X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   reCAPTCHA for X-Cart Classic (https://forum.x-cart.com/showthread.php?t=74978)

PhilJ 02-07-2017 12:39 PM

reCAPTCHA for X-Cart Classic
 
Helps prevent bot activity on...
  1. Register account form (register.php)
  2. Login form and login​ popup form (login.php)
  3. Password recovery form (help.php?section=Password_Recovery)
  4. Customer reviews form (product pages, basic and advanced modules)
  5. Send to friend form (product pages)
  6. Contact us form (help.php?section=contactus&mode=update)
  7. Newsletter subscribe form (news.php)
  8. Ask a question about this product popup form (popup_ask.php)
  9. Provider account register form (provider/register.php) [NEW, OPTIONAL]
  10. Affiliate account register form (partner/register.php) [NEW, OPTIONAL]
* Bonus additional simple honeypot option for the customer register account form [NEW, OPTIONAL]
* Bonus additional simple honeypot option for the contact us form [NEW, OPTIONAL]
  • Free service from Google, which includes daily pass and fail stats
  • Light or dark theme for the captcha block
  • Align the captcha block left, center or right
  • Multi-language capable
  • v4.6.x - v4.7.x
  • Easy to install - if you would like us to install it for you, (v4.6.x + only), click here
FAQ - https://developers.google.com/recaptcha/docs/faq

Support - https://support.google.com/recaptcha/?hl=en#6081880


More Info

(COMPATIBLE WITH PHP v7.x)


Changelog

9th Dec 2019 - Additional simple honeypots for the customer registration and contact us forms.

10th Apr 2019 - Option to add to Provider and Affiliate registration forms, CSS updated to downsize the reCAPTCHA box on mobiles, new loading spinners, langs.txt file added
29th Mar 2019 - modules/reCAPTCHA/recaptchalib.php updated again to prevent PHP warning again. Thanks to Paul. install.txt tidied up a little.
28th Feb 2019 - Only modules/reCAPTCHA/recaptchalib.php updated to prevent PHP warning from occurring.
28th Jan 2019 - Update, login popup improved, added to 'ask a question about this product' popup, tested with v4.7.10.
11th Nov 2017 - Update, additional module settings to enable / disable reCAPTCHAs (see below), now works in login popup, v4.4.x - v4.5.x patch included.
10th Oct 2017 - New version, allows for multiple reCAPTCHAs on same page, customer reviews (basic and advanced modules), password recovery page, newsletter subscription page supported
29th Jul 2017 - Now works with login.php
4th Apr 2017 - CURL version if 'file_get_contents' is disabled, also included (thanks to Nathaniël)
7th Mar 2017 - Now works with 'Send to Friend' form
20th Feb 2017 - Fix
7th Feb 2017 - Initial Release



mattstyle2 02-07-2017 08:43 PM

Re: reCAPTCHA for X-Cart Classic
 
blah, I just spent $150 on the xcart marketplace one and installed it already with your reboot template..

PhilJ 02-07-2017 08:56 PM

Re: reCAPTCHA for X-Cart Classic
 
oh, I wasn't aware there was such a mod for X-Cart Classic on the marketplace.

The module you purchased is better, as it takes care of all forms, albeit more expensive.

I'm currently only seeing dodgy emails mainly via register.php, but that may change over time, in which case this mod will be updated accordingly.

mattstyle2 02-07-2017 09:35 PM

Re: reCAPTCHA for X-Cart Classic
 
yes! well you should def add it to the 'add a review' section..

I installed the reCaptcha on the XC4.1.12 site a few months ago just for the reviews.. an easy way to do it is to replace the code for the current image verification software!

alright back to modding the reboot theme for the new site.. nice theme by the way..

-Matt

PhilJ 02-07-2017 09:44 PM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

I installed the reCaptcha on the XC4.1.12 site a few months ago just for the reviews

Yes, that would make sense with the standard customer reviews module in X-Cart Gold. Don't forget you can always use...

