Since upgrading to Drupal 6.2 Captcha is seriously broke. When ever attempting to register new user this error keeps coming up. I've uninstalled, removed and reinstalled Captcha with no success.

Comments

soxofaan’s picture

Title: Invalid CAPTCHA token. » "Invalid CAPTCHA token" on user registration form
Status: Active » Postponed (maintainer needs more info)

I can't reproduce this with Drupal 6.2 and CAPTCHA 6.x-1.0-rc2

If I understand you correctly:
You had first a Drupal 6.1 installation with CAPTCHA 6.x-1.0-rc1 and CAPTCHA on user registration worked as desired.
You upgraded to Drupal 6.2 and CAPTCHA 6.x-1.0-rc2 and CAPTCHA on user registration stopped working?

Is this correct (especially that it worked before the upgrade)?

Does CAPTCHA 6.x-1.0-rc2 work on other things like the comment forms?
Please check for both anonymous as authenticated users (without skip CAPTCHA permission of course).

marcus0263’s picture

Yes everything was working fine before the upgrade to Drupal 6.2 with Drupal 6.1.

I restrict anonymous access and the only Captcha I have active is for new user registration.

I'll test tonight more thoroughly and post the results

Cheers

vortechs’s picture

I am also having this issue with Drupal 6.2 and 6.x-1.0-rc2 of CAPTCHA. I did not however, have CAPTCHA installed in drupal 6.1 - the last time I had it installed was Drupal 4.7 before I upgraded to 5.7, then 6.1, then 6.2 last week, and I removed the module when I upgraded to 5.7, and didn't reinstall it until after I upgraded to 6.2.

This appears to be something in the CAPTCHA core, since it shows up when using text captchas or the recaptcha module.

soxofaan’s picture

Please also check:

Does CAPTCHA 6.x-1.0-rc2 work on other things like the comment forms?
Please check for both anonymous as authenticated users (without skip CAPTCHA permission of course).

vortechs’s picture

I am seriously confused now. AFAIK, I didn't touch anything, but now captchas are working fine. So, 6.x-1.0-rc2 works fine for me in Drupal 6.2.

peregrina’s picture

i am also getting this "Invalid CAPTCHA Token." with captcha rc2any module(reCaptcha, captchapack...)

soxofaan’s picture

@peregina: please provide more information (which forms, which user roles)
also try the CAPTCHA with authenticated users without the skip CAPTCHA permission

peregrina’s picture

well, if i remove the skip captcha in all roles, it works. I bet theres the error.

soxofaan’s picture

Priority: Critical » Normal
Status: Postponed (maintainer needs more info) » Fixed

it's fixed then

Lovecannon’s picture

Status: Fixed » Active

No its not. I still get the same error, and Ive tried reinstalling the module and everything, it keeps coming up with Invalid Token errors every time, and no users had the 'Skip captcha' permission, so I dont know whats wrong with it, it just suddenly stopped working overnight, i hadnt installed any new modules, it just stopped working. Its really really annoying, so I just disabled the module and removed it until the next release. I was only using it to protect login/registration forms anyway.

soxofaan’s picture

Category: bug » support
Status: Active » Postponed (maintainer needs more info)

I can't reproduce this error with
* Drupal 6.2
* CAPTCHA 6.x-1.0-rc2
* math CAPTCHA on user registration form

The error message "invalid CAPTCHA token" is a typical symptom of session problems. The CAPTCHA solutions are stored server side in the session data, so sessions are required for CAPTCHAs to work. (CAPTCHA 6.x-2.x probably won't have this requirement.)

Getting "Invalid CAPTCHA token" for anonymous user typically means that anonymous users don't have persistent session data.
This often happens when there is no entry for uid=0 in the users table. Also see
#245451: Image is not visible because of no uid=0 in users table
#243285: Captcha not working when no sessions for anonymous
#179915: Resolved: Captchas don't work on second site (was missing user UID 0 in database)
#204095: Error: 'Cookies should be enabled in your browser for CAPTCHA validation.'

