Woocommerce Login captcha does not work

Hi,
Thanks for the info. I will check it out.

I have fixed this bug and it will be available in the next release.

Hello. I’m facing the same problem including standard Woocommerce registration form and Woocommerce checkout login form – any user can log in or register without entering a correct captcha answer (or even with typing incorrect).

What are your plans for next release? Will be this fixed soon?

Hi @punk1e,
Yes new release coming this week hopefully.
….just need to finish off one more thing.

Hello,

I am facing the same issue, a user is able to login or register from the woocommerce page by ignoring the login captcha at all.

Hi,
Just to confirm – are you talking about the woocommerce page which has the following shortcode?

[woocommerce_my_account]

If you have the latest version of aiowps the captcha should work on that page.
I just tested it again and it works as expected.

Yes, this is the page, but the captcha it does not work. If you insert any number or ignore it, you will be able to login to the site normally.

I have the version 4.3.2

I’m still facing the same prob like @dimath99 . Captcha allows passing any answer to it.

Hi @punk1e,
I would like to see the form on your page using my browser.

Please get in touch with me using my contact form and we can discuss further.

What about me? ??

@dimath99
Yes either or both would be ok.

Hello,

The issue still remains.

Hi,
I just looked at your form I can see that it is a modified version of the woocommerce account login form.
In your case when I checked the html code of your “woocommerce” login form using developer tools I noticed you have a hidden nonce input as follows:

<input type=”hidden” id=”_wpnonce” name=”_wpnonce” value=”8b375683f2″>

The above is not quite right. The original woocommerce form has a different “name” and “id” value for the hidden nonce input. They should be as follows:

<input type=”hidden” id=”woocommerce-login-nonce” name=”woocommerce-login-nonce” value=”8b375683f2″>

In order to identify a woocommerce login form submission, the aiowps plugin listens for a $_POST to see if $_POST[‘woocommerce-login-nonce’] is set.
However in your case the form does not have the correct hidden input and hence the aiowps plugin is never catching the form submission.

As stated in my email I think that your theme is most probably modifying that nonce input name and id attributes and you will need to find where in the code this is done and modify it so that the nonce field has the correct name.

You will probably need to look somewhere in your theme folders, eg, yourtheme/woocommerce/myaccount/form-login.php

Look for a line which looks similar to this:
wp_nonce_field( ‘<something>’, ‘_wpnonce’ );

change the above to:
wp_nonce_field( ‘woocommerce-login’, ‘woocommerce-login-nonce’ );

Or better still, ask the theme developer to look into this for you.

Thank you so much. It is working now, but only on the login form, on the registration form you can bypass the captcha, although there the nonce input as follows:

<?php wp_nonce_field( ‘woocommerce-register’, ‘woocommerce-register-nonce’ ); ?>

on the registration form you can bypass the captcha

Yes that is bug I discovered and have now fixed and it will be in the next release.
Were you the person who contacted me via email? I sent you an updated zip file for you to try a few days ago.