Jump to content
motion2082

Add reCAPTCHA to Prestashop Version 1.6.0.14 for FREE

Recommended Posts

hola yo tengo la versión de prestashop 1.6.1.1 acabo de instalar el modulo, simplemente cambiando el nombre ya me apareció en prestashop. Mi pregunta es tengo que hacer alguna cosa mas?. hay que implementarlo en el código PHP de la web que realiza el envío del formulario?.( si tuviera que hacerlo, como tendría que realizarlo ?)

en la web donde lo instale es (car-angeleyes.net) por si pueden he charle un vistazo.

gracias por todo y por este fantástico modulo, ya que me llegaron una oleada de mensajes rusos no muy agradables 

Share this post


Link to post
Share on other sites

Works great, thank you.

 

The language code for Swedish is in fact 'sv' but when I installed the language I mistakenly added it as 'se'. I won't want to loose my rankings so I decided to keep it.

Tried to add 'sv | se ' and 'se | sv ' but that resulted the capthcha being in English in all languages sites.

What shall I put in the force language field in order to gave it displayed in Swedish if the language selected in Prestashop is 'se', and keep the other languages as selected in the FO? 

 

 

Share this post


Link to post
Share on other sites

Greetings,

 

First of all please let me thanks @herve25 for this great work which makes accessible an easy integration of a captcha verification to most, and doing so help fight against spammers.

The module works great out of the box, if the instructions are followed properly for installation. It also offers an easy way to maintenance your keys directly from the module itself in case you want to change them like different sites and such, without having to go back edit the files.

However I would like to point that even if it 'may' stop some spams, it cannot be properly implemented without overriding the ContactController.

As I said, it 'may' seem to work and block, almost if not all, spam considered messages, but it remains some checks needs to be added in order to make it a fully working sollution.

For example, if you disable JavaScript, captcha is not loaded at all and you can send messages without taking the captcha challenge, and guess what, spammers mostly use Perl scripts to spam our 'generic' websites (vs customized ones. indeed if you use generic templates of everything out of the box without any customization your are just making yourself of an easier target for spammers who make generic scripts to attack the most possible websites/targets) and they just dont care about JavaScript.

So at the very least you need to check what's happening with the "g-recaptcha-response" variable, and as being said it is being done in the ContactController on PS.1.6.0.14 (original thread version).

This has already been addressed by @sekwoja@TACS in earlier posts, here is a simple code you need to add at the very least in an override you will need to place into:
site/override/controllers/front/ContactController.php

 

On 2/19/2018 at 1:22 PM, TACS said:

 

it is not very clear from the OP how to use this module to provide the complete security needed, because if you do have a real spam problem then they still bypass the captcha on the contact form even after installing this module and following the first post.

so, I wanted to make it clear, that not only do you need to follow the first post of this thread, but you will also need to write in the code from the quoted post above and into to the contactcontroller.php

 


 else if (!($gcaptcha = (int)(Tools::getValue('g-recaptcha-response'))))

    $this->errors[] = Tools::displayError('Captcha not verified');

 

 


This simple addition will probably block 99% of the spam, if not 100%.

However this is not the proper way to do it as per Google ReCaptcha documentation. This "g-recaptcha-response" variable needs to be verified by google who will tell you in return if the challenge was passed or not. Indeed this variable can contain anything for all you know, it just means that the ReCaptcha challenge was taken, not that it was passed or failed.

Again this has already been addressed by someone in earlier posts.

