Support » Plugin: Contact Form X » several questions

  • Resolved tezalsec

    (@tezalsec)


    Hey Jeff,

    after much frustration with CF7 and its bloat, heaviness and js/json errors, I decided to give yours a try.

    I stumbled on the following issues / feature requests:

    – Is it true that the form data is not included in the sent email? I would have expected at least the name in the body of the email. Maybe a email body template would be an idea, in which all data elements are included, and which people can override its layout if desired?

    – The recaptcha function would not allow sending the email, although I also use a much-used recaptcha plugin (advanced-nocaptcha-recaptcha) it may have been conflicting with. That plugin has some nice features you could maybe also integrate. Like ip whitelist surpassing recaptcha checks and a change recaptcha sensitivity setting.

    – To overcome the recaptcha conflict, I am gonna try to hack your plugin to include the 2 small code injections from the advanced-nocaptcha-recaptcha plugin (within validation and just before submitting), maybe you could implement some option to this via a shortcode or filters, so integration without hacking would become possible?

    – Maybe it is an idea for extra security against spambots to implement a honeypot field?

    Thanks for the plugin, I am really hoping to say goodbey to CF7.

    Cheers.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Thread Starter tezalsec

    (@tezalsec)

    Well, I was wrong. It was not conflicting with the other recaptcha plugin. The issue stayed when I deactivated it.

    I keep getting the “error: invalid recaptcha response”. I have no idea what I am doing wrong. I have tried several different names and email adresses, originating from different IP adresses. Is the recaptcha being too strict?

    Using v3, I see no console errors. Any suggestions?

    • This reply was modified 2 months, 2 weeks ago by tezalsec.
    Thread Starter tezalsec

    (@tezalsec)

    And I overlooked the option “Extra Email Info”, so never mind the point about form data in emails 🙂

    Plugin Author Jeff Starr

    (@specialk)

    Hi @tezalsec, glad to help:

    1) “I keep getting the “error: invalid recaptcha response”. I have no idea what I am doing wrong. I have tried several different names and email adresses, originating from different IP adresses. Is the recaptcha being too strict?”

    The reCaptcha is set at the default “strictness” value that is known to optimal for most cases. So likely something else is interfering. Try doing some basic troubleshooting to determine the exact cause of the issue. I would be glad to provide a free guide if it will be useful.

    2) “maybe you could implement some option to this via a shortcode or filters, so integration without hacking would become possible?”

    If you can let me know specifically what is needed and where/when, I would be glad to consider this for a possible future update.

    3) “Maybe it is an idea for extra security against spambots to implement a honeypot field?”

    Usually the reCaptcha is more than sufficient at stopping automated spams. Hopefully you can get the reported reCaptcha issue sorted out so it won’t be a problem.

    I hope that helps. Let me know if I can provide any further infos.

    Thread Starter tezalsec

    (@tezalsec)

    Hi @specialk , thanks. So I have been debugging and this was the causing error:

    [03-Mar-2021 09:26:33 UTC] PHP Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
    error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in …/wp-content/plugins/contact-form-x/inc/core-validate.php on line 113

    The issue is also described here:
    https://stackoverflow.com/questions/14078182/openssl-file-get-contents-failed-to-enable-crypto#14078318

    Now, you could say, it is up to the user to change some server config relating to ssl, which varies for many users, but I remember stumbling years ago on this issue, and since then replacing the use of the file_get_content function with a curl alternative, like below. I remember this method being faster, safer and more future proof. Maybe you would consider this approach in your code?

    function file_get_contents_curl($url) {
    	
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
    	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_URL, $url);
    	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
    	curl_exec($ch);
    	$return_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    
    	// 200 is found, 400 is not found
    	if ($return_code == 200) {
        	$data = curl_exec($ch);	
    	} else {
    		$data = '';
    	}
    	curl_close($ch);
        return $data;
    }
    Thread Starter tezalsec

    (@tezalsec)

    Ok, admitting, using this function did not work either.. The error did go away, but the form would still not submit.

    As the other plugin does come through with my v3 recaptcha, I checked out how the advanced-nocaptcha-recaptcha plugin does this url request, and it uses this, in its anr-captcha-class.php file:

    $url = apply_filters( 'anr_google_verify_url', sprintf( 'https://www.%s/recaptcha/api/siteverify', anr_recaptcha_domain() ) );
    
    			// make a POST request to the Google reCAPTCHA Server
    			$request = wp_remote_post(
    				$url, array(
    					'timeout' => 10,
    					'body'    => array(
    						'secret'   => $secre_key,
    						'response' => $response,
    						'remoteip' => $remoteip,
    					),
    				)
    			);

    Maybe this is the more wp way of doing things (using the wp_remote_post function)? I don’t know, I have no expertise on this, but maybe something to also consider using.

    Anyhow, I do believe it is universally accepted in php land it’s better to not use file_get_contents as it is slow and unsafe.

    • This reply was modified 2 months, 2 weeks ago by tezalsec.
    • This reply was modified 2 months, 2 weeks ago by tezalsec.
    Thread Starter tezalsec

    (@tezalsec)

    Ok, borrowing some code form the other plugin and using it in yours worked, but I had to also lower the strictness to 0,4.

    In your contactformx_validate_recaptcha_v3 function I used this, and thus avoiding the file_get_contents function:

    
    // make a POST request to the Google reCAPTCHA Server	
    $url = 'https://www.google.com/recaptcha/api/siteverify?secret='. $private .'&response='. $data;
    $request = wp_remote_post($url);
    $request_body = wp_remote_retrieve_body($request);
    $recaptcha = json_decode( $request_body);
    
    Thread Starter tezalsec

    (@tezalsec)

    And now it works with 0.5 strictness as well 🙂

    My suggestion is to use the code in the above comment and avoid both file_get_contents and curl.

    Thanks, Jeff. 🙂

    Plugin Author Jeff Starr

    (@specialk)

    Thanks @tezalsec, will go thru all of this for the next plugin update. Will try to improve the plugin however possible. Much appreciated.

    Thread Starter tezalsec

    (@tezalsec)

    Great. To get back to the suggestion in the beginning, you could choose to allow the user of your plugin to disable your recaptcha solution if they also have another specialized one installed, that takes care of more/all form pages.

    The mentioned plugin ( https://wordpress.org/plugins/advanced-nocaptcha-recaptcha/ ) easily integrates with all forms, some automatically, some through a shortcode, and others, as a custom form option, through injecting two pieces of php code, inside validation and as a field just before submitting.

    You could choose to support this through filters in your code. The injections are described here:
    https://www.shamimsplugins.com/docs/advanced-nocaptcha-recaptcha/getting-started-advanced-nocaptcha-recaptcha/implement-in-custom-form/

    If you check out its settings page after installing it, you see they list many much-used forms, it would be nice for your plugin to get some traction if yours would be mentioned there as well 🙂

    Cheers.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.