Comments form doesn't check captcha

  • Resolved JoeyTaylor

    (@joeytaylor)


    11 years, 1 month ago

    I have installed the latest version of this plugin however it doesn’t check the captcha on the comments page.

    It appears that if JavaScript is enabled it doesn’t bother checking the captcha when you POST: (This is line 640 from google-captcha.php)

    if ( ! function_exists( 'gglcptch_commentform_check' ) ) {
	function gglcptch_commentform_check() {
        if ( isset( $_POST['gglcptch_test_enable_js_field'] ) ) {
            if ( wp_verify_nonce( $_POST['gglcptch_test_enable_js_field'], 'gglcptch_recaptcha_nonce' ) )
				return;
			else {
				if ( gglcptch_check_role() )
					return;
				gglcptch_lostpassword_check();
			}
		} else {
			if ( gglcptch_check_role() )
				return;
			gglcptch_lostpassword_check();
		}
	}
}

    Have I done something wrong setting up the plugin? Should it be doing something with JavaScript on the page? (I suspect this isn’t safe by the way as the JavaScript to add the nonce runs on document ready so you can disable JavaScript after the page has loaded but the server will think JavaScript is enabled. Plus, as you have to give the nonce to the client, a determined person could manually add it to the POST data to bypass the server side check).

    For what it’s worth it works fine on the login page,

    https://ww.wp.xz.cn/plugins/google-captcha/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author bestwebsoft

    (@bestwebsoft)

    11 years, 1 month ago

    Hi,

    We have received your request and it is now being processed. We will get back to you on this forum as soon as we can.

    Regards,
    BestWebSoft Support Team

    Thread Starter JoeyTaylor

    (@joeytaylor)

    11 years, 1 month ago

    Thanks, I look forward to your response.

    Plugin Author bestwebsoft

    (@bestwebsoft)

    11 years, 1 month ago

    Hello,

    Google Captcha will work correctly only if you are using standard comments forms. If you have custom form on your site, please make the following changes to them:

    1) Install the Google Captcha plugin and activate it.
    2) Open the file with the form (where you would like to add google captcha to).
    3) Find a place to insert the code for the google captcha output.
    4) Insert the necessary lines:
    if( function_exists( ‘gglcptch_display’ ) ) { echo gglcptch_display(); } ;
    If the form is HTML you should insert the line with the PHP tags:
    <?php if( function_exists( ‘gglcptch_display’ ) ) { echo gglcptch_display(); } ; ?>

    Also, if you are using the first version of reCaptcha, try to use the second.
    To do this, follow these steps:
    1) Go to your Dashboard
    2) Open the plugin settings page: “BWS Plugins”->”Google Captcha” (/wp-admin/admin.php?page=google-captcha.php)
    3) Pick reCAPTCHA version 2 there.
    4) Save Changes by clicking the “Save Changes” button.
    5) Check the page with Google-CAPTCHA in the front-ende,that the second version is displayed.

    Regards,
    BestWebSoft Support Team

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Comments form doesn't check captcha’ is closed to new replies.