admin area - captcha disable hook

[cluster]

I would like to disable re-captcha only for the admin area (staff) is there any way to achieve this with a hook or would I have to remove the captcha part in the admin login TPL?

[WHMCS JimmyW]

Regrettably, after testing locally by removing the Captcha elements within the login.tpl file, the WHMCS system still expects this verification to be completed and returns the `The characters you entered didn't match the image shown. Please try again.` Error to the login page.

It does not appear this is currently possible if the `Login form` Captcha setting is enabled within your General settings 

[cluster]

17 minutes ago, WHMCS JimmyW said:

Regrettably, after testing locally by removing the Captcha elements within the login.tpl file, the WHMCS system still expects this verification to be completed and returns the `The characters you entered didn't match the image shown. Please try again.` Error to the login page.

It does not appear this is currently possible if the `Login form` Captcha setting is enabled within your General settings 

Thank you for your verification!

Maybe a hook file can disable the captcha checks for admin login .... but I have no idea how to create a proper & secure hook script on this

[leemahoney3]

No hooks that work on the admin login page unfortunately.

It's possible to remove the captcha from this form only, however it's very very messy and I don't recommend it.

If you do want to however, add session to your smarty security policy: https://docs.whmcs.com/Smarty_Security_Policy and then in login.tpl (admin/templates) on line 56 after

{if !$captcha->recaptcha->isEnabled()}

Put

<img src="../includes/verifyimage.php" style="display: none;" />
{assign var="captchaCodeIdentifier" value=$smarty.session.captchaValue}
{if !$captchaCodeIdentifier}
	<script>location.reload()</script>
{else}
	<input type="hidden" name="code" value="{$smarty.session.$captchaCodeIdentifier.value}">
{/if}

While commenting out the captcha-container div.

The final result would be below

{if !$captcha->recaptcha->isEnabled()}
	<img src="../includes/verifyimage.php" style="display: none;" />
	{assign var="captchaCodeIdentifier" value=$smarty.session.captchaValue}
	{if !$captchaCodeIdentifier}
		<script>location.reload()</script>
	{else}
		<input type="hidden" name="code" value="{$smarty.session.$captchaCodeIdentifier.value}">
	{/if}
{*  <div class="form-group captcha-container text-center"> *}
{*  	<p> *}
{*      	{lang key='login.captchaverify'} *}
{*    	</p> *}
{*      <div class="row"> *}
{*      	<div class="col-xs-6"> *}
{*          	<img id="inputCaptchaImage" class="captchaimage" src="../includes/verifyimage.php" align="middle" /> *}
{*          </div> *}

{*        	<div class="col-xs-6"> *}
{*          	<input id="inputCaptcha" type="text" name="code" maxlength="6" class="form-control" autocomplete="off" /> *}
{*       	</div> *}
{*   	</div> *}
{* 	</div> *}
{/if}

Basically all it's doing is checking for the captcha code in the session, if it does not exist (first time visiting the page - or logging out) then reload the page so it exists.

Then we get the correct captcha code from the session and set it as a hidden input with the name code so WHMCS thinks you've passed the code through.

 

I still discourage this as captchas are essential however I'm guessing you have the admin area locked down so bots etc. cannot hit it.

Edited September 14, 2023 by leemahoney3

[cluster]

Quote

No hooks that work on the admin login page unfortunately.

 

Thank you guys!