Google recaptcha error on checkout

[slim]

Since updating I have had several reports of customers getting a Google recaptcha error on checkout. I use the latest invisible google recaptcha in WHMCS, but it seems the checkout is somtimes wanting customers to do a recaptcha - and they cant because nothing is displayed.

The Browser of the latest user to complain was FireFox.

Has anyone else had similar complaints?

[WHMCS ChrisD]

What error are you finding they are getting in these instances @slim?  I haven't seen any reports but it would be good to have more information so we can look into this further.

[slim]

The customer is asked for the captcha letters/characters - But there are none visibe on the page.

 

Note: The email I recieved as a notification of your reply generates links to staging.whmcs.community!

[WHMCS John]

Hi @slim,

With invisible recaptcha, the image challenge will pop-up near the order submission button (click images containing bikes, lampposts, boats, cars etc.)

Does the problem occur on the stock "Six" template?

 

If yes, I'd suggest checking your browser's developer tools console for any errors. As it could be a javascirpt or css conflict in a custom theme causing the challenge not to be displayed.

[slim]

I use 100% stock template.

The captcha does not display.

[Evolve Web Hosting]

We have an issue with invisible reCaptcha too and it happens with the SIX theme and custom theme. It is breaking the domain checker on our site and as soon as I turn it off, everything works properly.

Edited April 26, 2020 by EvolveWebHosting

[slim]

I’m using the invisible recaptca btw.

[Evolve Web Hosting]

2 minutes ago, slim said:

I’m using the invisible recaptca btw.

I saw that and we were too. I can't test it right now because customers are online and shopping so it's turned off for now.

[WHMCS John]

Hi there,

I tested in v7.10 and can confirm the invisible captcha challenge is correctly displayed.

 

To test for yourself you can set the Security Preference in your Google reCaptcha settings to the highest setting.

Then use an incognito browser window, and the challenge will most likely be displayed.

[slim]

Sorry, but it’s not working for all clients. 

[McAtze]

5 minutes ago, slim said:

Sorry, but it’s not working for all clients. 

Did you have any error logs in the browser console? Did you check your google api key for errors? Sometimes there're restrictions for the api key that cause errors.

[slim]

The API keys are fine - they work well enough on the domain checker page.

the checkout however most certainly has issues - I will try to find some errors tomorrow in my browser.

from my phone in Edge (iPhone) tonight -

I can say it’s an issue.

[Evolve Web Hosting]

This is a continuation of CORE-13380 reported over a year ago. We're done with reCaptcha for now and disabled it.

[slim]

Just tested in private browser.. This is what I get on checkout. Note: I cant see anything in the inspect console (apart from this eWay related warning):

A cookie associated with a cross-site resource at https://secure.ewaypayments.com/ was set without the `SameSite` attribute. A future release of Microsoft Edge will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

 

 

Also note: Captcha is enabled in my admin login, so if there was a problem with my captcha API keys, I wouldnt be able to login to the admin area of my own install.

Im using the Invisible Recaptcha.

Edited April 27, 2020 by slim

[WHMCS John]

Hi @slim,

Can you please share a screenshot of the recaptcha settings on Setup > General Settings > Security tab, so that I can reproduce your configuration?

Do obfuscate the reCaptcha keys before sharing here.

 

[Evolve Web Hosting]

I know you didn't specifically ask for my settings but I thought I'd post them anyways.

[slim]

And here is mine:

Edited April 27, 2020 by slim
Updated screenshot.. clearer

[slim]

Anything?

[Hardik Joshi]

hello @slim same issue i am faced a days ago when i updated WHMCS v7.10.1 

but don't worry as per my experience  it will done automatically 🙂

[WHMCS John]

Hi @slim,

Thanks for providing that information. I've re-produced those settings on my stock 7.10.1 installations on two different server configurations,  and the invisible puzzle is displayed when necessary.

Please ensure your recaptcha keys are set to the type "Invisible" in your Google account settings: https://docs.whmcs.com/Google_reCAPTCHA#Enabling_Invisible_reCAPTCHA

[slim]

John, If the keys I had used were not correct, then I wouldn't be able to login to the admin area - It uses the same keys for captcha. 

It works PERFECTLY with the visible v2.. its the invisible that's broken. Multiple (of my) customers report it, I can replicate it and other WHMCS customers have advised of the same issue. My WHMCS is 100% stock templates.

[McAtze]

Google Captcha v2 use different Keys than the invisible Captcha. For invisible you have to create API key v3 at your Google account. 
 

For me, the invisible Captcha working fine with WHMCS 7.10.1

[slim]

Just now, McAtze said:

Google Captcha v2 use different Keys than the invisible Captcha. For invisible you have to create API key v3 at your Google account. 
 

For me, the invisible Captcha working fine with WHMCS 7.10.1

Yes! I know. IT WORKS everywhere when I select V2 and use V2 keys. It doesnt work when we use V3 invisible keys and select the appropriate option in WHMCS - at least, not on the checkout.. It does seem to work on the admin login page.

[Evolve Web Hosting]

7 hours ago, slim said:

Yes! I know. IT WORKS everywhere when I select V2 and use V2 keys. It doesnt work when we use V3 invisible keys and select the appropriate option in WHMCS - at least, not on the checkout.. It does seem to work on the admin login page.

Does invisible work on your domain checker too? It works fine if you use the checker from the main home page field but not if you use this URL for us: /cart.php?a=add&domain=register

I gave up on it and turned it off completely. Haven't had any spam issues yet.

[Evolve Web Hosting]

6 hours ago, surveypacific said:

yes as many times i have also faced this type of problem while filling the forms but with whmcs it is working completely fine

I am glad it is working for you. Unfortunately it's not for us and for @slim