The 'user_login' and 'user_login_block' forms should be added to the default forms added on install / update : there is no way an admin user can 'see' these forms and use the administration link to add them to the list of captchas.

Aside from that, the 3.0 release seems really nice - much nicer and much easier to setup than previous releases. Thanks for this great job.

Comments

robloach’s picture

robloach
he/him
commented
Assigned: Unassigned » robloach
Status: Active » Fixed

Great idea: Commit 74550.

Unfortunately it popped up another problem, which I'll make a new issue for.

robloach’s picture

robloach
he/him
commented

Oh, you'll have to run update.php.

heine’s picture

heine commented
Status: Fixed » Active

You cannot use captcha on the login form, why add them to the form list?

robloach’s picture

robloach
he/him
commented

Because User Login should be able to be Captcha-ed. I was talking with wundu and he mentioned you guys ran into this problem before?

heine’s picture

heine commented

User login happens in the validation stage of the user_login form, so any form_set_errors there are too late.
Poll voting doesn't follow the FAPI model, but acts on $_POST values, and there's nothing you can do with custom validation hooks about this.

wundo’s picture

wundo commented

@Heine, what do you think about using a brutal force solution by unsetting the session if the captcha was wrong?

robloach’s picture

robloach
he/him
commented
Component: Code » User interface
Assigned: robloach » Unassigned

Would that need to force a check if the form is user_login or user_login_form?

robloach’s picture

robloach
he/him
commented
Status: Active » Fixed

Move discussion about this issue to the patch in this issue.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)