Jump to content

Unable to checkout as guest with Invisible ReCAPTCHA


bsandall
 Share

Recommended Posts

Store is on 6.1.7 and has SSL enabled.

Enabled Invisible reCAPTCHA.

I am able to register new accounts, log in, and checkout as a logged in customer.

I am also able to create an account during checkout and proceed as normal.

However, trying to checkout as a guest, i.e. not creating a registered account, does not work.

Upon entering the customer data and clicking either `Update Basket` or `Secure Checkout`, the error message `The verification code was incorrect. Please try again` appears, indicating that reCAPTCHA failed to verify that I am human. No reCAPTCHA dialogue box popped up to select images or anything.

Once that fails, the email address I had entered has been cleared and any further attempt to proceed after re-entering an email address is met with the `Please enter a valid email address` error.

For now, I've simply disabled reCAPTCHA so as not to interfere with my customers' experience.

Has anyone else experienced this issue? Anyone know of a fix?

Cheers.

Link to comment
Share on other sites

I don't allow guest customers, so I haven't seen this. But I did try a test customer with a (lazy) [email protected] type email address and had to fill out several captcha challenges before it would proceed. I then made another test customer with a real email address and the invisible worked. I'll be glad to test this as soon as possible.

Link to comment
Share on other sites

To clarify, the reCAPTCHA is working fine when registering as a customer - I've had challenges pop up for me and succeeding at them allowed me to continue registration.

The only case I've found where it failed (and no challenge popped up) was checking out as a guest.

Also, I don't think the reCAPTCHA necessarily catches bad email addresses, at least not as the only indicator.

For example, I was only challenged by reCAPTCHA to prove I am human the first time I tried to create an account even though I used my full name and a real email address; later in a private browser session it let me pass despite me typing my name as 'B S' and email as '[email protected]'.... -.-

Link to comment
Share on other sites

I took the hide off of "row hide". I don't know if there was anything else I needed to do to allow guest checkout.

<div class="row">
   <div class="small-12 large-8 columns"><input type="checkbox" name="register" id="show-reg" value="1" {$REGISTER_CHECKED}><label for="show-reg">{$LANG.account.create_account}</label></div>
</div>

With that done I attempted to checkout. When I was presented with the checkout screen I immediate was challenged with the recaptcha. But when I solved it I was able to proceed all the way to PayPal, stopping short of course of actually paying.

There must be some other code change I've made to stop guests, as this test customer is marked as being Registered.

So my test wasn't as helpful to you as I expected. Sorry.

I DID realize that you were not having problems with registered sales. But I don't get a recaptcha challenge at all when I use a real email address where registration is required. It sounds like you did get the challenge.

Link to comment
Share on other sites

reCAPTCHA stores your browser fingerprint along with other data such as your computer's hardware configuration; once you have proven that combination to belong to a human, it is very unlikely to challenge you again unless you start using a different browser, hardware, or both.

Do you get challenged if you try again now with a bogus email address?

Link to comment
Share on other sites

Interestingly, the reCAPTCHA sidebar won't even display anymore in Firefox (it did once before I tried registering an account), even in a private window after clearing the cache, which means I can't do anything that requires the verification code. No challenge is given and I cannot submit the contact or registration forms.

It still shows up in Chrome and those forms work fine, just not checking out as a guest.

I'll try restarting my browsers tomorrow and see if that gets me anywhere.

Link to comment
Share on other sites

OK - cleared all cache in CC and browser. I DID see the captcha badge in the corner. I did get the challenge, but BEFORE I could goto the index.php?_a=confirm page. But now MINE won't advance to Secure Checkout. The button does not work. I'm using FF too.

Too tired now - will do more testing tomorrow.

Link to comment
Share on other sites

8 hours ago, bsandall said:

To clarify, the reCAPTCHA is working fine when registering as a customer - I've had challenges pop up for me and succeeding at them allowed me to continue registration.

The only case I've found where it failed (and no challenge popped up) was checking out as a guest.

Also, I don't think the reCAPTCHA necessarily catches bad email addresses, at least not as the only indicator.

For example, I was only challenged by reCAPTCHA to prove I am human the first time I tried to create an account even though I used my full name and a real email address; later in a private browser session it let me pass despite me typing my name as 'B S' and email as '[email protected]'.... -.-

With invisible reCaptcha it may come earlier in the checkout process than others. When you click continue from basket the challenge will invoke then rather than  after registration at checkout. During development I coded it to wait but then though "What difference does it make?".

