“Bad hCaptcha nonce!” on arbitrary form

  • Resolved voyager131

    (@voyager131)


    1 year, 1 month ago

    I’m working on a form of my own and I believe I have everything correctly configured. When filled in, the form validates and posts. I can see the field data server-side, including h-captcha-response. The wordpress plugin is installed, activated, correctly linked and validates (via the tool in settings).

    But alas, the hcaptcha_verify_post() function refuses to return anything but “Bad hCaptcha nonce!“. Any clues as to what I might be missing are much appreciated.

    The page posts to itself. This isn’t finished but here’s the server side code as it currently stands:

    if( isset( $_POST ) && $_SERVER['REQUEST_METHOD'] === 'POST') {
	debug("we were POSTed to...");
	$result = hcaptcha_verify_post();
	if( null !== $result){
		debug(esc_html($result));
		debug("invalid captcha");

	}else{
		debug("captcha is valid");
	}
	foreach ($_POST as $key => $value) {
		//Remove all slashes, php and html tags, and quote html entities.
		$_POST[$key] = htmlentities(strip_tags(removeslashes($value)), ENT_QUOTES, "UTF-8");
	}
	debug(print_r($_POST,true));
}

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor kaggdesign

    (@kaggdesign)

    I see hcaptcha_nonce hidden input on your page. It means that you output the hCaptcha properly via shortcode.

    But when you use do_shortcode( '[hcaptcha action="my_hcap_action" name="my_hcap_name" auto="true"]' );, you must verify it with the same nonce: hcaptcha_verify_post( 'my_hcap_name', 'my_hcap_action' ).

    Thread Starter voyager131

    (@voyager131)

    That did the trick. Thank you! A bit more explanation in the installation instructions might be helpful.

    Plugin Contributor kaggdesign

    (@kaggdesign)

    Thank you for the feedback.

    The explanation exists in the “Does the [hcaptcha] shortcode have arguments?” section of the FAQ.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘“Bad hCaptcha nonce!” on arbitrary form’ is closed to new replies.