keat Posted June 7, 2022 Share Posted June 7, 2022 I've said for a while that re-captcha2 had been circumvented. We get the occasional spam messages from our own web site, but yesterday I spotted that our web site is now sending spam externally via our contact form. Looking in to how Re-Captcha has been circumvented, the bot apparently authenticates by requesting the audio challenge, and then transcribing this back in to text. Ingenious. So could anyone help me get invisible re-captch working on Mican and Korouto sknis, or suggest an alternative that works. Quote Link to comment Share on other sites More sharing options...
Tony Posted June 7, 2022 Share Posted June 7, 2022 I'm seeing more and more of hCaptcha. But don't think there's a plug-in for Cubecart yet!) @Al Brookbanks what do you think? Time to change recaptcha to hCaptcha? Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 7, 2022 Share Posted June 7, 2022 Please see if this conversation is a solution for you: https://forums.cubecart.com/topic/53819-recaptcha-v2-for-cubecart-5/ Quote Link to comment Share on other sites More sharing options...
keat Posted June 8, 2022 Author Share Posted June 8, 2022 @Bsmither. Your thread only really refers to implimenting V2, which I already have. V2 has been circumvented. So ideally, I need to get invisible working or come up with an alternative to Re-Captcha Quote Link to comment Share on other sites More sharing options...
Lastwolf Posted June 8, 2022 Share Posted June 8, 2022 invisible does tend to be fairly effective still. Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 8, 2022 Share Posted June 8, 2022 The "invisible" mode of reCaptcha is still considered to be of the v2 'family'. CubeCart's list of choices are numbered 0 (disabled), 1 (no longer a choice), 2, (standard 'I am not a robot' picture chooser), and 3 (invisible). What you see in the code is the numerical index to CubeCart's internal list of modes of Google's reCaptcha v2. Quote Link to comment Share on other sites More sharing options...
keat Posted June 9, 2022 Author Share Posted June 9, 2022 (edited) I followed the code on one of my Korouto sites, everything was in place apart from my ' content.recpature.php' had a lot more code inside it. And I was missing element.recapctcha.invisible which I created. The store still shows as not being compatible with invisible. However, if I choose invisible, and then navigate to the contact form, i see no challenge (this is a good sign) but when I try to send a form I get the following. The following errors were detected: The verification code was incorrect. Please try again. So I then made content.recpature.php as per the code, but still the same error. Edited June 9, 2022 by keat Quote Link to comment Share on other sites More sharing options...
keat Posted June 9, 2022 Author Share Posted June 9, 2022 looking inside config.xml, my korouto skin is v1.0.3 which accoring the the cubecart extensions change log is compatible already with V2. So am I missing anything more to make it V2 invisible compatible ? Quote Link to comment Share on other sites More sharing options...
keat Posted June 23, 2022 Author Share Posted June 23, 2022 Chaps.. This situation is embarrasing, I'm getting female members of my team telling me that they are receiving explicit messages from one of our contact forms. Can anyone suggest how I get invisible working, failing that I'll have to employ the services of a dev to write something which works. 1 Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 23, 2022 Share Posted June 23, 2022 To review, please verify your skin has made the following changes: The skin's config.xml, from: </images> </skin> To: </images> <!-- Use this to add custom variables into the skin which can be found in the smarty SKIN_CUSTOM array --> <custom> <recaptcha_badge_position>bottomright</recaptcha_badge_position><!