Proper way to configure reCAPTCHA

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
User avatar
Barry 441
Registered User
Posts: 215
Joined: Tue Sep 14, 2004 5:09 pm
Location: Colrain, Massachusetts

Proper way to configure reCAPTCHA

Post by Barry 441 »

Hello,
I have been away from phpBB for quite some time but have decided to setup another board. I am having some difficulty configuring the Google reCAPTCHA.
I entered my domains keys where:
"Google's "Site Key" = phpBB's "Public reCAPTCHA Key"
"Google's "Secret Key" = phpBB's "Private reCAPTCHA Key"
That part was successful, and when I got to out Registration page, the reCAPTCHA shows properly.
I properly select/verify the squares as I should.
When I submit I get the following errors and I am wondering if I need to to any further editing to any of the phpBB files?

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: no suitable wrapper could be found
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4511: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3257)
Thank you for any information you can pass along on this.
Barry
Keep it fun.
StacyRacing.com
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22845
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket probably.

Re: Proper way to configure reCAPTCHA

Post by Mick »

Code: Select all

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 68: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
You need to speak to your host and ask them to change allow_url_fopen=0 (off) to allow_url_fopen=1 (on) in their PHP settings.
"The more connected we get the more alone we become" - Kyle Broflovski©
User avatar
Barry 441
Registered User
Posts: 215
Joined: Tue Sep 14, 2004 5:09 pm
Location: Colrain, Massachusetts

Re: Proper way to configure reCAPTCHA

Post by Barry 441 »

Thank you very much.
This should be fun. :o
Keep it fun.
StacyRacing.com
User avatar
<<=Aquiles=>>
Registered User
Posts: 27
Joined: Thu Oct 03, 2019 8:41 am

Re: Proper way to configure reCAPTCHA

Post by <<=Aquiles=>> »

I apologize for reliving this subject, but I'm going through exactly the same problem.
I read that it is dangerous to enable allow_url_fopen so I would like to know if there is another way to fix that error with reCAPTCHA.

Thank you in advance.
User avatar
EA117
Registered User
Posts: 1818
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Proper way to configure reCAPTCHA

Post by EA117 »

<<=Aquiles=>> wrote:
Wed Oct 30, 2019 3:26 pm
I read that it is dangerous to enable allow_url_fopen so I would like to know if there is another way to fix that error with reCAPTCHA.
I don't have any first-hand knowledge or opinion regarding leaving allow_url_fopen enabled in PHP. But it appears this dependency is known to Google, and an alternative was provided back in 2015 for those who cannot be dependent on allow_url_fopen: https://github.com/google/recaptcha/issues/36

Their default even in current code is still to use the Post method, which continues to employ get_file_contents().

I've never done it, but presumably you could change /phpbb/captcha/plugins/recaptcha.php to specify the alternate SocketPost request method, as shown in https://github.com/google/recaptcha/issues/36. You're of course modifying a core file and the change would potentially need to be re-implemented after your next phpBB update, etc.


edit: Talking about changing line 212 in recaptcha_check_answer() from:

Code: Select all

		$recaptcha = new \ReCaptcha\ReCaptcha($config['recaptcha_privkey']);
to:

Code: Select all

		$recaptcha = new \ReCaptcha\ReCaptcha( $config['recaptcha_privkey'], new \ReCaptcha\RequestMethod\SocketPost() );
User avatar
<<=Aquiles=>>
Registered User
Posts: 27
Joined: Thu Oct 03, 2019 8:41 am

Re: Proper way to configure reCAPTCHA

Post by <<=Aquiles=>> »

Thank you very much, I'll try that alternative.
I hope it works for me, and in the meantime I have a secret question to keep the bots away.
Last edited by Mick on Fri Nov 01, 2019 9:39 am, edited 1 time in total.
Reason: Removed unnecessary full quoting.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68182
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Proper way to configure reCAPTCHA

Post by Lumpy Burgertushie »

don't know where you read that it is dangerous but it seems to be fairly common with server setups to have it set to open.

