Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
 

reCAPTCHA for X-Cart Classic

 
Reply
   X-Cart forums > X-Cart 4 > Third Party Add-Ons for X-Cart 4
 
Thread Tools
  #81  
Old 12-20-2019, 02:21 PM
 
keystone keystone is offline
 

X-Adept
  
Join Date: Jul 2006
Location: USA
Posts: 787
 

Default Re: reCAPTCHA for X-Cart Classic

Have this installed on x-cart 4.7.11 responsive template but still getting registrations like this...

Quote:
Account information
Email: antoninariza@yandex.ru
Personal information
First name: www.tgraph.io/b405931-12-19:
Last name: www.tgraph.io/b405931-12-19:
Company: :
Tax number: www.tgraph.io/b405931-12-19:


any idea how they are getting through the recaptcha on the registration page?
__________________
www.uscandleco.com - X-Cart Version 4.7.11 Gold Plus php7.3
mods:
reCaptcha
running on UNIX

www.keystonecandle.com X-Cart Gold Plus - Version 4.7.11 php7.2
mods:
reCaptcha
cdseo pro
running on UNIX
Reply With Quote
  #82  
Old 12-24-2019, 04:10 PM
 
PhilJ PhilJ is offline
 

X-Guru
  
Join Date: Nov 2002
Posts: 4,094
 

Default Re: reCAPTCHA for X-Cart Classic

reCAPTCHA's certainly not bulletproof, but I'd go through the install steps again in case you missed anything.

Also I'd consider adding the 'honeypots' that were added in the latest version, which seem to do the trick
__________________
xcartmods.co.uk
Reply With Quote
  #83  
Old 12-26-2019, 11:27 AM
 
keystone keystone is offline
 

X-Adept
  
Join Date: Jul 2006
Location: USA
Posts: 787
 

Default Re: reCAPTCHA for X-Cart Classic

great, thanks. I'll add that and see if that blocks them.
__________________
www.uscandleco.com - X-Cart Version 4.7.11 Gold Plus php7.3
mods:
reCaptcha
running on UNIX

www.keystonecandle.com X-Cart Gold Plus - Version 4.7.11 php7.2
mods:
reCaptcha
cdseo pro
running on UNIX
Reply With Quote
  #84  
Old 01-10-2020, 04:50 PM
 
Thomasb134 Thomasb134 is offline
 

X-Adept
  
Join Date: Apr 2007
Location: USA
Posts: 789
 

Default Re: reCAPTCHA for X-Cart Classic

Here's some feedback from a V4.4.5 user:

This awesome mod has been on my to-do list for a couple years. The spammers have been very active the last few weeks so I was finally compelled to installed reCAPTCHA on my v4.4.5 branch.

I only incorporated the mods for Register, Login, PW Recovery, and Contact. I was surprised to find that my stock /include/help.php was missing the antibot_pwd_err section of code, so I copied what I needed from the XC 4.7.8 release. In case it helps another 4.4.5 user, here is what I did:

In /include/help.php file patch,
BEFORE ...
Code:
$utype = !empty($active_modules['Simple_Mode']) && $current_area == 'A' ? 'P' : $current_area; $account = func_query_first("SELECT id, login, password, email, usertype FROM $sql_tbl[customers] WHERE login='$username' AND usertype='$utype' AND status='Y'");

INSERT ...
Code:
$antibot_pwd_err = !empty($active_modules['Image_Verification']) && func_validate_image('on_pwd_recovery', $antibot_input_str); if ($antibot_pwd_err) { $top_message['content'] = func_get_langvar_by_name('msg_err_antibot'); $top_message['type'] = 'E'; func_header_location('help.php?section=Password_Recovery_error&err_type=antibot&username=' . urlencode(stripslashes($username))); }
Now you can apply the reCAPTCHA patch to help.tpl.

My site is running and the error logs are clean. Hopefully this mod reduces the spammer chatter. Many thanks for sharing the reCAPTCHA mod for X-Cart Classic!

