Spam Protector plugin doesn't work after Base URL change

[confused_yogi]

I have created my S9Y blog with Bulletproof and initially used a Base URL like http://45.355... . I would like to change the Base URL to the real domain name http://www.realsitename.com.

When I change the “Base URL” under Administration > Configuration > Paths to http://www.realsitename.com, for some reason the Spam Protector plug-in and/or the Contact Form do not deal with this very well. The following is happening:

If I go to the Contact Form via http://45.355...contact.html the Spam Protector captcha works fine. When the correct (shown) captcha is entered in the frontend, the form is submitted. When a wrong captcha is entered, an error message is displayed.

However, after changing the IP to the real domain name the Spam Protector plug-in no longer works as expected. A form can be submitted regardless of whether the RIGHT or WRONG captcha is entered. No error message is displayed when the wrong captcha is entered.

I reinstalled both plug-ins (Contact Form + Spam Protector). The issue persists.

Unfortunately, I can't figure out where exactly switching the Base URL impacts on plug-in behaviour.

Any idea what could be wrong with my installation, what I need to double-check?

Many thanks if you can help.

[Don Chambers]

Others may have a better understanding here than I, but submitting forms as a logged in author is a very different experience than submitting a form as a visitor. Have you tried using a different browser, that you are not logged in with, to duplicate the problem? This could just be a cookie issue.

[confused_yogi]

Others may have a better understanding here than I, but submitting forms as a logged in author is a very different experience than submitting a form as a visitor. Have you tried using a different browser, that you are not logged in with, to duplicate the problem? This could just be a cookie issue.

Hi Don, thanks for taking the time to reply. Very much appreciated. Yes, I tried and tested the whole installation in various browser scenarios. I closed Firefox after Base URL change (cookies and browsing history were cleared). Then tried submitting the form as a visitor (via Firefox as well as IE). The captcha plugin-in still doesn't work as expected. It submits ALL forms regardless of right or wrong captcha entered.

[garvinhicking]

Hi!

What's your URL?

Regard,s
Garvin

[confused_yogi]

What's your URL?

Sent via DM.

[confused_yogi]

Some additional php info regarding my .session settings:

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0

Also, in my s9y configuration, "Autodetect HTTP-Hostname" is currently disabled. Whether I enable or disable it doesn't make a difference. The captcha on the contact form still does not work.

Any help is appreciated. THANKS!

[garvinhicking]

Hi!

session.save_path is empty - this should be set to a path!

HTH,
Garvin

[confused_yogi]

Hi Garvin,

We tried various solutions so far and also compared my PHP configuration with the settings on another server where the spam protector plug-in works correctly. Result: PHP settings on both servers are exactly the same, but only my site shows the captcha problem. So it looks like the problem stems from somewhere else.

Moreover, the captcha problem is present only on my contact form page but not on other pages. On blog posts for example, the spam protector plug-in works fine to prevent comment spam. That is to say, when a user tries to submit a comment and a wrong captcha is entered, the comment is rejected with an error message. On the contact form however no error message is displayed and the form is submitted even when a wrong captcha is entered.

Have sent you a DM.

Thanks.

[garvinhicking]

Hi!

Did you check for the PHP session files in the session.save_path configured directory? To me it really sounds like your one installation cannot read session files.

Regards,
Garvin

[confused_yogi]

Hi Garvin,

Sorry to be so ignorant but what are we really looking for in the session.save_path directory? Am not a PHP expert. I don't know what kind of setting is needed here.

Yes, I checked this setting and you're right there's currently no value set. But Admin said the same PHP configuration is used for another virtual server (another site) and there everything works fine. There are no problems with captchas on the other site even without setting session.save_path. That's why I think the problem stems from elsewhere. Perhaps I am wrong... Could you be more precise? What kind of setting exactly is needed here? An example would help this confused yogi.

Thanks a million.

[kleinerChemiker]

http://www.php.net/manual/en/session.co ... .save-path

[confused_yogi]

Garvin found the bug:

[quoted from Garvin's DM] The spamblock plugin checks for the age of an article to see whether captchas shall be enabled or not. The default is that an entry needs to be 7 days old for captchas to be enabled. This also applies to the contactform, but there an entry is always meant to be "recent". Thus, the captcha is never really checked because contactform submissions are always more recent than the "time to live".

You could've either changed the number of days an entry needs to be old from "7" to "0" days, but since that would affect your blog configuration that's not a viable option. Thus, I changed the contactform plugin to submit contactform entries as "really old" so that the captcha checks will apply. [end quote]

Session settings work properly on my domain. So, the problem was caused by the configuration of the contact form entries which Garvin now modified. Incorrect captchas trigger an error message now.

Thanks a lot, Garvin.