Code:

{if $login} ... {else} ... {/if}

Hallsons 02-08-2017 08:37 PM

Re: reCAPTCHA for X-Cart Classic
 
I haven't had any problems with bogus registrations so much as bogus product reviews. I hate to change it to requiring login but that's probably my next step.

Hallsons 02-09-2017 01:21 PM

Re: reCAPTCHA for X-Cart Classic
 
Actually I double checked and the bogus registrations were among those making fake reviews. So it seems like they are getting around the registration necessary for reviews and registering first and reviewing next.

My product id 52 and 1352 are the only ones being spammed in the reviews.

mattstyle2 02-12-2017 09:09 PM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by PhilJ
Yes, that would make sense with the standard customer reviews module in X-Cart Gold. Don't forget you can always use...

Code:

{if $login} ... {else} ... {/if}

oh using BSCE's slow review system. not so slow after I memcached it..

anyways, switching to the XC advanced reviews for the new site.

we manually review them too.. just making it easier for customers. alot easier to click a button instead of filling out the recapcha numbers.

peggyr 02-14-2017 02:31 PM

Re: reCAPTCHA for X-Cart Classic
 
I just installed reCAPTCHA for X-Cart Classic on my 4.6.6 Gold. I looked at the X-Cart Marketplace add-on, but I don't enable most of the forms it added reCaptcha to, and Phil's install for registrations and contactus was very easy, and worked immediately. I had been getting bogus registrations and contact us forms (5-10) daily for about 3 weeks.

THANK YOU PHIL!

PhilJ 02-20-2017 10:01 AM

Re: reCAPTCHA for X-Cart Classic
 
Important fix, so please update your stores...

Step 4) In include/register.php

BEFORE...

Code:

// Check address book
    if (isset($address_book)) {


INSERT...

Code:

    // reCAPTCHA
    if ($current_area == 'C' && $main != 'checkout' && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" && $config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key']) {
        include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check_register.php';
    }
    // /reCAPTCHA


PhilJ 03-07-2017 06:46 AM

Re: reCAPTCHA for X-Cart Classic
 
7th Mar 2017 - Now works with 'Send to Friend' form.

PhilJ 04-03-2017 07:32 PM

Re: reCAPTCHA for X-Cart Classic
 
4th Apr 2017 - CURL version if 'file_get_contents' is disabled, also included (thanks to Nathaniël)

PhilJ 07-29-2017 02:43 PM

Re: reCAPTCHA for X-Cart Classic
 
29th Jul 2017 - Now works with login.php

susilosaja 08-08-2017 08:29 AM

Re: reCAPTCHA for X-Cart Classic
 
Thanks for the module phil. Been getting thousands of spam registration.

Questions :
1. On google admin site, there's the setting "Security Preference", which consists of 3 choices : Easiest for user, Most Secure, and one in the middle. What is the recommended setting?

2. I notice sometimes the recaptcha asked the user to click some images, multiple times, for extra verification. Won't this be too much for a real customer?

susilosaja 08-08-2017 09:42 PM

Re: reCAPTCHA for X-Cart Classic
 
I noticed that when we disabled the recaptcha module, but still left the "enabled" setting in that module checked, it still check for the recaptcha. The user is then unable to pass the recaptcha check, even though there's no recaptcha on the form.

So on the php file, I add the checking whether the module is active. For example in register.php :

// reCAPTCHA
if ($current_area == 'C' && $main != 'checkout' && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" && $config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key']) {
include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check_register.php';
}
// /reCAPTCHA

I change it to :

// reCAPTCHA
if ($current_area == 'C' && $main != 'checkout' &&
!empty($active_modules["reCAPTCHA"]) && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" &&
$config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key'])
{
include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check_register.php';
}
// /reCAPTCHA

keystone 10-09-2017 12:05 PM

Re: reCAPTCHA for X-Cart Classic
 
I installed the Recaptcha mod a while ago and I don't see anywhere to make it active when a customer leaves a product review. It only seems to work on Registration page, contact us, and sand to a friend by default, how did you all get it onto the advanced customer reviews page?

