On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • I am starting this topic as I have a real problem... and I’m very new to PHP...

    I need to integrate the reCaptcha into eForm...
    but the main problem is...

    the eForm submits the data before reCaptcha gets to work..

    this is what I have....
    a Recaptcha snippet....

    <?php
    # Set Snippet Paths
    $snipFolder = isset($snipFolder)?$snipFolder:'recaptcha';
    $snipPath = $modx->config["base_path"].'assets/snippets/'.$snipFolder.'/';
    
    require_once($snipPath."recaptchalib.php");
    $publickey = "--my publickey is here---";
    $privatekey = "--my privatekey is here--";
    
    # are we submitting the page?
    if($_POST["submit"]) {
              
                  $resp = recaptcha_check_answer ($privatekey,
                                    $_SERVER["REMOTE_ADDR"],
                                    $_POST["recaptcha_challenge_field"],
                                    $_POST["recaptcha_response_field"]);
    
    if (!$resp->is_valid) {
      die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
           "(reCAPTCHA said: " . $resp->error . ")");
       }
    }
    echo recaptcha_get_html($publickey, $error);
    ?>
    


    which is totally copied off the ReCaptcha site...

    and all I am doing is calling it onto the Form ie [[recaptcha]]

    The reCaptcha is displaying nicely... but how do I let it validate before eForm grabs all attention...

    I have tried cutting the Snippet in two so that the displaying part loads then I use another snippet with a function call to do the validation... doesn’t work the way I implemented...

    Your guys help would be greatly appreciated.. this project is a public charity organisation... getting people motivated & empowering them to contact their government representatives....


    P.S. Sorry Can you move this to the Eform Child Board.. Thanks!
    Thanks
      Paul AL Bakulich - Association for Computing Machinery Professional Member
      http://palbakulich.me/ | http://twitter.com/#!/palhmbs
    • I think you would need to either do the validation with JavaScript, or set a $_SESSION variable that will survive the reload and check that.

      BTW, if you’re willing to give up reCaptcha (which many people find hard to read), eForm and SPForm both have their own built-in Captca implementations.

      SPForm has a mathstring option that shows the user an image containing a simple equation to solve. So far it’s been unbreakable and with a little effort, it can be integrated into eForm.
        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
      • Hi Bob...

        I’ve been reading up on the Captcha thing in Modx....

        I also found a reCaptcha snippet that works for Jot...
        but Captcha didn’t work for me.... I had the usual trouble... even locked myself out of the
        manager....

        I think it could all come back to GoDaddy and the Register_Globals = off thing...

        I know I have all the GD libraries working... as the ReCaptcha and Captcha were both displaying...
        Just not validating....

        I tried using the hidden field thing on &eFormOnValidate=`checkfield` and loading the function before my eform snippet ie... [!eCheckField!] but couldn’t get it to display a validation error...
        (That suggestion was there... http://modxcms.com/forums/index.php/topic,34567.msg249120.html#msg249120)

        Could you elucidate me on what steps I need to take to do this...
        "Validation with JavaScript, or set a $_SESSION variable that will survive the reload and check that."


        I will check out your suggestions tho.. thanks! Really, really want to keep ReCaptcha....



        BTW My Modx Site Config....

        MODx version 1.0.0
        Version codename rev 5601
        Database Version: 5.0.67.d7-ourdelta-log
        Database Collation Charset utf8_general_ci
        PHP Version 5.2.8
        Linux blahblah.shr.prod.phx3.secureserver.net
        Server API CGI/FastCGI
        sendmail_path /usr/sbin/sendmail -t -i
        SMTP relay-hosting.secureserver.net
          Paul AL Bakulich - Association for Computing Machinery Professional Member
          http://palbakulich.me/ | http://twitter.com/#!/palhmbs
        • I think storing $_SESSION variables so that I can reload the page
          or using javascript to pre-validate the reCaptcha

          on the Form is what I need to do...
          but I don’t quite know how to implement!

          I have a piece of code attached that is an example on how to store session variables in php
          but I don’t know how to implement in Modx....
            Paul AL Bakulich - Association for Computing Machinery Professional Member
            http://palbakulich.me/ | http://twitter.com/#!/palhmbs
          • You shouldn’t need anything that complicated.

            Just this to save the session variable:


            $_SESSION['whatever'] = $myVariable;


            and, when you want to get it back:


            $someVariable = $_SESSION['whatever_you_saved_it_as'];


            at the point where you know the user is valid or now, save some keyword in a session variable. Then you can check for it at any point later on.

              Did I help you? Buy me a beer
              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/modx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting
            • At the moment I am trying to code in this method....

              My snippet is going to unset the $_POST
              save the sessions field values
              and then give them back

              unset($_POST['formid']);
              
              $_SESSION['name']  =  $fields['name'];  // do this for each field!!
              
              $fields['name'] = $_SESSION['name'];  // do this for each field!!
              


              Am I on the right track?

              Hope this works!
                Paul AL Bakulich - Association for Computing Machinery Professional Member
                http://palbakulich.me/ | http://twitter.com/#!/palhmbs
              • The above doesn’t work.... Here’s the steps I need....

