User Verification lost password reCAPTCHA error

Resolved Vjekoslav Vučić
(@vjekoslavvucic)

3 years, 2 months ago

Dear!
Thanks for your excellent work!
These days I am testing your two plugins, Product Slider and User Verification.
Today I have found a small conflict in reCAPTCHA, on the lost password forms. My settings for the User Verification plugin, reCAPTCHA card
{ Recaptcha version: V2 – Checkbox,
All settings for pages and forms: Yes,
}.
There is a conflict only on the lost password forms, default, and woocommerce. The error is “Captcha not solved”.
The possible source of the error is double calling filter ‘lostpassword_post’ and action ‘lostpassword_post’ from the functions-recaptcha.php when the captcha on both lost password forms is set to ‘Yes’. Just guessing, “you are the man”.
My workaround is just to remove the lost-password endpoint from Woocommerce->Settings->Advanced, or remove a filter from functions.php:
remove_filter(‘lostpassword_url’, ‘wc_lostpassword_url’, 10);
So, now I am using only the default lost password form but hope that you will solve the problem.
Thx one more time for your excellent work!
Regards

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter

(@vjekoslavvucic)

Hi!

I did it on my way, and I am sure that you can do it better.

Commented out functions-recaptcha.php line 240, then modified function on line 491:

function uv_wc_lostpassword_form_validate($validation_errors)

So, now action hook and filter are merged into one function. If both last password forms reCAPTCHA are set to Yes, wp_remote_get("https://www.google.com/recaptcha/api/siteverify?...") will be executed only once. Maybe it is a dirty solution, but it works.

Regards,

function uv_wc_lostpassword_form_validate($validation_errors)

{

    $user_verification_settings = get_option('user_verification_settings');

    $wc_lostpassword_form = isset($user_verification_settings['recaptcha']['wc_lostpassword_form']) ? $user_verification_settings['recaptcha']['wc_lostpassword_form'] : '';

    $default_lostpassword_page = isset($user_verification_settings['recaptcha']['default_lostpassword_page']) ? $user_verification_settings['recaptcha']['default_lostpassword_page'] : '';

    $captcha_error = isset($user_verification_settings['messages']['captcha_error']) ? $user_verification_settings['messages']['captcha_error'] : __('Captcha Error. Please try again.', 'user-verification');

    $secretkey = isset($user_verification_settings['recaptcha']['secretkey']) ? $user_verification_settings['recaptcha']['secretkey'] : '';

    $res = isset($_POST['g-recaptcha-response']) ? sanitize_text_field($_POST['g-recaptcha-response']) : '';

    if ($wc_lostpassword_form == 'yes' || $default_lostpassword_page == 'yes' && isset($_POST['g-recaptcha-response'])) :

        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretkey . "&response=" . $res);

        $response = json_decode($response["body"], true);

        if ($response["success"] != true) {

            $validation_errors->add('registerCaptchaError', $captcha_error);

        };

    endif;

    return $validation_errors;

}

This reply was modified 3 years, 2 months ago by Vjekoslav Vučić.
This reply was modified 3 years, 2 months ago by Vjekoslav Vučić.

Thread Starter

Vjekoslav Vučić

(@vjekoslavvucic)

3 years, 2 months ago

Good morning (afternoon?) from beautiful BA, from sunny Mostar.
We say “The morning is smarter than the evening”.
So here is my final refactor of the functions-recaptcha.php, release 2.0.4:

Remove completely your added filter ‘lostpassword_post’ lines 240-262.
Change function uv_wc_lostpassword_form_validate($validation_errors) lines 491-516 to:

function uv_wc_lostpassword_form_validate($validation_errors)
{

    $user_verification_settings = get_option('user_verification_settings');
    $wc_lostpassword_form = isset($user_verification_settings['recaptcha']['wc_lostpassword_form']) ? $user_verification_settings['recaptcha']['wc_lostpassword_form'] : '';
    $default_lostpassword_page = isset($user_verification_settings['recaptcha']['default_lostpassword_page']) ? $user_verification_settings['recaptcha']['default_lostpassword_page'] : '';
    $captcha_error = isset($user_verification_settings['messages']['captcha_error']) ? $user_verification_settings['messages']['captcha_error'] : __('Captcha Error. Please try again.', 'user-verification');
    $secretkey = isset($user_verification_settings['recaptcha']['secretkey']) ? $user_verification_settings['recaptcha']['secretkey'] : '';
    $res = isset($_POST['g-recaptcha-response']) ? sanitize_text_field($_POST['g-recaptcha-response']) : '';

    if ($wc_lostpassword_form == 'yes' || $default_lostpassword_page == 'yes' && isset($_POST['g-recaptcha-response'])) :

        $response = wp_remote_get("https://www.google.com/recaptcha/api/siteverify?secret=" . $secretkey . "&response=" . $res);
        $response = json_decode($response["body"], true);

        if ($response["success"] != true) {
            $validation_errors->add('registerCaptchaError', $captcha_error);
        };

    endif;
}

Hope that my small contribution is good enough because User Verification is really what I need.
Mika Epstein, author of the Register IP’s wrote in the plugin description:
“Spam is one thing, but trolls and sock puppets are another.
Sometimes people just decide they’re going to be jerks and create multiple accounts with which to harass your honest users…”

Please, don’t be too strict, I am new in the PHP world.

Regards

azizulraju

(@azizulraju)

3 years, 2 months ago

Hi @vjekoslavvucic,
You did a great job, and I can’t thank you enough for your effort. Your code helped us a lot to identify the issues quickly.

We just released an update for user verification(2.0.5). Please update your plugin to the latest version, and again thank you for your contribution.

Regards

This reply was modified 3 years, 2 months ago by azizulraju.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘User Verification lost password reCAPTCHA error’ is closed to new replies.