This is on a 4.6.0 classic store.
Thanks.

susilosaja 10-09-2017 08:38 PM

Re: reCAPTCHA for X-Cart Classic
 
I can't remember exactly, so I may be wrong here. I dont think the recaptcha module provide verification for reviews. The Image Verification module has it though. It's what I use for reviews page.

PhilJ 10-10-2017 11:44 AM

Re: reCAPTCHA for X-Cart Classic
 
Updated, reworked. Quite a few changes, see install.txt

- On template pages, the upper form JS is no longer required. JS goes in skin/common_files/customer/service_js.tpl
- Can now have multiple reCAPTCHAs on same page, which is handy if you have your own custom forms
- Now works with customer reviews, basic and advanced modules - DEMO
- Now works with password recovery page - DEMO
- Now works with newsletter subscription page - DEMO

DOWNLOAD

I suggest reuploading the files and going through the install again. No need to re-patch the database.

Captchas are not necessary for modal popup forms... ie. login / product ask a question etc. JS is required for modals and the mod detects if JS is enabled.

keystone 10-19-2017 05:52 AM

Re: reCAPTCHA for X-Cart Classic
 
Very nice, thanks for updating that, was tired of reviews full of spam.

mattstyle2 10-19-2017 08:41 AM

Re: reCAPTCHA for X-Cart Classic
 
Any way to hide this until it detects a user spamming? X number of requests within a time period. Such as 2 or 3 requests for form submission within a minute.

Matt

PhilJ 10-20-2017 08:27 AM

Re: reCAPTCHA for X-Cart Classic
 
Not that I'm aware of. You might want to look into the invisible reCAPTCHA.

mattstyle2 10-20-2017 09:15 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by PhilJ
Not that I'm aware of. You might want to look into the invisible reCAPTCHA.


thanks, I implemented inv recaptcha.. didn't know about it!

nfc5382 11-05-2017 06:19 AM

Re: reCAPTCHA for X-Cart Classic
 
I didn't see step 20 in contactus.tpl. Is this a copy/paste error in the instructions?

Code:

20) In skin/common_files/customer/help/contactus.tpl

BEFORE...

      {include file="customer/buttons/submit.tpl" type="input" assign="submit_button"}


Otherwise, seems to be working OK.

THANK YOU!!!

pauldodman 11-08-2017 04:25 AM

Re: reCAPTCHA for X-Cart Classic
 
Yes, I believe step #20 is an error in the instructions.
My understanding is that it should read:

skin/common_files/customer/help/Password_Recovery.tpl

PhilJ 11-08-2017 04:38 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

I didn't see step 20 in contactus.tpl. Is this a copy/paste error in the instructions?
Step 20 fixed.

nfc5382 11-11-2017 07:26 AM

Re: reCAPTCHA for X-Cart Classic
 
Thanks again, PhilJ!

The bogus registrations on my site have stopped completely. This mod should really be part of x-cart!

TA 11-11-2017 09:55 AM

Re: reCAPTCHA for X-Cart Classic
 
For those of us using the reBOOT responsive template, "TEMPLATE MODIFICATIONS PART 2" need to be added to skin/reboot. Yes?

Thanks Phil!

PhilJ 11-11-2017 10:01 AM

Re: reCAPTCHA for X-Cart Classic
 
11th Nov 2017 - Update, new module settings to enable / disable reCAPTCHAs (see patch), also now works in login popup.

All install steps will need re-doing... keep a note of your reCAPTCHA keys before re-patching.

Steps 7) and 15) relate to the login popup.

That should be it for the time being, unless anyone requests reCAPTCHAs on any other forms.

maildodge 11-13-2017 04:53 AM

Re: reCAPTCHA for X-Cart Classic
 
Hi,

So we have issues with bot registrations on our site too. X-Cart support reccommended the Google reCAPTCHA and we paid to have this installed and setup.

But it is still happening. Seems they are doing it through the checkout page and not just the registration. Does your solution also fix the checkout or have you seen this problem before?

Thanks.

Thomasb134 11-13-2017 12:11 PM

Re: reCAPTCHA for X-Cart Classic
 
Has anyone installed this on the V4.4.x branch? If so, it would be great to hear about any changes you had to do to make it compatible.