If I delete the entry with uid=0 in my users table, I can reproduce the error.

So please check if you have an entry for uid=0 in the users table of your database
or
try CAPTCHA on for example comment forms with an authenticated user (a user that is logged in) without the skip CAPTCHA permission

soxofaan’s picture

Status: Postponed (maintainer needs more info) » Needs review
StatusFileSize
new42.15 KB
new1.02 KB

This patch adds a check for uid=0 in the users table and shows an error on the status report if it's not available.

soxofaan’s picture

Version: 6.x-1.0-rc2 » 5.x-3.x-dev
Assigned: Unassigned » soxofaan
Status: Needs review » Patch (to be ported)
StatusFileSize
new2.25 KB

committed attached patch: http://drupal.org/cvs?commit=116712

To be ported to DRUPAL-5--3
Not an issue in HEAD because that branch does not depend on sessions

soxofaan’s picture

Status: Patch (to be ported) » Fixed

committed in DRUPAL-5--3
http://drupal.org/cvs?commit=120249

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

stham01’s picture

Version: 5.x-3.x-dev » 6.x-1.0-rc2

Did anyone ever figure this one out? I only use CAPTCHA for user login
any riddler login gets rejected once, with the error message
Invalid CAPTCHA token.

Second try lets you log in, but takes you to an 'Access denied' page

site: hautboy.org
Drupal 6.2
Captcha rc2

soxofaan’s picture

are cookies enabled?
do other challenges work (like the builtin math captcha)?

junk@netlumina.com’s picture

Status: Closed (fixed) » Postponed (maintainer needs more info)

Sorry, but this is NOT closed. The problem has been identified. But what's the solution?

soxofaan’s picture

The problem has been identified

Well, the problem is that there are several causes for getting the "invalid CAPTCHA token" error.
This thread is getting a bit messy with low signal-to-noise-ratio and different people with possibly different problems.

So if you want to contribute to this thread, or want this thread to be useful:
Please be very precise in describing your setup (which versions of drupal, modules, which browsers, cookies, users, forms, permission, etc) and the procedure to get the error message. I still can't reproduce the problem on my setup, which makes it very hard for me to debug, let alone to fix, something ;-)

tendon’s picture

I don't know if this is relevant to this thread, but apparently people with IE7 will get this "Invalid CAPTCHA Token" if they have their Tools|Internet Options>Privacy setting set to "High" or to "Block All Cookies". It will work with setting set to "Medium High"

This with D6.4, CAPTCHA 6.x-1.0-rc2, and ASCII Art CAPTCHA 6.x-1.0-beta2.

cglusky’s picture

I was not able to duplicate this on registration form with the latest CAPTCHA 6.x-1.x-dev and D6.6 in IE 7 and security set to High. And that was with Math CAPTCHA - Can those with the problem try the latest dev version?
R,
Coby

webcomm’s picture

I'm getting "Invalid CAPTCHA token" in my blog comments form when previewing or saving.

PHP 5.2.6
Drupal 6.3
CAPTCHA 6.x-1.0-rc2
Permissions: skip captcha is checked for all roles except unauthenticated user

I am running into this problem in FF and IE7.

The type of CAPTCHA doesn't seem to matter. I've tried math and text.

-Ryan

cglusky’s picture

please try latest dev version - rc2 was released in April and latest dev is from Oct - I suspect much development and many patches applied since rc2 was released. perhaps time for an rc3?

