Development

#3372 (sfReCaptchaPlugin - improved error messages)

You must first sign up to be able to contribute.

Ticket #3372 (new enhancement)

Opened 3 months ago

Last modified 2 months ago

sfReCaptchaPlugin - improved error messages

Reported by: rbo@donax.ch Assigned to: arthur.koziel
Priority: minor Milestone:
Component: sfReCaptchaPlugin Version:
Keywords: error messages Cc:
Qualification: Unreviewed

Description

Hello,

I just installed sfReCahptcha plugin. To improve error messages, I propose to modify to sfReCaptchaValidator.class.php this way: 

  // if invalid, return the error
  if (!$resp->is_valid)
  {
	$msg_key = 'app_recaptcha_'.$resp->error;
	$error = sfConfig::get($msg_key,$resp->error);
				
	return false;
 }

In app.yml (or in any other config file appended to the plugin) I put an explicit error message according to the code sent by reCaptcha API. This is an example: 

all:
  recaptcha:
    publickey: "my_public_code"
    privatekey: "my_private_code" 
    invalid-site-public-key: "The public key defined in app_recaptcha_publickey is wrong or not defined."
    invalid-site-private-key: "The private key defined in app_recaptcha_privatekey is wrong or not defined."
    invalid-request-cookie: "The challenge parameter of the verify script was incorrect."
    incorrect-captcha-sol: "The CAPTCHA solution was incorrect."
    verify-params-incorrect: "The parameters to /verify were incorrect, make sure you are passing all the required parameters."
    invalid-referrer: "reCAPTCHA API keys are tied to a specific domain name for security reasons."
    recaptcha-not-reachable": "reCAPTCHA never returns this error code. A plugin should manually return this code in the unlikely event that it is unable to contact the reCAPTCHA verify server."

If the error key cannot be found on app.yml, $resp->error is sent to the template.

Change History

04/21/08 13:52:32 changed by gregoire

  • milestone deleted.

This is a pluging relatd issue not a core feature.

05/04/08 16:58:38 changed by arthur.koziel

  • owner changed from bladus to arthur.koziel.

05/04/08 17:56:26 changed by arthur.koziel

What exactly do you mean by "improve error messages"?

Error messages can't be changed. If validation fails, reCaptcha returns an error code like "incorrect-captcha-sol". This error code is then attached to the next recaptcha_get_html request ("...&error=incorrect-captcha-sol"), which causes an error message ("Incorrect. Try again." in this case) to appear.

05/05/08 08:36:31 changed by rbo@donax.ch

  • version deleted.

You are right, error messages cannot be changed. But they can be intercepted as reply code before showing them in the template.

Since error codes are limited, it is possible to create a dictionary (one solution is the one I post in my ticket), which will be used to build error messages to show in the template. This approach is even more i18n compatible.

05/06/08 14:01:56 changed by arthur.koziel

Okay, but wouldn't it be better if the error code also served as the i18n key?

For example, if the error would be "incorrect-captcha-sol", you simply translate it with 

echo __($sf_request->getError('captcha'));

And specify it in your xliff file: 

<trans-unit id="1">
  <source>incorrect-captcha-sol</source>
  <target>The CAPTCHA solution was incorrect.</target>
</trans-unit>

The problem I see with the proposed code is that you either have the error in the template or in the captcha, since the recaptcha_get_html function would get an invalid error code.

05/06/08 15:09:42 changed by garak

I agree with rbo@donax.ch I could have a site without i18n, but still want to display a better message than "incorrect-captcha-sol" (it's really ugly).

05/06/08 15:46:05 changed by rbo@donax.ch

The problem with i18n is that you must have a default culture. Your message is translated only if the actual culture differs from the default one. So, in the default language you wuold always write "incorrect-captcha-sol".

05/06/08 19:31:41 changed by arthur.koziel

There's still this one point which I'm not sure about. As mentioned above, if you alter the error, the recaptcha_get_html function will display nothing because it gets an unknown error code.

Is it okay for you guys, that we put some kind of warning in the wiki which states that overriding the error messages will cause the ReCaptcha? snippet to not display an error?

05/06/08 23:11:50 changed by rbo@donax.ch

Hummm...I see. In fact, the plugin sends the error message back to ReCaptcha? server... I'm sorry, I didn't see that before. In fact, my solution allows to display a nice error message using the form_error() helper , as done for all the other fields of my form. But, if I do that, the ReCaptcha? plugin cannot display the error message. Sigh....

I think I have found a solution to display both error messages in form_error and ReCaptcha? form. This is my how-to:

In sfReCaptchaValidator.class.php, modify the error handling this way: 

if (!$resp->is_valid)
{
$msg_key = 'app_recaptcha_'.$resp->error;
$error = sfConfig::get($msg_key,$resp->error);

// Storing recaptcha error code in user session
$this->getContext()->getUser()->setParameter('recaptcha_error_code', $resp->error);

return false;
}

We actually send a nice error message to the form_error() helper and we store in the user session the error code sent by ReCaptcha?.

in the template, we will recover the error code and send it to ReCaptcha?. Here is an example of the indexSuccess.php form: 

<?php use_helper('recaptcha','Validation'); ?>

<?php echo form_tag('recaptcha/index'); ?>
<div><?php echo form_error('recaptcha_response_field'); ?></div>
  <?php echo recaptcha_get_html(sfConfig::get('app_recaptcha_publickey'),$sf_user->getParameter('recaptcha_error_code',null)); ?>
  <?php echo submit_tag('submit'); ?>
</form>