 

On 5/19/2017 at 8:56 AM, servalagency said:

Bonjour,

 

Il faut créer un override pour chaque formulaire sinon le POST sans passer par la page n'est pas sécurisé, exemple pour le formulaire de contact à mettre dans override/controllers/front/ContactController.php :

 

--

 

Hello,
 
It is necessary to create an override for each form otherwise the POST without going through the page is not secure, example for the contact form to put in override/controllers/front/ContactController.php
 

<?php
class ContactController extends ContactControllerCore
{
  /**
  * Start forms process
  * @see FrontController::postProcess()
  */
  public function postProcess()
  {
    if (Tools::isSubmit('submitMessage')) {      
      // Ma clé privée
      $secret = Configuration::get('CAPTCHA_PRIVATE_KEY');
      // Paramètre renvoyé par le recaptcha
      $response = $_POST['g-recaptcha-response'];
      // On récupère l'IP de l'utilisateur
      $remoteip = $_SERVER['REMOTE_ADDR'];

      $api_url = "https://www.google.com/recaptcha/api/siteverify?secret="
      . $secret
      . "&response=" . $response
      . "&remoteip=" . $remoteip ;

      $decode = json_decode(file_get_contents($api_url), true);

      if ($decode['success'] == true) {
        parent::postProcess();
      }
      else {
        // BAN IP
        $path = _PS_ROOT_DIR_.'/.htaccess';
        if (!$htaccess = @file_get_contents($path)) {
          return false;
        }
        $content = 'Deny from ' . $remoteip . "\r\n";
        $content .= $htaccess;
        file_put_contents($path, $content);
      }
    }
  }
}

 

This script will automatically ban IP of people who failed the ReCaptcha challenge. Personally I find it a bit too radical. This is why I have not done it this way, however all credits goes to @servalagency for coming up with a working solution.

Based on this I did a less aggressive response not banning any IP using the following override:

$message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags.

// ReCaptcha Challenge
$secretkey = Configuration::get('CAPTCHA_PRIVATE_KEY');
$remoteip = $_SERVER['REMOTE_ADDR'];

[...]

elseif (!($gcaptcha = Tools::getValue('g-recaptcha-response')) ||
              !($decode = json_decode(file_get_contents($api_url = "https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$gcaptcha."&remoteip=".$remoteip), true)) ||
              !(intval($decode['success'] == true)))
        $this->errors[] = Tools::displayError('You need to take the Captcha challenge to use this form (Javascript).');
elseif (!$message)
        $this->errors[] = Tools::displayError('The message cannot be blank.');


Please note and this is very important, the "g-recaptcha-response" is left UNTOUCHED, no conversions or anything (unlike in very first posted solution), because google needs a valid variable so the verification process can happen.

From this point we could also send only email to site admin for message review and possible manual IP bans directly into .htaccess, but that may not be really necessary and overkill. But that's doable.

Only by adding those extra steps you will properly integrate the reCaptcha to your website by fully verifying the challenges, and not only feeling safe by adding a reCaptcha box...

 

I hope this helps.

Regards.

Edited by Muad'Dib
fixing credits (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites

Hello @Muad'Dib,

@herve25 is my old account, with an email i have no more access.
This topic is not really relevent of the state of the module now and that's why your comments are unecessary ^^.

The override of the contact form is already implemented since last year and the recapatcha response is well checked and verified ;)
The better solution to follow the module as already said in this topic is to check on github.
https://github.com/nenes25/eicaptcha

@karmaedv thanks i'll compare and update german translations if needed.

Regards

Share this post


Link to post
Share on other sites

Hi guys,

I've installed the module and seems to work fine.

I have installed the module on 2 different site, on one it work 100% without notice (ps: 1.6.1.2). On the other (ps: 1.6.0.14), above the captcha there are this notice:

Notice: Undefined index: captcha in /home/ulqk7283/domains/advie.it/public_html/tools/smarty/sysplugins/smarty_internal_templatebase.php(157) : eval()'d code on line 240 Notice: Trying to get property of non-object in /home/ulqk7283/domains/advie.it/public_html/tools/smarty/sysplugins/smarty_internal_templatebase.php(157) : eval()'d code on line 240

5ac5e4cf09242_Schermata2018-04-05alle10_44_34.thumb.png.a14b2acefe040a2436a747ba3b8ff285.png

In attached the image.

i see the file smarty_internal_templatebase.php, but i don't know how change it.

