Hi, my hosting provider recently disabled allow_url_fopen, citing security concerns about remote execution of PHP scripts. Local changes to php.ini don't have any effect.
This has caused my Chronoforms V5 with Google NoCaptcha to fail at the captcha checking stage, throwing up the following error:
Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/xabrunic3/public_html/administrator/components/com_chronoforms5/chronoforms/actions/check_nocaptcha/check_nocaptcha.php on line 29
It doesn't look like the hosting provider is willing to change the security policy.
Rewriting the call to file_get_contents to replace it with curl seems to work OK (as per this post: http://goffgrafix.com/blog/2010/04/if-your-server-sets-the-allow_url_fopen-and-allow_url_include-php-directives-off/)
So editing check_nocaptcha.php line 29 as follows:
// JPH : Original call (commented out)
// $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));
// JPH : Rebuild using CURL as per http://goffgrafix.com/blog/2010/04/if-your-server-sets-the-allow_url_fopen-and-allow_url_include-php-directives-off/
$url_string = "https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response');
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url_string);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
// JPH : End of modification
This has caused my Chronoforms V5 with Google NoCaptcha to fail at the captcha checking stage, throwing up the following error:
Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/xabrunic3/public_html/administrator/components/com_chronoforms5/chronoforms/actions/check_nocaptcha/check_nocaptcha.php on line 29
It doesn't look like the hosting provider is willing to change the security policy.
Rewriting the call to file_get_contents to replace it with curl seems to work OK (as per this post: http://goffgrafix.com/blog/2010/04/if-your-server-sets-the-allow_url_fopen-and-allow_url_include-php-directives-off/)
So editing check_nocaptcha.php line 29 as follows:
// JPH : Original call (commented out)
// $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));
// JPH : Rebuild using CURL as per http://goffgrafix.com/blog/2010/04/if-your-server-sets-the-allow_url_fopen-and-allow_url_include-php-directives-off/
$url_string = "https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response');
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url_string);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);
// JPH : End of modification