Subscribe: RSS
  • Hello, all. I’m feeling pretty stupid but I can’t get this to work. I’m using MODx 0.9.6. I have a WebLogin snippet call in the margin of my main template: [!WebLogin? &tpl=`Logintpl`!] It works fine if I disable Use CAPTCHA codes in the User configuration. However, once I enable it, web logins fails with "The security code you entered didn’t validate." I did not see an on/off parameter for captcha in WebLogin nor a placeholder for the image. I tried adding a [+captcha+] placeholder but, as expected, it didn’t do anything.

    I am seeing the same thing in WebSignup even with useCaptcha=`1`

    Captcha is working fine for logging into the Manager. What am I doing wrong? Thanks - John
      http://www.spiritualoutreach.com
      Making Christianity intelligible to secular society
    • I have the same problem, but I can’t say why. No reports in my system-manager.
        I think, thererfor I am! But what I am, and why...?
      • Hmm . . . I must be losing my mind! I thought I saw some replies about this being fixed in 0.9.6 and asking or my version to which I replied but all of that is missing from this topic now. In any event, I am using 0.9.6 rev 2767 and the problem still seems to be present. Is there some configuration setting I need to tweak or some placeholder to display the captcha graphic? Thanks - John
          http://www.spiritualoutreach.com
          Making Christianity intelligible to secular society
        • Quote from: gracedman at Jun 12, 2007, 02:16 PM

          Hmm . . . I must be losing my mind! I thought I saw some replies about this being fixed in 0.9.6 and asking or my version to which I replied but all of that is missing from this topic now. In any event, I am using 0.9.6 rev 2767 and the problem still seems to be present. Is there some configuration setting I need to tweak or some placeholder to display the captcha graphic? Thanks - John
          Several captcha issues were fixed for manager login. It apparently is broken in webuser login now however. If someone can add a bug report for this, it will be addressed for a patch release. In the meantime, does anyone have a patch for WebLogin/WebSignup that is working in 0.9.6?
          • I’ve just noticed that gracedman added the bug report here:
            http://modxcms.com/bugs/task/895

            I just wanted to mention it in case it had been overlooked (and kind of hoping there is a work-around)
            • Quote from: muso at Aug 22, 2007, 12:12 PM

              I’ve just noticed that gracedman added the bug report here:
              http://modxcms.com/bugs/task/895

              I just wanted to mention it in case it had been overlooked (and kind of hoping there is a work-around)

              You might want to check the WebLoginPE "Pirate Edition" tongue ... http://modxcms.com/forums/index.php/topic,17359.msg109552.html#msg109552
                Zaigham R - MODX Professional | Skype | Email | Twitter

                Digging the interwebs for #MODX gems and bringing it to you. modx.link
              • I think I have found a fix for this issue. However this fix enables the Captcha to work with the login, but I am sure altering the weblogin.processor.inc.php file to remove this need would also work if you wanted the login to not use Captcha.

                First, in the WebLogin snippet you need to add this code to the snippet custom settings area or at least before the output return:

                $useCaptcha = isset($useCaptcha)? $useCaptcha : $modx->config['use_captcha'] ;
                // Override captcha if no GD
                if ($useCaptcha && !gd_info()) $useCaptcha = 0;
                


                Second, add to the snippet call
                &useCaptcha=`1`
                


                Third, this is the slightly tricky part (well not really)
                open weblogin.inc.php and find this code
                $tpl = str_replace("[+action+]",$modx->makeUrl($modx->documentIdentifier,"",$ref),$tpl);
                        $tpl = str_replace("[+rememberme+]",(isset($cookieSet) ? 1 : 0),$tpl);    
                        $tpl = str_replace("[+username+]",$uid,$tpl);    
                        $tpl = str_replace("[+checkbox+]",(isset($cookieSet) ? "checked" : ""),$tpl);
                        $tpl = str_replace("[+logintext+]",$loginText,$tpl);
                


                after this code but before
                echo $tpl;

                add this code
                $capt = '<tr><td valign="top">Form code:*</td><td>';
                		$capt .= '<input type="text" name="captcha_code" class="inputBox" style="width:150px" size="20"><a href="[+action+]">';
                		$capt .= '<img align="top" src="manager/includes/veriword.php?rand=';
                		$capt .= rand();
                		$capt .= '" width="148" height="60" alt="If you have trouble reading the code, click on the code itself to generate a new random code." style="border: 1px solid #003399"></a>';
                		$capt .= '</td></tr>';
                		$capt = str_replace("[+action+]",$modx->makeUrl($modx->documentIdentifier,"",$ref),$capt);
                		if ($useCaptcha){ 
                		$tpl = str_replace("[+captcha+]",$capt,$tpl);
                		}
                

                Lastly find a place in your template add your [+captcha+] call. I placed mine after the table row containg the password and before the table row containing the Remember Me.
                Again I must confess that simply changin the weblogin.processor.inc.php file so that this is not necessary would probably be a quicker and possibly better fix.
                • For a simple bandaid fix, if do not need captcha in your webuser login but still want it for the manger, you can add the following line to the WebLogin snippet:

                  $_SESSION['veriword']='';


                  This will temporarily clear the captcha session value, and so the webuser login request will pass captcha validation. The manager login will generate a new captcha session value each time you visit the manager login screen, so it still works correctly.
                  • Hi,

                    I fixed this problem in this pull request

                    https://github.com/modxcms/evolution/pull/71

                    If you use a custom template please make sure a field "cmdwebsignup" exists. This is used to detect if the submit came from the WebSignup or not.

                    Cheers


                    • This kind of amazed me. The problem described above is only 6 years old :-/

                      Since a few weeks I'm using Captcha, because it looks a bit more secure towards some client. Well, it actually is a bit more secure ;-)

                      Anywho, Evolution 1.0.10 still uses the exact same weblogin snippet as Raymond wrote it back in 2004. That's 56 dog-years ago. Still the problem of login-errors with webLogin arise, when one uses Captcha. Meaning, you first get an weblogin-error ( that you have logged in wrong with your 100% correct login) and then logging in for a second time allows you to continue.

                      I didn't quite get the solution Cipa is offering above, because I'm not using webSignup at all. But the bandaid-fix of Richard seems to do the trick. I searched the forum for "captcha" and got zero results. Is it just me? Luckily Google brought me to this page.

                      So thank you Richard and thank you Google. [ed. note: IngMA last edited this post 5 years, 6 months ago.]
                        Accelerate your Windows system with 9.8 m/s2.