And if you want to match captcha case, change captcha.ignore.case to false.
Add the setting into your jforum's WEB-INF/config/jforum-custom.conf to override the default setting:
I check the configuration files. Our installation uses the Captcha default configuration as what you show in your answer. And there isn't any Captcha related configuration in the jforum-custom.conf file. The version number is 2.3.5-SNAPSHOT. I can make a post without entering any text in the Captcha field. Any other configuration would change the behaviour? I hope that I don't need to turn on the debugger to find the cause of this problem at PostAction class.
Hi, I've tested it in my development environment, the captcha for post is enabled by default. And if I didn't enter any text in the captcha field, although I can press the save button, JForum will prompt me to enter the captcha.
I found that this issue can be reproduced at the first time Java VM starts to load the Captcha engine.
When the Captcha engine is not ready, the imageCaptcha will return null.
A quick fix is to replace the last return statement from return true to return false.
public boolean validateCaptchaResponse(String origUserResponse)
{
String userResponse = origUserResponse;
if ((SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_REGISTRATION)
|| SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_POSTS))
&& this.imageCaptcha != null) {
if (SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_IGNORE_CASE)) {
userResponse = userResponse.toLowerCase(Locale.US);
}
final boolean result = this.imageCaptcha.validateResponse(userResponse).booleanValue();
this.destroyCaptcha();
return result;
}
return false;
}
andowson wrote:I found that this issue can be reproduced at the first time Java VM starts to load the Captcha engine.
When the Captcha engine is not ready, the imageCaptcha will return null.
A quick fix is to replace the last return statement from return true to return false.
public boolean validateCaptchaResponse(String origUserResponse)
{
String userResponse = origUserResponse;
if ((SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_REGISTRATION)
|| SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_POSTS))
&& this.imageCaptcha != null) {
if (SystemGlobals.getBoolValue(ConfigKeys.CAPTCHA_IGNORE_CASE)) {
userResponse = userResponse.toLowerCase(Locale.US);
}
final boolean result = this.imageCaptcha.validateResponse(userResponse).booleanValue();
this.destroyCaptcha();
return result;
}
return false;
}
With the change, I can't pass Captcha with a correct matched text.
Also, I do notice that the Captcha comes up late. A message "Captcha unavailable" shows up first.
and call this method instead of this.imageCaptcha in this.imageCaptcha != null. The change, however, blocks Captcha - I can't pass Captcha with a matched characters.
Hi, I've commit the fix as r224.
JForum will disable the submit button until the captcha image is fully loaded.
Please check out and test if this works.
andowson wrote:Hi, I've commit the fix as r224.
JForum will disable the submit button until the captcha image is fully loaded.
Please check out and test if this works.
Thanks. I am current working on other tasks. I will report back once I have a chance to test it out. I need to remind our integration build team to get the latest version of JForum.
Hi,
i have installed jForum 2.3.5 in my localhost and in the live server. The captcha verification is working on my localhost, but it is not working on my server. So, currently i have disabled the captcha verification. Any suggestion, how to fix this problem?
Please check your web container's log file(for example, Tomcat's catalina.out)
And see if there are some error messages as a hint for what's going wrong there.
Also, you'd better provide some environment information like OS version, Java version, etc.
Since JForum use JCaptcha as the capacha engine, you can check the FAQ on JCaptcha project website.
For Example, if you're running JForum on Linux server, you have to set the option in your JAVA_OPTS
-Djava.awt.headless=true
BTW, JForum 2.3.5 is not secure, you'd better install JForum 2.4.0 or later.