Wrong verification code

Unfortunately have problem with the image verification code, always says Sorry you've entered wrong verification code, even though correct case sensitive code has been put in. im using latest chrono form version. Tried with and without mambot. Any suggestions, im using version joomla 1.01.10. thanks in advance.

Found out that the session variable is not getting stored from the /administrator/components/com_chronocontact/chrono_verification.php file when it draws the image.Probably server related, I can store session varables directly in the main code com_chronocontact.php and html. Any hack/mod to get around this?

I had a similar problem with the SecurityImages extension and found this hack which went into the code checker page. I don't know if it works with ChronoForms and it needs to be modified to use the ChronoForms session name.

	//should fix problems that
	//occur when you're using a script on your Joomla! site that has started a session 
	//with a different session name than "md5($mosConfig_live_site)" before Security Images
	//can do that (= SMF bridge, VirtueMart and many others).
	//The checker code is affected by such problems, not the image generation code.
	//So the checker code must check for an opened session with a different session 
	//name, stop that session and start a new one. EASY!
	if (empty ($_SESSION))
	{
		session_name(md5($mosConfig_live_site));
		session_start();
	}
	elseif (session_name() != md5($mosConfig_live_site))
	{
		$old_session = session_name();
		session_write_close();

		session_name(md5($mosConfig_live_site));
		session_start();
	}

Bob

Didit solve the problem unfornunately. Tried to set and detect the session name using your code and session was empty when verification code file ran, so code used the new session name. When chronoforms.php file ran the new session that was set in verification script did not exist.

Hi Stephen,

Hmmm sorry, don't know much about sessions. I'd have to blunder around in the dark using trial and error. Perhaps Max has an idea?

Bob

Hi, do you try this on your machine or a live server ? does your template file contains any session_start(); statements ?

Max

Hi the programme is on a live server and no sessions are run in template file. All sessions get emptied just before and after verification file runs. I am running on a php live server with safe mode on, would that cause problem with sessions? I have tested it on another server setup without safe mode and your code works fine.
If the program called the verification as a function it may then work.
Thanks for everyones suggestions.<br><br>Post edited by: stephenfoster, at: 2007/06/30 17:56

Hi Stephen,

first, its not a joomla recommend to have safe mode ON but lets try this and see if they will help solving it :

#1 - try to add this line at the top of the verification file :

defined( '_VALID_MOS' ) or die( 'Restricted access' );

#2- comment line : session_start(); at the verification file.

Please let me know what happens

Cheers

Max

The defined( '_VALID_MOS' ) or die( 'Restricted access' ); stops the verification file displaying. Commenting out the session_start(); didt solve it either😟

Finally solved the problem and thought id share incase anyone else has similar issue.

Removing session save path from Joomla configuration.php solved the problem.

Is there any chance the verification file could check to see if a there has been a session folder specified in Joomla config and save the verification session varibles to that folder instead of the master php session folder?

Many thanks for great form component which I have now purchased.

Thanks Stephen, I will try to put this at the new version to be released in a few hours, if not then it will be at the next one.

Cheers

Max

Any word if this was ever solved?
I have this issue and dont see the session option in the configuration.php file.

I am running 2.3 on joomla 1.5 rc2

Hi ccondo,

I did a file diff on 2.3 RC1 when it came out and, from what I remember, the paths issue was fixed but nothing changed on sessions.

Bob

Hi ccondo,

At your joomla Config, do you have anything in the session save path field ?

Cheers

Max

You are refering to configuration.php in the root of joomla right?

The only line that says anything about session is:
var $session_handler = 'database';

Hi ccondo,

Ok, will check for that

Are there any updates on this? I am also getting the error "Sorry, you have entered a wrong verification code" whenever my form is submitted (and correct verification is entered). I am using Joomla v1.0.12 and Chrono Forms v2.3. Is there some change I need to make to the Joomla config file?

