WP-OpenID and reCAPTCAH

  • Hey guys I’m running the reCAPTCHA plugin (https://recaptcha.net/plugins/wordpress/) and after activating OpenID everything seems perfect, everything is formatted perfectly. However, after clicking submit I get redirected to my OpenID provider, I click on accept or whatever and it redirects me back to the comment page. I figure that after being sent back to the comment page the comment should be posted, but instead I get a reCAPTCHA ‘Incorrect CAPTCHA’ error. I think this is because of the information posted that conflicts with the information reCAPTCHA is POSTing.

    Does anyone have any ideas? I don’t want to get rid of reCAPTCHA as it has gotten rid of completely all of my spam.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter BlaenkDenum

    (@blaenkdenum)

    Okay, I found that in logic.php in function comment_tagging it retains the comment if it was posted along with the OpenID URL. Well, we also need to do this with the reCAPTCAH information so let me see how I can do this…

    Thread Starter BlaenkDenum

    (@blaenkdenum)

    If only there was a way to retain the information from either one until the other was finished. For example, say the OpenID authentication went first, the reCAPTCHA information would somehow have to be saved. After the OpenID authentication was over, then the reCAPTCHA check would have to be made, after that, finally a redirect back to the post.

    I really like reCaptcha (as far as captchas go) so I looked at how I could modify wp-openid to make this possible. Unfortunately, it’s a bit tricky. The problem is that comment hooks don’t get called until after the OpenID redirect stuff has happened. By the time they get called, the original reCaptcha data that was posted is no longer available. I can’t simply store this data temporarily and then recover it since the reCaptcha plugin is looking directly in the $_POST array for the data. This is not a unique problem to reCaptcha… it should actually cause problems with any plugin that causes additional data to be posted as part of a comment submission. The best solution will likely be for wp-openid to use immediate authentication when available, which would prevent the whole redirect from being necessary at all. This would be limited to OpenID 2.0 providers, but should solve the problem. I’ll definitely see about adding that in when I get the chance.

    Thread Starter BlaenkDenum

    (@blaenkdenum)

    Yeah I realized that this would be a problem with any plugin that hooked onto preprocess_comment, at least that’s what I figure. https://www.ads-software.com/extend/ideas/topic.php?id=40&page=6&replies=98#post-4346

    I’m at least glad you replied, and that you know about reCAPTCHA and now you know this can cause conflicts with other plugins as well. Your plugin looks awesome, but I just can’t afford to turn off reCAPTCHA as I have received absolutely no spam since I’ve enabled it. I would appreciate it if you could look into this problem, and would be glad to help with anything you may need (ex. testing).

    Oh, in the meantime if you can’t figure out how to solve the problem with the other conflicts, can’t you at least add workarounds for reCAPTCHA? I mean, if you can’t solve the problem with the conflicts but can probably solve the problem with reCAPTCHA, do some testing to see if the reCAPTCHA plugin exists and is enabled, then do some ‘hackish’ solution for reCAPTCHA. It’s not that I can’t wait for a real fix, but maybe if there’s absolutely no way to fix it, then at least see if you could do it that way, but from what you mentioned already I doubt there would be.

    Thanks for the response.

    actually that’s exactly what I tried doing… I was going to add in some code that checked if the recaptcha plugin was present and if so, then store the data in the session until after OpenID authentication. But even that isn’t possible because recaptcha is specifically looking for the data in the POST array. I’m afraid there is no easy hack to make it work… it’s gonna require a real solution, but I do have some ideas. ??

    Thread Starter BlaenkDenum

    (@blaenkdenum)

    I’d be great if you got this to work. Again, if you need anything, someone to test it or whatever, please let me know. I’ll have to hold off on OpenID support for the time being then. I’m already using WP-Yadis so that I can use my site as my OpenID address, can’t wait until my site itself supports OpenID.

    If you have any general ideas on how to fix this please share them here, maybe I can help out.

    I have tried WP-OpenID together with two other anti spam plugins (bcSpamBlock and Spam Karma2) and both of them appear to have the same kind of issues (they block comments when you get back from the OpenId provider).

    Is that a generic issue with any anti spam plugin and is there any hope to see it fixed?

    Thanks,

    Eric

    PS: when used alone, WP-OpenID works perfectly for me!

    The same goes for DG review site plugin

    https://www.dangrossman.info/wp-dg-review-site/

    Seems that everything else than the default form stuff do not get posted.

    Thread Starter BlaenkDenum

    (@blaenkdenum)

    wnorris: I’m the developer for the official reCAPTCHA plugin for WordPress now, so if you can think of anything that can be done to the reCAPTCHA plugin to make it work with wp-openid, I’d be glad to implement it into the plugin for the next version. Let me know please!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘WP-OpenID and reCAPTCAH’ is closed to new replies.

Tags