Hi.
I have been registering for a few weeks through new spammer boots. My question, do you have any plugins to add to version 3 and avoid such intruders?
Thank you and I am waiting for your response.
Hi. Can someone guide me in the problem that I present? Thank you!
are you using recaptcha? You can enable it from config.inc.php.
No, how can I activate it in the OJS 3.X version?
See the config.inc.php file: https://github.com/pkp/ojs/blob/master/config.TEMPLATE.inc.php#L407
You just register with Google and add the two keys required in the settings. Then set recaptcha = on.
Hello @ajnyga !
But this is valid for any browser? Do you have a manual or guidelines to add it?
Thank you and I look forward to your response.
Should be valid in any browser. It may have problems for example in China, where the use of Google services is limited.
There are not much guidelines. Just create the two keys and edit config.inc.php
Hi @ajnyga,
I do not understand him with the idea of ​​creating the two keys.
Thank you and I am waiting for your clarification.
When you sign up for ReCAPTCHA, each site will have a Google-generated “Site key” and “Secret key”. These need to be entered into config.inc.php:
@ctgraham, I have this code and it still does not work, I get the following error. My web is registered in google recaptha:
“ERROR for the website owner: the website key is not valid”
I added my secret key and it does not work.
;;;;;;;;;;;;;;;;;;;;
; Captcha Settings ;
;;;;;;;;;;;;;;;;;;;;
[captcha]
; Whether or not to enable ReCaptcha
recaptcha = on
; Public key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_public_key = (my secret number)
; Private key for reCaptcha (see http://www.google.com/recaptcha)
recaptcha_private_key = (my secret number)
; Whether or not to use Captcha on user registration
captcha_on_register = on
There will be two different codes here, not just one single secret repeated twice.
The “Site key” is the recaptcha_public_key; the “Secret key” is the recaptcha_private_key.
Hi @ctgraham .
I have added the changes that you indicate and I continue with the same problem:
ERROR for the website owner: the website key is not valid
This indicates that the configuration in config.inc.php does not match Google’s keypair.
Some possible causes:
- The “Site key” and “Secret key” are incorrect.
- See above.
- The keys were created for a different version of ReCAPTCHA.
- ReCAPTCHA v1 keys will not work for ReCAPTCHA v2.
- The key is being used on a site not recognized by Google.
- Modify the allowed domains within the Google settings.
Hi @ctgraham,
After adding site key and secret key, it tells me the following: reCAPTCHA v2 box:
Adding reCAPTCHA to your site
Paste this fragment at the end of the element where you want the reCAPTCHA widget to be delivered:
Paste this fragment before the closing </ head> tag in the HTML template:The reCAPTCHA documentation website contains more information and advanced configuration options. When the form in which reCAPTCHA has been integrated is integrated, a string called "g-recaptcha-response" is obtained as part of the payload. To verify if Google has verified the user, send a POST request with these parameters: URL: https://www.google.com/recaptcha/api/siteverify secret (required) xxxxxxxxxx response (mandatory) The value of "g-recaptcha-response". Remoteip The IP address of the end user.
Should I add this too? And if so, where? Why OJS does not have an index.html
OJS does all of this for you once you enter the site key and secret key into config.inc.php. There is no need to modify any HTML or to manually POST or verify the response.
Hi @ctgraham,
Already solved.
The problem is that I was writing in the wrong php.
Thank you very much as always.
Hi @ctgraham,
After loading the capthar, people correctly make the requests but it shows them the following error → "Errors have occurred while processing this form Did not pass the validation check used to avoid spam mailings ".
And it does not let them register in the registration form.
Thank you and I am waiting.
This error message is generally shown when the user fails the CAPTCHA challenge, but may also be display if the user’s IP is not presented correctly to OJS or if the server running OJS cannot connect to Google to verify the response.
Are some users able to complete the ReCAPTCHA, or are all users failing? Are you able to pass the ReCAPTCHA validation yourself?
Do you see any error messages in the PHP error log at the time of the failed ReCAPTCHA validation?
Hi @ctgraham,
It is failing in all records, I have tried it myself and follow the instructions of ReCAPTCHA and it does not allow me.
How can I look at the php error of ReCAPTCHA?
Take a look at the PHP error log at the time of your attempted submission. As with the other thread, you can probably ignore the warnings of “PHP Deprecated” and “PHP Strict”. Other lines are probably of particular interest.
If you don’t have an exact time of a failed submission, you can perform a new registration and look at the end of the log.