[ZendTo] ZendTo and reCAPTCHA v2

[Jules]

John,

As you surmise at the end of your message below, you are going to have 
to upgrade ZendTo.
I switched away from the nasty v1 reCAPTCHA quite some time ago.
You can now use either the v2 reCAPTCHA or even their new "invisible" 
one. It works in ZendTo, but you may find 1 page where you get a "Next" 
button and nothing else, as I couldn't work out how to embed the CAPTCHA 
into the previous page *or* that page, depending on whether the admin 
chose reCAPTCHA v2 or the "invisible" one.

So the "invisible" reCAPTCHA support isn't perfect, but it should work.

Personally I would go for the standard v2 one on a production system.
Configuring reCAPTCHA is dead easy, the instructions are in 
preferences.php right by the settings. Google let you just create 1 key 
pair for your entire domain (thankyou Google!).

And at the same time, *before* you upgrade to ZendTo version 5, make 
sure you read
     zend.to/upgrade.php
as well as the relevant notes under the download links on 
zend.to/downloads.php. Those notes will tell you about any database 
schema changes you might need to make.

You will probably find it easier to build a new ZendTo server VM from 
scratch (installation of version 5 is dead easy with the new installer I 
wrote), and then just port your database and drop-offs over from the old 
to the new. Or else just shut down your old one and start a blank new 
fresh one; all the drop-off data is temporary anyway.

Cheers,
Jules.

On 07/03/2018 20:29, John Thurston wrote:
> On 3/7/2018 10:26 AM, Dippery, Kyle wrote:
>> We've had V2 set up on our site for a year or two, since whenever Are
>> You A Human went away.  I remember it being easier than I'd expected
>> to get set up.
> I've registered new keys, and shoved them into my preferences.php (in
> place of the V1 keys). When I 'view source' on my application page, I
> see the new key is being passed in the k= parameter of the form, so it
> has found the new key. It is, however, continuing to display the V1
> captcha, with periodic warnings in the box telling of its imminent demise.
>
> I think the underlying problem is in source. As documented here:
>     https://developers.google.com/recaptcha/old/docs/tips
> V1 sends its challenge to
>     www.google.com/recaptcha/api/challenge?k=
> or to
>     www.google.com/recaptcha/api/noscript?k=
>
> But as documented here:
>     https://developers.google.com/recaptcha/docs/display
>     https://developers.google.com/recaptcha/docs/faq
> V2 sends its challenges to
>     www.google.com/recaptcha/api.js
> or to
>     www.google.com/recaptcha/api/fallback?k=
>
> Reading through the ZendTo changelog:
>     http://www.zend.to/changelog.php
> it appears that support for the "much nicer new reCAPTCHA" was
> introduced in 4.12-5
>
> Since I'm running 4.11, it looks like I'm gonna have to deploy new code
> before the end of March.
>
>
>
> --
>      Do things because you should, not just because you can.
>
> John Thurston    907-465-8591
> John.Thurston at alaska.gov
> Department of Administration
> State of Alaska
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'What happened in the past that was painful, has a great deal to
  do with what we are today.' - William Glasser

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654