1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Support for Google Invisible Captcha

Discussion in 'XenForo Suggestions' started by Jake B., Aug 29, 2016.

  1. Jake B.

    Jake B. Well-Known Member

    JustinHawk, Brent W, Alien and 23 others like this.
  2. suineg

    suineg Member

    Ooh I want this!
    dondomainer likes this.
  3. suineg

    suineg Member

    I was added also @Jake B. and will be trying to see if I can hack it into there tomorrow.

    Have you tried at all?
  4. Jake B.

    Jake B. Well-Known Member

    Not yet I haven't, shouldn't be hard to integrate
  5. ŽivaAkcija

    ŽivaAkcija Well-Known Member

    its release or what, how to use it on xenforo*?
  6. Chris D

    Chris D XenForo Developer Staff Member

    Actually, it is somewhat difficult to integrate.

    The big difference here is that the CAPTCHA stuff itself needs to be instantiated on the Submit button. This doesn't make it impossible, but it represents a big challenge that I don't think is workable.

    For example, we can add template modifications and various customisations to the register_form template to make it work, but then you'd have to make similar customisations for the contact us form, or for guest posting, or for incorrect password attempts captcha or for random usage in random add-on XYZ (etc. etc.).

    It's possible there might be a JS approach that can be taken, but I couldn't find an ideal way of doing this, again. Though I only had a cursory check on my own site.

    Oh, and it doesn't work for <input type="submit"> buttons - it will only work with <button> elements -- reason being, is the HTML for the CAPTCHA itself is rendered inside the <button> element and that HTML isn't valid for input elements.

    I'm going to feedback my findings and make some suggestions to the reCAPTCHA team. If they were able to allow the CAPTCHA to be set up on any HTML element inside the form where the submit button is, and do a bit of magic there (and even support <input> elements, such as inserting after the input, rather than inside it) then it could be viable, until then it will be very hacky at best.
  7. suineg

    suineg Member

    Good information, I understand a lot of the words you used but this one might be outside the realm of hacky that I can do.

    I figured it was just going to be a matter of changing the one .php and that would propagate throughout the system.
  8. Chris D

    Chris D XenForo Developer Staff Member

    Ironically, the PHP code itself doesn't need to change because the server side verification is the same.

    But the way it needs to be attached to the submit button just isn't practical. Hopefully it's early enough in the process that it's something they can accommodate to make it easier to implement in our environment.
  9. Jake B.

    Jake B. Well-Known Member

    Didn't have this thread watched for some reason so I didn't get an alert for your post, where is this documented? I haven't been able to find any documentation for it. Surely there has to be a way to programmatically instantiate it and have it work without using <button>, if not that's a fairly substantial flaw on their end IMO
  10. Chris D

    Chris D XenForo Developer Staff Member

    It appears to be undocumented.

    I haven't had a chance to test it yet.
    semprot likes this.
  11. Michael Ho

    Michael Ho Member

    Thank you. I find this helpful
  12. ŽivaAkcija

    ŽivaAkcija Well-Known Member

    any news how to work on Xenforo?
  13. dehness

    dehness Active Member

    Any chance this will make it into XF 2.0?
  14. Mouth

    Mouth Well-Known Member

    Amin Sabet, DroidOne, dehness and 3 others like this.
  15. DroidOne

    DroidOne Well-Known Member

    We need this in the next XF update, would be excellent :) They did update it quickly last time Google released a new captcha.
    Mouth likes this.
  16. Brent W

    Brent W Well-Known Member

    I hope this makes it into the 1.5.x release and not just 2.0.
    Alfa1 and CarpCharacin like this.
  17. Alfa1

    Alfa1 Well-Known Member

    All the captchas in XenForo have been broken.

    Hopefully @tenants will add it to his antispam addon.
  18. Jake B.

    Jake B. Well-Known Member

    It hasn't even made it into XF2 (yet, at least).
  19. Jake B.

    Jake B. Well-Known Member

    I suspect this is going to be little improvement over the current ReCaptcha other than not having to tick the "I'm not a robot" box, pretty sure it's using the same APIs otherwise, so anybody that gets consistently flagged by that one, or anything that gets through that one will probably have the same issues on this one. Maybe not though, not sure what is going on behind the scenes
    SneakyDave and tenants like this.
  20. tenants

    tenants Well-Known Member

    Yep exactly, just a re-brand that some bots already get round

    and some prevalent bots are targeting


    same old story, new name

    fix, break, fix, break, fix, break, break, break
    winner : AI every time

    Globally based captcha: always pointless (I'm tired of saying this, there is only so many times I will talk to the deaf before I give up).... easy target due to data sets, perfect for training ANNs, high reward (millions of sites), low cost

    Custom Image Based Catpcha:
    little/no training sets, low rewards (one frigging site!), high cost

    Wow if I was to design a bot, I wounder which system I would target

    Some captcha that will out live recaptha (of any flavour):
    Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
    XF QapTcha (very human friendly, and uncommon)
    Funny Img Catpcha (uses CustomImgCaptcha)
    WE FIGHT SPAM (can use CustomImgCaptcha)

    My views haven't changed since I posted this since I posted this Nov 28, 2012
    Googles captcha (all flavours) have been broken many many MANY times since then -- use uncommon customisable mechanisms

    For goodness sake customise, you don't have to use my plugins, use other plugins to customise, talk to a dev, or customise yourself

    For all those that want to use recaptcha or any global based captcha... just email xrumer / or go to a black hat site and tell them your admin password... it's a quicker and more admiral death, slow death is painful to watch and the screams are so agonisingly annoying (especially for me). I'm pretty sure that makes my stance clear on globally based captcha (all be it a little right wing)

    You can not beat AI with AI, detection eventually levels off and becomes pointless, here in lies one of (many) googles biggest design issue.

    It's like using a bot to judge the imitation game and another billion bots to play it, eventually the ai judge is uncertain and the system collapses. I don't care how many times you have to updated it (which is a bit like the deep blue cheat, but fine) it breaks breaks breaks and then dies off.

    Solution: The core should not bother adopting these 3rd party global solutions, they have been shown to eventualy fail every time. Instead create a customisable version similar to customImgCaptcha with everything that I have incoperated, in addtion other customisable layers and also extend this to videos. This will latest longer, but still will not last forever
    Last edited: Mar 16, 2017
    SneakyDave and dbembibre like this.

Share This Page