Invalid Captcha
- trlbldr
- OFFLINE
-
Premium Member
- Posts: 136
- Thanks: 9
- Karma: 1
1 month 3 weeks ago #337458
by trlbldr
Don White
Invalid Captcha was created by trlbldr
Verified, registered users of idahospiritualcompanions.org are unable to login to the website and their Profiles. When they enter their username, password, and click the Login button, they immediately receive the 'Invalid Captcha Code' error message.
What should occur is that the MFA verification form should appear, instead.
The Captcha tab of the CB AntiSpam plugin (5.0.1+build.2024.03.01.19.04.57.c7efbbab2) is configured to use 'Honeypot (Internal)' and the site Global Configuration is set to use CB AntiSpam as the designated Captcha source.
I appreciate any and all suggestions.
Thank you!
What should occur is that the MFA verification form should appear, instead.
The Captcha tab of the CB AntiSpam plugin (5.0.1+build.2024.03.01.19.04.57.c7efbbab2) is configured to use 'Honeypot (Internal)' and the site Global Configuration is set to use CB AntiSpam as the designated Captcha source.
I appreciate any and all suggestions.
Thank you!
Don White
Attachments:
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
1 month 3 weeks ago #337468
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Invalid Captcha
Honypot login captcha seams to work fine in my tests. Did you change the honeypot input name under Captcha > Modes > Internal > Honeypot? It's possible it's set to something getting filled in by browser auto complete. I don't typically recommend having captcha for login though, which can be turned off under Captcha > Legacy tab. Does this only happen to accounts that have MFA enabled?
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: trlbldr
Please Log in to join the conversation.
- trlbldr
- OFFLINE
-
Premium Member
- Posts: 136
- Thanks: 9
- Karma: 1
1 month 3 weeks ago #337473
by trlbldr
Don White
Replied by trlbldr on topic Invalid Captcha
Yes, it did happen with accounts for which MFA was active. However, I've disabled MFA now. CB Login seems to work (few users for this development website), but the auto-redirect to the user's Profile doesn't occur. However, the link for users to open their Profile (Members main menu | Your Profile) does open the person's Profile now. Before, clicking that link redirected to the Home page of the template.
Thanks again, Krileon.
Thanks again, Krileon.
Don White
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68528
- Thanks: 9093
- Karma: 1434
1 month 3 weeks ago #337474
by krileon
index.php?option=com_comprofiler&Itemid=PROFILE_MENU_ID_HERE
That should safely redirect to profile every time. This assumes you don't have some other redirect taking over. For example CB Auto Actions could potentially redirect away or a 3rd party Joomla plugin could.
Note the login module redirect will not override first login redirect URL configured in CB > Configuration > Registration. So if this is the first time the user is logging in you may want to be sure that parameter is empty or also configured properly to redirect to profile.
Ok, so it sounds like there's an issue with login captcha and MFA. The MFA is probably hijacking the login before the Captcha can properly verify and gets stuck in a redirect loop of some kind. Will have to look into this further, but am unsure if it'll even be fixable as we're limited on how we can interact with Joomla's MFA implementation.
forge.joomlapolis.com/issues/9382
Have added a bug ticket to investigate further, but I just don't recommend using login captcha regardless. It's a legacy implementation for CB AntiSpam and will probably be removed eventually.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Invalid Captcha
If you've multiple CB login modules be sure they're all configured properly. Login redirect should always be non-SEO beginning with index.php. Example as follows.but the auto-redirect to the user's Profile doesn't occur.
index.php?option=com_comprofiler&Itemid=PROFILE_MENU_ID_HERE
That should safely redirect to profile every time. This assumes you don't have some other redirect taking over. For example CB Auto Actions could potentially redirect away or a 3rd party Joomla plugin could.
Note the login module redirect will not override first login redirect URL configured in CB > Configuration > Registration. So if this is the first time the user is logging in you may want to be sure that parameter is empty or also configured properly to redirect to profile.
Ok, so it sounds like there's an issue with login captcha and MFA. The MFA is probably hijacking the login before the Captcha can properly verify and gets stuck in a redirect loop of some kind. Will have to look into this further, but am unsure if it'll even be fixable as we're limited on how we can interact with Joomla's MFA implementation.
forge.joomlapolis.com/issues/9382
Have added a bug ticket to investigate further, but I just don't recommend using login captcha regardless. It's a legacy implementation for CB AntiSpam and will probably be removed eventually.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: trlbldr
Please Log in to join the conversation.
- trlbldr
- OFFLINE
-
Premium Member
- Posts: 136
- Thanks: 9
- Karma: 1
1 month 3 weeks ago #337475
by trlbldr
Don White
Replied by trlbldr on topic Invalid Captcha
No.Did you change the honeypot input name under Captcha > Modes > Internal > Honeypot?
Login was - and remains - turned off under Captcha | Legacy.I don't typically recommend having captcha for login though, which can be turned off under Captcha > Legacy tab.
Don White
Please Log in to join the conversation.
- trlbldr
- OFFLINE
-
Premium Member
- Posts: 136
- Thanks: 9
- Karma: 1
1 month 3 weeks ago #337476
by trlbldr
Don White
Replied by trlbldr on topic Invalid Captcha
There were/are no additional login modules - just the CB Login module.
Result: Success!
Prior to this, I disabled MFA (all types). When changes to Gantry and/or CB are published to overcome this matter, I'll re-enable MFA (Verification Code via Email). Until then, we'll just admonish users to create a lengthy passphrase or password. (AdminTools is configured to check user passwords to prevent common and otherwise weak entries.)
I reconfigured the CB Login module to login as you suggest above (using the Login menu ID). I also removed the default login redirect URL to <blank> in CB Configuration.Login redirect should always be non-SEO beginning with index.php: index.php?option=com_comprofiler&Itemid=PROFILE_MENU_ID_HERE
Result: Success!
Prior to this, I disabled MFA (all types). When changes to Gantry and/or CB are published to overcome this matter, I'll re-enable MFA (Verification Code via Email). Until then, we'll just admonish users to create a lengthy passphrase or password. (AdminTools is configured to check user passwords to prevent common and otherwise weak entries.)
Don White
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.212 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Professional Members Support
- Invalid Captcha