Hi drcleave,

I think that you need to make sure that Session Management is set to 'None' in the Global Config. Also make sure that you have the latest version 2.3.5

Bob

Yes, I have 2.3.5. However, I do not see any setting for Session Management in my Joomla Global Configuration. Is this something specific to Joomla v1.5?

Hi drcleave,

You're right - not in my 1.0.x config either.

Sorry for the red herring. This does usually seem to be a session management issue, Max has posted a few individual fixes. I don't know if all of them are already in 2.3.5 though.

Bob

Hi drcleave,

Please see if the fixes at this post solves it for you :
http://www.chronoengine.com/index.php?option=com_fireboard&Itemid=37&func=view&id=3490&catid=2#3490

Let us know!

Cheers

Max

No, that did not help.

I just re-downloaded v2.3.5 and uploaded all the new files to my server. I also removed session_name(md5('chrono')); from the chrono_verification file. Neither of these have helped... I am still getting the wrong verification code error.😟

Hi,

Not sure if this is possible, can I get FTP/Joomla login to your site ? I will see whats the problem there and fix in the 2.3.6 which is ready but I just want to include last fix for this issue!

Thanks!

Max

This is a client site, and I cannot give out FTP/Joomla login. Is there another way around this?

Iam sorry but I need to try many possibilities which will include code editing!!

I have been given the ok by the client to provide access to our site. Please let me know how can I send this information to you securely? Thank you.

Hi drcelave,

You can contact Max safely using the Contact form, click 'Contact Us' above (the form uses ChronoForms to send him an email).

Bob

Hi, I read this through and I don't know if I am asking the same question - I'm getting quite a few complaints from people trying to use the form on my website about the rather frequent image verification errors (ie when you type in the right code but chronoforms says it's the wrong one). My form is going to external people so absolutely has to have spam protection - is there anything I can do? I have just tried switching off truetype fonts to see if this makes a difference.
Thanks,
Martin

Hi Martin,

Hard to tell what the problem might be - and probably there are several things going on. ChronoForms generally should either verify or not verify, it shouldn't behave unpredictably. But this is the internet and there are many variable.

If it works with fonts on your site that it should be OK to leave them on.

There are a few things that you can do to improve the user experience if you haven't already done so. The biggest is to make sure that no data is lost if the verification fails (for any reason). To do this you need to set the form values from the submitted data.

Second, Max posted a refresh button recently that will generate a new image if people can't easily read the one presented. I'm sure it's in the last 7-10 days posts somewhere.

Lastly, add a short note explaining why the validation is there and caution that that occasionally there can be problems (human and system).

Bob

OK then, I will stick with that, thanks!

Hi again, I'm wondering about two things.

1. First, where are we with the mambot - does it work with image verification? I realised that image verification usually fails the first time and works the second, which I think is because it loads first as the mambot embedded in the page, and then reloads as the component.

2. is there a conflict with the SEF? I'm not 100% sure how all this works, but, I have noticed from server logs that I get some bad requests for the Chronoforms java scripts. This is because in the source, they are called up as, for example, "<script src="/components/com_chronocontact/js/prototype.js" type="text/javascript"></script>" But if I have SEF running, then the page itself is not in the root, and so it is searching for the script in a subdirectory that doesn't exist.

Take a look at http://www.labourbehindthelabel.org/do/action/livingwage2007

Cheers,
Martin

PS: Incidentally, I love you guys!<br><br>Post edited by: suavemart, at: 2007/12/07 00:56

Hi Martin,

Thank you, Regarding #1, what version of the component you have and the mambot ?

#2- I think this may be an issue yes and we will fix in the next release!

Sincerely,

Max

Hi Max, I have plugin version 0.5, component version says "2.5 J1.5 RC1" - I think it's 2.3.5.
Cheers,
Martin

Hi suavemart,

Sorry for the delay in response, so lets track this problem, Could you please clarify this sentence more :

"because it loads first as the mambot embedded in the page, and then reloads as the component."

also, do you have a Joomla 1.0 install on the same server ?