EDIT Jan-21-2020: So far not a single Contact-Us or Registration spam. Glad to see the robot spammers are being blocked.
__________________
Thomas / USA
XCart V4.4.5 Gold
XCart Mobile V1.4.12
XCart X-PDF
XCart X-HotProducts
AlteredCart Checkout One (One Page Checkout)
BCSE Back In Stock
CFL Holiday Message
CFL System Message
Smack Digital (WebsiteCM) Remember Anon Carts
xcartmods Testimonials
xcartmods reCAPTCHA for X-Cart Classic
Unix, PHP 7.0 (patched 5.4).
MySQL 5.6
Reply With Quote

The following 3 users thank Thomasb134 for this useful post:
elmirage001 (01-12-2020), peggyr (02-20-2020), PhilJ (01-11-2020)
  #85  
Old 01-30-2020, 12:43 PM
 
PhilJ PhilJ is offline
 

X-Guru
  
Join Date: Nov 2002
Posts: 4,094
 

Default Re: reCAPTCHA for X-Cart Classic

In /skin/common_files/modules/reCAPTCHA/reCAPTCHA_js.tpl

This line can be commented out, as it's not really necessary and might interfere...
Code:
{if $main eq "catalog" && $cat eq "0"}{else}<noscript><meta http-equiv="refresh" content="0.0;url=home.php"></noscript>{/if}
__________________
xcartmods.co.uk
Reply With Quote

The following 3 users thank PhilJ for this useful post:
elmirage001 (02-06-2020), peggyr (01-30-2020), Thomasb134 (01-30-2020)
  #86  
Old 02-07-2020, 05:57 PM
  peggyr's Avatar 
peggyr peggyr is offline
 

X-Adept
  
Join Date: Dec 2005
Posts: 635
 

Default Re: reCAPTCHA for X-Cart Classic

Hi Phil,

I realized that I had made some of the reCAPTCHA tpl updates to both common_files and reboot (though reboot 4.7.11 had all the updates in the needed modules). My confusion.

However, in testing, checking out with 'anonymous' (eg, I don't require customer to register), there is no recaptcha on the screen.

The URL for the module follows

https://www.mystore.com/cart.php?mode=checkout#regdlg

I've attached the screen capture - Is there maybe a missing tpl update for reCAPTCHA, or do I still have an install problem?

Thanks
Peggy
__________________
X-Cart GP 4.7.12 | XCARTMODS.CO.UK reBOOT (reDUX)4.7.12.8 | Live
IONOS Hosting | Linux | PHP 7.4.33 | MySQL 5.7
Reply With Quote
  #87  
Old 02-10-2020, 04:01 AM
  pauldodman's Avatar 
pauldodman pauldodman is offline
 

X-Guru
  
Join Date: Jul 2003
Location: Spain / UK
Posts: 3,060
 

Default Re: reCAPTCHA for X-Cart Classic

Hi
I've had a customer using the module hit with spam through the contact form - so I've updated the module to the latest with the honeypot.


It says the honeypot is "optional" - but how do we make sure it's enabled?
__________________
Paul Dodman
e-business & m-commerce consultant
w: www.luminointernet.com
e: xcart@luminointernet.com

Professional X-Cart help, advice, support and services, specialists in Mobile X-Cart.
Reply With Quote
  #88  
Old 02-10-2020, 04:10 AM
 
PhilJ PhilJ is offline
 

X-Guru
  
Join Date: Nov 2002
Posts: 4,094
 

Default Re: reCAPTCHA for X-Cart Classic

@ Paul, you can use your browser inspector to find the hidden honeypot field HTML.

Right click on the form -> 'Inspect Element'

or

CTRL + SHIFT + I and then CTRL + F to search for the field.

Once you've located the honeypot field, give it a value, then submit the form.
__________________
xcartmods.co.uk
Reply With Quote

The following 2 users thank PhilJ for this useful post:
elmirage001 (02-11-2020), pauldodman (02-10-2020)
  #89  
Old 02-11-2020, 03:55 PM
 
Thomasb134 Thomasb134 is offline
 

X-Adept
  
Join Date: Apr 2007
Location: USA
Posts: 789
 

Default Re: reCAPTCHA for X-Cart Classic

Today I discovered that the reCAPTCHA mod causes Altered Cart's Checkout One registered user Sign On to fail. It also fails when XCart Mobile is used. However Sign On works correctly from desktop mode using the shopping cart's side bar Authentication area.

