We know that the Q&A captcha, with a good question, works a treat for stopping spambot registrations. And when it stops working, we just find another question. But our hosting service requires us to use Google's reCaptcha, ever since (they claim) a spamming service hijacked our forum and used it to send out bulk spam (invisibly to us).
We have just upgraded to phpBB 3.3.0. We had great hopes for the invisible variant of Google's reCaptcha v2. But it is painfully obvious that invisible reCaptcha is not stopping spambots from registering, any more than was its visible predecessor. So we dearly want to go back to Q&A captcha, but our hosting service wants reCaptcha.
So in desperation, yesterday I learned just enough about php scripts and phpBB templates to be dangerous.
I modified the following files to make invisible reCaptcha work in addition to
whatever captcha we choose in the admin control panel, i.e. Q&A.
I'll be happy to attach the modified files as soon as I have permission to do so. (This is my first post).
Of course we have to use the ACP to configure both
Q&A and reCaptcha, but in the end we choose only Q&A while still getting both Q&A and invisible reCaptcha, as demonstrated by the reCaptcha badge in the bottom right corner of the window. You can see this working by clicking "Register" then "Accept" on my forum here
I'm hoping someone here can make a proper job of it and turn it into an Extension. From what little I've learned, I think that will require a new EVENT to be added to the template ucp_register.html just after the conditional INCLUDE of the existing single captcha.
I had hoped that my modifications would allow any
two captchas to be used together (with the second one hardwired in the script). But when I used Q&A followed by "simple image" captcha (nogd), instead of reCaptcha, I found that the image would not appear. So it seems the authors of the phpBB choice-of-captcha scheme, or the authors of specific captchas, may not have considered that two captchas might operate at the same time. However it seems to work with reCaptcha being the hard-wired one, possibly because