Sincerely,

Max

Thanks for your message Max.

The form is at embedded in a content page here

When I fill this form in, it ALWAYS says "sorry, you have entered a wrong verification code" the first time. When the form reloads (and I set it up as suggested to reload the form data), I don't get the page in which it was embedded, just the form here

This time the image verification works fine.

I don't have a Joomla 1.0 install running, I upgraded the site a couple of weeks ago (so it may be possible that there are old bits of code hanging around, if that is your reason for asking).

I hope you can help!

Best,
Martin

Edited to add URL tags<br><br>Post edited by: GreyHead, at: 2007/12/20 19:54

Hi Martin,

I see, there is a small glitch in the bot code of J1.5, here its :

Please find those lines of code at mambots/content/chronocontact.php

if(trim($paramsvalues->imagever) == 'Yes'){
		$imver = '<input name="chrono_verification" type="text" id="chrono_verification" value="">
              <img src="'.JURI::Base()
            .'/components/com_chronocontact/chrono_verification.php?imtype='.$paramsvalues->imtype.'">';
	}

please remove the extra "/" so they are :

if(trim($paramsvalues->imagever) == 'Yes'){
		$imver = '<input name="chrono_verification" type="text" id="chrono_verification" value="">
              <img src="'.JURI::Base()
            .'components/com_chronocontact/chrono_verification.php?imtype='.$paramsvalues->imtype.'">';
	}

Thank you for posting your URL because it helped solving it quickly!!🙂

Sincerely,

Max

Thanks Max, I changed the code, but it is still doing the same thing...

incidentally, i changed code in plugins/content/chronocontact.php

Hi suavemart,

Sorry for the delay, So it is not working after this change ?

Cheers

Max

Thanks for the fantastic Component, and your responsiveness Max.

To add to this thread...

For the site http://www.little-glass-shack.com/newsite
Joomla 1.0.13 with the following components installed:

- Virtuemart
- ChronoForms

I have one contact form available to the general public, so it needs verification.
The form is here

I too am getting the "Sorry you have entered a wrong verification code" no matter what I enter.

I have tried all suggestions in this thread....no luck. I really want to keep Chronoforms, as it's simple and does exactly what I need...except for this one little, but crucial item.

Do you have any definitive answers as to what is causing this? If we can figure this out, maybe we can document the solution for all?

Thanks!
tom

Edited to add url tag<br><br>Post edited by: GreyHead, at: 2007/12/20 19:47

Hi Tom,

Sorry, I've been busy with some client stuff for a day or two. I can see that this doesn't work for you😟 I'll see if I can devise some more debug code that might help pin down what's happening.

Bob

Hi, I went away too so sorry for my delay! It is all still not working (ie. I get "you have entered a wrong verirication code" the first time).

Hi Tom, I just tested and I see you have a different problem to me, in that my problem seems to be with the mambot/plugin for J1.5, whereas yours is with the component for J1.0. Just to make sure we have that clear.

Martin

Yes...this is Joomla 1.0.13

I'm not really sure where to even look from here. Should I just get some other verification and not use the one that comes with Chronoforms?

Have you tried running without verification? Do you expect an awful lot of spam? We don't get much at all, but we need it because the forms go to external contacts.

Hi Martin, Tom,

I see you still face the problem and it is not fixed yet, could you forward to me temporary FTP access and Joomla access with at least administrator privileges ? This way I will try to fix it myself even by hacking chronoforms and note this for future releases too!

Use the contact us page above to send these details!!

Sincerely,

Max

Thanks so much Max! Would you mind sending me an email off list so I can give you Admin access?

Cheers,
tom

Hi Tom,

You can safely send the info to Max through the Contact tab above.

Bob

I have the same problem, occuring since uninstalling 2.3.6 and installing 2.3.7 (upgrade didnt work out - "some component is using this dir").

