Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS
https://forum.ivorde.com/google-recaptcha-not-showing-in-phpbb-3-after-moving-from-http-to-https-t19767.html
Page 1 of 1

Author:  mandrei99 [ Mon Feb 16, 2015 9:57 am ]
Post subject:  Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS

If you've recently moved phpbb from http to HTTPS and your recaptcha image is not shown on registration page, you might need some extra work.

PHPBB recaptcha module is checking if the protocol is HTTP or HTTPS in includes/captcha/plugins/phpbb_recaptcha_plugin.php:






Code:
class phpbb_recaptcha extends phpbb_default_captcha
{
   var $recaptcha_server = 'http://www.google.com/recaptcha/api';
   var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :(

   // We are opening a socket to port 80 of this host and send
   // the POST request asking for verification to the path specified here.
   var $recaptcha_verify_server = 'www.google.com';
   var $recaptcha_verify_path = '/recaptcha/api/verify';

   var $challenge;
   var $response;

   // PHP4 Constructor
   function phpbb_recaptcha()
   {
      $this->recaptcha_server = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? $this->recaptcha_server_secure : $this->recaptcha_server;
   }

   function init($type)


If the webserver is ngin, the fastcgi_params.txt file does not instruct nginx to send "HTTPS" variable set to "on" to php. Change it accordingly:
Code:
grep HTTPS /etc/nginx/conf.d/fastcgi_params.txt
                fastcgi_param  HTTPS                            on;


Without this, the recaptcha plugin will instruct the browser to load insecure content on a secure webpage (http://www.google.com/recaptcha/api/challenge?k=<recaptcha-key>) and browser will fail to load the recaptcha image.

Author:  mandrei99 [ Mon Feb 16, 2015 10:47 am ]
Post subject:  Re: Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS

Extra note: This needs to be added only for the virtual host serving phpbb under HTTPS. If the fastcgi_params.txt file is used for multiple virtual hosts both HTTP and HTTPS, it is best to modify your nginx server configuration only for the HTTPS vhost:
Code:
        location ~\.php($|/) {
...
                fastcgi_param  HTTPS on;
...

Author:  Unicorn988 [ Tue Feb 24, 2015 1:44 am ]
Post subject:  Re: Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS

the virtual host serving phpbb under HTTPS. If the fastcgi_params.txt file is used for multiple virtual hosts both HTTP and HTTPS, it is best to modify your nginx server configuration only for the HTTPS vhost...??

Author:  mandrei99 [ Tue Feb 24, 2015 4:29 am ]
Post subject:  Re: Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS

Unicorn988 wrote:
the virtual host serving phpbb under HTTPS. If the fastcgi_params.txt file is used for multiple virtual hosts both HTTP and HTTPS, it is best to modify your nginx server configuration only for the HTTPS vhost...??

Yes, if you don't know there will be no negative impact on the other virtual hosts.

Author:  Abraham12li [ Sat Feb 28, 2015 8:19 am ]
Post subject:  Re: Google reCaptcha not showing in phpbb 3 after moving from HTTP to HTTPS

this is a good post 8-)

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/