bsandall Posted April 20, 2017 Posted April 20, 2017 Store is on 6.1.7 and has SSL enabled. Enabled Invisible reCAPTCHA. I am able to register new accounts, log in, and checkout as a logged in customer. I am also able to create an account during checkout and proceed as normal. However, trying to checkout as a guest, i.e. not creating a registered account, does not work. Upon entering the customer data and clicking either `Update Basket` or `Secure Checkout`, the error message `The verification code was incorrect. Please try again` appears, indicating that reCAPTCHA failed to verify that I am human. No reCAPTCHA dialogue box popped up to select images or anything. Once that fails, the email address I had entered has been cleared and any further attempt to proceed after re-entering an email address is met with the `Please enter a valid email address` error. For now, I've simply disabled reCAPTCHA so as not to interfere with my customers' experience. Has anyone else experienced this issue? Anyone know of a fix? Cheers. Quote
Dirty Butter Posted April 20, 2017 Posted April 20, 2017 I don't allow guest customers, so I haven't seen this. But I did try a test customer with a (lazy) [email protected] type email address and had to fill out several captcha challenges before it would proceed. I then made another test customer with a real email address and the invisible worked. I'll be glad to test this as soon as possible. Quote
bsandall Posted April 20, 2017 Author Posted April 20, 2017 To clarify, the reCAPTCHA is working fine when registering as a customer - I've had challenges pop up for me and succeeding at them allowed me to continue registration. The only case I've found where it failed (and no challenge popped up) was checking out as a guest. Also, I don't think the reCAPTCHA necessarily catches bad email addresses, at least not as the only indicator. For example, I was only challenged by reCAPTCHA to prove I am human the first time I tried to create an account even though I used my full name and a real email address; later in a private browser session it let me pass despite me typing my name as 'B S' and email as '[email protected]'.... -.- Quote
Dirty Butter Posted April 20, 2017 Posted April 20, 2017 I took the hide off of "row hide". I don't know if there was anything else I needed to do to allow guest checkout. <div class="row"> <div class="small-12 large-8 columns"><input type="checkbox" name="register" id="show-reg" value="1" {$REGISTER_CHECKED}><label for="show-reg">{$LANG.account.create_account}</label></div> </div> With that done I attempted to checkout. When I was presented with the checkout screen I immediate was challenged with the recaptcha. But when I solved it I was able to proceed all the way to PayPal, stopping short of course of actually paying. There must be some other code change I've made to stop guests, as this test customer is marked as being Registered. So my test wasn't as helpful to you as I expected. Sorry. I DID realize that you were not having problems with registered sales. But I don't get a recaptcha challenge at all when I use a real email address where registration is required. It sounds like you did get the challenge. Quote
bsandall Posted April 20, 2017 Author Posted April 20, 2017 reCAPTCHA stores your browser fingerprint along with other data such as your computer's hardware configuration; once you have proven that combination to belong to a human, it is very unlikely to challenge you again unless you start using a different browser, hardware, or both. Do you get challenged if you try again now with a bogus email address? Quote
Dirty Butter Posted April 20, 2017 Posted April 20, 2017 I've rebooted my browser since then. I'll try two tests in a row. Quote
bsandall Posted April 20, 2017 Author Posted April 20, 2017 Interestingly, the reCAPTCHA sidebar won't even display anymore in Firefox (it did once before I tried registering an account), even in a private window after clearing the cache, which means I can't do anything that requires the verification code. No challenge is given and I cannot submit the contact or registration forms. It still shows up in Chrome and those forms work fine, just not checking out as a guest. I'll try restarting my browsers tomorrow and see if that gets me anywhere. Quote
Dirty Butter Posted April 20, 2017 Posted April 20, 2017 OK - cleared all cache in CC and browser. I DID see the captcha badge in the corner. I did get the challenge, but BEFORE I could goto the index.php?_a=confirm page. But now MINE won't advance to Secure Checkout. The button does not work. I'm using FF too. Too tired now - will do more testing tomorrow. Quote
Al Brookbanks Posted April 21, 2017 Posted April 21, 2017 8 hours ago, bsandall said: To clarify, the reCAPTCHA is working fine when registering as a customer - I've had challenges pop up for me and succeeding at them allowed me to continue registration. The only case I've found where it failed (and no challenge popped up) was checking out as a guest. Also, I don't think the reCAPTCHA necessarily catches bad email addresses, at least not as the only indicator. For example, I was only challenged by reCAPTCHA to prove I am human the first time I tried to create an account even though I used my full name and a real email address; later in a private browser session it let me pass despite me typing my name as 'B S' and email as '[email protected]'.... -.- With invisible reCaptcha it may come earlier in the checkout process than others. When you click continue from basket the challenge will invoke then rather than after registration at checkout. During development I coded it to wait but then though "What difference does it make?". Please also note that once reCaptcha has been solved once it is saved against the session and it shouldn't challenge again. It's one of my pet hates with websites that ask you to verify on every form even though you have solved it already on a previous form. reCatcha doesn't validate email addresses at all. Hopefully we don't have a bug on our hands here. Quote
foz1234 Posted April 21, 2017 Posted April 21, 2017 after reading this thread i can confirm its the same for me, tested on ff as a guest when i select secure payment it doesn't proceed, if i log in its fine. i am using/testing the invisible recaptcha recommended with site & secret key 1 Quote