It says wrong verification code and then the following error message appears:

Fatal error: Call to a member function on a non-object in /var/www/html/components/com_chronocontact/chronocontact.html.php(59) : eval()'d code on line 2

Edited to change code tag to quote<br><br>Post edited by: GreyHead, at: 2008/02/01 13:27

Hi minimalniemand,

You can usually upgrade by downloading the upgrade package and FTPing over the existing installation. In this case I'm guessing that maybe there were some uploaded files that weren't removed.

The eval()'d code usually refers to something from one of the ChronoForms input boxes. I don't remember what's on line 59 but looking there might give you a clue about where to look next.

Bob

I discovered something: This only happens, when the website is set offline in the global configuration ...

hi there,

any good news about these bugs?? i have both the problems about verification code: sometimes, at first time the verification code doesn't work, and everytime that verification code is wrong the message "invalid code" is still visible for all session...
i have installed joomla 1.5 mombot 0.8 and chrnoform 3.0 beta..😢

Hi mareforzanove,

We have V3 stable now, please get it upgraded and retest and let me know!

Cheers,
Max

hi,
sorry but i have still installed version 3.0 stable and give me the same errors about wrong verification code....any suggestions?

which browser are you testing with ? can you show me some link ?

i had tested with ie 6, ie 7 e firefox last version..
everytime same problem
i have installed chronoform component v3 stable, module 1.1.0 e mambot 0.8
sorry, i can't write website, could you tell me any suggestions?

Hi, do you have cache enabled for this site ?

yes, but everyone have cache enabled i think :-)

Not me, try to disable it and recheck ?

Cheers,
Max

i'have just tried : nothing
our form is in the module.. maybe is there the problem?

when i put the form in a page, it work well
when i put form in the module or in an article with the component chronoform and module place here, the problem of wrong verification code still run.

Hi, to use V3.0 stable in a module or an article then you must have mambot V0.8 V3.0 stable OR mod chronocontact V1.1, no others will work!

Max

yes, maybe i don't explain very well..

i have used module chronocontact 1.1.0 component v 3 stable and mambot 0.8

i will send by pm a link to our website, so you will check 😢

ok, seems there is a problem with the module, I will check this and get another version for testing!

Cheers
Max

ok thank you, waiting for your good news

Hi Max,
I have the same problems of mareforzanove.i have installed chronoform component v3 stable, module 1.1.0 e mambot 0.8.The verification code doesn't work, and everytime that verification code is wrong the message "invalid code" is still visible for all session.

Thank you.Waiting for yours news

Hi LuiMarLove,

this happens with the module only and not the component itself, correct ?

Cheers
Max

Hi Max,
when i put form in the module or in an article with the component chronoform , the problem of wrong verification code still run.

Bye

Hi LuiMarLove,

Ok, a complete revised versions will be out for both the mambot and the module and new version of Chronoforms, so check back soon.

regards
Max

Hi, are there same news about the wrong verification in the plugin?

Thank you, Jan

Hi Jan,

Not yet ready, but working on it currently!

Regards
Max

Ok, thanks for the information. Jan

Hi there,

I'm using chronoforms for two different forms. When I created those forms, like 1 month ago, both worked just fine with the imageverification. Now I got the problem with the imageverification failure ("Sorry, You have entered a wrong verification code") with one of them, altough I didn't change anythingface-meh-blank It just stopped working over the weekend. lol
I know it sounds strange, but the 2nd form is working correctly.

Do you guys have an idea or even better a solution?

best regards

Hi Sambuca,

is this a Joomla 1.0 or J1.5 site ? are you sure you didn't change ANY thing in this form ? can I see it somewhere ?

Regards
Max

HI there,

It's J1.0 and yes, I'm sure of that. I wasn't even around over the weekend when this happened. I'm information technologist myself and I know how strange this sounds, but I can't change the fact🙂

not working form:
http://sscvilters.ch/index.php?option=com_chronocontact&task=send&chronoformname=JO

working form:
http://www.sscvilters.ch/index.php?option=com_chronocontact&chronoformname=Mitgliedschaft&Itemid=36

Thanks for your help.

