Meta Box

Invalid captcha token - MB User Profile Register Form

Support MB User Profile Invalid captcha token - MB User Profile Register Form

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 12, 2025 at 12:40 AM #48039
    CodogCodog
    Participant

    Hi there I am using the MB User Profile extension to allow users to register on a site.

    The Issue
    ============
    After adding a valid (V3) recaptcha_key and recaptcha_secret to the [mb_user_profile_register] shortcode and submitting a valid user registration, I get a WP Error: <div class="wp-die-message">Invalid captcha token</div>. Furthermore, I see a 500 Internal Server Error in the browser console.

    If you remove the recaptcha_key and recaptcha_secret the registration form successfully submits without error.

    To confirm that this problem was NOT isolated to my specific site setup I recreated the issue in a completely clean install of WordPress locally with a basic WP Theme.

    Re-Create The issue
    =======================
    To re-create this issue follow these steps:

    1) Create a new clean local dev environment using:
    - NGINX
    - MYSQL 8.0.35
    - PHP 8.3
    - SSL
    2) Install WordPress latest stable version 6.7.2.
    3) Install & Activate Metabox plugin.
    4) Install & Activate Metabox AIO plugin.
    5) Create a very basic custom PHP Page Template and assign it to a WordPress page:

    <?php
/**
 * Template Name: Frontend Register
 */

// Exit if accessed directly.
defined( 'ABSPATH' ) || exit;

get_header();

?>

<div id="page-wrapper">
    <div class="wrapper">
        <div class="container">
            <div class="row">
                <div class="col-md-12">
                    <?php
                     echo do_shortcode('[mb_user_profile_register password_strength="false" recaptcha_key="" recaptcha_secret=""]'); 
                    ?>
                </div><!-- .col-md-12 -->
            </div><!-- .row -->
        </div><!-- .container -->
   
</div><!-- .wrapper -->

<?php wp_footer(); ?>

    6) Generate valid recaptcha site key and secret key and enter into shortcode.
    7) Visit the new WordPress Page with Shortcode Form and submit a new user registration.

    I have no errors showing in my debug.log for this scenario.
    I have also created and used (V3) recaptcha site keys and secret keys on the MB Frontend Submission Form shortcode and this issue is NOT present here!

    I look forward to your response.

    Cheers 🙂

    April 14, 2025 at 10:58 PM #48050
    PeterPeter
    Moderator

    Hello,

    Please notice that if you use the Google reCaptcha, the Google API key doesn't work with local sites. You need to add an online domain to the settings to get and use the API key.

    I suggest you try to reproduce the issue on an online site, ensure that the secret and site keys (v3) are correct and let me know how it goes.

    April 14, 2025 at 11:12 PM #48052
    CodogCodog
    Participant

    Hi peter,
    Thanks for getting back to me but I have already added my local domain to the ReCaptcha domain settings (https://www.google.com/recaptcha/admin/). My local domain is an allowed valid domain IE: xxxxxxxxx.local

    I have also validated my secret and site keys....They are fine! I have tested them on alternate metabox frontend forms to check they are not at fault?

    To reiterate, this is only seen on the register form.

    I would be very grateful if you could take the time to reproduce this issue following my steps above.

    Cheers 🙂

    April 15, 2025 at 10:02 PM #48059
    PeterPeter
    Moderator

    Hello Codog,

    I can reproduce the issue on a test site. I've escalated the issue to the development team to fix this.

    Thank you.

    April 15, 2025 at 10:06 PM #48060
    CodogCodog
    Participant

    Hi Peter,
    thanks for keeping me updated. I look forward to the fix ASAP... getting far more bot registrations than I would like!

    Cheers 🙂

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.