Difference between revisions of "Google reCAPTCHA"

From WHMCS Documentation

m (Captcha Locations)
 
(23 intermediate revisions by 10 users not shown)
Line 1: Line 1:
<div class="docs-alert-danger">
+
Differentiating between humans and bots (computers) is an ever-changing and more challenging task. A number of solutions have been implemented, typically involving increasing obscured text and numbers or images, such as the default 5 character verification of WHMCS.
Google reCAPTCHA version 1 has been discontinued. Please refer to the [[Google_reCAPTCHA#Migrating_to_Google_reCAPTCHA_v2|following section]] of this page for more information on migrating to reCAPTCHA v2.
 
</div>
 
  
The following information is taken in part from [https://developers.google.com/recaptcha/old/docs/customization here]
+
As bots and software have become more sophisticated, a common solution was to make the text more difficult to read, which can result in frustrated and lost potential clients.  Google's reCAPTCHA set's out to change that.  They have created a system that is easy for people, but hard for bots. By using an advanced and more secure risk analysis engine, humans and bots are more effectively differentiated.
  
===Customizing the Look and Feel of reCAPTCHA===
+
The first step in authentication is to ask the user to confirm that they are not a robot by checking a checkbox.  Google's risk analysis engine analyzes how the user checked the checkbox, including how the user responds before, during, and after the action.  In cases where the engine cannot confidently differentiate between them, a mobile-friendly verification tool like a CAPTCHA or image selection from a list may appear.
  
====Theme====
+
* Google reCAPTCHA V2 is available in WHMCS 7.0 and later.
 +
* Google Invisible reCAPTCHA is available in WHMCS 7.7 and later.
  
To make the reCAPTCHA widget display a different theme, you first need to add the following code in your main HTML page anywhere before the <form> element where reCAPTCHA appears. WHMCS would recommend placing this in the header.tpl file of your template just before the </head> tag.
+
==Enabling Google reCAPTCHA==
 +
 +
Google's reCAPTCHA may be enabled by following these steps:
 +
 +
# Go to the '''[[Security_Tab|Security]]''' tab at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings''' or, prior to WHMCS 8.0, '''Setup > General Settings'''.
 +
# For '''Captcha Type''', select '''reCAPTCHA v2'''.
 +
# [https://www.google.com/recaptcha/admin Log in to your Google account .]
 +
# Select '''"I’m not a robot" Checkbox'''.
 +
# Enter your domain under the '''domains''' section.
 +
# Accept the Google terms of service.
 +
# Click '''Register''' to finish registering your site and generating your keys.
 +
# Copy the '''Site Key''' and '''Secret Key''' issued by Google and enter them in the fields provided in WHMCS.
 +
# Click '''Save Changes'''.
 +
 +
[[File:captcha_config.png|500px]]
 +
 +
==Enabling Invisible reCAPTCHA==
 +
To enable the Invisible reCAPTCHA feature for the shopping cart, follow these steps:
 +
[[File:Recaptcha-configuration.png|thumb|reCAPTCHA Key Generation]]
 +
 +
# Go to the '''[[Security Tab|Security]]''' tab at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > General Settings''' or, prior to WHMCS 8.0, '''Setup > General Settings'''.
 +
# For '''Captcha Type''', select '''Invisible reCAPTCHA'''.
 +
# [https://www.google.com/recaptcha/admin Log in to your Google account .]
 +
# Enter a label for your key.
 +
# Select '''reCAPTCHA v2'''.
 +
# Select '''Invisible reCAPTCHA badge'''.
 +
# Enter your domain under the '''domains''' section.
 +
# Accept the Google terms of service.
 +
# Click '''Register''' to finish registering your site and generating your keys.
 +
# Copy the '''Site Key''' and '''Secret Key''' issued by Google and enter them in the fields provided in WHMCS.
 +
# Click '''Save Changes'''.
  
<source lang="php">
+
==Captcha Locations==
{if $capatacha && $capatacha eq "recaptcha"}{literal}<script type="text/javascript">
+
<div class="docs-alert-info"><i class="fa fa-question-circle"></i> This page describes a feature available in version 7.7 and above</div>
var RecaptchaOptions = {
 
    theme : 'theme_name'
 
};
 
</script>{/literal}{/if}
 
</source>
 
 
 
The 'theme_name' can be one of four pre-defined options
 
 
 
<gallery widths=300px perrow=2>
 
File:red.jpg|'red' reCAPTCHA
 
File:white.jpg|'white' reCAPTCHA
 
File:blackglass.jpg|'blackglass' reCAPTCHA
 
File:clean.jpg|'clean' reCAPTCHA
 
</gallery>
 
  
If you do not wish to use any of the default themes, you can create your own to match your site design. You can see how to do this @ [http://code.google.com/apis/recaptcha/docs/customization.html#Custom_Theming Custom Theme]. To use a custom theme, the theme variable must be set to 'custom'.
+
You can choose which forms have a captcha enabled on them by checking the appropriate boxes in "Captcha for Select Forms". The following options are available:
  
====Language====
+
* Shopping Cart Checkout - On checkout in the Client Area
 +
* Domain Checker - The homepage domain checker, and on the Register or Transfer domain pages in the cart
 +
* Client Registration - register.php
 +
* Contact Form - contact.php
 +
* Ticket Submission - When submitting a ticket
 +
* Login Forms - Admin and Client login forms
  