Please also note that once reCaptcha has been solved once it is saved against the session and it shouldn't challenge again. It's one of my pet hates with websites that ask you to verify on every form even though you have solved it already on a previous form.

reCatcha doesn't validate email addresses at all.  

Hopefully we don't have a bug on our hands here. 

Link to comment
Share on other sites

after reading this thread i can confirm its the same for me, tested on ff

as a guest when i select secure payment it doesn't proceed, if i log in its fine. 

i am using/testing the invisible recaptcha recommended with site & secret key

  • Like 1
Link to comment
Share on other sites

Tried deleting the session cookie as well, FF still won't even show the reCAPTCHA sidebar tab with the terms and privacy policy links. Basically, I am unable to do anything on the store front as a customer would when using FF with invisible reCAPTCHA enabled.

In Chrome, the invisible reCAPTCHA works for everything but checking out as a guest, as described in the original post.

I'm using the latest versions of both FF and Chrome. Not sure if this is a bug in the browsers, with Google's invisible reCAPTCHA, with CubeCart, some combination of those, or if it really is just a caching issue. If it is a caching issue, it's a pretty serious one that I imagine will also affect many of our customers.

@Dirty Butter I'm curious to hear the results of your further testing. You said that it was working in FF, but now it isn't... that's exactly what I experienced. Would you be willing to also try using Chrome?

8 hours ago, Al Brookbanks said:

With invisible reCaptcha it may come earlier in the checkout process than others. When you click continue from basket the challenge will invoke then rather than  after registration at checkout. During development I coded it to wait but then though "What difference does it make?".

That makes sense, but I'm not getting challenged at all during the checkout process. Instead, when I click continue, I simply get the 'The verification code was incorrect' error message indicating that reCAPTCHA couldn't verify I was human, and after that for some reason no matter what email address I enter in the form, after clicking continue again it tells me the email address is invalid.

I realize that reCAPTCHA does not validate email addresses - I'm just describing the symptoms that I am experiencing, both in Chrome and FF.

Note that the process works fine, at least in Chrome, so long as I choose to create an account during the checkout process.

Edited by bsandall
Link to comment
Share on other sites

Sorry it took me so long to get back to this. I had an unexpected result last night, so wanted to start fresh after reboot this morning. But I'm seeing the same thing today.

I'm on 6.1.7 code on my test site. I now can NOT get the invisible captcha to pass me through without requiring solving the captcha. I've tried it several times, including on the CC demo store. Since the solution is showing up BEFORE I have a chance to fill out any information - it doesn't seem to have anything to do with whether or not I choose to register.

So, I finished the recaptcha and I then chose to not register. As you had found - checkout button did not work. But I refreshed the page - got the CRSF warning, went back to cart and could proceed to PayPal properly.

I'll clear everything out and try again.

UGH - Cleared browser, ran maintenance clear again, and tested again with new customer info.

STILL had to solve captcha, but THIS time the checkout button worked properly!

  • Like 1
Link to comment
Share on other sites

I have reCAPTCHA disabled and today I have had two calls this morning from customers who after filling in their details at checkout, found that when they clicked on the 'secure checkout' button were unable to proceed!  I did a test purchase while they were on the phone and I too could not get past this stage...

I had changed the config.xml as per yesterdays advice from @Al Brookbanks but after changing <csrf>false</csrf> back to <csrf>true</csrf> everything seems to be working again...
Link to comment
Share on other sites

  • 3 weeks later...

I had a new customer try to place an order today and they couldn't complete payment and for some reason her email was not saved.  The order is set to pending. I tried to go thru the steps of placing an order as a new unregistered customer and got stuck at the checkout button.  When I pressed it nothing happens.  Im using CC6.1.7 and invisible Recaptcha

Edited by Claudia M
Link to comment
Share on other sites

That's why I'm not using capcha right now. :(

It may be that the Guest Checkout issue is NOT capcha related. If that's the case, the only way I can think of is to not allow Guest purchases for the weekend.

I have a test store on today's commit on GitHub. I was able to take a test order as a Guest all the way to PayPal. Either some change in the 6.1.8 code fixed the issue, or the problem is not Invisible or Guest.

Link to comment
Share on other sites

In content.checkout.confirm.php:

<script type="text/javascript">
   var county_list = {$STATE_JSON};
</script>
<div class="row hide">
   <div class="small-12 large-8 columns"><input type="checkbox" name="register" id="show-reg" value="1" {$REGISTER_CHECKED}><label for="show-reg">{$LANG.account.create_account}</label></div>
</div>

 

the hide in the div takes it off the screen with it still checked as Register.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...