So in the process of applying the new SSL cert here at work, I discovered an issue with the reCAPTCHA service.
The problem was that I was getting errors saying that my forms were only partially encrypted. This was due to my use of the reCAPTCHA library, which by default doesn’t use an SSL connection to grab the challenge HTML.
The documentation at the reCaptcha site has a section on this. Specifically it says:
In order to avoid getting browser warnings, if you use reCAPTCHA on an SSL site, you should replace http://api.recaptcha.net with https://api-secure.recaptcha.net.
Ref: http://recaptcha.net/apidocs/captcha/client.html
The example it uses shows how to change the Javascript itself. While this was nice to know it really didn’t help too much in my particular case. To solve this when using the reCAPTCHA PHP library, all you need to do is change the value of a single variable. In the file recaptchalib.php look for the function recaptcha_get_html then change the declaration to read as follows:
function recaptcha_get_html ($pubkey, $error = null, $use_ssl = true)
This will force all calls to be transmitted over an SSL connection, thus eliminating the dialog box in Internet Explorer and the slashed-lock in Firefox.
However since I am not encrypting the entire site by default, yet due to an issue with our website editing/management system, Adobe Contribute, I had to do a bit more than just updating the boolean variable. Since some of my forms are encrypted and some are not, I added the following code to the function referenced above:
if ($_SERVER['SERVER_PORT'] == 443) { $use_ssl = true;
}
This needs to be added just above the check for the value of the variable use_ssl in the function recaptcha_get_html. Once you do this you can use the same copy of the recpatchalib.php file for both secure and non-secure forms.