I found that is because you don't have www. in the non working form link! not strange😉

Cheers
Max

Ok, I changed the link and it seems to be fixed now. Thanks.

But still kinda strange that it worked for some time, maybe it was even a browser-related problem with resolving the adress without www.

Thanks again.

I think its a joomla related sessions issue, I don't believe this happens in J1.5

Regards
Max

Dear Max,

any good news about fixing problem on wrong verification code?

Hi mareforzanove,

whats the problem you have exactly ? is it J1.5 ?

Max

Hi there
I have read through this script with interest.
A few weeks back, I got a form working fine in Joomla 1.015 using ChronoForms 2.3.9.
However, now that the site has gone 'live' and is available under its www. domain, the form now continuously throws up this Sorry, You have entered a wrong verification code. I have deleted the section in the HTML code that calls the imageverification, turned off image verification, deleted and re-created the database table but I still get this message even though the form hasn't got it set to use image verification anymore. I have also downloaded these changes, renamed the file, deleted the old form, uploaded the renamed old form and relinked but still I get this error. I have tried from IE and from Firefox but still this error.
Does anyone have any clues? Moving over the menu item shows the full link call with an http://www.domain.org/plus-all-the-normal-stuff but this <!-- w --><a class="postlink" href="http://www.domain.org">www.domain.org</a><!-- w --> is obviously being added by the system as the URL in the menu item field (Link URL) shows just the plus-all-the-normal-stuff detail.
Now I can't even set up a working form with or without image verification.
Thanks in advance to anyone who tries to help.
Regards
Michelle

Hi Michelle,

which files did you rename or change ? I suggest you test wit ha clean 2.3.9 install, did you try to backup your form then uninstall and reinstall then restore your form ? make sure that Anti Spam is OFF under the anti spam tab!

Regards,
Max

Max

Righteo... I have uninstalled and re-installed a fresh copy and uploaded the test form. This test form works fine until I turn on Anti-Spam. Then I end up in the endless loop of Image Verification failing by telling me I have entered an incorrect verification code. I can turn off the Anti-Spam and the form behaves correctly. I have also restored my original form which has the same results... works fine without Anti-Spam on but goes into an image verification failing loop if Anti-Spam turned on.
This was tested and working fine until our site went live with its proper URL. Other things that occurred would have been SEF turned on using sh404SEF. But sh404SEF is being told to skip SEF Urls for Chronocontact anyway. (Incidentally, I have Chronocontact working fine on another site which is also using sh404SEF). So any other ideas. Clearly something is conflicting and it relates to going live.

It is imperative I do get the Anti-Spam working as it won't take long before bots start submitting forms automatically. This happened fairly quickly on my other site.

Cheers
Michelle

Hi Michelle,

Have you purged the SEF URLs, I'm wondering if there is something not cleaning up correctly.

Is the site on-line?

Bob

Bob

Yes - I purged the SEF urls after I told sh404SEF to skip ChronoContact. I know that SEF is not being used because the URL to the form is using the Chronocontact/Joomla's format.

Yes - the site is online.

Regards

Michelle

Hi Michelle,

can you post the url to the form here or in a PM ?

Cheers
Max

Hi Michelle,

I have just logged in to your site and made sure all settings are correct (It was all correct, didn't change anything) and then tested both forms there, using "test" in all fields and everything is fine, went to the Thank you page at my 2 tests!

Regards,
Max

Max
Yes it works because I had to turn the Captcha verification stuff off. If you turn that back on I end up with this endless loop of wrong verification code. I need that working. I am already receiving spam.
Cheers
Michelle

The issue is because of wrong session clear.
You should correct your code in /components/com_chronocontact/cronocontact.php
Change:

$session->clear('chrono_verification');

To:

$session->clear('chrono_verification', md5('chrono'));

The issue was that:
If you failed at least once with captcha, then error stays forever (for session) even if you enter correct code then.

