Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-8976

recaptcha security warnings if accessed over https on my server

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 3.0.6
    • Fix Version/s: 3.0.7
    • Component/s: Other
    • Labels:
      None
    • Environment:
      PHP Environment: 5.2.0-8+etch13
      Database: MySQL(i) 5.0.32-Debian_7etch5-log

      Description

      I was having problems with security warnings when I enabled recaptcha. I use mod_rewrite with apache2 to force ssl on some of my pages (like registration and ucp). I do not know if other server configurations suffer from this.

      I fixed it by editing the recaptcha plugin file that comes with 3.0.6 phpbb_recaptcha_plugin.php

      On line 30: I changed it from setting $recaptcha_server to the url and just initialized the variable instead.

      Then in the init function around line 44ish I added:

      $this->recaptcha_server = $_SERVER['HTTPS'] ? 'https://api-secure.recaptcha.net' : 'http://api.recaptcha.net';

      It is working for me. May not be the best solution but I think the plugin module should detect if the page is being requested over https or http and act accordingly.

      Here is a snippit:

      class phpbb_recaptcha extends phpbb_default_captcha
      {
      var $recaptcha_server;
      var $recaptcha_verify_server = 'api-verify.recaptcha.net';
      var $challenge;
      var $response;

      function init($type)

      { global $config, $db, $user; $user->add_lang('captcha_recaptcha'); parent::init($type); $this->challenge = request_var('recaptcha_challenge_field', ''); $this->response = request_var('recaptcha_response_field', ''); //set recaptcha url if https here instead of as a constant up top $this->recaptcha_server = $_SERVER['HTTPS'] ? 'https://api-secure.recaptcha.net' : 'http://api.recaptcha.net'; }

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ToonArmy Chris Smith
                Reporter:
                ty344 ty344
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: