CAPTCHA doesn't always work

[arjkb]

I was playing around with the CAPTCHA, and I figured out a couple of things:

After the page loads (by this, I mean when the small rotating icon has finally finished with its rotation), I'm able to tick the captcha, and it ticks without actually asking me to type out any captcha. (Not to mention I'm also able to submit stuff). However, if I attempt to tick the captcha after waiting for sometime (when the captcha finally shows "session expired..."), then it properly shows me the image and asks me to type out the captcha.

The funny part is that this doesn't always happen. Like, the bug was there five minutes ago, and now it seems to have disappeared.

Also, after pressing the reset button, the captcha tick didn't get reset. (Pardon me if that was the intended behaviour).

[a0xnirudh]

The CAPTCHA is implemented in a wrong way as of now. It is shown properly but when the user clicks on the submit button, it has to be verified by sending back request to Google servers and then only the message should submit. But this is not the case as of now. I have understood the same couple of days back.

It should be done like specified here: https://developers.google.com/recaptcha/docs/verify

I didn't get time to resolve this as I was busy with other things. May be you should try it :)

[tonythomas01]

Actually, this is fixed after https://github.com/amfoss/cybergurukulam/commit/7b55d0dbf9265514fa45e1c28262756d5ba90979, 6 hours before. Currently - the php file checks if the user have entered the CAPTCHA - and do not necessarily check if he entered the right one - as you can see - currently - you cannot bypass it without clicking/answering the right question.

@arjunkbabu : thats natural - as sometimes the captcha can never ask - sometimes shows up 10 pics and ask you to select the cakes out of them and all. The idea is of course to be simple on humans and hard on bots ;)