Captcha not working / Set Password gives blank page, post-install of 2.1.9 to 2.1.10 Beta update

[tehchriso]

We were running 2.1.9 and on Monday(?) I installed the 2.1.10 Beta update to fix the issue with certain styles not asking for optional information. (e.g. M1A, supplying a varietal of honey.)

I've received numerous reports that judges now cannot register a new account to sign up for sessions. I've confirmed this on my end as well - Filling out the New Judge registration form in totality and checking the Captcha box -- Each time it gives the error:

"CAPTCHA was not successful. Please try again."

As a workaround I tried creating a participant manually from the admin dashboard, which works - BUT - when I try to use the Set Password feature, I get the pop-up asking if I really want to set their password - I click Yes - and I receive a blank, white page. The password change does not appear to take affect.

Thanks for any help you can offer. The competition judging doesn't start till 10/18/17 but of course we'd like to get judges logged in & registered ASAP. :-) Site is www.lincolnlagers.com/cup/ in case you want to review our specific install.

[geoffhumphrey]

Hello @tehchriso - thanks for reporting this. The latest commit resolves both of the issues you've reported. The fixes will be in the next release.

[tehchriso]

Thanks @geoffhumphrey - I've downloaded the latest commit from 10-4-17 and replaced the .php files on the server, but I still can't seem to get the captcha to function - either on the Register page or the Contact page.

I'm looking through the files on the host, and the correct $public_captcha_key value is present on the newly-uploaded files... But the captcha still no me likey.

Any suggestions what I should check next, off the top of your head?

[geoffhumphrey]

Off the top of my head... Check to make sure the HOSTED variable in paths.php is set to FALSE (there are two sets of $public_captcha_key variables defined in that file.

The other would be to generate Re-CAPTCHA keys specific to your domain via Google. Once the public and private keys are generated, replace the $public_captcha_key and $private_captcha_keys in the paths.php file and re-upload.

[geoffhumphrey]

By the way... I just tested the function and it seemed to be working properly. Perhaps its a matter of clearing browser cache/cookies.

[tehchriso]

Hmmm... I just tried it from Firefox, Private Browsing, on a PC which I've never visited our page from before... It got me as far as the "Click all the cars in these images" captcha stage, but then still said Captcha was not successful. How bizarre.

HOSTED variable is set to False.

I changed the entries to our generated Site and Secret keys for lincolnlagers.com, uploaded paths.php, and tried it again from yet another PC (got to love having a lab environment at my disposal) - and I'm still getting the Not Successful error. :(

Hmmmm.

[geoffhumphrey]

Hmm, indeed. I verified this is the case on your installation. Is it working on the contact page?

Try this. Change this line in both the /includes/process/process/process_contacts.inc.php (line 18) and the /includes/process/process/process_users_register.inc.php (line 30) files:

if (($_SERVER['SERVER_NAME'] == $response_data->hostname) && ($response_data->success)) $captcha_success = TRUE;

To:

if ($response_data->success) $captcha_success = TRUE;

See if that works...

[tehchriso]

Correct-The contact page Captcha still isn't working either, I tested both pages.

Applying edited code now... Looks like changing process_users_register and process_contacts did not affect it. The Captcha still fails on registration & contact pages.

Testing this using Firefox 56.0, running "Clear Everything" clean-up between each test... Chrome 61.0.3163.100 x64 in Incognito mode.... and IE 11.0.9600.

[geoffhumphrey]

If it's still not working despite changing that code, there's probably a greater issue that has to do with the validation on Google's end. Not finding anything useful on how to troubleshoot this kind of issue yet.

As a temporary measure, you can bypass the check by changing the value of the $captcha_success variable in the code to TRUE.

[tehchriso]

SWEET. That did the trick. I removed if ($response_data->success) from both pages & now contact & registration both pass the Captcha & submit successfully.

Thank you, thank you, thank you!!

I've started doing a clean install each year, so this will get me through October just fine! :)

[geoffhumphrey]

No problem. It should be noted that the validation is perhaps the most important part of the reCAPTCHA process. With bypassing validation, your installation could be vulnerable to spam bots.

[geoffhumphrey]

In the latest commit and in the next version, Admins will be able to (via Admin > Website Preferences) "fallback" to reCAPTCHA version 1 if version 2 is not working for their installation. It should be noted that reCAPTCHA version 1 is no longer supported by Google, but continues to function as expected.