• [deleted]

  • Post #38

Romellie Why does it need to be in Login Modal ? If the account isn't valid, it can't be used anyway ?

      I believe the captcha is only active on the sign up form.

      It's not written (we could state it clearly in the README though) but the screenshots only show the Sign Up form so I guess this is the expected behavior.

      5 days later

      [deleted] week ago i have an heavy ddos attack on my forum. During 3 days hackers iterated picked up more then 20k account's. Right now i add rules to cloudflare, but it's not enough, i think

          Romellie Picked up as in logged in as or as in created accounts? Or do you just mean that they scanned through and located the URLS to 20K accounts?

            3 months later

            It seems that something went wrong, my secret key was filled in correctly, and Google ’s human-machine verification passed, but after clicking the registration, wait for loading, and then it will prompt “Oops! Something went wrong. Please reload the page and try again.”

              17 days later

              clarkwinkelmann
              POST http://lzc.easy.echosite.cn/register

              Flarum\Http\Exception\TokenMismatchException: CSRF token did not match in file D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\CheckCsrfToken.php on line 34
              Stack trace:

              1. Flarum\Http\Exception\TokenMismatchException->() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\CheckCsrfToken.php:34
              2. Flarum\Http\Middleware\CheckCsrfToken->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              3. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\AuthenticateWithSession.php:32
              4. Flarum\Http\Middleware\AuthenticateWithSession->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              5. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\RememberFromCookie.php:51
              6. Flarum\Http\Middleware\RememberFromCookie->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              7. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\StartSession.php:61
              8. Flarum\Http\Middleware\StartSession->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              9. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\CollectGarbage.php:46
              10. Flarum\Http\Middleware\CollectGarbage->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              11. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\ParseJsonBody.php:28
              12. Flarum\Http\Middleware\ParseJsonBody->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              13. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Middleware\HandleErrors.php:57
              14. Flarum\Http\Middleware\HandleErrors->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              15. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\MiddlewarePipe.php:83
              16. Zend\Stratigility\MiddlewarePipe->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\middlewares\request-handler\src\RequestHandler.php:84
              17. Middlewares\RequestHandler->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              18. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\middlewares\base-path-router\src\BasePathRouter.php:97
              19. Middlewares\BasePathRouter->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              20. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Middleware\OriginalMessages.php:41
              21. Zend\Stratigility\Middleware\OriginalMessages->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              22. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\middlewares\base-path\src\BasePath.php:53
              23. Middlewares\BasePath->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\Next.php:60
              24. Zend\Stratigility\Next->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\MiddlewarePipe.php:83
              25. Zend\Stratigility\MiddlewarePipe->process() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-stratigility\src\MiddlewarePipe.php:72
              26. Zend\Stratigility\MiddlewarePipe->handle() D:\rj\phpstudy_pro\WWW\flarum\vendor\zendframework\zend-httphandlerrunner\src\RequestHandlerRunner.php:95
              27. Zend\HttpHandlerRunner\RequestHandlerRunner->run() D:\rj\phpstudy_pro\WWW\flarum\vendor\flarum\core\src\Http\Server.php:44
              28. Flarum\Http\Server->listen() D:\rj\phpstudy_pro\WWW\flarum\public\index.php:22

              @datitisev I need your help

                  Geraldlzc This is a normal error that occurs when the session has expired. It's not caused by this extension, and the fix is simply to refresh the page and try again.

                    Hey there - great stuff with the plugin - just installed using composer and got warnings about "abandoned packages" ? should i be concerned?

                    `Using version 0.1.1 for fof/recaptcha
                    ./composer.json has been updated
                    Loading composer repositories with package information
                    Updating dependencies (including require-dev)
                    Package operations: 2 installs, 0 updates, 0 removals
                    As there is no 'unzip' command installed zip files are being unpacked using the PHP zip extension.
                    This may cause invalid reports of corrupted archives. Besides, any UNIX permissions (e.g. executable) defined in the archives will be lost.
                    Installing 'unzip' may remediate them.

                    • Installing google/recaptcha (1.2.3): Downloading (100%)
                    • Installing fof/recaptcha (0.1.1): Downloading (100%)

                      Package s9e/flarum-ext-mediaembed is abandoned, you should avoid using it. Use fof/formatting instead.
                      Package zendframework/zend-diactoros is abandoned, you should avoid using it. Use laminas/laminas-diactoros instead.
                      Package zendframework/zend-escaper is abandoned, you should avoid using it. Use laminas/laminas-escaper instead.
                      Package zendframework/zend-httphandlerrunner is abandoned, you should avoid using it. Use laminas/laminas-httphandlerrunner instead.
                      Package zendframework/zend-stratigility is abandoned, you should avoid using it. Use laminas/laminas-stratigility instead.``

                      datitisev thanks datitisev - so the packages arn't dependancies of your package then? is that just composer alerting me to other out of date packages?

                          MartinJD that's correct. Composer warnings are usually based on everything you have currently installed, not only the extension you are currently adding or updating.

                          In this case the zendframeworks warnings come from Flarum core itself. We will update them in the next version.

                          If you see an extension name being reported as abandoned however, you might want to take action as this one was probably manually installed by yourself 😉 There's rarely a security risk, but if it's abandoned it usually means it no longer works with the latest Flarum version and could break things if enabled.

                              a month later

                              • [deleted]

                              • Post #54

                              ValiantShishu The issue here is that ReCAPTCHA requires loading external libraries, and isn't exactly privacy orientated by default. I think a hidden input or checkbox on a form with validation - for example, if it's been filled in by a BOT, we discard the request - is a much better way to go, and it is also native in the sense that we leverage the existing libraries rather than include even more.