[ZendTo] reCAPTCHA issue

Jules Field Jules at Zend.To
Mon Jul 9 10:23:18 BST 2018


Curious.
Time for some serious debugging...

Take a safe copy of the file /opt/zendto/www/verify.php.
Edit it in your favourite text editor.
Starting at about line 100 you will see a chunk of code like this:

             // Old version 1 code.
             // $resp = recaptcha_check_answer($reCaptchaPrivateKey,
             // getClientIP(),
             // $_POST["g-recaptcha-response"]);
             $recaptcha = new \ReCaptcha\ReCaptcha($reCaptchaPrivateKey);
             $rcresponse = 
$recaptcha->verify($_POST["g-recaptcha-response"],
getClientIP());
             if ($rcresponse->isSuccess()) {
               $resp = TRUE;
             }
             if (!$resp) {
               foreach ($rcresponse->getErrorCodes() as $code) {
                 if ($code == "missing-input-response")
                   $code = gettext("I do not think you are a real person.");

Look for the "Old version 1 code" comment and you'll soon find it.
Immediately after this bit:
             if ($rcresponse->isSuccess()) {
               $resp = TRUE;
             }
add this extra line:
             $theDropbox->writeToLog("reCAPTCHA text: " . 
$_POST["g-recaptcha-response"]);

Save and exit the editor.
Try the drop-off process again.
This time, after it fails, do a
     tail /var/zendto/zendto.log
command and it will show you the last few lines of the log.
What does that show on the line that starts "reCAPTCHA text"?

Cheers,
Jules.



On 09/07/2018 10:09, Istyak Ahmad wrote:
> Yes, it's false
>
> 'recaptchaInvisible'   => FALSE,
>
> Regards,
>
> Istyak Ahmad
> NIIT Limited | A-24 Infocity, Sector 34, Gurgaon - 122004
> Phone: +91 9654505787, 0124-4916544
>
> -----Original Message-----
> From: Jules Field <Jules at Zend.To>
> Sent: Monday, July 9, 2018 2:27 PM
> To: Istyak Ahmad <Istyak.Ahmad at niit.com>; ZendTo Users <zendto at zend.to>
> Cc: M A Young <m.a.young at durham.ac.uk>
> Subject: Re: [ZendTo] reCAPTCHA issue
>
> Istyak,
>
> Please make sure you have set
>
> 'recaptchaInvisible'   => FALSE,
>
> in preferences.php. The "Invisible" one has some problems right now, sorry.
>
> Cheers,
> Jules.
>
> On 09/07/2018 09:35, Istyak Ahmad wrote:
>> Dear Jules,
>> Yes, private key is end with a "-".
>> I re-created the keys & tried, but getting the same issue.
>>
>> Regards,
>>
>> Istyak Ahmad
>> NIIT Limited | A-24 Infocity, Sector 34, Gurgaon - 122004
>> Phone: +91 9654505787, 0124-4916544
>>
>> -----Original Message-----
>> From: Jules Field <Jules at Zend.To>
>> Sent: Monday, July 9, 2018 1:56 PM
>> To: ZendTo Users <zendto at zend.to>
>> Cc: M A Young <m.a.young at durham.ac.uk>; Istyak Ahmad
>> <Istyak.Ahmad at niit.com>
>> Subject: Re: [ZendTo] reCAPTCHA issue
>>
>> Google now appear to do all the CAPTCHA stuff over https and no longer support proxies in the middle.
>>
>> Also, does your "private key" really end with a "-"?
>> The 2 keys should be exactly the same length.
>>
>> Cheers,
>> Jules.
>>
>> On 09/07/2018 08:43, M A Young via ZendTo wrote:
>>> On Mon, 9 Jul 2018, Istyak Ahmad via ZendTo wrote:
>>>
>>>> I have done the following settings in the preference.php file, but
>>>> captcha verification is getting failed. Kindly help if you have any
>>>> solutions to fix the captcha issue.
>>> That message probably means the connection from your zendto server to
>>> google to verify the captcha is failing. I was seeing it last week on
>>> a test server until I worked out a way to persuade it to use a web proxy.
>>>
>>> 	Michael Young
>>>
>>> _______________________________________________
>>> ZendTo mailing list
>>> ZendTo at zend.to
>>> http://jul.es/mailman/listinfo/zendto
>> Jules
>>
>> --
>> Julian Field MEng CEng CITP MBCS MIEEE MACM
>>
>> South Utsire: Northwesterly 6 to gale 8 veering northerly 4 or 5 later.
>> Moderate or rough. Fair. Good.
>>
>> www.Zend.To
>> Twitter: @JulesFM
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> Visit us at: http://www.niit.com
>> Follow us on: http://www.twitter.com/niitltd
>>
>> ----------------------------------------------------------------------
>> ---------------------------------------
>>
>> DISCLAIMER
>> This email and any files transmitted with it are confidential and are solely for the use of the individual or entity to which it is addressed. Any use, distribution, copying or disclosure by any other person is strictly prohibited. If you receive this transmission in error, please notify the sender by reply email and then destroy the message. Opinions, conclusions and other information in this message that do not relate to official business of the company shall be understood to be neither given nor endorsed by NIIT Ltd. Any information contained in this email, when addressed to Clients is subject to the terms and conditions in governing client contract.
> Jules
>
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Gaze not into the abyss, lest you become recognised as an abyss
>    domain expert, and they expect you to keep gazing into the damn thing.'
>                                              - @nickm_tor
>
> www.Zend.To
> Twitter: @JulesFM
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'What happened in the past that was painful, has a great deal to
  do with what we are today.' - William Glasser

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654




More information about the ZendTo mailing list