How to enable recaptcha on lost password page OJS 3.1.1.4

Hi everyboy,

I want to know, if it is possible enable recaptcha on /lostpassword page on my OJS 3 installation?. There are many fakes users (I know it because the email address does not exist in remote server). I don’t know how nor when, but everyday I am receiving 5 emails that says: “Reported error: 550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient’s email address for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser h2si4170516qtc.262 - gsmtp

I think the solution is activate recaptcha on lostpassword, or there are other solutions?

thanks!

OJS should only try to send a forgot password email to a user’s email if it exists in OJS.

So the situation you are proposing is:

  • A user registers for an account in OJS with a fake email address.
  • A user tries to reset the OJS password using that fake email address.
  • The mailserver responds that the email address is not found.

Do you have email validation turned on in config.inc.php? I could imagine a spammer registering, not being able to validate, and then trying the password reset process.

If you already have ReCAPTCHA enabled on your registration page, and the spammers are bypassing that to do the initial registration, I don’t expect that adding ReCAPTCHA to the lost password page will help much.

There are other tools like formHoneypot or Akismet which might help with spam registrations if spammers are completing ReCAPTCHA.

If you really want to add ReCAPTCHA to the lost password page, this will be surprisingly complex. You can find the basic code which makes it happen on the registration form:

and template:

But the lost password page does not use the form architecture, so we can’t use the normal form validation. You would need to modify the handlers and template directly:

Hello dear @ctgraham,

Thank you for you clear answer. The problem that I am facing is that my OJS 2 had not email validation turned on. After upgrading to OJS 3.1.1.4 I activated that option. Actually, I have more than 11k users per journal, many of them are fake users.

I was analyzing that spammers are completing ReCAPTCHA V2 on registration page. I will try to use the tools that you mentioned above.

thank you for all

Hello @ctgraham,

I installed the tool formHoneypot but I am seeing that there is a Fatal error on my apache error log when OJS system tries to use it tool.

error:
PHP Fatal error: Call to a member function getId() on null in /var/www/html/plugins/generic/formHoneypot/FormHoneypotPlugin.inc.php on line 287

Does the URL you are using for registration reference the site context /index/user/register, or a specific journal context like myjournal/user/register?

Do you have a single journal in your site, or multiple?

In my site there are multiple journals (revistas.javerianacali.edu.co). I am testing registration with and without context.

thanks.

Does it fail in both the journal context and the site context, or only in one or the other?

@ctgraham, It fail when I try to register in site context. I don’t know why at index/admin/settings, I can not setting up the plugin, as appear next:

image

Ah. I wasn’t aware this was even a possibility.

The plugin will not currently work in the Site context. I’ll open a issue to address this, but for now you will need to disable the plugin for the Site context. Sorry for the inconvenience.

Thank you for the support.