Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

recaptcha not appearing on registration

So trying to create an account but the captcha box is not appearing. Getting this message, "The reCAPTCHA value was not entered correctly. Please try again." Tried Elric's solution from this old forum post but that didn't help, https://vanillaforums.org/discussion/15839/recaptcha-not-appearing-on-registration. Any insight?

Comments

  • What are your registration settings ? Please take screen shot. Captcha should show up on Basic registration with captcha.

  • It's set for approval, which is what I want. How can I turn off captcha then?

  • edited June 2016

    I don't recommend you use approval as the registration because even with captcha , you will get hundreds of spam bot applicants.

    Approval does not use Captcha/reCaptcha because you need to grant each applicant permission to log in.

    If you set it to Basic, then just get the keys from reCaptcha

    Sign into Google then go to https://www.google.com/recaptcha/admin#list

    Register your site and domain then get the keys to put in the fields in your forum dashboard registration settings. Save.

    Once you do it gets verified and it should work. However a theme or something else might be blocking it. Perhaps AdBlocker ..

  • I've had approval since using vanilla and the number of spambots is not excessive. I have content that requires a gatekeeper so deleting some spam applicants every few days is a much more acceptable option for me than having people self select themselves onto the platform. How can I turn off captcha? Thank you.

  • How do I send someone an invite?

  • So let me get this straight. You have a feature on your application that you advise people not to use, effectively under any circumstances even in contravention to a user's informed wishes? Why have that feature there in the first place? Pointless.

  • whu606whu606 MVP
    edited June 2016

    @abrown

    The first thing to get straight would be that this forum is run by volunteers, not Vanilla staff, so references to 'your application' are inaccurate, and moaning at them about things you don't like is pointless.

  • @abrown said:
    How do I send someone an invite?

    You pick Invitation as your registration method. Then you email the people you want to invite with a number they can enter in the registration form to be able to register. This way you control who you allow. You can also give permissions to others to be able to invite other people.

    You have a feature on your application that you advise people not to use

    No please don't exaggerate what I said, you can do what ever you want. Just pointed out that the method attracts bots. Some people could get 1000 bots a day register but not confirm email so they remained applicants for ever clogging the system with more than 100 pages of bot applicants .

    Why have that feature there in the first place? Pointless.

    For people who want it. This software has grown thanks to the input of people extending the base. There are several registration methods for this reason. Some better than others. How much did you pay for your copy of Vanilla Forums Software ?

  • RiverRiver MVP
    edited June 2016

    @abrown said:
    So let me get this straight. You have a feature on your application that you advise people not to use, effectively under any circumstances even in contravention to a user's informed wishes? Why have that feature there in the first place? Pointless.

    Which item are you talking about?

    The security flaw in the First Names Last Names plugin. This vulnerability will allow your site to be compromised , responsibly, you should not use this add-on it puts all your users at risk. It should be removed from the add-ons to prevent you from putting your users at risk, even if you don't care.

    https://vanillaforums.org/discussion/comment/241561/#Comment_241561

    @vrijvlinder said:

    I don't recommend you use approval as the registration because even with captcha , you will get hundreds of spam bot applicants.

    fair enough that you don't recommend, but he elaborated why he prefers to use it.

    @abrown said: I've had approval since using vanilla and the number of spambots is not excessive. I have content that requires a gatekeeper so deleting some spam applicants every few days is a much more acceptable option for me than having people self select themselves onto the platform. How can I turn off captcha? Thank you.

    reasonable enough.

    Approval does not use Captcha/reCaptcha because you need to grant each applicant permission to log in.

    Actually this is not true.

    as you can see approval registration DOES use Captcha

    https://github.com/vanilla/vanilla/blob/Vanilla_2.2.1/applications/dashboard/views/entry/registerapproval.php#L60-L64

    If you set it to Basic, then just get the keys from reCaptcha

    Sign into Google then go to https://www.google.com/recaptcha/admin#list

    Register your site and domain then get the keys to put in the fields in your forum dashboard registration settings. Save.

    Once you do it gets verified and it should work. However a theme or something else might be blocking it. Perhaps AdBlocker ..

    yes good suggestion how to get Captcha keys.

    @abrown said:
    So let me get this straight. You have a feature on your application that you advise people not to use, effectively under any circumstances even in contravention to a user's informed wishes? Why have that feature there in the first place? Pointless.

    Who do you think "you" is, the person trying to help you or the vanilla developers, two different entities.

    If you want to use Approval without Captcha - here is a solution.

    https://vanillaforums.org/discussion/comment/235402/#Comment_235402

    YOUR PROBLEMS WITH REGISTRATION - not seeing things invite names, captcha, etc are because you said you use first names last names plugin.

    The plugin has not been updated since this security hole was discovered.

    https://vanillaforums.org/discussion/26973/remote-cross-site-scripting-xss-attack-vulnerability-in-firstlastnames-1-3-2-plugin-fixed

    Maybe @Todd or @Tim will delete the plugin, https://vanillaforums.org/addon/firstlastnames-plugin, to prevent further mishaps of Admins shooting themselves in the foot. since equal functionality is created with nicknames plugin by R_J and the profile extender, there is not need for users to add a security hole and break their registration with this plugin. Author was notified several years ago and still has not fixed it.

    Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.

Sign In or Register to comment.