Extension talk:ConfirmEdit

Jump to: navigation, search

About this board

Archives 

captcha appearing when resetting a password

1
2001:16B8:2ACF:5300:30C1:6B9:B271:8A82 (talkcontribs)

Is it possible to also have captcha appearing when you try to reset the password? Right now it is very easy to reset passwords even in order to reset passwords of other users (for whatever reason). So the question is if it is possible that when you are in Special:UserLogin and click on "forgot password" the captcha is appearing as well before the mail is sent.

Thanks and Kind regards

Reply to "captcha appearing when resetting a password"

upgrading to use the latest version of Google reCaptcha

1
Tansaku (talkcontribs)

ConfirmEdit has been working really well for us, but recently bots are making their way back in. I'm thinking that we need to upgrade to a more recent version of reCaptcha. Is there a standard pathway for achieving this?

Many thanks in advance

Reply to "upgrading to use the latest version of Google reCaptcha"
5.34.108.125 (talkcontribs)

An internal error occurred: 5663848F2B2A0.A0D1A16.720D6DEB

Please help. This error accure when trying to Signing up.

PrometheusAla (talkcontribs)

I've changed captcha type to RecaptchaNoCapture and double checked security keys from Google. There is no errors on page but captcha also not showing. What else should be updated in mediawiki (in LocalSettings), I've updated it from 1.28 to 1.30 manually? Please help.

68.134.241.211 (talkcontribs)

Any luck here? I'm running into the same issue.

Reply to "reCaptcha not working"

User/Site verify not working - failing Google requirements

1
2601:646:8481:8584:79CE:D7E2:5C3E:8F9C (talkcontribs)

Env: MW 1.30.0 w/ included ConfirmEdit on a public facing site.

Google reCAPTCHA Dashboard warning: We detected that your site is verifying reCAPTCHA passed solutions less than 50% of the time. This could indicate a problem with your integration with reCAPTCHA. Please see our developer site for more information. (https://developers.google.com/recaptcha/docs/verify#api-request)

Doing some testing on my site it looks as though the extension is not sending the required POST to https://www.google.com/recaptcha/api/siteverify with the required values: secret and response nor with the optional value: remoteip (which was enabled in my environment)

Reply to "User/Site verify not working - failing Google requirements"

Incorrect or missing CAPTCHA

3
Summary by MarkAHershberger

Have you registered your site with reCaptcha?

Zeteticl (talkcontribs)

reCaptcha mode is correct but it will show nothing in NoCaptch mode, (no i am not robot box or similar) when i press,just have incorrect or missing CAPTCHA.

MarkAHershberger (talkcontribs)

Do you see any errors in your javascript console? Have you registered your site with reCaptcha?

Zeteticl (talkcontribs)

thank you. its fine now

Cant get ConfirmEdit to load

5
Summary by Epastore

Make sure you're editing the right LocalSettings.php file. Heh.

Epastore (talkcontribs)

Hi. I have tried a few configurations, but ConfirmEdit doesn't seem to load, and Captchas aren't appearing on new account registration. Here is my version page.

ConfirmEdit does not appear; and QuestyCaptcha shows with no version information.

I have tried these different configurations in LocalSettings.php:

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/QuestyCaptcha' ]);

and

require_once "$IP/extensions/ConfirmEdit/ConfirmEdit.php";

require_once "$IP/extensions/ConfirmEdit/QuestyCaptcha.php";

and

wfLoadExtension([ 'ConfirmEdit' ]);

wfLoadExtension([ 'ConfirmEdit/QuestyCaptcha' ]);

On all three tries, my Version page looks the same. I also tried ConfirmEdit for MW 1.29 and 1.27. My MediaWiki version is 1.28.1.

Any ideas what I am missing?

Kghbln (talkcontribs)

The version for 1.28.1 should work with

wfLoadExtensions( [
        'ConfirmEdit',
        'ConfirmEdit/QuestyCaptcha'
        ]
);
$wgCaptchaClass = 'QuestyCaptcha';
...

QuestyCaptcha not showing a version is expected, ConfirmEdit not showing up at all is obviously not.

I assume that you downloaded the tarball for MW 1.28

Epastore (talkcontribs)

Thanks, Kghbin. I have now tried adding the wgCaptchaClass. I also tried a copy/paste of your syntax (with linebreaks) out of an abundance of caution. Still no change. I only see tarballs for 1.27 and 1.29 at Special:ExtensionDistributor/ConfirmEdit but I've tried both with the same result.

It seems really weird that my other extensions are appearing. And that Questy is showing but not ConfirmEdit. I keep looking over, well, everything; and can't see any problem in my config. (File permissions seem fine; no problem with capitalization; no missing files I can identify; etc.) Rrg. Any more ideas?

Kghbln (talkcontribs)

You can currently still download the version for MW 1.28 from GitHub. To tell you the truth: I have no further idea why it is not working for you. You recently changed the script path from "w" to "mw" however this should not really make a difference. You placed the stuff in /mw/extensions/ConfirmEdit, didn't you?

Epastore (talkcontribs)

Argh! I was just starting to figure that out; thank you. Another admin had done a major upgrade, and I did not realize he made a whole new install in a new directory. I was modifying the file in the w directory. Just was noticing that no changes to LocalSettings were working. D'oh!

Thank you for your help!

