X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   reCAPTCHA for X-Cart Classic (https://forum.x-cart.com/showthread.php?t=74978)

keystone 12-20-2019 02:21 PM

Re: reCAPTCHA for X-Cart Classic
 
Have this installed on x-cart 4.7.11 responsive template but still getting registrations like this...

Quote:

Account information
Email: antoninariza@yandex.ru
Personal information
First name: www.tgraph.io/b405931-12-19:
Last name: www.tgraph.io/b405931-12-19:
Company: :
Tax number: www.tgraph.io/b405931-12-19:



any idea how they are getting through the recaptcha on the registration page?

PhilJ 12-24-2019 04:10 PM

Re: reCAPTCHA for X-Cart Classic
 
reCAPTCHA's certainly not bulletproof, but I'd go through the install steps again in case you missed anything.

Also I'd consider adding the 'honeypots' that were added in the latest version, which seem to do the trick :)

keystone 12-26-2019 11:27 AM

Re: reCAPTCHA for X-Cart Classic
 
great, thanks. I'll add that and see if that blocks them.

Thomasb134 01-10-2020 04:50 PM

Re: reCAPTCHA for X-Cart Classic
 
Here's some feedback from a V4.4.5 user:

This awesome mod has been on my to-do list for a couple years. The spammers have been very active the last few weeks so I was finally compelled to installed reCAPTCHA on my v4.4.5 branch.

I only incorporated the mods for Register, Login, PW Recovery, and Contact. I was surprised to find that my stock /include/help.php was missing the antibot_pwd_err section of code, so I copied what I needed from the XC 4.7.8 release. In case it helps another 4.4.5 user, here is what I did:

In /include/help.php file patch,
BEFORE ...
Code:

$utype = !empty($active_modules['Simple_Mode']) && $current_area == 'A' ? 'P' : $current_area;
    $account = func_query_first("SELECT id, login, password, email, usertype FROM $sql_tbl[customers] WHERE login='$username' AND usertype='$utype' AND status='Y'");


INSERT ...
Code:

$antibot_pwd_err = !empty($active_modules['Image_Verification']) && func_validate_image('on_pwd_recovery', $antibot_input_str);

    if ($antibot_pwd_err) {

        $top_message['content'] = func_get_langvar_by_name('msg_err_antibot');
        $top_message['type'] = 'E';

        func_header_location('help.php?section=Password_Recovery_error&err_type=antibot&username=' . urlencode(stripslashes($username)));
    }

Now you can apply the reCAPTCHA patch to help.tpl.

My site is running and the error logs are clean. Hopefully this mod reduces the spammer chatter. Many thanks for sharing the reCAPTCHA mod for X-Cart Classic!

EDIT Jan-21-2020: So far not a single Contact-Us or Registration spam. Glad to see the robot spammers are being blocked.

PhilJ 01-30-2020 12:43 PM

Re: reCAPTCHA for X-Cart Classic
 
In /skin/common_files/modules/reCAPTCHA/reCAPTCHA_js.tpl

This line can be commented out, as it's not really necessary and might interfere...
Code:

{if $main eq "catalog" && $cat eq "0"}{else}<noscript><meta http-equiv="refresh" content="0.0;url=home.php"></noscript>{/if}

peggyr 02-07-2020 05:57 PM

Re: reCAPTCHA for X-Cart Classic
 
Hi Phil,

I realized that I had made some of the reCAPTCHA tpl updates to both common_files and reboot (though reboot 4.7.11 had all the updates in the needed modules). My confusion.

However, in testing, checking out with 'anonymous' (eg, I don't require customer to register), there is no recaptcha on the screen.

The URL for the module follows

https://www.mystore.com/cart.php?mode=checkout#regdlg

I've attached the screen capture - Is there maybe a missing tpl update for reCAPTCHA, or do I still have an install problem?

Thanks
Peggy

pauldodman 02-10-2020 04:01 AM

Re: reCAPTCHA for X-Cart Classic
 
Hi
I've had a customer using the module hit with spam through the contact form - so I've updated the module to the latest with the honeypot.


It says the honeypot is "optional" - but how do we make sure it's enabled?

PhilJ 02-10-2020 04:10 AM

Re: reCAPTCHA for X-Cart Classic
 
@ Paul, you can use your browser inspector to find the hidden honeypot field HTML.

Right click on the form -> 'Inspect Element'

or

CTRL + SHIFT + I and then CTRL + F to search for the field.

Once you've located the honeypot field, give it a value, then submit the form.

Thomasb134 02-11-2020 03:55 PM

Re: reCAPTCHA for X-Cart Classic
 
Today I discovered that the reCAPTCHA mod causes Altered Cart's Checkout One registered user Sign On to fail. It also fails when XCart Mobile is used. However Sign On works correctly from desktop mode using the shopping cart's side bar Authentication area.

