Having trouble with reCaptcha v3

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
warpspeed9
Registered User
Posts: 24
Joined: Wed Sep 30, 2020 5:13 pm

Having trouble with reCaptcha v3

Post by warpspeed9 »

Site: diminishedvalue.info
Version: 3.3.1

I'd like to use it on the Registration page only. I got the keys from Google and set it up in ACP but I'm getting the following error when trying to register:

[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 80: file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0
[phpBB Debug] PHP Warning: in file [ROOT]/vendor/google/recaptcha/src/ReCaptcha/RequestMethod/Post.php on line 80: file_get_contents(https://www.google.com/recaptcha/api/siteverify): failed to open stream: no suitable wrapper could be found
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4127: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3006)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4127: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3006)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4127: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3006)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4127: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3006)

Please help.
If you are in the U.S. or some parts of Canada and were a victim of a car accident, your car lost substantial market value (even after repairs) and the insurance companies must make you whole for it. Learn more about diminished value claims on my forum.
User avatar
Prosk8er
Registered User
Posts: 1744
Joined: Sun Mar 12, 2006 3:30 am
Location: Rochester, NY
Name: Tyler
Contact:

Re: Having trouble with reCaptcha v3

Post by Prosk8er »

just as the error states allow_url_fopen=0 is disabled and need to enable it in your php.ini
User avatar
EA117
Registered User
Posts: 2159
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Having trouble with reCaptcha v3

Post by EA117 »

Kind of interesting, though, isn't it? Since the phpBB reCAPTCHA v3 plug-in wasn't supposed to offer allow_url_fopen as the method unless it was enabled?

If you re-enter the reCAPTCHA v3 configuration page from the phpBB ACP Spambot Countermeasures section, is the "POST" method actually available / not grayed out in the "Request method:" setting? Just wondering if it's grayed out (as it should be if allow_url_fopen isn't enabled) yet for some reason reCAPTCHA is directly or indirectly calling a function that attempts to use it anyway.

Enabling allow_url_fopen() as suggested certainly should resolve the condition shown too. Just not sure why we're seeing the condition shown / the call stack shown, if allow_url_fopen() isn't enabled.
warpspeed9
Registered User
Posts: 24
Joined: Wed Sep 30, 2020 5:13 pm

Re: Having trouble with reCaptcha v3

Post by warpspeed9 »

EA117 wrote: Thu Dec 10, 2020 12:16 am Kind of interesting, though, isn't it? Since the phpBB reCAPTCHA v3 plug-in wasn't supposed to offer allow_url_fopen as the method unless it was enabled?

If you re-enter the reCAPTCHA v3 configuration page from the phpBB ACP Spambot Countermeasures section, is the "POST" method actually available / not grayed out in the "Request method:" setting? Just wondering if it's grayed out (as it should be if allow_url_fopen isn't enabled) yet for some reason reCAPTCHA is directly or indirectly calling a function that attempts to use it anyway.

Enabling allow_url_fopen() as suggested certainly should resolve the condition shown too. Just not sure why we're seeing the condition shown / the call stack shown, if allow_url_fopen() isn't enabled.
It's grayed out. Should I try selecting curl or socket since I'm not sure my host will allow me to edit php.ini ?
If you are in the U.S. or some parts of Canada and were a victim of a car accident, your car lost substantial market value (even after repairs) and the insurance companies must make you whole for it. Learn more about diminished value claims on my forum.
User avatar
EA117
Registered User
Posts: 2159
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Having trouble with reCaptcha v3

Post by EA117 »

Hmm. We might need to make a bug on that. Sounds like maybe the out-of-the-box default is set even though that default isn't actually available.

Yes, you should be able to set either of the other ones, if they are available. I'd probably try CURL next. Like the POST method, the other methods also check whether the necessary capability is available in order to decide whether the method should be selectable or not. So any of the ones that aren't gray should be available.
warpspeed9
Registered User
Posts: 24
Joined: Wed Sep 30, 2020 5:13 pm

Re: Having trouble with reCaptcha v3

Post by warpspeed9 »

EA117 wrote: Thu Dec 10, 2020 4:18 am Hmm. We might need to make a bug on that. Sounds like maybe the out-of-the-box default is set even though that default isn't actually available.

Yes, you should be able to set either of the other ones, if they are available. I'd probably try CURL next. Like the POST method, the other methods also check whether the necessary capability is available in order to decide whether the method should be selectable or not. So any of the ones that aren't gray should be available.
The curl kind of worked I guess but it didn't display the actual captcha on registration page, only the Google captcha icon in bottom right. Maybe because it trusts me already? Could you see if it works for you?
If you are in the U.S. or some parts of Canada and were a victim of a car accident, your car lost substantial market value (even after repairs) and the insurance companies must make you whole for it. Learn more about diminished value claims on my forum.
User avatar
EA117
Registered User
Posts: 2159
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Having trouble with reCaptcha v3

Post by EA117 »

warpspeed9 wrote: Thu Dec 10, 2020 6:30 am The curl kind of worked I guess but it didn't display the actual captcha on registration page, only the Google captcha icon in bottom right. Maybe because it trusts me already? Could you see if it works for you?
That is the correct description for both the reCAPTCHA v2 Invisible behavior (used in phpBB 3.3.0) and also the reCAPTCHA v3 behavior (available in phpBB 3.3.1 and later). Presence of the reCAPTCHA is signaled only by the icon you mentioned, down in the bottom right corner of the page.

