Forums

The reCAPTCHA wasn't entered correctly

evilsnoop 06 Aug, 2015
Am getting problems using the Google no captcha, I followed the youtube video but anytime I click submit I get the error message The reCAPTCHA wasn't entered correctly. Please try it again.

If I remove the captcha from the form, the form works. I deleted the Google key I had and remade a new key but still get the same problem.

Any help would be great.
GreyHead 07 Aug, 2015
Hi evilsnoop,

There isn't enough information here to give any clues. Please try using the Test Form or View Form link from the Forms Manager and see if the ReCaptcha works from there. If that makes no difference please drag a Debugger action into the On Submit event, then submit the form and post the debug - including the 'dummy emails' results here.

Note: if you are using the Easy Wizard you can turn on Debug on the Others tab in CFv4 or the Setup tab in CFv5.

Bob
evilsnoop 07 Aug, 2015
I try the test form and view form and still get the message, I attached a picture for my setup. I also added the debugger at the end in the "On Submit" but it is not showing any information.
GreyHead 07 Aug, 2015
Hi evilsnoop,

Please double check both ReCaptcha keys.

Bob
evilsnoop 10 Aug, 2015
Hello Bob,

I rechecked both ReCaptcha keys and they are correct. I even created a form on a next domain with keys for that domain and still get the same problem am not sure what I am doing wrong. If you want I can give you admin access to check.
GreyHead 10 Aug, 2015
Hi evilsnoop,

Please take a Form Backup using the icon in the Forms Manager and post it here and I'll take a closer look. I can test using my keys where I know it should work OK. That should help narrow down where the problem is.

Bob
evilsnoop 10 Aug, 2015
Here is the form backup.
GreyHead 10 Aug, 2015
Hi evilsnoop,

No obvious problems - I restored the form and changed to my keys and it appears to be working OK here. I made not other changes apart from the keys.

Bob
evilsnoop 10 Aug, 2015
Interesting so let me verify the process to register for the Google keys.

1) I visit this site https://www.google.com/recaptcha/intro/index.html
2) Click on Get reCAPTCHA
3) Enter my label, then the domain and then my email address
4) Click register

Once that is complete I see the Site Key and Secret Key

Do I need to use the Client-side Integration?
GreyHead 10 Aug, 2015
Hi evilsnoop,

That's sounds right. You only need the two keys from Google.

+ The 'site key' goes in the Load Google NoCaptcha action

+ The 'secret key' goes in the Check Google NoCaptcha action

In both cases it's just the long string of numbers and letters - no quotes brackets or anything else.

Bob
GreyHead 11 Aug, 2015
Hi evilsnoop,

That looks OK - it's not working for you though?

By all means PM me the site URL, the form name, and a SuperAdmin login and I'll take a quick look.

Bob
GreyHead 11 Aug, 2015
Hi evilsnoop,

I found the problem - though not the solution :-(

Your site hosting has disabled the PHP file_get_contents() method that ChronoForms is trying to use to send the NoCaptcha request to Google. With site Error Reporting at Maximum I got a message like this
Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0

You can check with your web-hosts to see if this can be enabled for the site.

If not then you can use one of the other Captcha methods, or, if necessary, it may be possible to add Custom Code to do the check using cURL.

Bob

PS I added a new FAQ with this info.
evilsnoop 11 Aug, 2015
Ok I will contact the host company and get back to you.
evilsnoop 12 Aug, 2015
Hey Bob,

I talked to the host company and they added a user.ini file which contained:

‘wp_memory_limit’, ‘128M’
php_value max_input_vars = 5000
allow_url_fopen;

The captcha was working I got a couple of test forms but every now and again I get the same error message about the captcha Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0

I waited about 45min and retried the test form but now it's not sending any the message is constant, I tried the Custom Code action with the Debug Code and I got back a $google_url and $response.

Can you advise on what to do next?
GreyHead 13 Aug, 2015
Hi evilsnoop,

Please set site Error Reporting to maximum and see if you still get Warning: file_get_contents(): If you do go back to your web host and get them to fix their fix.

Bob
evilsnoop 13 Aug, 2015
Hello Bob,

I contacted the host again but didn't get much help from them, am not sure they even knew what I was talking about, I still cant get the allow_url_fopen to be enable. I don't know why it worked for awhile yesterday and stopped. I tried uploading my own php.ini, php5.ini and user.ini but nothing seems to work so I give up.

I will just use the normal captcha or honeypot. Thanks for all the help on your end.
jpbhcom 18 Apr, 2016
1 Likes
I know this is an older message, but I figured if anyone runs into the same issue this may help.

Preamble...
[list=]I cannot claim that this option is more secure, or will work in your hosting environment.[/list]
[list=]I DEFINITELY recommend the developers updates over customizations like this whenever possible.[/list]
[list=]Use this at your own risk, as a last possible option.[/list]

This requires cURL, and is probably why file_get_contents() was used, making one less possible requirement.
If you make this change, You will need to make a backup before updating ChronoForms5.

Line 29 in :
/administrator/components/com_chronoforms5/chronoforms/actions/check_nocaptcha/check_nocaptcha.php

I replaced :
$response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));


With this:

// Original     $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));

                $ch = curl_init("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));
                curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                $response = curl_exec($ch);
                curl_close($ch);


If you see any flaws in my code, please please let me know.

I think it would be nice to add an optional selector to choose between cURL or file_get_contents() in the noCAPTCHA action?
paraszt 17 Jul, 2016



// Original     $response = file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));

                $ch = curl_init("https://www.google.com/recaptcha/api/siteverify?secret=".$config->get('secret_key')."&response=".$form->data('g-recaptcha-response'));
                curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
                $response = curl_exec($ch);
                curl_close($ch);



First of all, ChronoForms is a great extension, one of the most versatile there is. Congrats to the developers!

cURL, however, is a very good idea. And I think it should be implemented as default by the developers, or at least as an option.

Just an opinion, but allow_url_fopen is disabled on a lot of servers for security reasons, and the same servers probably won't allow php.ini files to override this setting either. Meanwhile cURL is widely used (also required by other J! extensions as well), plus every hosting provider who hasn't been living under a rock for the last 10-15 years has it.

Ultimately, if I'd have a server running without cURL, and a cliend would ask for it, I'd rather include it the next time I recompile Apache/PHP than to apply the relatively unsecure allow_url_fopen setting for the whole server.
This topic is locked and no more replies can be posted.