By default, the language of the reCAPTCHA is English, however this can be customised to English (en), Dutch (nl), French (fr), German (de), Portuguese (pt), Russian (ru), Spanish (es) or Turkish (tr).  To change the language, you need to add some javascript to define the language to your templates.  This should be added to the pages you are using with captcha verification. To allow for multi-language environments, a language file variable is used to define the language:
+
==Troubleshooting==
 +
===Invalid Site Key/I can't login===
 +
If the site key specified under General Settings isn't valid for some reason and is preventing logins to the admin area to correct it, it will be necessary to disable reCAPTCHA manually via the database (setting "Captcha Form Protection " to "Always Off" temporarily to resolve this. Please take a backup of the database and then run the following SQL query using a tool like phpMyAdmin to do so:
  
<source lang="php">
+
<source lang="sql">
{if $capatacha && $capatacha eq "recaptcha"}{literal}<script type="text/javascript">
+
UPDATE tblconfiguration SET value = '' WHERE setting = 'CaptchaSetting';
var RecaptchaOptions = {
 
    theme : 'theme_name',
 
    lang: '{/literal}{$LANG.isocode}{literal}'
 
};
 
</script>{/literal}{/if}
 
 
</source>
 
</source>
 
If your language is not one supported by Google, you are able to create your own translations. More information on this at https://developers.google.com/recaptcha/old/docs/customization#custom-translations
 
 
===Migrating to Google reCAPTCHA v2===
 
In WHMCS version 7.0 and above, we migrated to Google reCAPTCHA version 2, as version 1 was discontinued and no longer available. If a reCAPTCHA v1 is being displayed (now with a discontinued message), you should update your WHMCS installation and templates. You will also need to visit the Google reCaptcha site and generate new keys. To do that, follow these simple steps:
 
 
1. Visit https://www.google.com/recaptcha/admin and log into your Google account if you're not already logged in with an active session.
 
 
2. Under the section "Register a new site", enter in a label for your key and then select either the "reCAPTCHA v2" option, or for best forward compatibility select the "Invisible reCAPTCHA" option.
 
 
[[File:Captcha_type.png]]
 
 
3. Be sure to enter in your domain under the "domains" section and then accept the Google terms of service and click the Register button to finish registering your site and generating your keys.
 
 
4. You should now be provided with a Site Key and a Secret Key to use with your WHMCS installation.
 
 
[[File:Recaptcha_config.png]]
 
 
More information regarding reCAPTCHA v2 can be found [[Google_No_CAPTCHA_reCAPTCHA|here]].
 

Latest revision as of 20:11, 31 October 2023

Differentiating between humans and bots (computers) is an ever-changing and more challenging task. A number of solutions have been implemented, typically involving increasing obscured text and numbers or images, such as the default 5 character verification of WHMCS.

As bots and software have become more sophisticated, a common solution was to make the text more difficult to read, which can result in frustrated and lost potential clients. Google's reCAPTCHA set's out to change that. They have created a system that is easy for people, but hard for bots. By using an advanced and more secure risk analysis engine, humans and bots are more effectively differentiated.

The first step in authentication is to ask the user to confirm that they are not a robot by checking a checkbox. Google's risk analysis engine analyzes how the user checked the checkbox, including how the user responds before, during, and after the action. In cases where the engine cannot confidently differentiate between them, a mobile-friendly verification tool like a CAPTCHA or image selection from a list may appear.

  • Google reCAPTCHA V2 is available in WHMCS 7.0 and later.
  • Google Invisible reCAPTCHA is available in WHMCS 7.7 and later.

Enabling Google reCAPTCHA

Google's reCAPTCHA may be enabled by following these steps:

  1. Go to the Security tab at Configuration () > System Settings > General Settings or, prior to WHMCS 8.0, Setup > General Settings.
  2. For Captcha Type, select reCAPTCHA v2.
  3. Log in to your Google account .
  4. Select "I’m not a robot" Checkbox.
  5. Enter your domain under the domains section.
  6. Accept the Google terms of service.
  7. Click Register to finish registering your site and generating your keys.
  8. Copy the Site Key and Secret Key issued by Google and enter them in the fields provided in WHMCS.
  9. Click Save Changes.

Captcha config.png

Enabling Invisible reCAPTCHA

To enable the Invisible reCAPTCHA feature for the shopping cart, follow these steps:

reCAPTCHA Key Generation
  1. Go to the Security tab at Configuration () > System Settings > General Settings or, prior to WHMCS 8.0, Setup > General Settings.
  2. For Captcha Type, select Invisible reCAPTCHA.
  3. Log in to your Google account .
  4. Enter a label for your key.
  5. Select reCAPTCHA v2.
  6. Select Invisible reCAPTCHA badge.
  7. Enter your domain under the domains section.
  8. Accept the Google terms of service.
  9. Click Register to finish registering your site and generating your keys.
  10. Copy the Site Key and Secret Key issued by Google and enter them in the fields provided in WHMCS.
  11. Click Save Changes.

Captcha Locations

This page describes a feature available in version 7.7 and above

You can choose which forms have a captcha enabled on them by checking the appropriate boxes in "Captcha for Select Forms". The following options are available:

  • Shopping Cart Checkout - On checkout in the Client Area
  • Domain Checker - The homepage domain checker, and on the Register or Transfer domain pages in the cart
  • Client Registration - register.php
  • Contact Form - contact.php
  • Ticket Submission - When submitting a ticket
  • Login Forms - Admin and Client login forms

Troubleshooting

Invalid Site Key/I can't login

If the site key specified under General Settings isn't valid for some reason and is preventing logins to the admin area to correct it, it will be necessary to disable reCAPTCHA manually via the database (setting "Captcha Form Protection " to "Always Off" temporarily to resolve this. Please take a backup of the database and then run the following SQL query using a tool like phpMyAdmin to do so:

UPDATE tblconfiguration SET value = '' WHERE setting = 'CaptchaSetting';