OpenCart Community

Hi Guys,
Recently on a new installation in OC 3.0.2.0 Google reCaptcha I've notice is not being enforced and I'm able to bypass any of the scenarios were the captcha is required and not used.
I have also tried with the Basic Captcha and this one Works correctly.
The secret and the key are added correctly on the admin, the reCaptcha is selected correctly on the "system>settings>option>__" and selected all the checkboxes..
The reCaptacha shows accordingly and the Red * as a Mandatory but I can simply Bypass this verification without the thick on the checkbox and continue with the registration - email etc...

*UPDATE*
FYI
This is common is you are logged in the account from which you took the captcha credentials from and the same Browser (Chrome) - will automatically let you ByPass it (no user action).
As soon as you log out and clear all the cache and try again It won't happen and you will be enforce to reCaptcha to continue.


Regards,

Which is why, the CSRF Protection extension from the Marketplace is important to be used while using captcha / re-captcha.

https://www.opencart.com/index.php?rout ... on_id=4773

Hey Thanks for the heads up Regarding the Cross-Site Request Forgery (CSRF), Very Useful - and installed already

Located similar/same problem that "seemed" to be user bypassing Google's reCaptcha. Was actually due to the "gcapcha" session variable never being cleared.

Fixed by adding ocmod that unsets the var in google_captcha.php->index(). Added expire() function for use with "data-expired-callback" and javascript callback function in the template. Callback necessary to unset session var when on-page captcha expires prior to submitting form.

Issue persists in latest version. Cannot submit bug/solution via github (banned by Daniel, personality conflict )

I did mention something similar a while back on GitHub. I guess it wasn't seen. https://github.com/opencart/opencart/pu ... -311109197

I am having a similar problem where unless you delete the session and cookie it does not require you to pass v2 captcha.

have tried this from gittbub

https://github.com/opencart/opencart/co ... ff=unified

still the same

does anyone have a fix to this issue? that has had this before.

thanks.

Try adding. Just before.

straightlight wrote: ↑

Sat Jun 19, 2021 5:41 pm

Code: Select all

$this->session->data['gcaptcha']	= false;

That won't work unless you change gcapcha to gcaptcha elsewhere.
https://github.com/opencart/opencart/bl ... le.php#L20

In this case, that's still a typo over there since the basic session data is normally named as captcha.

This doesn't address reCaptcha directly and actually secures more than that. You may want to consider the Astra plugin. We offer it for the lowest price I've seen if you're interested in checking it out.

ADD Creative wrote: ↑

Sat Jun 19, 2021 5:40 pm

Try adding.

Code: Select all

$this->session->data['gcapcha']	= false;

Just before.

Code: Select all

return $this->load->view('extension/captcha/google', $data);

Worked like a charm many thanks for that. solved my issue

What is the file that needs to be modified?

Thank you.

catalog/controller/extension/captcha/google.php

So this is what i did and it worked. ( i'm not a robot google reCAPTCHA)

I am using 3.0.3.8 ( I had the same issue in 3.0.3.6 too)

Go to this file google.php and edit that file under the location below.

catalog/controller/extension/captcha/google.php

I replaced this line of code below in google.php

return $this->load->view('extension/captcha/google', $data);

to this one below:

$this->session->data['gcapcha'] = false;
return $this->load->view('extension/captcha/google', $data);