Hi there
I jumped in to see if this fix worked however my code is different. I don't have a line that looks like yours above.
Our site is built on Joomla 1.0.15 using Chrono Forms 2.3.9.
Regards
Michelle

Fix above is for J1.5.
As i see on J1.0 with 2.3.9 - there is no such issue. Besides code with sessions seems to be ok.

Hi,

@diver, wonderful catch! Thanks!🙂

Max

Diver
Max has confirmed I have the issue. At the moment, I am awaiting the outcome of a request to our developer to check if he changed some permissions when the site went live. It was working before our proper domain was propogated.
Regards
Michelle

Max has confirmed I have the issue

Where? As i see, he didn't:

...and everything is fine, went to the Thank you page at my 2 tests!

In order to help you i need to see the issue AND the code.
Check PM.

I have the same problem as Michelle - we recently took over a website from another company where the antispam worked, but now that we have moved the hosting it keeps saying that you have entered the wrong code (even if its correct). We're running Joomla 1.0.15 and ChronoForms 2.3.9.

Michelle - have you managed to solve this problem yet or does anyone out there know how to fix this as it is very urgent for us to make this work?

Thanks in advance!!!

I have gotten some more info on the server where the site is now hosted.

The site is on Windows and IIS server which doesn't use apache or linux. Could this be why the image verification is not working correctly. Could the relative paths be incorrect or something like that?

Hi donderhaas,

In J1.0 there was no Joomla session handler and so all sessions code was done the regular PHP way, sometimes sessions save path made problems and I think this is the case here, please check this with your host admin.

Cheers
Max

I'm having a similar issue on a site I'm working on for a client. We are using the file path for sessions on Joomla 1.0.13. I have "ini_set('session.save_handler', 'files');" set at the top of both chronocontact.php and chrono_verification.php. The initial session variable is getting written to the correct directory with contents like "chrono_verification|s:32:"eb6935e145bc39c0a3f93e59b6a0567b";", so it looks like that is working, but on submit, the "Sorry, You have entered a wrong verification code" message comes up even when the correct code is entered.

Potentially related, validation doesn't seem to be working either. The form can be submitted without entering any of the required fields.

Any suggestions? The form can be found here:

http://movingmountains.com/index.php?option=com_chronocontact&chronoformname=Contact-Us&Itemid=67

Image verification is currently disabled.

Thanks!
Lacy F.

Hi Lacy,

I don't know about the sessions, but the validation problem is most likely because you have both JQuery and Prototype (for the validation) loading in your page. That pretty much guarantees a Javascript conflict.

Bob

I'm having a similar issue on a site I'm working on for a client. We are using the file path for sessions on Joomla 1.0.13. I have "ini_set('session.save_handler', 'files');" set at the top of both chronocontact.php and chrono_verification.php. The initial session variable is getting written to the correct directory with contents like "chrono_verification|s:32:"eb6935e145bc39c0a3f93e59b6a0567b";", so it looks like that is working, but on submit, the "Sorry, You have entered a wrong verification code" message comes up even when the correct code is entered.

Potentially related, validation doesn't seem to be working either. The form can be submitted without entering any of the required fields.

Any suggestions? The form can be found here:

http://movingmountains.com/index.php?option=com_chronocontact&chronoformname=Contact-Us&Itemid=67

Image verification is currently disabled.

Thanks!
Lacy F.

Hi Lacy,

Check that it reads the correct path ? I'm not sure what is the problem here, there are some solutions posted by users earlier, you may run a quick search to find it!

Regards,
Max

Hello Everyone,

I am joining in this conversation. I am a bit confused with the 7 pages of this topic and if there was actually found a solution. This is what I have got: I have a form, which is identical to the sample one displayed here: http://www.chronoengine.com/tutorials/chronoforms-plugins/437-paid-registration-using-paypal-plugin.html except for instead of paypal I try to use authorize.net payment gateway. I do NOT have any validation form of field at all and yet I get the "You have entered an incorrect verification code." error.

Can you please help? This is a very burning issue. THANK YOU!