When I applied the mod to my XC V4.4.5, the reCAPTCHA patch instructions for /include/login.php didn't match my version. Specifically this "BEFORE" code section doesn't exist:
Code:

In /include/login.php
BEFORE...

        if (empty($user_data)) {

            func_login_error();

        }

 INSERT...

        // reCAPTCHA - www.xcartmods.co.uk
        if ($current_area == "C" && $main != "checkout" && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" && $config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key'] && $config['reCAPTCHA']['reCAPTCHA_enabled_login'] == "Y") {
            include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check.php';
        }
        if ($bad_captcha) {
            if (func_is_ajax_request()) {
                $top_message['content'] = func_get_langvar_by_name('lbl_reCAPTCHA_error', false, false, true);
                $top_message['type'] = 'E';
                // Prepare ajax message
                func_register_ajax_message(
                    'popupDialogCall',
                    array(
                        'action'  => 'message',
                        'message' => $top_message,
                    )
                );
                $top_message = '';
                func_header_location($HTTP_REFERER);
            } else {
                func_login_error(25);
                $user_data = $userid = FALSE;
            }
        }
        // /reCAPTCHA



By comparing V4.4.5 with V4.7.8 I found what I thought was the equivalent code; I inserted the new reCAPTCHA code before this sequence:
Code:

        if (!$user_data) {

            func_login_error();
            $allow_login = FALSE;

        }



The only other notable discrepancy was described in my post #84.

I rechecked my reCAPTCHA edits and couldn't find any unpatched code or edit mistakes. So I created a workaround for the login issue by commenting out the reCAPTCHA code block in login.php.

BTW, I found that the $main var is an empty string in login.php (in the reCAPTCHA function). Not sure if this is important, but thought I should mention it.

Although it's now working on the desktop view, XC Mobile fails on contact us, register, password reset, etc (but login is now OK). For simplicity I think it's best to have reCAPTCHA ignore mobile users; Still working on that. I could use some advice on how to fix the reCAPTCHA login for my 4.4.5 branch.

Edit Feb-14-2020: I've disabled the reCAPTCHA feature during mobile phone access (only desktop and tablet users see reCAPTCHA). Basically I wrapped the reCAPTCHA code in the /include/*.php files with this:
Code:

global $detect;  // mobile detection var from XC Mobile Module
 if(!$detect->isMobile() || $detect->isTablet()) {
    //reCAPTCHA CODE HERE
 }


- Thomas

PhilJ 02-21-2020 04:45 AM

Re: reCAPTCHA for X-Cart Classic
 
@ Peggy, as you're using Fastlane Checkout, you'll need to adjust the logic for the login and / or register steps, ie. removing...
Quote:

&& $main != "checkout"
and
Quote:

$main ne "checkout" &&

PhilJ 05-11-2020 02:10 AM

Re: reCAPTCHA for X-Cart Classic
 
Tip of the day!

Dunno about you, but I frequently get contact us form submissions from bots using 'google' as the company name.

In v4.7.x, to stop them, edit /include/help.php

After...
Code:

    // Check required fields
    $fillerror = !func_check_required_fields($contact, $current_area, 'contact_us');


Insert...
Code:

    if (strtolower($contact['company']) == 'google') {
        $top_message['content'] = func_get_langvar_by_name('lbl_error');
        $top_message['type']    = 'E';
        func_header_location('help.php?section=contactus&mode=update&err=1');
    }

Or just block IPs, or ranges of IPs outright using .htaccess
Code:

<Limit GET POST>
order allow,deny
deny from 5.188.210.
allow from all
</Limit>

If Google really is a client of yours, obviously use with caution :D

nfc5382 09-23-2020 02:12 PM

Re: reCAPTCHA for X-Cart Classic
 
Are these downloads still available? For some reason, my install from 2017 just stopped working on the login popup (the captcha doesn't show). I wanted to check the newer revisions.

It looks like the 2017 version had logic for the popup that was later changed.

pauldodman 09-24-2020 06:33 AM

Re: reCAPTCHA for X-Cart Classic
 
Yes, the downloads for the module are still available and current.
Just go to the very 1st post in the thread and you will be able to see the updates and latest versions.

Sounds like something has changed in your templates though.

nfc5382 09-24-2020 06:55 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by pauldodman
Yes, the downloads for the module are still available and current.
Just go to the very 1st post in the thread and you will be able to see the updates and latest versions.

Sounds like something has changed in your templates though.


Thanks, looks like xcartmods was down yesterday as the links were giving a dns error but are working now.

ITVV 09-24-2020 07:07 AM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

Originally Posted by nfc5382
Thanks, looks like xcartmods was down yesterday as the links were giving a dns error but are working now.


Hi,

I think Phil was changing servers which may explain downtime?

Kind regards

ITVV

PhilJ 09-27-2020 12:08 PM

Re: reCAPTCHA for X-Cart Classic
 
Quote:

I think Phil was changing servers which may explain downtime?
Yep, back on a fresh new server now, hurrah :D


All times are GMT -8. The time now is 03:43 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.