If you submit a captcha-protected page and reCAPTCHA already believes you to be a good actor, you'll never get any prompt or "friction" at all. Similarly, if reCAPTCHA already believes you to be a bad actor, and doesn't need to question whether you really are or not, the submission will be failed without getting any prompt or "friction" in that case, either.

Only if reCAPTCHA finds itself in a gray area, and not sure if you're human or script or connecting from a suspicious location or not, only then might you end up actually seeing some reCAPTCHA interactive challenges, in order to determine a final score of how suspicious you are (or not).

Google's description suggests that perhaps v3 "never prompts", as opposed to the v2 Invisible behavior of "may prompt only if you're suspicious." But I would continue to describe as "may prompt", given how that "makes sense", and we aren't expecting that Google will disclose an exact declaration of internal reCAPTCHA workings. https://developers.google.com/recaptcha/docs/versions
warpspeed9
Registered User
Posts: 24
Joined: Wed Sep 30, 2020 5:13 pm

Re: Having trouble with reCaptcha v3

Post by warpspeed9 »

EA117 wrote: Thu Dec 10, 2020 12:24 pm
warpspeed9 wrote: Thu Dec 10, 2020 6:30 am The curl kind of worked I guess but it didn't display the actual captcha on registration page, only the Google captcha icon in bottom right. Maybe because it trusts me already? Could you see if it works for you?
That is the correct description for both the reCAPTCHA v2 Invisible behavior (used in phpBB 3.3.0) and also the reCAPTCHA v3 behavior (available in phpBB 3.3.1 and later). Presence of the reCAPTCHA is signaled only by the icon you mentioned, down in the bottom right corner of the page.

If you submit a captcha-protected page and reCAPTCHA already believes you to be a good actor, you'll never get any prompt or "friction" at all. Similarly, if reCAPTCHA already believes you to be a bad actor, and doesn't need to question whether you really are or not, the submission will be failed without getting any prompt or "friction" in that case, either.

Only if reCAPTCHA finds itself in a gray area, and not sure if you're human or script or connecting from a suspicious location or not, only then might you end up actually seeing some reCAPTCHA interactive challenges, in order to determine a final score of how suspicious you are (or not).

Google's description suggests that perhaps v3 "never prompts", as opposed to the v2 Invisible behavior of "may prompt only if you're suspicious." But I would continue to describe as "may prompt", given how that "makes sense", and we aren't expecting that Google will disclose an exact declaration of internal reCAPTCHA workings. https://developers.google.com/recaptcha/docs/versions
Never prompts? :) It's impossible to have an effective protection without ever displaying the challenge.
If you are in the U.S. or some parts of Canada and were a victim of a car accident, your car lost substantial market value (even after repairs) and the insurance companies must make you whole for it. Learn more about diminished value claims on my forum.
User avatar
EA117
Registered User
Posts: 2159
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Having trouble with reCaptcha v3

Post by EA117 »

warpspeed9 wrote: Thu Dec 10, 2020 9:34 pm Never prompts? :) It's impossible to have an effective protection without ever displaying the challenge.
I agree that's logical. Even though reCAPTCHA v3 intends to just provide a score about how suspicious/probable the visitor is a good visitor, it just seems like "they would end up in some situations where they want to provide a visual test" before concluding what their final score will be.

But then again, reCAPTCHA code has been loaded the whole time on the page. The attempt to submit is just the final action they're looking at, and not the first action they've been monitoring. Plus them Google fellers, they pretty smart. We're probably taking part of the test right now.
warpspeed9
Registered User
Posts: 24
Joined: Wed Sep 30, 2020 5:13 pm

Re: Having trouble with reCaptcha v3

Post by warpspeed9 »

EA117 wrote: Thu Dec 10, 2020 10:38 pm
warpspeed9 wrote: Thu Dec 10, 2020 9:34 pm Never prompts? :) It's impossible to have an effective protection without ever displaying the challenge.
I agree that's logical. Even though reCAPTCHA v3 intends to just provide a score about how suspicious/probable the visitor is a good visitor, it just seems like "they would end up in some situations where they want to provide a visual test" before concluding what their final score will be.

But then again, reCAPTCHA code has been loaded the whole time on the page. The attempt to submit is just the final action they're looking at, and not the first action they've been monitoring. Plus them Google fellers, they pretty smart. We're probably taking part of the test right now.
Good point, it's probably spying on mouse movements, keyboard strokes, etc.
If you are in the U.S. or some parts of Canada and were a victim of a car accident, your car lost substantial market value (even after repairs) and the insurance companies must make you whole for it. Learn more about diminished value claims on my forum.
Post Reply

Return to “[3.3.x] Support Forum”