Recaptcha V2 Errors and fixes

Support Extras
,
1

Not sure how I can edit this to reflect the fact that removing the hook is not a solution as quite rightly pointed out below. At the same time I don’t want to delete the whole post.

So… GO STRAIGHT TO THE SOLUTION - my ideas were not correct.

THIS IS A WORK IN PROGRESS - I’m just trying to work out what’s happening but this appears to be working for now…

After struggling to get ReCaptchaV2 working I came up with some workarounds. Firstly I can’t get the V2 tick box version working at all. It appears to work but you can send forms without actually ticking the box - so no good.

The only way I got the V2 invisible recaptcha to work is this…

&hooks=`FormItSaveForm,email,redirect

  • note I removed the recaptchav2 hook.

Nothing special about the next bit - just included…

[[!recaptchav2_render? &tpl=`recaptchav2_invisible_html` &form_id=`mainform` ]] [[!+fi.error.recaptchav2_error]]

BUT also note that I removed the submit button from my form because…

In the chunk…

recaptchav2_invisible_html

I changed the code to…

<script type="text/javascript" src="https://www.google.com/recaptcha/api.js?hl=[[++cultureKey]]"></script>
<script>function recaptchaV2SubmitForm(response){return new Promise(function(){document.getElementById('[[+form_id]]').submit();})}</script>
<div class="form-buttons text-right"><button input type="submit" class="g-recaptcha button hollow" name="submit_my_form" data-sitekey="[[+site_key]]" data-callback="recaptchaV2SubmitForm">Send Contact Inquiry</button></div>

This seems to work ie. spam is reduced greatly and it doesn’t seem possible to bypass the recaptcha. I don’t know why it works - simply trial and error so maybe somebody with more knowledge than me can explain or rewrite my effort above in a more coherent way.

Modx 2.8.1
PHP 7.4.2
Formit 4.2.6
ReCaptchaV2 3.2.2

2

I fail to see how this setup would protect you from any spam at all!

Without checking the recaptcha-value on the server (that’s what the recaptchav2 hook would do), every submitted value is valid.

3

I totally agree but it seems to work - there’s evidence for a similar approach here…

4

Nowhere in this “similar approach” do I see the bold decision to delete the recaptchav2 hook completely!

1 Like
5

It’s mentioned by the op in part of the thread. I’ve now edited my post to say that this is a work in progress while I try to figure it out.

6

Deleting recaptcha2 was only one step of the solution. Then it was reinstalled and the recaptcha2 hook is used on the form. Without the hook you aren’t using recaptcha.

1 Like
7

Thanks Lucy but it’s really confusing as even without the hook the validation tick box opens up and seems to work. I add the hook back in and it doesn’t work at all. For the time being I’m going back to the formit recaptcha.

8

Well what can I say - using Formit recaptcha…

Error: Could not load FormItReCaptcha service class.

9

There are multiple parts involved when using Recaptcha.
One part is the javascript code in the frontend to analyse the behaviour of the user. (This part is included with recaptchav2_render.)
The second part is the hook recaptchav2 that is executed on the server ONLY when the form is sent (to check the g-recaptcha-response-value submitted with the form).

When you only remove the hook, then the javascript code (on the frontend) is still working (and you see the tick box), but you never verify the submitted value.

Have you ever tried to analyse the response value of the API-call to Google, like I suggested in your last thread regarding Recaptchav2:

For example if your secret key is wrong, you should see something like this in the error log

[errorCodes:ReCaptcha\Response:private] => Array
        (
            [0] => invalid-input-secret
        )
10

Thanks for your patience with this. I did test at the time but I’ve just tested again.

No pertinent output to the error log just…

A load of: Language string not found

And this where snippet 18 is recaptchav2: [2021-07-04 13:52:46] (DEBUG @ /##/##/##/##/##/core/cache/includes/elements/modsnippet/18.include.cache.php : 79)

Trie dall the different levels of logging and also changed the snippet code as you suggested.

In chrome console I get a couple of: [Violation] ‘requestIdleCallback’ handler took 85ms

I’m wondering if upgrading to 2.8.3 might fix this but can’t help thinking that it won’t.

11

…with this in mind I’m going to rebuild the form from the ground up and test as I go along - it’s got to be something I’m doing wrong

12

I followed everything in Lucy’s post here and also stripped any styling / columns / divs out of the contact form as well as getting rid of…
&emailUseFieldForSubject=`1
…and it is now working. The crazy thing about this is - it’s a generic form I use on loads of sites. I’ve been through and checked those sites and it’s working on them. There are differences in that this was a brand new install of Modx 2.8.1 and PHP 7.4 with Formit 4.2.6. All other sites are still on the slightly older version of Formit and so I have to remember to go back and check those when updating Formit. Some part of the form or html wasn’t playing nicely with RecaptchaV2 and formit 4.2.6.

Here’s that link to Lucy’s solution… Formit w/Recaptcha Not Sending Email - #11 by lucy

13

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.