Yes, that’s it! Now, I can’t comment on why that’s not appearing in the $_POST array but that’s the data you’re after. Do the other form fields appear in the $_POST array or is $_POST completely empty, like you mentioned above? If you can, try looking at everything in the $_POST array to see what you’re getting from the form. Maybe the value you need is there but not located where you expect it to be. Your original code above looked correct, so I’m not sure why the response token isn’t being returned where you expect it to be. Now you know you’re actually getting the token you need, you’re getting close!
Cool. So, what happens with $_POST if the Turnstile div isn’t in the form at all? I mean if you’re not getting ANY form data, that would indicate something else is wrong. Unless you’re saying $_POST is empty only when the Turnstile div is in the form.
that thread is about using an invisible Turnstile widget, but the discussion about interrupting the form submission process still applies, in my opinion.
I’m half-way through switching to explicit rendering from implicit thinking that might do something for me :-/
I’ll clean house, and stare at your snippet over a bowl of ramen.
Then see what I can manage!
Great! Thanks for the update! I don’t know the internals of Turnstile but I think (assume) “Success” means the browser challenges were successful. So, as far as Turnstile is concerned, you’re a human. The need to verify the token is to protect against that token being forged by someone trying to abuse your form.
In any event, glad you were able to locate your form data!
I’ve seen “every OTHER post on the 'net”, except that one.
And adding the name= attr fixes it.
Value’s now in $_POST, as you’d expect.
Good news is it’s starting to
Still trying to wrap head around the widget re-rendering – I assume with a 2nd API check – on server-verify.
Could possibly stop that with ajax, or ESI, but really not sure I care.
I still can’t convince myself that I correctly wrapped the submit button conditionally.
I want to make sure that [on,after}-Submit actions only continue IF the CF server-verify comes back OK.
Other than that it seems to be working.
I’m working on removing useless code and cleaning up a bit.
But it’s starting to look like an easy-to-drop-in CF-preotected custom-login page with no plugin dependencies.