Post by haxcop » Fri Oct 12, 2018 7:41 pm

Hi Guys,
Recently on a new installation in OC 3.0.2.0 Google reCaptcha I've notice is not being enforced and I'm able to bypass any of the scenarios were the captcha is required and not used.
I have also tried with the Basic Captcha and this one Works correctly.
The secret and the key are added correctly on the admin, the reCaptcha is selected correctly on the "system>settings>option>__" and selected all the checkboxes..
The reCaptacha shows accordingly and the Red * as a Mandatory but I can simply Bypass this verification without the thick on the checkbox and continue with the registration - email etc...

*UPDATE*
FYI
This is common is you are logged in the account from which you took the captcha credentials from and the same Browser (Chrome) - will automatically let you ByPass it (no user action).
As soon as you log out and clear all the cache and try again It won't happen and you will be enforce to reCaptcha to continue. :)


Regards,

New member

Posts

Joined
Tue Jan 14, 2014 9:38 pm
Location - Dublin

Post by straightlight » Sat Oct 13, 2018 9:48 pm

Which is why, the CSRF Protection extension from the Marketplace is important to be used while using captcha / re-captcha. ;)

https://www.opencart.com/index.php?rout ... on_id=4773

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by haxcop » Sun Oct 14, 2018 3:28 am

Hey Thanks for the heads up Regarding the Cross-Site Request Forgery (CSRF), Very Useful - and installed already ;D

New member

Posts

Joined
Tue Jan 14, 2014 9:38 pm
Location - Dublin

Post by straightlight » Sun Oct 14, 2018 7:03 am

:good:

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by rmullaney77 » Fri Oct 19, 2018 12:16 am

Located similar/same problem that "seemed" to be user bypassing Google's reCaptcha. Was actually due to the "gcapcha" session variable never being cleared.

Fixed by adding ocmod that unsets the var in google_captcha.php->index(). Added expire() function for use with "data-expired-callback" and javascript callback function in the template. Callback necessary to unset session var when on-page captcha expires prior to submitting form.

Issue persists in latest version. Cannot submit bug/solution via github (banned by Daniel, personality conflict :P )

--------------------------------------------------
My BlogMy ExtensionsOpenCart Templates


User avatar
Active Member

Posts

Joined
Fri Nov 19, 2010 2:08 am
Location - Tampa, Florida

Post by ADD Creative » Fri Oct 19, 2018 6:47 am

I did mention something similar a while back on GitHub. I guess it wasn't seen. https://github.com/opencart/opencart/pu ... -311109197

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by annettek » Sat Jun 19, 2021 1:01 pm

I am having a similar problem where unless you delete the session and cookie it does not require you to pass v2 captcha.

have tried this from gittbub

https://github.com/opencart/opencart/co ... ff=unified

still the same

does anyone have a fix to this issue? that has had this before.

thanks.

Annette Kennedy
Thanks For Any Help In Advance


User avatar
Newbie

Posts

Joined
Fri Apr 10, 2020 6:30 pm

Post by ADD Creative » Sat Jun 19, 2021 5:40 pm

Try adding.

Code: Select all

$this->session->data['gcapcha']	= false;
Just before.

Code: Select all

return $this->load->view('extension/captcha/google', $data);

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Sat Jun 19, 2021 5:41 pm

Code: Select all

$this->session->data['gcaptcha']	= false;

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by ADD Creative » Sat Jun 19, 2021 8:55 pm

straightlight wrote:
Sat Jun 19, 2021 5:41 pm

Code: Select all

$this->session->data['gcaptcha']	= false;
That won't work unless you change gcapcha to gcaptcha elsewhere.
https://github.com/opencart/opencart/bl ... le.php#L20

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by straightlight » Sat Jun 19, 2021 10:06 pm

In this case, that's still a typo over there since the basic session data is normally named as captcha.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by EvolveWebHosting » Sun Jun 20, 2021 9:46 am

This doesn't address reCaptcha directly and actually secures more than that. You may want to consider the Astra plugin. We offer it for the lowest price I've seen if you're interested in checking it out.

2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com


User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by annettek » Sun Jun 20, 2021 5:11 pm

ADD Creative wrote:
Sat Jun 19, 2021 5:40 pm
Try adding.

Code: Select all

$this->session->data['gcapcha']	= false;
Just before.

Code: Select all

return $this->load->view('extension/captcha/google', $data);
Worked like a charm many thanks for that. solved my issue

Annette Kennedy
Thanks For Any Help In Advance


User avatar
Newbie

Posts

Joined
Fri Apr 10, 2020 6:30 pm

Post by tom327 » Tue Aug 03, 2021 4:34 am

What is the file that needs to be modified?

Thank you.

Active Member

Posts

Joined
Thu Feb 16, 2012 7:33 am

Post by ADD Creative » Tue Aug 03, 2021 6:47 am

catalog/controller/extension/captcha/google.php

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by BillT » Mon Feb 07, 2022 1:39 am

So this is what i did and it worked. ( i'm not a robot google reCAPTCHA)

I am using 3.0.3.8 ( I had the same issue in 3.0.3.6 too)

Go to this file google.php and edit that file under the location below.

catalog/controller/extension/captcha/google.php

I replaced this line of code below in google.php

return $this->load->view('extension/captcha/google', $data);

to this one below:

$this->session->data['gcapcha'] = false;
return $this->load->view('extension/captcha/google', $data);

Newbie

Posts

Joined
Wed Dec 08, 2021 4:59 am
Who is online

Users browsing this forum: No registered users and 30 guests