reCaptcha with Ajax from submission

[Ralph stokes]

Hi everyone,

I've created a web form which among many other things is submitted via
ajax so that the page is not refreshed. see here: http://www.blueleafstudio.net/?page_id=49

However i'm having some huge problems integrating recaptcha with what
i have. I have the following function in my Ajax file:

function validateCaptcha()
{
challengeField = $
("input#recaptcha_challenge_field").val();
responseField = $("input#recaptcha_response_field").val();
//alert(challengeField);
//alert(responseField);
//return false;
var html = $.ajax({
type: "POST",
url: "http://www.blueleafstudio.net/wp-content/themes/
blueleaf1/ajax.recaptcha.php",
data: "recaptcha_challenge_field=" + challengeField +
"&recaptcha_response_field=" + responseField,
async: false
}).responseText;

if (html.replace(/^\s+|\s+$/, '') == "success")
{
$("#captchaStatus").html("Your captch is correct!!");
// Uncomment the following line in your application
return true;
}
else
{
$("#captchaStatus").html("Your captcha is incorrect.
Please try again");
Recaptcha.reload();
return false;
}
}

then it should be validated by ajax.recaptcha.php (with the keys in!):

<?php
require_once('recaptchalib.php');
$publickey = "MY PUBLIC KEY"; // you got this from the signup page
$privatekey = "MY PRIVATE KEY";

$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);

if ($resp->is_valid) {
session_start();
echo 'success';
$_SESSION['captcha'] = 1;
}
else
{
die ("The reCAPTCHA wasn't entered correctly. Go back and try it
again." .
"(reCAPTCHA said: " . $resp->error . ")");
}
?>


However when i insert:

return validateCaptcha();

it always returns false?

Can any one help? i'm out of my depth with this!

[HarpuaFSB]

I'm having the same issue here:
http://groups.google.com/group/recaptcha/browse_thread/thread/0741061287462da6

I'm guessing that you can't authenticate the same challenge and
response field twice which is why after you authenticate it the first
time if you try to again it always returns false.

Doesn't help us though as we need to authenticate it twice.

Did you ever figure this out?

On Jun 14, 11:47 am, Ralph stokes <ralph...@googlemail.com> wrote:
> Hi everyone,
>

> I've created a web form which among many other things is submitted viaajaxso that the page is not refreshed. see here:http://www.blueleafstudio.net/?page_id=49

> then it should be validated byajax.recaptcha.php (with the keys in!):

[Adrian Godong]

You can't validate the same challenge twice. I don't see the reason to
validate it twice, if it's correct at the first request, why validate
it again?

> --
> You received this message because you are subscribed to the Google Groups "reCAPTCHA" group.
> To post to this group, send email to reca...@googlegroups.com.
> To unsubscribe from this group, send email to recaptcha+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/recaptcha?hl=en.
>
>

--
Adrian Godong
adrian...@gmail.com

[PJH]

On Wed, Aug 3, 2011 at 7:16 PM, HarpuaFSB <harp...@gmail.com> wrote:
> Doesn't help us though as we need to authenticate it twice.

Then you either need to change the workflow so you don't need to do it
twice, or use a captcha that doesn't try to protect against replay
attacks.

I suggest you do the former, though I suppose the latter would
probably be easier for you.

--
PJH

[HarpuaFSB]

Here's the reason I need to validate it twice.

I have a comments page on my site, I show the comment reply form in
two different areas of the comments section. A new comment has the
comment form at the top and the reply to comment form has the comment
form directly below the comment being replied to. I do some jQuery
animations for showing the reply form, it's all dynamic. So, if I
authenticate the reCAPTCHA via form submission and it's invalid, I
have no way of reloading the form and getting the user back to where
they were since it's all dynamic so I'm checking the reCAPTCHA through
AJAX.

Now, I've got that working just fine but the problem is if the check
is valid, I submit the form but I can't double-check the CAPTCHA
because you can't validate the same challenge twice. This makes my
commenting form very susceptible to bots.

Sounds like the only solution is to completely redo the behavior of my
commenting system, find a different CAPTCHA to use or somehow figure
out a way to make this all work.

You can see the commenting system in action here:

http://www.findyourgeek.com/reviews/detail/cowboys-and-aliens#comments

Any thoughts?

On Aug 3, 5:03 pm, PJH <pauljherr...@gmail.com> wrote:

[Dom Sekotill]

So why not submit the form with AJAX when you check the captcha? If it
validates, the form data is committed straight to the database and the
page is changed, if not the form page stays and the recaptcha is
reloaded.

[HarpuaFSB]

Dom,

I just came in here to post that a light bulb (and a rather obvious
one at that) just when off in my head and that's what I need to do.

Instead of just having the PHP called via AJAX check the CAPTCHA, if
it's valid go ahead and commit the values to the database, check the
response in JS and reload the page if necessary.

So simple, don't know why this eluded me.

Thanks so much
Tom

[Marcin Majchrzak]

maybe this help someone:

function recaptcha_validate($recaptcha_challenge_field, $recaptcha_response_field) {

session_start();

if (isset($_SESSION[$recaptcha_challenge_field])) return 0; #ok

require_once($this->config->item('recaptcha_path').'/recaptchalib.php');

$privatekey = $this->config->item('recaptcha_privatekey');

$resp = recaptcha_check_answer ($privatekey,

$_SERVER["REMOTE_ADDR"],

$recaptcha_challenge_field,

$recaptcha_response_field);

if (!$resp->is_valid) {

return 1; #error

} else {

$_SESSION[$recaptcha_challenge_field] = 1;

return 0; #ok

}

}