Support » Plugin: Securimage-WP » Logon fails even though captcha is valid

Viewing 6 replies - 1 through 6 (of 6 total)
  • Ok, after a little bit more research apparently the first part of the condition already returns false:
    !isset($_POST[$tid]).
    Looks like $_POST[$tid] is not set.
    So I wonder what may cause this to happen.
    Thanks again!

    Plugin Author drew010

    (@drew010)

    Hi,

    This is an additional form field for bot detection.

    <input type="hidden" id="tok_' . sha1($captchaId) . '" name="tok_' . sha1($captchaId) . '" value="' . sha1(uniqid(time())) . '">

    I’m not sure why it would ever be NULL or not set under normal circumstances since it’s always part of the form.

    I will likely remove this extra check in the next version which I will try to push out today or tomorrow.

    Sorry for the inconvenience this may have caused.

    Thanks! I will wait for your update then. In the meantime – will it be safe to remove this check myself?
    Thanks again

    Plugin Author drew010

    (@drew010)

    Absolutely, just remove lines 503 – 507 which are:

    if (isset($_POST[‘ns_tok’]) && !empty($_POST[$tid])) {
    $valid = false;
    } elseif (!isset($_POST[$tid]) || $_POST[$tid] != siwp_get_token($captchaId)) {
    $valid = false;
    }

    Plugin Author drew010

    (@drew010)

    The new version, 3.6.13, has been released and should appear as an available update on your site shortly if not already.

    Thanks for pointing this out!

    Hi Drew – thanks!! All seems to work ok now. Many thanks again for your help.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Logon fails even though captcha is valid’ is closed to new replies.