Skip to Content Skip to Menu

🌲 Merry Christmas! Great savings on Professional and Developer Memberships! Get 25% off now with code XMAS-2024!

Invalid Captcha

  • trlbldr
  • trlbldr
  • ONLINE
  • Posts: 103
  • Thanks: 8
  • Karma: 1
9 months 3 weeks ago #337458 by trlbldr
Invalid Captcha was created by trlbldr
Verified, registered users of idahospiritualcompanions.org are unable to login to the website and their Profiles. When they enter their username, password, and click the Login button, they immediately receive the 'Invalid Captcha Code' error message.
What should occur is that the MFA verification form should appear, instead.
 
The Captcha tab of the CB AntiSpam plugin (5.0.1+build.2024.03.01.19.04.57.c7efbbab2) is configured to use 'Honeypot (Internal)' and the site Global Configuration is set to use CB AntiSpam as the designated Captcha source.
I appreciate any and all suggestions.
Thank you!

Don White

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48622
  • Thanks: 8303
  • Karma: 1446
9 months 3 weeks ago #337468 by krileon
Replied by krileon on topic Invalid Captcha
Honypot login captcha seams to work fine in my tests. Did you change the honeypot input name under Captcha > Modes > Internal > Honeypot? It's possible it's set to something getting filled in by browser auto complete. I don't typically recommend having captcha for login though, which can be turned off under Captcha > Legacy tab. Does this only happen to accounts that have MFA enabled?


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: trlbldr

Please Log in or Create an account to join the conversation.

  • trlbldr
  • trlbldr
  • ONLINE
  • Posts: 103
  • Thanks: 8
  • Karma: 1
9 months 3 weeks ago #337473 by trlbldr
Replied by trlbldr on topic Invalid Captcha
Yes, it did happen with accounts for which MFA was active. However, I've disabled MFA now. CB Login seems to work (few users for this development website), but the auto-redirect to the user's Profile doesn't occur. However, the link for users to open their Profile (Members main menu | Your Profile) does open the person's Profile now. Before, clicking that link redirected to the Home page of the template.
Thanks again, Krileon.

Don White

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48622
  • Thanks: 8303
  • Karma: 1446
9 months 3 weeks ago #337474 by krileon
Replied by krileon on topic Invalid Captcha

but the auto-redirect to the user's Profile doesn't occur.

If you've multiple CB login modules be sure they're all configured properly. Login redirect should always be non-SEO beginning with index.php. Example as follows.

index.php?option=com_comprofiler&Itemid=PROFILE_MENU_ID_HERE

That should safely redirect to profile every time. This assumes you don't have some other redirect taking over. For example CB Auto Actions could potentially redirect away or a 3rd party Joomla plugin could.

Note the login module redirect will not override first login redirect URL configured in CB > Configuration > Registration. So if this is the first time the user is logging in you may want to be sure that parameter is empty or also configured properly to redirect to profile.

Ok, so it sounds like there's an issue with login captcha and MFA. The MFA is probably hijacking the login before the Captcha can properly verify and gets stuck in a redirect loop of some kind. Will have to look into this further, but am unsure if it'll even be fixable as we're limited on how we can interact with Joomla's MFA implementation.

forge.joomlapolis.com/issues/9382

Have added a bug ticket to investigate further, but I just don't recommend using login captcha regardless. It's a legacy implementation for CB AntiSpam and will probably be removed eventually.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: trlbldr

Please Log in or Create an account to join the conversation.

  • trlbldr
  • trlbldr
  • ONLINE
  • Posts: 103
  • Thanks: 8
  • Karma: 1
9 months 3 weeks ago #337475 by trlbldr
Replied by trlbldr on topic Invalid Captcha

Did you change the honeypot input name under Captcha > Modes > Internal > Honeypot?

No.

I don't typically recommend having captcha for login though, which can be turned off under Captcha > Legacy tab.

Login was - and remains - turned off under Captcha | Legacy.

Don White

Please Log in or Create an account to join the conversation.

  • trlbldr
  • trlbldr
  • ONLINE
  • Posts: 103
  • Thanks: 8
  • Karma: 1
9 months 3 weeks ago #337476 by trlbldr
Replied by trlbldr on topic Invalid Captcha
There were/are no additional login modules - just the CB Login module.

Login redirect should always be non-SEO beginning with index.php: index.php?option=com_comprofiler&Itemid=PROFILE_MENU_ID_HERE

I reconfigured the CB Login module to login as you suggest above (using the Login menu ID). I also removed the default login redirect URL to <blank> in CB Configuration.
Result: Success!
Prior to this, I disabled MFA (all types). When changes to Gantry and/or CB are published to overcome this matter, I'll re-enable MFA (Verification Code via Email). Until then, we'll just admonish users to create a lengthy passphrase or password. (AdminTools is configured to check user passwords to prevent common and otherwise weak entries.)

Don White

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum