2015-02-19, 09:53 AM
It's awesome that NoCAPTACH has been implemented into the latest build of MyBB but my forum uses SSL encryption and it doesn't seem to work 
How can I fix?
How can I fix?
2015-03-03, 08:04 AM
Bump.
2015-03-04, 07:05 PM
It does work with standard certificates - to get this working on CloudFlare you can apply this modification: http://community.mybb.com/thread-126098-...#pid912082
It wouldn't hurt to make the URLs in inc/class_captcha.php protocol less in 1.8.5.
It wouldn't hurt to make the URLs in inc/class_captcha.php protocol less in 1.8.5.
2015-03-04, 07:17 PM
You glorious human being, thank you!
2015-03-04, 11:58 PM
i work it out by using relative url, removing all the http:
One thing i don't understand, isn't this supposed to be automatic when i force SSL using CF flexible SSL as i have both server and secure_server in the class_captcha.php
$this->server = "//www.google.com/recaptcha/api"
One thing i don't understand, isn't this supposed to be automatic when i force SSL using CF flexible SSL as i have both server and secure_server in the class_captcha.php
$this->server = "http://www.google.com/recaptcha/api";
$this->secure_server = "https://www.google.com/recaptcha/api";
2015-03-05, 05:29 PM
(2015-03-04, 11:58 PM)xiaoming Wrote: [ -> ]One thing i don't understand, isn't this supposed to be automatic when i force SSL using CF flexible SSL as i have both server and secure_server in the class_captcha.php
Is it because host does not have SSL cert causing it not able to automatic switch to use secure_server google link as above?$this->server = "http://www.google.com/recaptcha/api"; $this->secure_server = "https://www.google.com/recaptcha/api";
By default, the connection between CloudFlare and your server is not encrypted (Flexible or Off), so your server (and MyBB) receives requests over the standard HTTP protocol.
You can enable that encryption by setting the SSL mode in the CloudFlare panel to Full or Strict, in which case your server would have to be able to respond to requests over HTTPS (some shared hosts allow that, but the certificates are self-signed, which means a certificate warning would be displayed to a user trying to connect through https:// directly to the server [not over CloudFlare]). While self-signed certificates will do just fine for Full mode (the certificate can be self-signed, as it is an internal one, used between CF and your server only), the Strict mode additionally requires that certificate to be signed by a certificate authority (which improves security by assuring that the second connection [CF ⇄ your server] hasn't been tampered with and no one could have seen its contents).