Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls
X-Cart Home FAQ Forum rules Calendar User manuals Login  

anti robotic flood registeration MOD from Turkey

 
Reply
   X-Cart forums > X-Cart 4 > Dev Questions
 
Thread Tools Search this Thread
  #1  
Old 05-28-2004, 06:22 AM
 
arabayaservis.com arabayaservis.com is offline
 

Member
   
Join Date: Nov 2003
Posts: 10
 
Default anti robotic flood registeration MOD from Turkey
for 3.5.7 and tested on 3.5.7

please all files backup!!!

this mod requier GD Image Library
if doesn't not working.
GD Library : http://www.boutell.com/gd/

create db

Code:
CREATE TABLE xcart_flood_register (
  flood_id int(11) NOT NULL auto_increment,
  flood_key varchar(10) NOT NULL default '',
  session_id varchar(40) NOT NULL default '',
  KEY flood_id (flood_id)
) TYPE=MyISAM;

***************************************

/customer/flood.php (new page)

Code:
<?php

	require "./auth.php"; 
	
	$key = "";
	$max_length_reg_key = 7;

	$chars = array(
		"A","B","C","D","E","F","G","H","I","J","K","L","M",
		"N","O","P","Q","R","S","T","U","V","W","X","Y","Z",
		"0","1","2","3","4","5","6","7","8","9");

	$count = count($chars) - 1;

	srand((double)microtime()*1234567);

	for($i = 0; $i < $max_length_reg_key; $i++)
	{
		$key .= $chars[rand(0, $count)];
	}

	//Generate my Image...
	$posx = $max_length_reg_key * 10;
	$img_number = imagecreate($posx,17); 
	$white = imagecolorallocate($img_number,255,255,255); 
	$black = imagecolorallocate($img_number,0,0,0); 

	Imagestring($img_number,9,0,0,$key,$black); 	
	
	mysql_query("delete from xcart_flood_register where session_id='$XCARTSESSID'");
	mysql_query("INSERT INTO xcart_flood_register (flood_key, session_id) VALUES ('$key', '$XCARTSESSID')");

	// No Cache
	header("Content-type: image/jpeg");
	header ("Expires: Sat, 10 Dec 1983 07:00:00 GMT");
	header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
	header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
	header ("Pragma: no-cache");                          // HTTP/1.0
	imagejpeg($img_number);
?>

***************************************

include/register.php

find : db_query("insert into $sql_tbl[customers] (login,usertype, ......

add, after

Code:
	// flood mod from turkey
	$flood_rec = func_query_first("select flood_key from xcart_flood_register where session_id='$XCARTSESSID'");
	if (empty($flood_rec)){
			func_header_location("error_message.php?flood_reg");
	}else{
		if($flood_rec['flood_key']!=$flood_register){
			db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
			func_header_location("error_message.php?flood_reg");
		}else{
			db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'");
		}
	}
	// flood mod from turkey
***************************************

skin1/customer/main/register.tpl

Add

Code:
<tr valign=middle>
<td align=right>Flood Control Key</td>
<td></td>
<td nowrap>[img]flood.php[/img]</td>
</tr>

<tr valign=middle>
<td align=right>Enter Flood Control Key</td>
<td></td>
<td nowrap><input type="text" size="32" name="flood_register"></td>
</tr>
***************************************

skin1/common_templates.tpl

add

Code:
{elseif $main eq "flood_reg"}
{include file="main/error_flood_reg.tpl"}
***************************************

main/error_flood_reg.tpl (new page)

Code:
{ include file="location.tpl" last_location=$lng.err_access_denied}
<h3>Please check flood control string!</h3>
{$lng.err_access_denied_msg}
Reply With Quote
  #2  
Old 05-28-2004, 12:24 PM
  adpboss's Avatar 
adpboss adpboss is offline
 

X-Man
   
Join Date: Feb 2003
Location: Ontario, Canada
Posts: 2,389
 
Default
Sorry to be so silly and ask, but what the heck does this mod do?
Reply With Quote
  #3  
Old 05-28-2004, 12:28 PM
  B00MER's Avatar 
B00MER B00MER is offline
 

X-Guru
   
Join Date: Sep 2002
Location: Keller, TX (Cart-Lab.com)
Posts: 3,165
 
Default
Try and do a whois on http://www.networksolutions.com/en_US/whois/index.jhtml and you'll see an image appear, you have to enter in these numbers to perform actions, this keeps people from trying to flood your login form or such over and over. Also helps from anyone trying to brute force login forms to find a username/pwd. combo. that works.
__________________
Cart-Lab - 100+ Social Bookmarks for X-Cart.
Reply With Quote
  #4  
Old 05-28-2004, 12:34 PM
  adpboss's Avatar 
adpboss adpboss is offline
 

X-Man
   
Join Date: Feb 2003
Location: Ontario, Canada
Posts: 2,389
 
Default
I SEE.

Very useful.

Thanks for enlightening me.
Reply With Quote
  #5  
Old 06-23-2004, 05:52 AM
 
mikamedianl mikamedianl is offline
 

Newbie
   
Join Date: Jun 2004
Posts: 3
 
Default
Great tool, but to prevent frustrated customers on your webshop I would like add:

Code:
$flood_register = strtoupper($flood_register);

So the changed code will be:

Code:
// flood mod from turkey 
   $flood_rec = func_query_first("select flood_key from xcart_flood_register where session_id='$XCARTSESSID'"); 
   if (empty($flood_rec)){ 
         func_header_location("error_message.php?flood_reg"); 
   }else{
      $flood_register = strtoupper($flood_register); 
      if($flood_rec['flood_key']!=$flood_register){ 
         db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'"); 
         func_header_location("error_message.php?flood_reg"); 
      }else{ 
         db_query ("delete from xcart_flood_register where session_id='$XCARTSESSID'"); 
      } 
   } 
   // flood mod from turkey

A lot of people won't use uppercase characters.

Furthermore it works very nice!

~ john
__________________
X-CART Gold version 3.5.8
PHP 4.3.2 / RH 7.3
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Dev Questions

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 12:08 AM.

   
 
X-Cart forums © 2001-2020