues like this as they arise.

-- hugh

 

[cheesegrits]

OK, I committed some more changes:

https://github.com/Fabrik/fabrik/commit/5eb46b7aade7c893c2a348c1706aae7f9d133a3e

This manually merged some changes from @jfquestiaux , adding language tag handling to Nocaptcha, so the existing language setting for recaptcha now works for nocaptcha as well. Thank JFQ!

Along with his changes, I added the ability to use {shortlang} as your language code, which will get replaced by the two letter code of the current user's J! language. This *should* pretty much always match Google's codes, although for some more obscure languages it may not.

I also separated out the validation error messages by method (standard, recaptcha, nocaptcha), so there's now three language strings ... PLG_ELEMENT_CAPTCHA_<method>_FAILED.

-- hugh

 

[cheesegrits]

BTW ...

@jfquestiaux @troester do you think it's worth looking at the new "invisible" mode for nocaptcha?

https://developers.google.com/recaptcha/docs/invisible
https://www.google.com/recaptcha/api2/demo?invisible=true

It's a new feature, where you can bind the captcha to a submit button, and Goog will attempt to invisibly determine if you are human, through whatever sneaky methods they've dreamed up, and only throw up a challenge if it can't decide.

-- hugh

 

[joit]

it 'looks' great
https://www.engadget.com/2017/03/10/google-new-invisible-recaptcha/

 

[joit]

hi guys, did you think about implementing the invisible captcha?