Jump to content

hCaptcha spam protection for ProcessWire forms


MoritzLost
 Share

Recommended Posts

@ngrmm Ok, I see the issue now. I have never used the generated markup (embed option D), so I haven't run into this issue yet.

The problem is the new bypass permission added in 2.0.0. Any user with this permission (the superuser has all permissions) will not see the captcha, the inputfield doesn't output any markup in this case. When you're generating the form builder markup, FormBuilder just renders the form with the current settings and outputs the resulting markup as a template (with some adjustments) as far as I can tell. But you're logged in while doing this, so the resulting markup will not include the hCaptcha code.

Not sure if I can solve this from within the module. I think you're going to have to manually add the hCaptcha markup to the generated template. Place this in the generated markup in the place where the hCaptcha is supposed to go:

<?= $form->getChildByName('hcaptcha')->render(); ?>

Replace hcaptcha with the name of the hCaptcha field in your form.

If this doesn't match the custom markup you need for this form, embed the form using one of the other embed methods, open the page with the form as the guest user and copy the generated markup from there. Then you can modify it as required. Or just include the inputfield manually.

  • Like 1
Link to comment
Share on other sites

1 hour ago, MoritzLost said:

 

<?= $form->getChildByName('hcaptcha')->render(); ?>

@MoritzLost I added it this way. Thanks a lot for the help and the module!

Another question that I have:
If I wanted to add it manually, where in your snippet do you choose the specific form? Or would it add the hCaptcha to all forms?

// site/init.php
wire()->addHookAfter('ProcessPageEdit::buildForm', function (HookEvent $event) {
    $form = $event->return;
    $submitButton = $form->getChildByName('submit_save');
    if ($submitButton) {
        $hCaptcha = $event->wire('modules')->get('InputfieldHCaptcha');
        $hCaptcha->set('label', __('Spam Protection'));
        // ... configuration goes here
        $form->insertBefore($hCaptcha, $submitButton);
    }
    $event->return = $form;
});

 

  • Like 1
Link to comment
Share on other sites

@ngrmm The snippet above hooks into ProcessPageEdit::buildForm – this would add hCaptcha to the page edit forms in the backend, not to Form Builder forms. The example code would add the hCaptcha code to all page edit forms, but you could limit it to pages with specific templates. Through $event->object you have access to the ProcessPageEdit instance object, and $event->object->getPage() will get you the page being edited.

If you want to insert the hCaptcha field to all Form Builder forms programmatically, something like this should work, though I haven't tested it:

$forms->addHookBefore('FormBuilderProcessor::renderReady', function (HookEvent $event){
    $processor = $event->object;
    $form = $event->arguments('form');
    if ($processor->formName !== 'contact_form') {
        return;
    }

    // insert hCaptcha
});

This should insert hCaptcha into a form named contact_form. Keep in mind that the selected embed method still needs to support this, so the caveat regarding embed method D still applies.

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

@MoritzLost I installed this module today and I'm wondering if it's compatible with PHP 8.3 and Processwire 3.0.229? When I add the field to a FormBuilder form and try to open the form on the website I get the following errors at the top of the form:

Deprecated: htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in /wire/core/Inputfield.php on line 1395

Deprecated: htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in /wire/core/Inputfield.php on line 1395

Deprecated: htmlspecialchars(): Passing null to parameter #1 ($string) of type string is deprecated in /wire/core/Inputfield.php on line 1395

 

Link to comment
Share on other sites

Release 2.0.1

  • Bugfix: Fix PHP warnings regarding the usage of htmlspecialchars.

https://github.com/MoritzLost/InputfieldHCaptcha/blob/master/CHANGELOG.md#201---2024-10-14

@combicart Thanks for letting me know, should be fixed in 2.0.1. Turns out some attributes might be null in InputfieldHCaptcha::getAttributes(), which was passed to Inputfield::getAttributesString(), which passes this to htmlspecialchars. Might also be addressed in core, but for now, I've filtered out all the null attributes. Let me know if you have any other issues!

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...