-- Invisible Recaptcha Badge Position: bottomright, bottomleft or inline --> </custom> </skin> A new template, content.recaptcha.head.php, containing: {if $RECAPTCHA} <script src="https://www.google.com/recaptcha/api.js?onload=reCaptchaCallback&render=explicit" async defer></script> {/if} {if $RECAPTCHA=='3'} <script> var reCaptchaCallback = function() { $(".g-recaptcha" ).each(function() { var el = $(this); grecaptcha.render($(el).attr('id'), { 'sitekey': '{$CONFIG.recaptcha_public_key}', 'badge': '{$SKIN_CUSTOM.recaptcha_badge_position}', 'callback': function(token) { if($(el).attr("data-form-id")){ $('#'+$(el).attr("data-form-id")).submit(); } else { $(el).parent().submit(); } } }); }); }; </script> {/if} The existing template, content.recaptcha.php, from: {if $RECAPTCHA} <fieldset id="recaptcha-title"> <legend>{$LANG.form.verify_human}</legend> <script type="text/javascript"> var RecaptchaOptions = { theme : 'clean' }; </script> {$DISPLAY_RECAPTCHA} </fieldset> {/if} To: {if $RECAPTCHA=='1' || $RECAPTCHA=='2'} <fieldset id="recaptcha-title"> <legend>{$LANG.form.verify_human}</legend> {if $RECAPTCHA=='2'} {if empty($CONFIG.recaptcha_public_key) || empty($CONFIG.recaptcha_secret_key)} <p>{$LANG.form.recaptcha_key_not_set}</p> {else} <div class="g-recaptcha" data-sitekey="{$CONFIG.recaptcha_public_key}"></div> {/if} {else} <script type="text/javascript"> var RecaptchaOptions = { theme: 'clean' }; </script> {$DISPLAY_RECAPTCHA} {/if} </fieldset> {/if} A new template, element.recaptcha.invisible.php, containing: {if $RECAPTCHA=='3'} data-sitekey="{$CONFIG.recaptcha_public_key}" data-callback="recaptchaSubmit" {/if} The template content.contact.php, from: {include file='templates/content.recaptcha.php'} <p><input type="submit" class="button_submit" value="{$LANG.documents.send_message}" /></p> </form> To: {include file='templates/content.recaptcha.php'} <p><input type="submit" class="button_submit g-recaptcha" value="{$LANG.documents.send_message}" /></p> </form> The template content.register.php, from: {/if} <p><input type="submit" name="register" value="{$LANG.account.register}" class="button_submit" /></p> </form> To: {/if} <p><input type="submit" name="register" value="{$LANG.account.register}" class="button_submit g-recaptcha" /></p> </form> The template content.checkout.php, from: {if $DISABLE_CHECKOUT_BUTTON!==true} <input type="submit" name="proceed" class="button_submit" value="{$CHECKOUT_BUTTON}" /> {/if} To: {if $DISABLE_CHECKOUT_BUTTON!==true} <input type="submit" name="proceed" class="button_submit g-recaptcha" value="{$CHECKOUT_BUTTON}" /> {/if} The template box.newsletter.php, from: <input type="submit" class="submit right" value="Subscribe" /> To: <input type="submit" class="submit right g-recaptcha" value="Subscribe" /> <div class="hide" id="newsletter_recaptcha"> {include file='templates/content.recaptcha.php' ga_fid="Newsletter"} </div> The template content.product.php, from: <input type="submit" value="{$LANG.catalogue.submit_review}" class="button_submit" /> To: <input type="submit" value="{$LANG.catalogue.submit_review}" class="button_submit g-recaptcha" /> The template main.php, from: </head> To: {include file='templates/content.recaptcha.head.php'} </head> CubeCart determines if the reCaptcha version 2 can be seen in the currently selected storefront's default skin (as set in the Layout tab, and the cache has been cleared) if the template 'content.recaptcha.head.php' exists, and if the invisible mode can be seen if the template 'element.recaptcha.invisible.php' exists. The code for this can be seen in the admin /source/settings.index.inc.php, near lines 462-465. If these templates do not exist in the currently selected default skin, there will be a message that these modes are not available for the currently selected default skin. The above skin edits were taken from an experiment on the e-Tone skin. There may be slight differences in class names as compared to Kurouto. Quote Link to comment Share on other sites More sharing options...
keat Posted June 24, 2022 Author Share Posted June 24, 2022 (edited) There are too many differences in the code you supplied to what I'm actally finding in Kurouto. I'm cutting and pasting what I think ought to be cut and paste, but I can already see there are going to errors. I don't know enough about PHP to be able to safely decipher the differences. I tried and broke the web site instantly. Edited June 24, 2022 by keat Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 24, 2022 Share Posted June 24, 2022 "There are too many differences in the code" For example? Quote Link to comment Share on other sites More sharing options...