KeyboardCowboy’s picture

StatusFileSize
new1.08 KB

I installed CAPTCHA 5.x-3.x-dev and was getting the same problem, but not on all my forms. I think the problem may have something to do with whether or not $form['#tree'] is TRUE of FALSE. This changes the structure of the $form_values array. The current dev snapshot validates the CAPTCHA token as shown below:

  // Get answer and preprocess if needed
  $captcha_response = $form_values['#post']['captcha_response'];
  $validationdata = $form_values['validationdata']['#value'];
  if ($validationdata['preprocess']) {
    $captcha_response = module_invoke($validationdata['module'], 'captcha', 'preprocess', $validationdata['type'], $captcha_response);
  }
  $form_id = $validationdata['form_id'];
  $captcha_token = $form_values['#post']['captcha_token'];
  // Check if captcha_token exists
  if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
    form_set_error('captcha_token', t('Invalid CAPTCHA token.'));
  }
  // Check answer
  if ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
    $_SESSION['captcha'][$form_id]['success'] = TRUE;
    $_SESSION['captcha']['success'] = TRUE;
  }
  else {
    ...
  }

Note the line:
$captcha_token = $form_values['#post']['captcha_token'];

This is indicative of a non-treed form. If I change it to:

$captcha_token = $form_values['#post']['captcha']['captcha_token'];

... then I no longer receive the error for this form, but my other forms start throwing the 'Invalid CAPTCHA token' error.

Here's my final adjustments to get all forms to work:

  // Get answer and preprocess if needed
  $captcha_response = ($form_values['#tree'] ? $form_values['#post']['captcha']['captcha_response'] : $form_values['#post']['captcha_response']);
  $validationdata = $form_values['validationdata']['#value'];
  if ($validationdata['preprocess']) {
    $captcha_response = module_invoke($validationdata['module'], 'captcha', 'preprocess', $validationdata['type'], $captcha_response);
  }
  $form_id = $validationdata['form_id'];
  $captcha_token = ($form_values['#tree'] ? $form_values['#post']['captcha']['captcha_token'] : $form_values['#post']['captcha_token']);
  // Check if captcha_token exists
  if (!isset($_SESSION['captcha'][$form_id][$captcha_token])) {
    form_set_error('captcha_token', t('Invalid CAPTCHA token.'));
  }
  // Check answer
  if ($captcha_response === $_SESSION['captcha'][$form_id][$captcha_token]) {
    $_SESSION['captcha'][$form_id]['success'] = TRUE;
    $_SESSION['captcha']['success'] = TRUE;
  }
  else {
    ...
  }

The 2 lines that needed to be altered are the ones that set the $captcha_repsonse and $captcha_token variables.

I've also attached a patch for the 5.x-3.x-dev version.

I hope this helps.

moomba’s picture

Not working for me too. I just upgraded to drupal 6.8 and I have CAPTCHA 6.x-1.0-rc2 and its not working. Getting no image, switch to either math or text and get Invalid captcha token. Had to disable because I have this set for user reg.

greyridge’s picture

So does the module Captcha actually work without mods at the moment?

I just installed the latest and all I get are these "Invalid Captcha Token" messages.

soxofaan’s picture

Yesterday, I released a first beta of CAPTCHA 6.x-2.x, which should solve a lot of problems with the 6.x-1.x branch (related to sessions and cookies).
Can you try if this version solves your problem?

Aleet’s picture

I get the following error using the first beta of CAPTCHA 6.x-2.x,

Fatal error: require_once() [function.require]: Failed opening required 'sites/all/modules/captcha/captcha.admin.inc' (include_path='.:/usr/local/php5/lib/php') in /home/samsonha/public_html/hairloss_info/includes/menu.inc on line 346

Using drupal 6.6

oneiropolos’s picture

something strange that may help:

I get "Invalid CAPTCHA token" when using a PC with XP Home and in all three browsers :Mozilla, IE7 and Opera but everything works perfectly on another PC (with windows Vista among the other differences) --> with exactly the same database and drupal files <-- again in all browsers. On the PC where Captcha isn't working, it doesn't even let me access the site as an administrator!