as far as the recaptcha, using the Q&A has been very successful for many many people since it came out with phpbb3.
as long as you use a good question that the answer can't be googled for, or guessed easily you will be fine.


robert
Last edited by Lumpy Burgertushie on Wed Oct 30, 2019 6:06 pm, edited 1 time in total.
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
warmweer
Jr. Extension Validator
Posts: 5565
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium

Re: Proper way to configure reCAPTCHA

Post by warmweer »

Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
as long as you use a good question that the answer can be googled for, or guessed easily you will be fine.
I doubt that is what you really wanted to write ;)
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.
User avatar
<<=Aquiles=>>
Registered User
Posts: 27
Joined: Thu Oct 03, 2019 8:41 am

Re: Proper way to configure reCAPTCHA

Post by <<=Aquiles=>> »

Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
don't know where you read that it is dangerous
This danger is mentioned in several websites:

https://www.a2hosting.com/kb/developer- ... -directive

Image

https://security.stackexchange.com/ques ... urity-risk

I don't know if that information is imprecise and/or outdated, but I still worry that a security breach will be created at the expense of, paradoxically, using a security system for new user accounts.
Last edited by Mick on Fri Nov 01, 2019 9:38 am, edited 2 times in total.
Reason: Removed unnecessary quoting.
Lsha
Registered User
Posts: 87
Joined: Mon Feb 25, 2019 10:38 am

Re: Proper way to configure reCAPTCHA

Post by Lsha »

i select v3 captcha first and i think i had similar issue. later i select v2 captcha which working fine for me.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68182
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Proper way to configure reCAPTCHA

Post by Lumpy Burgertushie »

warmweer wrote:
Wed Oct 30, 2019 5:43 pm
Lumpy Burgertushie wrote:
Wed Oct 30, 2019 5:39 pm
as long as you use a good question that the answer can be googled for, or guessed easily you will be fine.
I doubt that is what you really wanted to write ;)
oops, corrected, thanks,
robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
User avatar
<<=Aquiles=>>
Registered User
Posts: 27
Joined: Thu Oct 03, 2019 8:41 am

Re: Proper way to configure reCAPTCHA

Post by <<=Aquiles=>> »

Lsha wrote:
Wed Oct 30, 2019 5:47 pm
i select v3 captcha first and i think i had similar issue. later i select v2 captcha which working fine for me.
In the beginning I also had v3 captcha and I was throwing error (but it was not the one of now).
Then I went to v2 captcha and the new registrations could be done normally.
I don't know when or why it stopped working.
User avatar
EA117
Registered User
Posts: 1818
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Proper way to configure reCAPTCHA

Post by EA117 »

<<=Aquiles=>> wrote:
Wed Oct 30, 2019 6:07 pm
In the beginning I also had v3 captcha and I was throwing error (but it was not the one of now).
Then I went to v2 captcha and the new registrations could be done normally.
That is correct. The current phpBB reCAPTCHA plug-in only supports reCAPTCHA v2. Attempting to enter v3 keys should have resulted in some kind of "invalid site key" or similar error. The future phpBB 3.3 release will have some more explicit language in the reCAPTCHA configuration, confirming that v2 keys are what's required.
<<=Aquiles=>> wrote:
Wed Oct 30, 2019 6:07 pm
I don't know when or why it stopped working.
Probably your web server hosting just updated or changed their default settings. Which now disables allow_url_fopen in the PHP settings, when previously it had been enabled.
User avatar
<<=Aquiles=>>
Registered User
Posts: 27
Joined: Thu Oct 03, 2019 8:41 am

Re: Proper way to configure reCAPTCHA

Post by <<=Aquiles=>> »

That's probably what happened.
In resolving this situation we will continue with the current method, which has surprisingly been more effective than I expected.

Thank you for taking the time to respond.
Last edited by Mick on Fri Nov 01, 2019 9:36 am, edited 1 time in total.
Reason: Removed unnecessary quoting.
Post Reply

Return to “[3.2.x] Support Forum”