Good day,
First I want to thank you for all the great work chronoforms have.
The problem is this: I created 2 different forms on a website, both using Google recaptcha v2 (verification box). I used the recaptcha element on the designer, and load/check google nocaptcha elements on the setup (all in its place and the correct keys). However, everytime I tried to submit any of both forms the answer was "The reCAPTCHA wasn't entered correctly. Please try it again.", wheter trying directly or trough "test form". The google recaptcha admin site informed "We detected that your site does not verify the reCAPTCHA solutions. This is necessary for the correct use of reCAPTCHA on your site. Check our developer site for more information.". I checked all related forum posts here and tried different changes for hours. Finally, I changed the joomla error log to development and the log was:
Finally, I changed the server php option "allow_url_fopen" to "on" and the forms started working. However, I'm worried because from what I have read, having turned on this php option could be a security issue because, for example, file_get_contents can be used tu pass a file path instead of a url, accesing server files.
Could you inform us about the security issues here? Can other method be used here for response verification? (Curl??)
Thanks for your time! Regards,
PS: I'm using php 7.3
PS2: I'm not PHP savvy, that's why I'm asking you
PS3: English isn't my first language, sorry for any weird expression
First I want to thank you for all the great work chronoforms have.
The problem is this: I created 2 different forms on a website, both using Google recaptcha v2 (verification box). I used the recaptcha element on the designer, and load/check google nocaptcha elements on the setup (all in its place and the correct keys). However, everytime I tried to submit any of both forms the answer was "The reCAPTCHA wasn't entered correctly. Please try it again.", wheter trying directly or trough "test form". The google recaptcha admin site informed "We detected that your site does not verify the reCAPTCHA solutions. This is necessary for the correct use of reCAPTCHA on your site. Check our developer site for more information.". I checked all related forum posts here and tried different changes for hours. Finally, I changed the joomla error log to development and the log was:
Warning: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/SITEACCOUNT/public_html/new/administrator/components/com_chronoforms5/chronoforms/actions/check_nocaptcha/check_nocaptcha.php on line 29
Warning:
file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=MYSECRETKEY&response=MYSECRETKEYRESPONSE):
failed to open stream: no suitable wrapper could be found in /home/SITEACCOUNT/public_html/new/administrator/components/com_chronoforms5/chronoforms/actions/check_nocaptcha/check_nocaptcha.php on line 29
Finally, I changed the server php option "allow_url_fopen" to "on" and the forms started working. However, I'm worried because from what I have read, having turned on this php option could be a security issue because, for example, file_get_contents can be used tu pass a file path instead of a url, accesing server files.
Could you inform us about the security issues here? Can other method be used here for response verification? (Curl??)
Thanks for your time! Regards,
PS: I'm using php 7.3
PS2: I'm not PHP savvy, that's why I'm asking you
PS3: English isn't my first language, sorry for any weird expression