You are not logged in.
I secure my phpMyAdmin login page using Google reCAPTCHA. Until recently, phpMyAdmin used the old v1 API of reCAPTCHA, but now uses the newer v2 API as of version 4.40.
For some reason, I cannot get the new reCAPTCHA v2 API to accept my credentials to initiate a login. When I enter my correct username, password, and solve the CAPTCHA correctly, the page hangs for a few minutes and then spits out the following error messages:
Warning in ./libraries/plugins/auth/recaptcha/recaptchalib.php#94
file_get_contents(https://www.google.com/recaptcha/api/siteverify?secret=MYSECRETKEY&remoteip=127.0.0.1&v=php_1.0&response=RESPONSE-TOKEN-FROM-RECAPTCHA): failed to open stream: Connection timed out
Out of curiosity, I tested the reCAPTCHA URL generated above by copying and pasting it into my browser, and the following error message popped up:
{
"success": false,
"error-codes": [
"missing-input-response"
]
}
The error codes are generated by the API when the verification fails. According to the Google Developer site for the reCAPTCHA API, an error code of "missing-input-response" means "The response parameter is missing." The response parameter is not missing, however, if the URL is to be believed, so I'm confused as to why the error is occurring.
I tried to resolve the problem by generating a new reCAPTCHA key pair for my domain (did not work), and by editing phpMyAdmin/libraries/plugins/auth/AuthenticationCookie.class.php to explicitly include the key pairs in the code as opposed to having them be pulled from config.inc.php in the main phpMyAdmin working directory where they are defined using:
$cfg['CaptchaLoginPublicKey'] = 'PUBLIC-KEY';
$cfg['CaptchaLoginPrivateKey'] = 'PRIVATE-KEY';
This did not work, either.
Is anybody else who uses reCAPTCHA with phpMyAdmin experiencing the same problem with the upgrade to reCAPTCHA v2? Or is there a possible bug in the recaptchalib.php configuration file for v2? Any and all feedback would be appreciated.
Last edited by cmorgenstern (2016-08-24 03:11:41)
"Never ascribe to malice that which is adequately explained by incompetence."
~ Napoleon I
Offline
Bored
Last edited by ackt1c (2022-11-05 13:19:19)
Offline
I already have openssl.so uncommented in my php.ini file, so I don't think that's the problem. Thanks for the suggestions, though.
My setup is remotely accessible via a web server. The only symlink I have is from /etc/webapps/phpmyadmin/config.inc.php to /usr/share/webapps/phpmyadmin/config.inc.php so that phpmyadmin can find the config file when logging in. Is that what you're referring to?
"Never ascribe to malice that which is adequately explained by incompetence."
~ Napoleon I
Offline
Symlink
Last edited by ackt1c (2022-11-05 12:51:06)
Offline
My bad, I have that same setup too (symlink into /srv/http/ so that it's accessible remotely). Sorry for the confusion. I set it up a couple of months ago and have only recently had to dig back into the program files now that the reCAPTCHA plugin is malfunctioning.
Can you explain how I would check the reCAPTCHA keys "on standalone" to verify that they are not corrupted?
"Never ascribe to malice that which is adequately explained by incompetence."
~ Napoleon I
Offline
SQLd
Last edited by ackt1c (2022-11-05 12:50:30)
Offline
It seems that the false error for reCAPTCHA v2 was fixed in version 4.4.9.0, and as of version 4.4.12, reCAPTCHA v2 is working successfully with no visible errors.
A bug report for a reCAPTCHA v2 failure was filed for version 4.4.8.0, but it does not describe the error I was encountering. Anyway, all is well and fixed now. Apologies for letting this thread stagnate. Marking as solved.
"Never ascribe to malice that which is adequately explained by incompetence."
~ Napoleon I
Offline