I am using cck-6.x-2.1.tar
Drupal 6.9

but as I told you it shouldn't be a pure Drupal - module internal problem, otherwise the exact copy of the site would either work on both pc's or on none of them
Hope that was helpful somehow!

captcha 6.x-2.0-beta1 won't even get past installation :( Have to disable this module for the moment

soxofaan’s picture

@oneiropolos: your problem is almost certainly too restrictive firewall settings or something else that fiddles with cookies. Please try (if possible) CAPTCHA version 6.x-2.x (e.g. the CAPTCHA 6.x-2.x-dev), which does not require cookies.

oneiropolos’s picture

@soxofaan

Thank you for the reply!
No, it is not a matter of firewall settings, nor browser oriented. It has to do with cron. After I manually run cron, everything works perfectly on both PC's now. If cron is not set correctly (to run in some logical intervals) then I experienced the same problem on both PC's (despite clearing cookies, temporary files and everything). I even reinstalled apache2triad on my PC, tried everything with no result! After simply running cron though, everything was back to perfect again.

Hope that was helpful
Cheers

mattmm’s picture

For what it's worth - I was getting this same error with my captcha running on D6.9

I had a corrupt sessions table, ran a rebuild on it, and it fixed the problem.

candelas’s picture

i had the problem in drupal 6.9
it was because i duplicate the database in phpmyadmin and i had to delete user 0 because it is not an integer and it gave problems.
i made the user again and the problem was solved.
why user 0?

Sandymaguire’s picture

ok

soxofaan’s picture

at @Sandymaguire in #11: please do not post your problem in different threads, this pollutes the discussion and makes it very hard to help the original posters. This thread has already a very low signal-to-noise-ratio.
Your problem has its own thread: #383346: Image captcha doesn't display the CAPTCHA image, instead displays alt text from corresponding img tag

dontai’s picture

Assigned: soxofaan » Unassigned

Drupal 6.9, CAPTCHA 6.x-1.0-rc2, reCAPTCHA 6.x-1.1 I get the same "Invalid CAPTCHA token". Even the text-based version gives me the same error message. Any solution? My wordpress reCAPTCHA works great with the same public and private keys.

dontai’s picture

I partially messed myself up by putting modules CAPTCHA and reCAPTCHA in my /modules directory. Once I put them into my /sites/all/modules directory, reCAPTCHA and CAPTCHA came alive and worked. I'm new to Drupal and have always put modules into my /modules directory. I thought that only in a multi-site install that you need to use the sites all modules directory. Both CAPTCHA and reCAPTCHA needs to me in the proper directory of /sites/all/modules or it will return "Invalid CAPTCHA token" error message.

I apologize to the code and module developer and take back all nasty words and thoughts.

HyperD’s picture

I have the same issue as the others.

I have Drupal 6.8
I tried many configurations without results.
I also chosen among Math, Image ( that initially didn't show any picture and nobody knows why ), phrase.
In all those case, even if the answer was correct, I had Invalid CAPTCHA Token message
Under suggestion received in drupalitalia.org, I installed the Beta version 3 Saxofaan is working, and it works fine ...
I'm not able to inquiry the code, but in the Beta version 3 something works more properly ...
It is on the site: http://www.dodicesimotasto.it

usa2k’s picture

FWIW, I had the same issue "Invalid CAPTCHA Token"
It worked on one of my sites, but not the other.
I had an access issue a while back and had inadvertently
removed users record 0

From this thread I corrected that mistake, and all is well.

This was in D6.10
CAPTCHA 6.x-1.0-rc2
reCAPTCHA 6.x-1.1

Glad to find this thread!

HyperD’s picture

users record 0 still exists on my case.

I solved installing beta 3 version of the package ... Installed beta 3 all the issues are solved

HyperD’s picture

Status: Postponed (maintainer needs more info) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

gram.steve’s picture

I spend a fair amount of time chasing this bug in one of my sites. This thread had the answer (missing user 0). My problem was originally not getting the image captcha, then when I switched to math captcha for testing I was having the token problem.

I had deleted user 0 during a cleanup of users from extensive testing for code that automatically creates new users. I deleted all but admin (user 1). Restoring user 0 solved my problem. The weird thing is that all non auth users were getting sessions, but never seemed to get captcha data in those sessions.

Anyway, thanks for the help.

Drupal 6.12
Captcha 6.x-1.0-rc2

All browsers.