I did a quick preliminary check on the impact of using it and found only one area that needed a change. On step 12 (include/help.php file) the variable $antibot_pwd_err is different in my V4.4.6 (mine uses $antibot_contactus_err).

But I have not attempted to do the installation so I don't know if there are unexpected surprises that will need some tweaks. Any advice would be great.

PhilJ 11-13-2017 01:06 PM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Has anyone installed this on the V4.4.x branch?
I've just added a v4.4.x - v4.5.x patch to the zip file. Installation steps should be more or less the same for those branches. Feel free to try it and let me know if you encounter any issues. Obviously make backups beforehand.

Thomasb134 11-13-2017 01:23 PM

Re: reCAPTCHA for X-Cart Classic
 
Thanks!

vulcan-works 05-08-2018 09:33 AM

Re: reCAPTCHA for X-Cart Classic
 
Just Installed this on 4.7.9
All the forms work great the except Advance Customer Reviews
This is the error and the add review page is blank:

Quote:

[08-May-2018 13:14:09 America/New_York] PHP Fatal error: Uncaught --> Smarty Compiler: Syntax error in template "/var/www/html/store/skin/common_files/modules/Advanced_Customer_Reviews/customer_add_review.tpl" on line 84 "<td colspan="2">&nbsp;</td>" - Unexpected "<" <--
thrown in /var/www/html/store/include/lib/smarty3/sysplugins/smarty_internal_templatecompilerbase.php on line 84


Even when i comment out the line, it still throws the error
Thanks

PhilJ 05-10-2018 02:43 AM

Re: reCAPTCHA for X-Cart Classic
 
Blank pages are usually a Smarty code issue, double check you haven't got any unclosed {if} statements, or used a < instead of a { by mistake.

vulcan-works 05-10-2018 10:39 AM

Re: reCAPTCHA for X-Cart Classic
 
Just realized it:
Missing a "}" after $config.reCAPTCHA.reCAPTCHA_enabled_review eq "Y"
Quote:

{* reCAPTCHA - www.xcartmods.co.uk *}
{if $active_modules.reCAPTCHA && $config.reCAPTCHA.reCAPTCHA_enabled eq "Y" && $config.reCAPTCHA.reCAPTCHA_site_key && $config.reCAPTCHA.reCAPTCHA_secret_key && $config.reCAPTCHA.reCAPTCHA_enabled_review eq "Y"
<tr>
<td colspan="2">&nbsp;</td>
<td>{include file="modules/reCAPTCHA/reCAPTCHA.tpl" align="left"}</td>
</tr>
{/if}
{* /reCAPTCHA *}


nauticalstyle 06-27-2018 04:22 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by PhilJ
Updated, reworked. Quite a few changes, see install.txt
:
:
:

Captchas are not necessary for modal popup forms... ie. login / product ask a question etc. JS is required for modals and the mod detects if JS is enabled.




Why do you say "Captchas are not necessary for modal popup forms... ie. login / product ask a question etc."?

nauticalstyle 06-28-2018 01:09 AM

Re: reCAPTCHA for X-Cart Classic
 
I am trying to test the reCAPTCHA on my development site on localhost, however I'm not sure what Domain name to give Google for the key generation.

pauldodman 06-28-2018 02:02 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Why do you say "Captchas are not necessary for modal popup forms... ie. login / product ask a question etc."?


Probably because the spam robots usually go for the easy to detect forms such as register, contact, etc - the ones that they can find directly.
The modal ones require an action first to get to - so therefore don't get targetted by these robots.

pauldodman 06-28-2018 02:03 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

I am trying to test the reCAPTCHA on my development site on localhost, however I'm not sure what Domain name to give Google for the key generation.


There are test keys available - maybe you can just use these:
  • Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
  • Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

nauticalstyle 06-28-2018 05:47 PM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by pauldodman
There are test keys available - maybe you can just use these:
  • Site key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
  • Secret key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe





Thanks, Paul. I must be getting lazy. This topic is discussed extensively over at stackoverflow.


All times are GMT -8. The time now is 03:30 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.