bsandall Posted April 21, 2017 Author Posted April 21, 2017 (edited) Tried deleting the session cookie as well, FF still won't even show the reCAPTCHA sidebar tab with the terms and privacy policy links. Basically, I am unable to do anything on the store front as a customer would when using FF with invisible reCAPTCHA enabled. In Chrome, the invisible reCAPTCHA works for everything but checking out as a guest, as described in the original post. I'm using the latest versions of both FF and Chrome. Not sure if this is a bug in the browsers, with Google's invisible reCAPTCHA, with CubeCart, some combination of those, or if it really is just a caching issue. If it is a caching issue, it's a pretty serious one that I imagine will also affect many of our customers. @Dirty Butter I'm curious to hear the results of your further testing. You said that it was working in FF, but now it isn't... that's exactly what I experienced. Would you be willing to also try using Chrome? 8 hours ago, Al Brookbanks said: With invisible reCaptcha it may come earlier in the checkout process than others. When you click continue from basket the challenge will invoke then rather than after registration at checkout. During development I coded it to wait but then though "What difference does it make?". That makes sense, but I'm not getting challenged at all during the checkout process. Instead, when I click continue, I simply get the 'The verification code was incorrect' error message indicating that reCAPTCHA couldn't verify I was human, and after that for some reason no matter what email address I enter in the form, after clicking continue again it tells me the email address is invalid. I realize that reCAPTCHA does not validate email addresses - I'm just describing the symptoms that I am experiencing, both in Chrome and FF. Note that the process works fine, at least in Chrome, so long as I choose to create an account during the checkout process. Edited April 21, 2017 by bsandall Quote
Dirty Butter Posted April 21, 2017 Posted April 21, 2017 After foz1234 had the same issue and Al's response was to use v2, I didn't test again. But I will in a bit. Quote
Dirty Butter Posted April 22, 2017 Posted April 22, 2017 Sorry it took me so long to get back to this. I had an unexpected result last night, so wanted to start fresh after reboot this morning. But I'm seeing the same thing today. I'm on 6.1.7 code on my test site. I now can NOT get the invisible captcha to pass me through without requiring solving the captcha. I've tried it several times, including on the CC demo store. Since the solution is showing up BEFORE I have a chance to fill out any information - it doesn't seem to have anything to do with whether or not I choose to register. So, I finished the recaptcha and I then chose to not register. As you had found - checkout button did not work. But I refreshed the page - got the CRSF warning, went back to cart and could proceed to PayPal properly. I'll clear everything out and try again. UGH - Cleared browser, ran maintenance clear again, and tested again with new customer info. STILL had to solve captcha, but THIS time the checkout button worked properly! 1 Quote
bsandall Posted April 24, 2017 Author Posted April 24, 2017 At least you're getting the challenge - for me, I don't even get a chance to prove I'm human, it just fails automatically. Quote
Dirty Butter Posted April 24, 2017 Posted April 24, 2017 There were some new recapcha related files - do you suppose your install didn't add them? Quote
bsandall Posted April 25, 2017 Author Posted April 25, 2017 The recaptcha challenge works for me in Chrome except for when checking out as a guest. It does not work for me at all in FireFox. Quote
[email protected]. Posted April 26, 2017 Posted April 26, 2017 I have reCAPTCHA disabled and today I have had two calls this morning from customers who after filling in their details at checkout, found that when they clicked on the 'secure checkout' button were unable to proceed! I did a test purchase while they were on the phone and I too could not get past this stage... I had changed the config.xml as per yesterdays advice from @Al Brookbanks but after changing <csrf>false</csrf> back to <csrf>true</csrf> everything seems to be working again... Quote
Claudia M Posted May 13, 2017 Posted May 13, 2017 (edited) I had a new customer try to place an order today and they couldn't complete payment and for some reason her email was not saved. The order is set to pending. I tried to go thru the steps of placing an order as a new unregistered customer and got stuck at the checkout button. When I pressed it nothing happens. Im using CC6.1.7 and invisible Recaptcha Edited May 13, 2017 by Claudia M Quote
Dirty Butter Posted May 13, 2017 Posted May 13, 2017 What skin are you using? I have plugins and edits in my code that will not work with Invisible Recaptcha. I have disabled recaptcha completely for now. Did you get a new key from Google for the Invisible? I had to. Quote
Claudia M Posted May 13, 2017 Posted May 13, 2017 Very, very modified Foundation. Yes, I got the new key from Google. I wish this would work, it's nice that customers don't have to "select squares with signs". I leave sites that make me go thru all that. Quote
Dirty Butter Posted May 13, 2017 Posted May 13, 2017 That's why I'm not using capcha right now. It may be that the Guest Checkout issue is NOT capcha related. If that's the case, the only way I can think of is to not allow Guest purchases for the weekend. I have a test store on today's commit on GitHub. I was able to take a test order as a Guest all the way to PayPal. Either some change in the 6.1.8 code fixed the issue, or the problem is not Invisible or Guest. Quote
Dirty Butter Posted May 13, 2017 Posted May 13, 2017 In content.checkout.confirm.php: <script type="text/javascript"> var county_list = {$STATE_JSON}; </script> <div class="row hide"> <div class="small-12 large-8 columns"><input type="checkbox" name="register" id="show-reg" value="1" {$REGISTER_CHECKED}><label for="show-reg">{$LANG.account.create_account}</label></div> </div> the hide in the div takes it off the screen with it still checked as Register. Quote
Claudia M Posted May 13, 2017 Posted May 13, 2017 Thanks, I think I will do that. I reverted to Recaptcha 2 for now and it seems to be working. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.