                1. User Fills in the Form
                2. User Enters the ReCaptcha
                3. Validate the ReCaptcha & submit the form or return the ReCaptcha Error (in the correct place smiley ).

                I think I need to do the ReCaptcha validation with a Javascript step
                (I will try to put a javascript function in (instead of the ’submit’ on the form)

                The javascript can then dynamically submit the form if the ReCaptcha is vaid!
                  Paul AL Bakulich - Association for Computing Machinery Professional Member
                  http://palbakulich.me/ | http://twitter.com/#!/palhmbs
                • Quote from: paulhomebus at Nov 05, 2009, 07:29 PM

                  The javascript can then dynamically submit the form if the ReCaptcha is valid!

                  I’m no JS expert but that sounds about right. Here’s some of the code SPForm uses:

                  In the html form:

                  <form action="[[~[[*id]]]]" method="post" onsubmit="return checkform(this);">


                  Code to insert the checkform js:
                  <?php
                   $src = '<script type="text/javascript"> ';
                      $src .= ' /* <![CDATA[ */ ';
                      $src .= 'var requireName = ';
                      $this->spfconfig["requireName"]? $src .= "true; " : $src .= "false; ";
                  
                  $src .= 'function checkform (form) { ';
                  
                          $src .= 'if (requireName == true) { ';
                              $src .= 'if (form.name.value == "") { ';
                                  $src .= 'alert( "Please enter your name" ); ';
                                  $src .= 'form.name.focus(); ';
                                  $src .= 'return false; ';
                              $src .= '} ';
                          $src .= '} ';
                  
                      $src .= '} ';
                  
                      $src .= ' /* ]]> */ ';
                      $src .= '</script> ';
                  
                      $this->modx->regClientStartupScript($src);
                  ?>
                  


                  If you’re code returns false, the form won’t be submitted. Note that this isn’t Javascript code, it’s PHP code that creates JS code, so you should be able to do your reCaptcha check in PHP and just set a variable that the JS code will act on.
                    Did I help you? Buy me a beer
                    Get my Book: MODX:The Official Guide
                    MODX info for everyone: http://bobsguides.com/modx.html
                    My MODX Extras
                    Bob's Guides is now hosted at A2 MODX Hosting
                  • I’ve been told by someone in the know that the bots can easily bypass any javascript functions...

                    So I have been hacking at eform.inc.php again... I have replaced the vericode check with my own..
                    which means that in my snippet I set the flag &vericode=`1`

                    and replace code in eform.inc.php below this....
                    # check vericode
                    if($vericode) {

                    with this....

                    		# check vericode
                    		if($vericode) {
                    
                        		$CaptchaPath = $modx->config["base_path"].'assets/snippets/recaptcha/'; 
                     
                    		require_once($CaptchaPath."recaptchalib.php");
                    		$privatekey = "---my key---";
                    			$resp = recaptcha_check_answer()
                    
                    
                    			if ($resp->is_valid) {
                    			    break; // echo "You got it!";
                       			 } else {
                    		    # set the error code so that we can display it. You could also use
                       		    # die ("reCAPTCHA failed"), but using the error message is
                        		    # more user friendly
                        			die $vMsg[count($vMsg)]= $_lang['ef_failed_vericode'],  // "This died!";
                           			"(reCAPTCHA said: " . $resp->error . ")");	// $error = $resp->error;
                      				}
                    			}
                    


                    At the moment it is giving me the error message... when means it is processing but isn’t checking the ($resp) properly...

                    I think I am only a step away from getting this to work...
                    Will let you know when I do!

                    Thanks Bob for your suggestions...
                      Paul AL Bakulich - Association for Computing Machinery Professional Member
                      http://palbakulich.me/ | http://twitter.com/#!/palhmbs
                    • BTW, if you need real security, reCaptha might not be the answer. It uses dictionary words and you only have to get one of them right. Bots are getting better at decoding the captcha images and the only way to fight that is to make the images harder for humans to read. Also there’s a pretty easy way around it.

                      You just throw up a free site and insert the captcha images from sites you want to log on to as part of the free login to the site. The visitors solve the captchas for you and you send the correct response to the target site.

                      In the third world, children are hired for pennies a day to log onto sites with Captcha.

                      SPForm has a bunch of spam-proofing options (the equation, hidden form field, require mouse or keyboard, hidden key to prevent direct use of the mail function, etc.). I consider it a lot more secure from bots than reCaptcha but nothing is hack-proof.

                      There’s also a Mollom class for MODx that’s quite promising. It won’t show captcha images to your regular visitors and Mollom constantly monitors for bots, blocks them by IP and return address, and changes the captcha style frequently. Mollom can also respond to the quality of the content sent in an email or comment form using a complex algorithm.
                        Did I help you? Buy me a beer
                        Get my Book: MODX:The Official Guide
                        MODX info for everyone: http://bobsguides.com/modx.html
                        My MODX Extras
                        Bob's Guides is now hosted at A2 MODX Hosting