Ken Roy (talkcontribs)

I am in process of testing an upgrade to MW 1.27.3 with ConfirmEdit reCaptcha set to NoCaptch

Request Account screen shows following text

To help protect against automated account creation, please type the two words you see in the box below:

above the I am Not a Robot check box.

Above text appears to apply to reCaptcha v1. Where is it coming from? I cannot find it in the ConfirmAccount/i18n or in the ConfirmEdit/i18n en.json files

Ken Roy (talkcontribs)

OK, I found that message. It was a residual override to Special:AllMessages before the messages became json files. I have deleted it, but now the message displayed is the ConfirmEdit captcha-createaccount rather than the renocaptcha-createaccount

ConfirmEdit is loaded as follows

wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/ReCaptchaNoCaptcha' ]);

do I need to do anything else to get reCaptchNoCaptcha messages. The I am Not a Robot captcha is being displayed.

Reply to "Where is reCaptcha v2 text"
2003:6F:8B2A:CC00:C3F:355E:4C59:6938 (talkcontribs)

I embed images in $wgCaptchaQuestions, thus I need to configure them with HTML.

This worked in MW 1.25, but in broke in MW 1.27 (I see the plain HTML).

CyberXRef (talkcontribs)

We've just upgraded from 1.25 to 1.27 and ConfirmEdit/QuestyCaptcha is indeed broken. It no longer allows HTML in $wgCaptchaQuestions which is critical for proper operation for us.

Zoglun (talkcontribs)

Any update on using image with wgCaptchaQuestions? We use image questions, too. This error preventing us upgrade to MW1.27.

Hutchy68 (talkcontribs)
This worked in MW 1.25, but in broke in MW 1.27 (I see the plain HTML).

Yes, I see this too and it needs to be addressed. Do we need a tracker? I'll look now.

Added a bug report, task T169124

Reply to "Allow HTML in $wgCaptchaQuestions?"
2604:880:64:2B3:8000:0:0:1000 (talkcontribs)

Does nocaptcha still work with confirmedit for stopping spam? It shows up and works when I test it but, I am getting a huge influx of spam with it on? I am running 1.28.2 with ConfirmEdit 1.4.0 but just getting smashed by account creations and spam.

75.97.150.191 (talkcontribs)

Same problem. Massive influx of new accounts and spam since the end of April. Was using noCAPTCHA for account creation only, then enabled it for every edit and page creation, but it continues. My only recourse has been to disable account creation and remove edit/create permissions for every group and create a new group to add known real people to.

2604:880:64:2B3:0:0:0:2 (talkcontribs)

Same issue, I turned off nocaptcha and switched to some new custom questy captcha and still getting a huge influx of account creation through. It must be some issue with mediawiki/confirmedit that they can bypass everything

MarkAHershberger (talkcontribs)

I'm using it with MW 1.27.

76.190.170.156 (talkcontribs)

and it is working? or it isnt?

MarkAHershberger (talkcontribs)

Sorry. I should have said it is working.

MarkAHershberger (talkcontribs)
MarkAHershberger (talkcontribs)

Just re-verified that it is working to stop logins. It shows up for ConfirmAccount, but the result is ignored.

2605:A000:1207:608C:DC2D:434F:7CCA:6C68 (talkcontribs)

I am forcing HTTPS, http is redirected

Reply to "recaptcha nocaptcha being bypassed?"
200.124.206.29 (talkcontribs)

The captcha loads and works fine until you click Login.

When clicking Login I receive: CAPTCHA verification failed due to internal error: http

And nothing else. As it's not descriptive I'm at a loss on what to try.

Has anyone seens this happen before?

Florianschmidtwelzow (talkcontribs)

Probably you can't establish http connection to the outside world from your server. Do you use a hosting provider (webspace, e.g.) or do you have ssh access to your server?

79.211.153.1 (talkcontribs)

Yup get the same error, after upgrading to 2.28 from my old 2.22 instance. Firewall is blocking nothing

L Andy (talkcontribs)

I'm getting the same error: "CAPTCHA verification failed due to internal error: http"

This is on MediaWiki 1.27. As with the poster above, the server can make outbound connections on HTTP and HTTPS. Anyone have any ideas?

L Andy (talkcontribs)

This was my resolution to the issue.

The "internal error: http" message means simply that ConfirmEdit failed to execute an http request against the Google servers, which could happen for a number of reasons. The MW and PHP logs don't seem to be helpful in determining why. If you save the following as a PHP script on your web site and browse to it, it will execute an http request, similar to how ConfirmEdit tries to do, and return the result of curl_error() which should give more detailed error information:

<html>
<head>
<title> cURL Test Script </title>
</head>
<body>
<?php
    $Url='https://wtfismyip.com/text';

    if (!function_exists('curl_init'))
    {
        print 'cURL not installed';
    }
    else
    {
        $ch = curl_init($Url);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);

        if(curl_exec($ch)) { print 'OK';}
        else { print curl_error($ch);}
        
        curl_close($ch);
    }
?>
</body>
</html>

In my case, the error was "SSL certificate problem: unable to get local issuer certificate". It turns out this is because a default PHP install (at least on Windows) doesn't have access to any trusted root certificates, so can't validate SSL connections. The fix was to download a set of root certificates provided by the cURL project at https://curl.haxx.se/docs/caextract.html, and add the following to php.ini:

[curl]
curl.cainfo = C:\SomeFolder\cacert.pem
Reply to "reCAPTCHA noCAPTCHA failing"