Viewing 15 replies - 1 through 15 (of 21 total)
  • Hi, same issue here.

    You can run Google’s NoCAPTCHA demo without JavaScript so I think it is not a google problem. I just found out about this today myself. Maybe it was a recent plugin change because it used to do well blocking bots.

    if ( isset( $_POST['g-recaptcha-response'] ) && ! (self::captcha_verification()) ) {

    As someone else has pointed out the problem is in the above line, which is present in multiple files.

    Just test this plugin and then indeed once js is off, the capatha will disappear. As *Ricardo* points out, Google’s demo works fine with js off.

    Here is a walkaround for this issue:
    In the plugin folder, find a file called base-class.php, and then search for “display_captcha”. At the end of this method, just add the following code:

    echo '<noscript><div style="width: 302px; height: 352px;"><div style="width: 302px; height: 352px; position: relative;">'.
          		 '<div style="width: 302px; height: 352px; position: absolute;">'.
            		'<iframe src="https://www.google.com/recaptcha/api/fallback?k=YOUR_SITEKEY" frameborder="0" scrolling="no" style="width: 302px; height:352px; border-style: none;">'.
            		'</iframe></div><div style="width: 250px; height: 80px; position: absolute; border-style: none; bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">'.
            		'<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 80px; border: 1px solid #c1c1c1; margin: 0px; padding: 0px; resize: none;" value="">'.
            		'</textarea></div></div></div></noscript>';

    Don’t forget to replace YOUR_SITEKEY with your sitekey.

    Hope this helps.

    To the author – will that fix or something similar be implemented with new update? (soon hopefully)

    Oh, and by the way, thanks a lot Wade 23.

    Here’s a slightly improved code though, which pulls the sitekey from options:

    echo '<noscript><div style="width: 302px; height: 352px;"><div style="width: 302px; height: 352px; position: relative;">'.
    			'<div style="width: 302px; height: 352px; position: absolute;">'.
    			'<iframe src="https://www.google.com/recaptcha/api/fallback?k=' . self::$site_key . '" frameborder="0" scrolling="no" style="width: 302px; height:352px; border-style: none;">'.
    			'</iframe></div><div style="width: 250px; height: 80px; position: absolute; border-style: none; bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">'.
    			'<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 80px; border: 1px solid #c1c1c1; margin: 0px; padding: 0px; resize: none;" value="">'.
    			'</textarea></div></div></div></noscript>';

    So something like this correct? base-class.php

    /** Output the reCAPTCHA form field. */
    	public static function display_captcha() {
    
    		if ( isset( $_GET['captcha'] ) && $_GET['captcha'] == 'failed' ) {
    			echo self::$error_message;
    		}
    
    		echo '<div class="g-recaptcha" data-sitekey="' . self::$site_key . '" data-theme="' . self::$theme . '"></div>';
    		echo '<noscript><div style="width: 302px; height: 352px;"><div style="width: 302px; height: 352px; position: relative;">'.
    			'<div style="width: 302px; height: 352px; position: absolute;">'.
    			'<iframe src="https://www.google.com/recaptcha/api/fallback?k=' . self::$site_key . '" frameborder="0" scrolling="no" style="width: 302px; height:352px; border-style: none;">'.
    			'</iframe></div><div style="width: 250px; height: 80px; position: absolute; border-style: none; bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">'.
    			'<textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response" style="width: 250px; height: 80px; border: 1px solid #c1c1c1; margin: 0px; padding: 0px; resize: none;" value="">'.
    			'</textarea></div></div></div></noscript>';
    	}

    Hi all

    As @quassy pointed, the issue is on the following line, in no-captcha-recaptcha/login.php file :

    if ( isset( $_POST['g-recaptcha-response'] ) && !(self::captcha_verification()) ) {

    This line means “if captcha response is present AND verification is wrong, login fails”. It should be “if captcha response is NOT present OR verification is wrong, login fails”

    if ( !isset( $_POST['g-recaptcha-response'] ) || !(self::captcha_verification()) ) {

    Replace with the line above and problem is gone.

    I actually made a pull request on the (presumed) original GitHub repo and still have gotten no response, so I’m quite sure this plugin is abandoned.

    It seems that the plugin has been put offline from the WordPress repository, which is a good thing since it does not offer any protection.

    But with just simple modifications, this plugin can be very useful. @quassy, I saw your github pull request. Are you interested in taking this plugin ownership ? If so, you could contact [email protected] and ask for getting control over it. (see this post for more details). If you do so, I can help you (contact me via my github page).

    My plan is also to add a new feature to enable the CAPTCHA on login form only after three (or any number) failed login attempts.

    I contacted the original plugin author (Agbonghama Collins). He merged the pull request and published it to the WordPress SVN repo.

    Plugin Author Collins Agbonghama

    (@collizo4sky)

    Thanks quassy and Fabien. So sorry about how things turned out in my absence.

    You guys should expect more feature such as Contact form 7, ninja form, Gravity form, bbpress and buddypress integrations as well as using it in any standalone form soon.

    This i promise i will do.

    That’s good news!
    Cheers Collizo4sky.

    Plugin Author Collins Agbonghama

    (@collizo4sky)

    Fabien, kindly submit a pull request as soon as you are done with the “number of trial feature” and the “multisite support” as soon as you have the time.

    I will try and get the BBPress support pushed this weekend.

    Thanks all.

    I’m not sure if it’s supposed to be fixed already, but the problem with JavaScript turned off is still here. Thank you.

Viewing 15 replies - 1 through 15 (of 21 total)
  • The topic ‘easy to overcome the captcha -> turn off javascript’ is closed to new replies.