• Resolved Kermit524

    (@kermit524)


    Hi, submitting the captcha occasionally fails with an error message: “The security code entered was incorrect.” even though the captcha was typed in correctly. At other times – all is ok. I tried to look into it and after some debugging it appears the failure is due to this condition returning false:
    !isset($_POST[$tid]) || $_POST[$tid] != siwp_get_token($captchaId)
    (securimage-wp.ph about line 511).
    Could you please shed some light on this piece of code, and how I should go about investigating this further?
    (A thought: could this also have anything to do with SSL?)
    Many thanks in advance! 🙂

    • This topic was modified 7 years, 1 month ago by Kermit524.
    • This topic was modified 7 years, 1 month ago by Kermit524.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Kermit524

    (@kermit524)

    Ok, after a little bit more research apparently the first part of the condition already returns false:
    !isset($_POST[$tid]).
    Looks like $_POST[$tid] is not set.
    So I wonder what may cause this to happen.
    Thanks again!

    Plugin Author drew010

    (@drew010)

    Hi,

    This is an additional form field for bot detection.

    <input type="hidden" id="tok_' . sha1($captchaId) . '" name="tok_' . sha1($captchaId) . '" value="' . sha1(uniqid(time())) . '">

    I’m not sure why it would ever be NULL or not set under normal circumstances since it’s always part of the form.

    I will likely remove this extra check in the next version which I will try to push out today or tomorrow.

    Sorry for the inconvenience this may have caused.

    Thread Starter Kermit524

    (@kermit524)

    Thanks! I will wait for your update then. In the meantime – will it be safe to remove this check myself?
    Thanks again

    Plugin Author drew010

    (@drew010)

    Absolutely, just remove lines 503 – 507 which are:

    if (isset($_POST[‘ns_tok’]) && !empty($_POST[$tid])) {
    $valid = false;
    } elseif (!isset($_POST[$tid]) || $_POST[$tid] != siwp_get_token($captchaId)) {
    $valid = false;
    }

    Plugin Author drew010

    (@drew010)

    The new version, 3.6.13, has been released and should appear as an available update on your site shortly if not already.

    Thanks for pointing this out!

    Thread Starter Kermit524

    (@kermit524)

    Hi Drew – thanks!! All seems to work ok now. Many thanks again for your help.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Logon fails even though captcha is valid’ is closed to new replies.