When I applied the mod to my XC V4.4.5, the reCAPTCHA patch instructions for /include/login.php didn't match my version. Specifically this "BEFORE" code section doesn't exist:
Code:
In /include/login.php BEFORE... if (empty($user_data)) { func_login_error(); } INSERT... // reCAPTCHA - www.xcartmods.co.uk if ($current_area == "C" && $main != "checkout" && $config['reCAPTCHA']['reCAPTCHA_enabled'] == "Y" && $config['reCAPTCHA']['reCAPTCHA_site_key'] && $config['reCAPTCHA']['reCAPTCHA_secret_key'] && $config['reCAPTCHA']['reCAPTCHA_enabled_login'] == "Y") { include $xcart_dir . '/modules/reCAPTCHA/recaptcha_check.php'; } if ($bad_captcha) { if (func_is_ajax_request()) { $top_message['content'] = func_get_langvar_by_name('lbl_reCAPTCHA_error', false, false, true); $top_message['type'] = 'E'; // Prepare ajax message func_register_ajax_message( 'popupDialogCall', array( 'action' => 'message', 'message' => $top_message, ) ); $top_message = ''; func_header_location($HTTP_REFERER); } else { func_login_error(25); $user_data = $userid = FALSE; } } // /reCAPTCHA


By comparing V4.4.5 with V4.7.8 I found what I thought was the equivalent code; I inserted the new reCAPTCHA code before this sequence:
Code:
if (!$user_data) { func_login_error(); $allow_login = FALSE; }


The only other notable discrepancy was described in my post #84.

I rechecked my reCAPTCHA edits and couldn't find any unpatched code or edit mistakes. So I created a workaround for the login issue by commenting out the reCAPTCHA code block in login.php.

BTW, I found that the $main var is an empty string in login.php (in the reCAPTCHA function). Not sure if this is important, but thought I should mention it.

Although it's now working on the desktop view, XC Mobile fails on contact us, register, password reset, etc (but login is now OK). For simplicity I think it's best to have reCAPTCHA ignore mobile users; Still working on that. I could use some advice on how to fix the reCAPTCHA login for my 4.4.5 branch.

Edit Feb-14-2020: I've disabled the reCAPTCHA feature during mobile phone access (only desktop and tablet users see reCAPTCHA). Basically I wrapped the reCAPTCHA code in the /include/*.php files with this:
Code:
global $detect; // mobile detection var from XC Mobile Module if(!$detect->isMobile() || $detect->isTablet()) { //reCAPTCHA CODE HERE }

- Thomas
__________________
Thomas / USA
XCart V4.4.5 Gold
XCart Mobile V1.4.12
XCart X-PDF
XCart X-HotProducts
AlteredCart Checkout One (One Page Checkout)
BCSE Back In Stock
CFL Holiday Message
CFL System Message
Smack Digital (WebsiteCM) Remember Anon Carts
xcartmods Testimonials
xcartmods reCAPTCHA for X-Cart Classic
Unix, PHP 7.0 (patched 5.4).
MySQL 5.6
Reply With Quote

The following user thanks Thomasb134 for this useful post:
PhilJ (02-21-2020)
  #90  
Old 02-21-2020, 04:45 AM
 
PhilJ PhilJ is offline
 

X-Guru
  
Join Date: Nov 2002
Posts: 4,094
 

Default Re: reCAPTCHA for X-Cart Classic

@ Peggy, as you're using Fastlane Checkout, you'll need to adjust the logic for the login and / or register steps, ie. removing...
Quote:
&& $main != "checkout"
and
Quote:
$main ne "checkout" &&
__________________
xcartmods.co.uk
Reply With Quote

The following user thanks PhilJ for this useful post:
peggyr (02-21-2020)
Reply
   X-Cart forums > X-Cart 4 > Third Party Add-Ons for X-Cart 4



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 03:46 PM.

   

 
X-Cart forums © 2001-2020