Recaptcha integration in subscription form

clotilde · November 17, 2016, 10:13pm

Hello phpListers!

I need to add a solid captcha to my various subscription forms as they are being abused by spammers who are submitting random people’s email addresses. I currently have about 60K subscribers on my list.

(What happens next is that these random people receive a subscription confirmation email, which they report as spam because it’s technically unsolicited, and this is terrible for my deliverability and my standing with Amazon SES. Currently on probation in one US region. )

So. I want to integrate Recaptcha into my subscription forms to prevent that abuse. (I have seen the captcha plugin, but it’s Recaptcha I would like to use for optimal user experience.)

Any thoughts or experience to share?

Thank you!
Clotilde.

duncanc · November 18, 2016, 10:27am

@clotilde I’m working on a recaptcha plugin, similar to the captcha plugin. I’ll let you know when it is ready.

clotilde · November 18, 2016, 3:25pm

That’s wonderful news, @duncanc – thank you!
Are you able to give a ballpark idea of when it might be available?
(I wouldn’t hold you to it, it’s just to have an idea – days/weeks/months.)
Thank you,
Clotilde.

duncanc · November 18, 2016, 6:42pm

@duncanc You can install it now, see https://github.com/bramley/phplist-plugin-recaptcha

gtipnis2016 · November 22, 2016, 6:13am

Hi Duncan,
I’m new to phplist and I’m in the process of using your Recaptcha plugin. On my test machine, I’m having some issues. I am able to install the plugin with all correct feedback messages however when I try to access the Recaptcha settings from the Config>plugins menu, it opens the config page with all the other fields but without any fields to store the values I have received for Recaptcha from Google. Any clues where I could be going wrong? I’m running phplist on a Win 10 Pro machine. Phplist version is 3.6.2 and php version is 5.6.24. Apache server version is 2.4.23. The subscribe page is the default one with email, confirm email and two more admin-defined attributes (first name, last name). Any help would be much appreciated. Thanks in advance.
Regards,
Gabriel

duncanc · November 22, 2016, 9:48am

@gtipnis2016 @clotilde Sorry for that, a bug slipped-in without me noticing.

You can upgrade the plugin on the Manage Plugins page to install the fix. Also the new version will display the recaptcha in the same language as chosen for the subscribe page.

gtipnis2016 · November 23, 2016, 1:41am

Hi Duncan! Thanks for looking into it so quickly. I have been able to set up the recaptcha keys from Google and it is showing up correctly on the subscribe page. The only hitch is I’m getting an invalid-json error when I try to use the recaptcha plugin and subscribe. Any clues whether I need to fix anything in the config settings? I have “allow_url_fopen” enabled in the php.ini. and extension=php_curl.dll is not commented “;” either. If you can point me in some direction, that would be great. Thanks!

duncanc · November 23, 2016, 3:59am

@gtipnis2016 Searching for that particular error “recaptcha invalid json”, it seems to be caused by the connection method, for example see http://stackoverflow.com/questions/30106668/nocaptcha-returning-error-invalid-json but there doesn’t seem to be any consistency in the solutions.

The plugin uses curl if it is available otherwise file_get_contents(). You could try disabling one then the other to see if either work. Otherwise there might be a problem with your web server allowing the outgoing connection. Try adding this line at the start of the plugin file admin/plugins/RecaptchaPlugin.php to see whether any errors are being reported

<?php
error_reporting(-1);

gtipnis2016 · November 23, 2016, 7:05am

Thanks @duncanc. It was the curl causing the issue. Curl is loaded on my test server but after redirecting it to just use the Post() method, it works fine. Didn’t have time to investigate the curl issue much but http://stackoverflow.com/questions/31354633/curl-recaptcha-not-working-php mentions CURLOPT_SSL_VERIFYPEER setting and that could be the problem.

Thanks heaps for writing this plugin and for all your help in getting it working at my end!

clotilde · November 24, 2016, 3:44pm

Amazing @duncanc, thank you for making this available!
Will look into integration now.
Thank you again for your hard work.

clotilde · November 24, 2016, 3:57pm

Dear @duncanc,

Would it be possible to make the reCAPTCHA verification an option on a per-subscription page basis, rather than a system-wide basis?

The reason I ask is that I’ve integrated one of my phplist subscription forms into OptinMonster (a service that allows you to set up interstitials and popups based on various rules, to encourage signups) and integrating the recaptcha field into those layouts would be a challenge.

So I’d like to have the reCAPTCHA field in the subscription pages hosted on my own site, but not the one hosted through OptinMonster.

Do you see what I mean? Is it feasible?

Thank you!
Clotilde.

clotilde · November 24, 2016, 4:16pm

Alternatively, is there a way to include a hidden field in the subscription form that would override the need for the real reCAPTCHA?

Other than that, the integration was smooth as silk! (Famous last words. :))
Thank you so much.

duncanc · November 24, 2016, 8:28pm

Yes that can be done. I will look into it tomorrow.

clotilde · November 24, 2016, 8:59pm

You’re the best. Thank you!

duncanc · November 25, 2016, 1:01pm

@clotilde @gtipnis2016 There is a new release of the plugin. It now allows you to choose whether to have recaptcha on a subscribe page.

Also, it detects which php modules are available for sending the recaptcha request to Google (curl etc), and lets you select the one to use.

See the documentation page https://resources.phplist.com/plugin/recaptcha

duncanc · December 1, 2016, 12:11pm

@clotilde @gtipnis2016 There is a new release of the reCAPTCHA plugin that allows you to change the theme and size of the widget (although I think that the defaults look best).

This release has a dependency on CommonPlugin so you will need to install that plugin before upgrading, see https://resources.phplist.com/plugin/recaptcha

Dragonrider · December 1, 2016, 1:35pm

@duncanc That is a superb plugin, thank you so much for working it out AND for tweaking it so much as well.

clotilde · December 7, 2016, 4:03pm

Reporting back to say how happy I am with this plugin, @duncanc, thank you for making it available so promptly. This put an end to the spam abuse on one of my forms, and Amazon has taken me off “probation”.

One thing I can’t get working is the customization of the layout. I’ve switched it to compact for the form on this page to test it out, but the regular size is showing:

I’ve cleared my cache (Wordpress and browser) but it makes no difference.

Not a big pain point for me, but I’m curious if others see it working on their installation.

Thank you!

duncanc · December 7, 2016, 5:30pm

@clotilde The phplist subscribe page http://chocolateandzucchini.com/pl/?p=subscribe&id=11 does have the compact widget. As you are using a custom subscribe page you will need to copy the extra data-size attribute

<div class="g-recaptcha"
data-sitekey="6LdJXgwUAAAAAET-Yr7diyD-TIsfvfnRt0rkjgu8"
data-size="compact"
data-theme="light">
</div>

clotilde · December 7, 2016, 7:45pm

Aha, got it! Thank you for the clarification. Have a good night, @duncanc!