X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   reCAPTCHA for X-Cart Classic (https://forum.x-cart.com/showthread.php?t=74978)

keystone 12-20-2019 02:21 PM

Re: reCAPTCHA for X-Cart Classic
Have this installed on x-cart 4.7.11 responsive template but still getting registrations like this...


Account information
Email: antoninariza@yandex.ru
Personal information
First name: www.tgraph.io/b405931-12-19:
Last name: www.tgraph.io/b405931-12-19:
Company: :
Tax number: www.tgraph.io/b405931-12-19:

any idea how they are getting through the recaptcha on the registration page?

PhilJ 12-24-2019 04:10 PM

Re: reCAPTCHA for X-Cart Classic
reCAPTCHA's certainly not bulletproof, but I'd go through the install steps again in case you missed anything.

Also I'd consider adding the 'honeypots' that were added in the latest version, which seem to do the trick :)

keystone 12-26-2019 11:27 AM

Re: reCAPTCHA for X-Cart Classic
great, thanks. I'll add that and see if that blocks them.

Thomasb134 01-10-2020 04:50 PM

Re: reCAPTCHA for X-Cart Classic
Here's some feedback from a V4.4.5 user:

This awesome mod has been on my to-do list for a couple years. The spammers have been very active the last few weeks so I was finally compelled to installed reCAPTCHA on my v4.4.5 branch.

I only incorporated the mods for Register, Login, PW Recovery, and Contact. I was surprised to find that my stock /include/help.php was missing the antibot_pwd_err section of code, so I copied what I needed from the XC 4.7.8 release. In case it helps another 4.4.5 user, here is what I did:

In /include/help.php file patch,

$utype = !empty($active_modules['Simple_Mode']) && $current_area == 'A' ? 'P' : $current_area;
    $account = func_query_first("SELECT id, login, password, email, usertype FROM $sql_tbl[customers] WHERE login='$username' AND usertype='$utype' AND status='Y'");


$antibot_pwd_err = !empty($active_modules['Image_Verification']) && func_validate_image('on_pwd_recovery', $antibot_input_str);

    if ($antibot_pwd_err) {

        $top_message['content'] = func_get_langvar_by_name('msg_err_antibot');
        $top_message['type'] = 'E';

        func_header_location('help.php?section=Password_Recovery_error&err_type=antibot&username=' . urlencode(stripslashes($username)));

Now you can apply the reCAPTCHA patch to help.tpl.

My site is running and the error logs are clean. Hopefully this mod reduces the spammer chatter. Many thanks for sharing the reCAPTCHA mod for X-Cart Classic!

EDIT Jan-21-2020: So far not a single Contact-Us or Registration spam. Glad to see the robot spammers are being blocked.

PhilJ 01-30-2020 12:43 PM

Re: reCAPTCHA for X-Cart Classic
In /skin/common_files/modules/reCAPTCHA/reCAPTCHA_js.tpl

This line can be commented out, as it's not really necessary and might interfere...

{if $main eq "catalog" && $cat eq "0"}{else}<noscript><meta http-equiv="refresh" content="0.0;url=home.php"></noscript>{/if}

peggyr 02-07-2020 05:57 PM

Re: reCAPTCHA for X-Cart Classic
Hi Phil,

I realized that I had made some of the reCAPTCHA tpl updates to both common_files and reboot (though reboot 4.7.11 had all the updates in the needed modules). My confusion.

However, in testing, checking out with 'anonymous' (eg, I don't require customer to register), there is no recaptcha on the screen.

The URL for the module follows


I've attached the screen capture - Is there maybe a missing tpl update for reCAPTCHA, or do I still have an install problem?


pauldodman 02-10-2020 04:01 AM

Re: reCAPTCHA for X-Cart Classic
I've had a customer using the module hit with spam through the contact form - so I've updated the module to the latest with the honeypot.

It says the honeypot is "optional" - but how do we make sure it's enabled?

PhilJ 02-10-2020 04:10 AM

Re: reCAPTCHA for X-Cart Classic
@ Paul, you can use your browser inspector to find the hidden honeypot field HTML.

Right click on the form -> 'Inspect Element'


CTRL + SHIFT + I and then CTRL + F to search for the field.

Once you've located the honeypot field, give it a value, then submit the form.

Thomasb134 02-11-2020 03:55 PM

Re: reCAPTCHA for X-Cart Classic
Today I discovered that the reCAPTCHA mod causes Altered Cart's Checkout One registered user Sign On to fail. It also fails when XCart Mobile is used. However Sign On works correctly from desktop mode using the shopping cart's side bar Authentication area.

When I applied the mod to my XC V4.4.5, the reCAPTCHA patch instructions for /include/login.php didn't match my version. Specifically this "BEFORE" code section doesn't exist:

In /include/login.php

        if (empty($user_data)) {




        // reCAPTCHA - www.xcartmods.co.uk
        if ($current_area == "C" && $main != "checkout" && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" && $config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key'] && $config['reCAPTCHA']['reCAPTCHA_enabled_login'] == "Y") {
            include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check.php';
        if ($bad_captcha) {
            if (func_is_ajax_request()) {
                $top_message['content'] = func_get_langvar_by_name('lbl_reCAPTCHA_error', false, false, true);
                $top_message['type'] = 'E';
                // Prepare ajax message
                        'action'  => 'message',
                        'message' => $top_message,
                $top_message = '';
            } else {
                $user_data = $userid = FALSE;
        // /reCAPTCHA

By comparing V4.4.5 with V4.7.8 I found what I thought was the equivalent code; I inserted the new reCAPTCHA code before this sequence:

        if (!$user_data) {

            $allow_login = FALSE;


The only other notable discrepancy was described in my post #84.

I rechecked my reCAPTCHA edits and couldn't find any unpatched code or edit mistakes. So I created a workaround for the login issue by commenting out the reCAPTCHA code block in login.php.

BTW, I found that the $main var is an empty string in login.php (in the reCAPTCHA function). Not sure if this is important, but thought I should mention it.

Although it's now working on the desktop view, XC Mobile fails on contact us, register, password reset, etc (but login is now OK). For simplicity I think it's best to have reCAPTCHA ignore mobile users; Still working on that. I could use some advice on how to fix the reCAPTCHA login for my 4.4.5 branch.

Edit Feb-14-2020: I've disabled the reCAPTCHA feature during mobile phone access (only desktop and tablet users see reCAPTCHA). Basically I wrapped the reCAPTCHA code in the /include/*.php files with this:

global $detect;  // mobile detection var from XC Mobile Module
 if(!$detect->isMobile() || $detect->isTablet()) {

- Thomas

PhilJ 02-21-2020 04:45 AM

Re: reCAPTCHA for X-Cart Classic
@ Peggy, as you're using Fastlane Checkout, you'll need to adjust the logic for the login and / or register steps, ie. removing...

&& $main != "checkout"

$main ne "checkout" &&

All times are GMT -8. The time now is 06:36 PM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.