keat Posted June 27, 2022 Author Share Posted June 27, 2022 just the first step alone. My config.xml is populated with all sorts. I found a number of discrepancies between your etone and my korouto <?xml version="1.0"?> <skin version="3.1"> <info> <!-- UIDs can be generated on the unix/linux command line using `uuid -v4`, or you can use any string, as long as you think it wont accidentally be picked by anyone else A good example of the latter would be something like '[email protected]'. While not necessarily an active email address, it's a pretty good approximation of a unique key --> <uid>[email protected]</uid> <type>skin</type> <name><![CDATA[kurouto]]></name> <display><![CDATA[Kurouto]]></display> <version>1.0.3</version> <minVersion>5.0.0a</minVersion> <maxVersion>5.1.*</maxVersion> <creator>CubeCart Ltd</creator> <homepage>http://www.cubecart.com</homepage> <mobile>false</mobile> </info> <layout> <products> <perpage amount="6" /> <perpage default="true" amount="12" /> <perpage amount="24" /> <perpage amount="48" /> <perpage amount="96" /> </products> </layout> <styles> <style images="true" default="true"> <!-- images: TRUE tells the template system that this style has its own image folder. FALSE would use the contents in the root of the images folder --> <directory>blue</directory> <name><![CDATA[Blue]]></name> <description><![CDATA[Blue style]]></description> <default /> </style> <style images="true"> <directory>green</directory> <name><![CDATA[Green]]></name> <description><![CDATA[Green style]]></description> </style> <style images="true"> <directory>grey</directory> <name><![CDATA[Grey]]></name> <description><![CDATA[Grey style]]></description> </style> <style images="true"> <directory>orange</directory> <name><![CDATA[Orange]]></name> <description><![CDATA[Orange style]]></description> </style> <style images="true"> <directory>purple</directory> <name><![CDATA[Purple]]></name> <description><![CDATA[Purple style]]></description> </style> <style images="true"> <directory>red</directory> <name><![CDATA[Red]]></name> <description><![CDATA[Red style]]></description> </style> </styles> <images> <!-- Common --> <image reference="thumbnail" maximum="138" quality="75" default="noimage_thumbnail.png" /> <!-- Category Page --> <image reference="category" maximum="580" quality="100" default="" /><!-- Doesnt need a default --> <image reference="subcategory" maximum="70" quality="70" default="noimage_subcategory.png" /> <!-- Product Page --> <image reference="gallery" maximum="50" quality="60" default="noimage_gallery.png" /> <image reference="normal" maximum="270" quality="90" default="noimage_normal.png" /> <image reference="enlarge" maximum="600" quality="90" default="" /><!-- Doesnt need a default --> <!-- Possible names (sizes): thumbnail (138), product(300-ish), enlarged (big), zoom (bigger, poss. source?) --> <!-- These are the ones currently in use --> <image reference="tiny" maximum="30" quality="75" default="noimage_thumbnail_tiny.png" /> <image reference="small" maximum="138" quality="75" default="noimage_thumbnail.png" /> <image reference="medium" maximum="270" quality="90" default="noimage_normal.png" /> <image reference="large" maximum="600" quality="90" default="" /><!-- Doesnt need a default --> </images> </skin> The skin's config.xml, from: </images> </skin> To: </images> <!-- Use this to add custom variables into the skin which can be found in the smarty SKIN_CUSTOM array --> <custom> <recaptcha_badge_position>bottomright</recaptcha_badge_position><!-- Invisible Recaptcha Badge Position: bottomright, bottomleft or inline --> </custom> </skin> Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 27, 2022 Share Posted June 27, 2022 Please observe the differences between the 'from' code versus the 'To' code. Then, find those lines specified in the 'from' section. The specified lines could be anywhere in the file, and may have extremely minor differences, but should be easy enough to locate. For example, in your code posted above, the last two lines (mostly) match: </images> </skin> Between those two lines, add the following changes: <!-- Use this to add custom variables into the skin which can be found in the smarty SKIN_CUSTOM array --> <custom> <recaptcha_badge_position>bottomright</recaptcha_badge_position><!-- Invisible Recaptcha Badge Position: bottomright, bottomleft or inline --> </custom> For the template file edits, note the essential difference between the 'from' section versus the 'To' section. Among all the lines of code in the template files, locate just the one line (or two, three) specified in the 'from' section. Apply the difference noted. Quote Link to comment Share on other sites More sharing options...
keat Posted June 28, 2022 Author Share Posted June 28, 2022 (edited) maybe that was a poor example. Some of these things your'e suggesting to add already exist, which makes me think that the skin has maybe already been modified. eg: content.recaptcha.head.php, you're suggesting to create this file. but it already exists. So I'm unsure as to leave it or modify it. {if $RECAPTCHA=='2' || $RECAPTCHA=='3'} <script src="https://www.google.com/recaptcha/api.js"></script> {/if} {if $RECAPTCHA=='3'} <script> function recaptchaSubmit(token) { $('.g-recaptcha').closest("form").submit(); } </script> {/if} Edited June 28, 2022 by keat Quote Link to comment Share on other sites More sharing options...
bsmither Posted June 28, 2022 Share Posted June 28, 2022 I will study this and report back soon. Please try adding just the new file 'element.recaptcha.invisible.php'. Quote Link to comment Share on other sites More sharing options...
keat Posted July 6, 2022 Author Share Posted July 6, 2022 The admin side no longer complains, but I still get the 'invalid key' message Quote Link to comment Share on other sites More sharing options...
bsmither Posted July 6, 2022 Share Posted July 6, 2022 Please verify that you have obtained your own reCaptcha keys from Google. Do not request v3 keys, you will want your own v2 keys (which includes the invisible mode). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.