VirtueMart Forum

VirtueMart 2 + 3 + 4 => Templating & Layouts => Topic started by: gba on November 20, 2015, 13:39:20 PM

Title: Questions regarding ReCaptcha
Post by: gba on November 20, 2015, 13:39:20 PM
Hello all!

In configuration I can choose to use ReCaptcha in the registration form.
a) How can I display a label with the ReCaptcha in the form?
b) How can I use ReCaptcha also in the login form?

Kind regards,
Gerald
Title: Re: Questions regarding ReCaptcha
Post by: jenkinhill on November 20, 2015, 15:00:01 PM
This applies to VM3.0.12 with default VM templates on J3.0.5
Configure & enable the Joomla ReCaptcha plugin and turn on.  Enable Use ReCaptcha for Registration in VM config/shop.
Then the captcha will appear in the account registration form at the bottom, and in the cart registrattion form it appears at the top after hitting the register button. 
It can be moved from top to bottom is you wish by overriding components/com_virtuemart/views/user/tmpl/edit.php

The login module is a Joomla module, you should ask on the Joomla forum if ReCaptcha could be included thgere, but personally I see no point in doing so.

Title: Re: Questions regarding ReCaptcha
Post by: gba on December 03, 2015, 16:34:20 PM
Hello!

Thank you for your reply.
I know, how to enable the reCaptcha.
My questions were regarding ...
a) ... how to display a label with the reCaptcha in the registration form.
b) ... how to use reCaptcha not only in the registration, but also in the login form.

I guess this can be done by template overriding.
Right?

Kind regards,
Gerald
Title: Re: [solved] Questions regarding ReCaptcha
Post by: gba on June 22, 2017, 15:47:43 PM
Hi all!

I want to push this topic again.
Actually I am really wondering, why VM does not provide the login forms (regular and popup) with the reCaptcha, but the registration form, only?
Isn't this a vulnerability?

Kind regards,
Gerald
Title: Re: Questions regarding ReCaptcha
Post by: K&K media production on June 22, 2017, 20:47:54 PM
https://developers.google.com/recaptcha/docs/display
Title: Re: Questions regarding ReCaptcha
Post by: jenkinhill on June 22, 2017, 23:30:20 PM
Quote from: gba on June 22, 2017, 15:47:43 PM
why VM does not provide the login forms (regular and popup) with the reCaptcha, but the registration form, only?

Effectively the login is just the Joomla username & password - and ideally only used by someone already registered.  It is not added in Joomla but could be using the appropriate code. There is a thread about this in the Joomla forum which may help explain the issues.
https://forum.joomla.org/viewtopic.php?t=910764
Title: Re: Questions regarding ReCaptcha
Post by: gba on July 06, 2017, 08:07:23 AM
Hi!

Thank you for that hint.
I read this thread and partly agree with the ideas there.
But actually how else would you prevent a VM shop from being attacked by automatically filling in the login form and jamming the webserver this way?

Kind regards,
Gerald
Title: Re: Questions regarding ReCaptcha
Post by: jenkinhill on July 06, 2017, 11:06:48 AM
Most VM registrations use required fields, so the form cannot be submitted unless those fields are completed. You can also use a hidden field to confuse bots. They will see that field and make an entry - and if there is something in that field then halt the "registration" process. You can do this for both Joomla's registation form and for VM.
Title: Re: Questions regarding ReCaptcha
Post by: gba on July 11, 2017, 09:15:42 AM
Hi!

The problem is not the registration form - it does provide the use of the reCaptcha plugin set in Joomla! configuration.
But the login form does not.

Kind regards,
Gerald
Title: Re: Questions regarding ReCaptcha
Post by: Jörgen on July 11, 2017, 12:08:21 PM
Hello Gerald

Sorry to intrude, but why do You want to make it harder to login? There are a number of other security plugins that can protect without any hazzle for the registered user. A quick search found this:
https://extensions.joomla.org/extensions/extension/access-a-security/limit-login-attempts/ (https://extensions.joomla.org/extensions/extension/access-a-security/limit-login-attempts/)

best regards

Jörgen @ Kreativ Fotografi
Title: Re: Questions regarding ReCaptcha
Post by: gba on July 11, 2017, 21:02:01 PM
Hi!

Thank you for that hint.
The new Google NoCaptcha reCaptcha (version 2) now appears if there is suspicious activity, only.
So usually there is actually no captcha displayed.
I just want the same behaviour in the login form like in the registration form.

Kind regards,
Gerald
Title: Re: Questions regarding ReCaptcha
Post by: jenkinhill on July 13, 2017, 16:12:03 PM
By "login form" I guess you mean the Joomla login form? In which case see https://www.youtube.com/watch?v=LFGouPne3Oc