Page 1 of 1

Proper way to configure reCAPTCHA

Posted: Wed Mar 15, 2017 11:57 pm
by Barry 441
Hello,
I have been away from phpBB for quite some time but have decided to setup another board. I am having some difficulty configuring the Google reCAPTCHA.
I entered my domains keys where:
"Google's "Site Key" = phpBB's "Public reCAPTCHA Key"
"Google's "Secret Key" = phpBB's "Private reCAPTCHA Key"
That part was successful, and when I got to out Registration page, the reCAPTCHA shows properly.
I properly select/verify the squares as I should.
When I submit I get the following errors and I am wondering if I need to to any further editing to any of the phpBB files?

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: no suitable wrapper could be found
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
Thank you for any information you can pass along on this.
Barry

Re: Proper way to configure reCAPTCHA

Posted: Thu Mar 16, 2017 8:41 am
by Mick

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
You need to speak to your host and ask them to change allow_url_fopen=0 (off) to allow_url_fopen=1 (on) in their PHP settings.

Re: Proper way to configure reCAPTCHA

Posted: Thu Mar 16, 2017 6:32 pm
by Barry 441
Thank you very much.
This should be fun. :o

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 3:26 pm
by <<=Aquiles=>>
I apologize for reliving this subject, but I'm going through exactly the same problem.
I read that it is dangerous to enable allow_url_fopen so I would like to know if there is another way to fix that error with reCAPTCHA.

Thank you in advance.

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 4:38 pm
by EA117
<<=Aquiles=>> wrote:
Wed Oct 30, 2019 3:26 pm
I read that it is dangerous to enable allow_url_fopen so I would like to know if there is another way to fix that error with reCAPTCHA.
I don't have any first-hand knowledge or opinion regarding leaving allow_url_fopen enabled in PHP. But it appears this dependency is known to Google, and an alternative was provided back in 2015 for those who cannot be dependent on allow_url_fopen: https://github.com/google/recaptcha/issues/36

Their default even in current code is still to use the Post method, which continues to employ get_file_contents().

I've never done it, but presumably you could change /phpbb/captcha/plugins/recaptcha.php to specify the alternate SocketPost request method, as shown in https://github.com/google/recaptcha/issues/36. You're of course modifying a core file and the change would potentially need to be re-implemented after your next phpBB update, etc.


edit: Talking about changing line 212 in recaptcha_check_answer() from:

Code: Select all

		$recaptcha = new \ReCaptcha\ReCaptcha($config['recaptcha_privkey']);
to:

Code: Select all

		$recaptcha = new \ReCaptcha\ReCaptcha( $config['recaptcha_privkey'], new \ReCaptcha\RequestMethod\SocketPost() );

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 5:26 pm
by <<=Aquiles=>>
Thank you very much, I'll try that alternative.
I hope it works for me, and in the meantime I have a secret question to keep the bots away.

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 5:39 pm
by Lumpy Burgertushie
don't know where you read that it is dangerous but it seems to be fairly common with server setups to have it set to open.

as far as the recaptcha, using the Q&A has been very successful for many many people since it came out with phpbb3.
as long as you use a good question that the answer can't be googled for, or guessed easily you will be fine.


robert

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 5:43 pm
by warmweer
Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
as long as you use a good question that the answer can be googled for, or guessed easily you will be fine.
I doubt that is what you really wanted to write ;)

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 5:47 pm
by <<=Aquiles=>>
Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
don't know where you read that it is dangerous
This danger is mentioned in several websites:

https://www.a2hosting.com/kb/developer- ... -directive

Image

https://security.stackexchange.com/ques ... urity-risk

I don't know if that information is imprecise and/or outdated, but I still worry that a security breach will be created at the expense of, paradoxically, using a security system for new user accounts.

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 5:47 pm
by Lsha
i select v3 captcha first and i think i had similar issue. later i select v2 captcha which working fine for me.

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 6:06 pm
by Lumpy Burgertushie
warmweer wrote:
Wed Oct 30, 2019 5:43 pm
Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
as long as you use a good question that the answer can be googled for, or guessed easily you will be fine.
I doubt that is what you really wanted to write ;)
oops, corrected, thanks,
robert

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 6:07 pm
by <<=Aquiles=>>
Lsha wrote:
Wed Oct 30, 2019 5:47 pm
i select v3 captcha first and i think i had similar issue. later i select v2 captcha which working fine for me.
In the beginning I also had v3 captcha and I was throwing error (but it was not the one of now).
Then I went to v2 captcha and the new registrations could be done normally.
I don't know when or why it stopped working.

Re: Proper way to configure reCAPTCHA

Posted: Wed Oct 30, 2019 6:25 pm
by EA117
<<=Aquiles=>> wrote:
Wed Oct 30, 2019 6:07 pm
In the beginning I also had v3 captcha and I was throwing error (but it was not the one of now).
Then I went to v2 captcha and the new registrations could be done normally.
That is correct. The current phpBB reCAPTCHA plug-in only supports reCAPTCHA v2. Attempting to enter v3 keys should have resulted in some kind of "invalid site key" or similar error. The future phpBB 3.3 release will have some more explicit language in the reCAPTCHA configuration, confirming that v2 keys are what's required.
<<=Aquiles=>> wrote:
Wed Oct 30, 2019 6:07 pm
I don't know when or why it stopped working.
Probably your web server hosting just updated or changed their default settings. Which now disables allow_url_fopen in the PHP settings, when previously it had been enabled.

Re: Proper way to configure reCAPTCHA

Posted: Thu Oct 31, 2019 6:06 pm
by <<=Aquiles=>>
That's probably what happened.
In resolving this situation we will continue with the current method, which has surprisingly been more effective than I expected.

Thank you for taking the time to respond.