• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Support for Google Invisible Captcha

Chris D

XenForo developer
Staff member
#6
Not yet I haven't, shouldn't be hard to integrate
Actually, it is somewhat difficult to integrate.

The big difference here is that the CAPTCHA stuff itself needs to be instantiated on the Submit button. This doesn't make it impossible, but it represents a big challenge that I don't think is workable.

For example, we can add template modifications and various customisations to the register_form template to make it work, but then you'd have to make similar customisations for the contact us form, or for guest posting, or for incorrect password attempts captcha or for random usage in random add-on XYZ (etc. etc.).

It's possible there might be a JS approach that can be taken, but I couldn't find an ideal way of doing this, again. Though I only had a cursory check on my own site.

Oh, and it doesn't work for <input type="submit"> buttons - it will only work with <button> elements -- reason being, is the HTML for the CAPTCHA itself is rendered inside the <button> element and that HTML isn't valid for input elements.

I'm going to feedback my findings and make some suggestions to the reCAPTCHA team. If they were able to allow the CAPTCHA to be set up on any HTML element inside the form where the submit button is, and do a bit of magic there (and even support <input> elements, such as inserting after the input, rather than inside it) then it could be viable, until then it will be very hacky at best.
 
#7
Actually, it is somewhat difficult to integrate.

The big difference here is that the CAPTCHA stuff itself needs to be instantiated on the Submit button. This doesn't make it impossible, but it represents a big challenge that I don't think is workable.

For example, we can add template modifications and various customisations to the register_form template to make it work, but then you'd have to make similar customisations for the contact us form, or for guest posting, or for incorrect password attempts captcha or for random usage in random add-on XYZ (etc. etc.).

It's possible there might be a JS approach that can be taken, but I couldn't find an ideal way of doing this, again. Though I only had a cursory check on my own site.

Oh, and it doesn't work for <input type="submit"> buttons - it will only work with <button> elements -- reason being, is the HTML for the CAPTCHA itself is rendered inside the <button> element and that HTML isn't valid for input elements.

I'm going to feedback my findings and make some suggestions to the reCAPTCHA team. If they were able to allow the CAPTCHA to be set up on any HTML element inside the form where the submit button is, and do a bit of magic there (and even support <input> elements, such as inserting after the input, rather than inside it) then it could be viable, until then it will be very hacky at best.
Good information, I understand a lot of the words you used but this one might be outside the realm of hacky that I can do.

I figured it was just going to be a matter of changing the one .php and that would propagate throughout the system.
 

Chris D

XenForo developer
Staff member
#8
Ironically, the PHP code itself doesn't need to change because the server side verification is the same.

But the way it needs to be attached to the submit button just isn't practical. Hopefully it's early enough in the process that it's something they can accommodate to make it easier to implement in our environment.
 

Jake B.

Well-known member
#9
Oh, and it doesn't work for <input type="submit"> buttons - it will only work with <button> elements -- reason being, is the HTML for the CAPTCHA itself is rendered inside the <button> element and that HTML isn't valid for input elements.
Didn't have this thread watched for some reason so I didn't get an alert for your post, where is this documented? I haven't been able to find any documentation for it. Surely there has to be a way to programmatically instantiate it and have it work without using <button>, if not that's a fairly substantial flaw on their end IMO
 

Chris D

XenForo developer
Staff member
#10
It appears to be undocumented.

Currently if you wish to use reCAPTCHA with a input type='submit' you can create a div within your page and reference the submit button id.

For example the following code will work today:
Code:
<div id='recaptcha-test'
     class="g-recaptcha"
     data-sitekey="YOURKEY"
     data-bind="recaptcha-submit"
     data-callback="onSubmit"></div>
<input type='submit' id='recaptcha-submit' />
I haven't had a chance to test it yet.
 

Jake B.

Well-known member
#19
All the captchas in XenForo have been broken.

Hopefully @tenants will add it to his antispam addon.
I suspect this is going to be little improvement over the current ReCaptcha other than not having to tick the "I'm not a robot" box, pretty sure it's using the same APIs otherwise, so anybody that gets consistently flagged by that one, or anything that gets through that one will probably have the same issues on this one. Maybe not though, not sure what is going on behind the scenes
 

tenants

Well-known member
#20
I suspect this is going to be little improvement over the current ReCaptcha other than not having to tick the "I'm not a robot" box, pretty sure it's using the same APIs otherwise
Yep exactly, just a re-brand that some bots already get round

and some prevalent bots are targeting

http://www.botmasterlabs.net/event/2016-08-10/1/



same old story, new name

fix, break, fix, break, fix, break, break, break
winner : AI every time


Globally based captcha: always pointless (I'm tired of saying this, there is only so many times I will talk to the deaf before I give up).... easy target due to data sets, perfect for training ANNs, high reward (millions of sites), low cost

Custom Image Based Catpcha:
little/no training sets, low rewards (one frigging site!), high cost

Wow if I was to design a bot, I wounder which system I would target


Some captcha that will out live recaptha (of any flavour):
https://xenforo.com/community/resources/slider-captcha.3756/
https://xenforo.com/community/resources/slider-captcha-deutsche-Übersetzung.4790/
Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
XF QapTcha (very human friendly, and uncommon)
Funny Img Catpcha (uses CustomImgCaptcha)
WE FIGHT SPAM (can use CustomImgCaptcha)


My views haven't changed since I posted this since I posted this Nov 28, 2012
https://xenforo.com/community/threads/xrumer-discussion.41538/page-2#post-447928
Googles captcha (all flavours) have been broken many many MANY times since then -- use uncommon customisable mechanisms

For goodness sake customise, you don't have to use my plugins, use other plugins to customise, talk to a dev, or customise yourself

For all those that want to use recaptcha or any global based captcha... just email xrumer / or go to a black hat site and tell them your admin password... it's a quicker and more admiral death, slow death is painful to watch and the screams are so agonisingly annoying (especially for me). I'm pretty sure that makes my stance clear on globally based captcha (all be it a little right wing)

You can not beat AI with AI, detection eventually levels off and becomes pointless, here in lies one of (many) googles biggest design issue.

It's like using a bot to judge the imitation game and another billion bots to play it, eventually the ai judge is uncertain and the system collapses. I don't care how many times you have to updated it (which is a bit like the deep blue cheat, but fine) it breaks breaks breaks and then dies off.

Solution: The core should not bother adopting these 3rd party global solutions, they have been shown to eventualy fail every time. Instead create a customisable version similar to customImgCaptcha with everything that I have incoperated, in addtion other customisable layers and also extend this to videos. This will latest longer, but still will not last forever
 
Last edited: