X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Dev Questions (https://forum.x-cart.com/forumdisplay.php?f=20)
-   -   anti robotic flood registeration MOD from Turkey (https://forum.x-cart.com/showthread.php?t=7803)

arabayaservis.com 05-28-2004 06:22 AM
anti robotic flood registeration MOD from Turkey
 
for 3.5.7 and tested on 3.5.7

please all files backup!!!

this mod requier GD Image Library
if doesn't not working.
GD Library : http://www.boutell.com/gd/

create db

Code:
CREATE TABLE xcart_flood_register (
  flood_id int(11) NOT NULL auto_increment,
  flood_key varchar(10) NOT NULL default '',
  session_id varchar(40) NOT NULL default '',
  KEY flood_id (flood_id)
) TYPE=MyISAM;

***************************************

/customer/flood.php (new page)

Code:
<?php

        require "./auth.php";
       
        $key = "";
        $max_length_reg_key = 7;

        $chars = array(
                "A","B","C","D","E","F","G","H","I","J","K","L","M",
                "N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
                "0","1","2","3","4","5","6","7","8","9");

        $count = count($chars) - 1;

        srand((double)microtime()*1234567);

        for($i = 0; $i < $max_length_reg_key; $i++)
        {
                $key .= $chars[rand(0, $count)];
        }

        //Generate my Image...
        $posx = $max_length_reg_key * 10;
        $img_number = imagecreate($posx,17);
        $white = imagecolorallocate($img_number,255,255,255);
        $black = imagecolorallocate($img_number,0,0,0);

        Imagestring($img_number,9,0,0,$key,$black);       
       
        mysql_query("delete from xcart_flood_register where session_id='$XCARTSESSID'");
        mysql_query("INSERT INTO xcart_flood_register (flood_key, session_id) VALUES ('$key', '$XCARTSESSID')");

        // No Cache
        header("Content-type: image/jpeg");
        header ("Expires: Sat, 10 Dec 1983 07:00:00 GMT");
        header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
        header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
        header ("Pragma: no-cache");                          // HTTP/1.0
        imagejpeg($img_number);
?>

***************************************

include/register.php

find : db_query("insert into $sql_tbl[customers] (login,usertype, ......

add, after

Code:
        // flood mod from turkey
        $flood_rec = func_query_first("select flood_key from xcart_flood_register where session_id='$XCARTSESSID'");
        if (empty($flood_rec)){
                        func_header_location("error_message.php?flood_reg");
        }else{
                if($flood_rec['flood_key']!=$flood_register){
                        db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
                        func_header_location("error_message.php?flood_reg");
                }else{
                        db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
                }
        }
        // flood mod from turkey
***************************************

skin1/customer/main/register.tpl

Add

Code:
<tr valign=middle>
<td align=right>Flood Control Key</td>
<td></td>
<td nowrap>[img]flood.php[/img]</td>
</tr>

<tr valign=middle>
<td align=right>Enter Flood Control Key</td>
<td></td>
<td nowrap><input type="text" size="32" name="flood_register"></td>
</tr>
***************************************

skin1/common_templates.tpl

add

Code:
{elseif $main eq "flood_reg"}
{include file="main/error_flood_reg.tpl"}
***************************************

main/error_flood_reg.tpl (new page)

Code:
{ include file="location.tpl" last_location=$lng.err_access_denied}
<h3>Please check flood control string!</h3>
{$lng.err_access_denied_msg}

adpboss 05-28-2004 12:24 PM
Sorry to be so silly and ask, but what the heck does this mod do?

B00MER 05-28-2004 12:28 PM
Try and do a whois on http://www.networksolutions.com/en_US/whois/index.jhtml and you'll see an image appear, you have to enter in these numbers to perform actions, this keeps people from trying to flood your login form or such over and over. Also helps from anyone trying to brute force login forms to find a username/pwd. combo. that works.

adpboss 05-28-2004 12:34 PM
I SEE.

Very useful.

Thanks for enlightening me.

mikamedianl 06-23-2004 05:52 AM
Great tool, but to prevent frustrated customers on your webshop I would like add:

Code:
$flood_register = strtoupper($flood_register);

So the changed code will be:

Code:
// flood mod from turkey
  $flood_rec = func_query_first("select flood_key from xcart_flood_register where session_id='$XCARTSESSID'");
  if (empty($flood_rec)){
        func_header_location("error_message.php?flood_reg");
  }else{
      $flood_register = strtoupper($flood_register);
      if($flood_rec['flood_key']!=$flood_register){
        db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
        func_header_location("error_message.php?flood_reg");
      }else{
        db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
      }
  }
  // flood mod from turkey

A lot of people won't use uppercase characters.

Furthermore it works very nice!

~ john


All times are GMT -8. The time now is 01:42 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.