Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

reCAPTCHA and SSL

by

Tips and Tricks HQ Support Portal Forums WP eMember WP eMember Troubleshooting reCAPTCHA and SSL

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • August 5, 2011 at 2:09 am #3992
    drv
    Member

    I am running a login page with [wp_eMember_login_form:end] under https and I have a issue because there are some insecure contents, basically from reCAPTCHA enviroment ( http://api.recaptcha.net/challenge?… and others like that).

    Do I need to set SSL somewhere?

    On the other hand, I think reCAPTCHA library need to be updated witht this info:

    http://groups.google.com/group/recaptcha/browse_thread/thread/57baacc2a067035a/ea0303e7d7a49262

    August 5, 2011 at 3:21 am #35197
    amin007
    Participant

    Please post a URL to your login page.

    August 5, 2011 at 4:31 am #35198
    drv
    Member

    ok, it is https://www.globalchase.eu/inscripcion-de-usuarios/suscripcion-globalchase/

    Now is with original files. You can see the problem.

    I made a quick test and problem would dissapear if I had modified recaptchalib.php:

    in line 39 “https://www.google.com/recaptcha/api” and in line 106: $use_ssl = true

    August 6, 2011 at 12:17 am #35199
    amin007
    Participant

    We added another condition in the plugin to take care of this. Please get another build of eMember from here and this SSL issue with recaptcha lib should be fixed:

    https://support.tipsandtricks-hq.com/update-request

    August 6, 2011 at 2:10 am #35200
    drv
    Member

    Thanks. I got the new code and it is working fine with respect to SSL condition.

    However, I’m afraid you forgot to update recaptchalib.php in the build (concerning new URL in line 39), otherwise recaptcha image just dissapear.

    Anyway, now my page is working flawless in both (secure and insecure) modes.

    August 7, 2011 at 1:17 am #35201
    amin007
    Participant

    Updated the library.

    August 8, 2011 at 12:00 am #35202
    drv
    Member

    Hi,

    I’m afraid another small change is necessary for SSL.

    If you use “Use Gravatar Image in Profile” , that image cause the same problem, because it comes from an insecure source.

    According to Gravatar help:

    “If you’re displaying Gravatars on a page that is being served over SSL (e.g. the page URL starts with HTTPS), then you’ll want to serve your Gravatars via SSL as well, otherwise you’ll get annoying security warnings in most browsers. To do this, simply change the URL for your Gravatars so that is starts with:

    https://secure.gravatar.com/…

    Everything else is the same as above (all the same options work), just make sure that the URL starts out like this.”

    Following your last approach, I modified eMember_misc_functions.php in a couple of places doing something like this:

    if ssl “on” … ‘https://secure.gravatar.com/avatar/’ else …’http://www.gravatar.com/avatar/’

    And apparently it is working fine.

    August 8, 2011 at 11:59 pm #35203
    amin007
    Participant

    we will update it to work conditionally (it will use the https version for https site)

    August 9, 2011 at 2:08 am #35204
    amin007
    Participant

    Updated this.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.