5ac5e4decd653_Schermata2018-04-05alle10_45_03.png.9406ace64cf30a92e271efbc066b130f.png

5ac5e4e0f1786_Schermata2018-04-05alle10_45_40.thumb.png.aba96d8ed2ab51114472d40b835b17d2.png

How i can do to fix this?

 

 

Share this post


Link to post
Share on other sites

Geetings @hhennes!

 

Many thanks for your reply.

I am very happy to learn the verification is properly handled in latest versions now, so is the 'spam' work around from PS implemented since PS 1.6.1.7 (updates).

Sadly, and for some reasons I cannot really explain myself, on my current version, which I know is pretty outdated, PS 1.6.0.14, latest releases v0.4.1x meant to be working for this version of the platform, just make my whole website crash. I just gave up trying to use those since I needed a fast solution to stop those spammers from ruining my domain reputation on mail hosts.

Older versions however, currently v0.4.3, which was recommended and released I think prior you forked each < PS 1.7 and PS 1.7+ with completely different numering and version, and which does not use "on the fly" addition to templates gives me better results regarding its integration (and I use default PS templates), so I just sticked with this one after having tried v0.4.1{1-4} without good results (site crash or blank pages). But after a few days, since I was still receiving some spams (less than before, but still some) I decided to just look into it and if possible just fix on my own that version that was integrating smoothly for me and work from there until I stopped receiving spams..

It is probably only me having such problems very likely due to something else I am using (and which I need or I would not be using it), however, for the sake of explanation, I only wanted to share how I "fixed"/"made" the module work properly on my website by adding those few lines since it took me a few  tries to make it work right, just in case some other readers of this thread would face the same situation on their own website, since after all this thread points to the same version of PS I use which is PS 1.6.0.14.

Thanks again for your great modules and work which are always greatly appreciated! :)

 

Regards.

Share this post


Link to post
Share on other sites
2 hours ago, Andrea_Firenze said:

Hi guys,

I've installed the module and seems to work fine.

I have installed the module on 2 different site, on one it work 100% without notice (ps: 1.6.1.2). On the other (ps: 1.6.0.14), above the captcha there are this notice:

Notice: Undefined index: captcha in /home/ulqk7283/domains/advie.it/public_html/tools/smarty/sysplugins/smarty_internal_templatebase.php(157) : eval()'d code on line 240 Notice: Trying to get property of non-object in /home/ulqk7283/domains/advie.it/public_html/tools/smarty/sysplugins/smarty_internal_templatebase.php(157) : eval()'d code on line 240

5ac5e4cf09242_Schermata2018-04-05alle10_44_34.thumb.png.a14b2acefe040a2436a747ba3b8ff285.png

In attached the image.

i see the file smarty_internal_templatebase.php, but i don't know how change it.

5ac5e4decd653_Schermata2018-04-05alle10_45_03.png.9406ace64cf30a92e271efbc066b130f.png

5ac5e4e0f1786_Schermata2018-04-05alle10_45_40.thumb.png.aba96d8ed2ab51114472d40b835b17d2.png

How i can do to fix this?

 

 


On your second website, you seems to be in dev mode.
It is just a warning, if you disable the dev mode, everything should be ok.

Share this post


Link to post
Share on other sites
4 hours ago, hhennes said:


On your second website, you seems to be in dev mode.
It is just a warning, if you disable the dev mode, everything should be ok.

 

 

Thanks a lot. 

in fact I had not thought that the site was in Dev mode, I thought it was a problem of installation or php.

Now work fine on both sites.

 

Edited by Andrea_Firenze (see edit history)

Share this post


Link to post
Share on other sites

Thanks a lot!

I've just installed it following just the first steps:

Download + Copy to modules folder + Rename folder + Activate and configure with public & private key in the Back Office.

I didn't have to modify contact-form.tpl and it works!

Share this post


Link to post
Share on other sites

Can prestashop 1.5 themes is completely free and can SKT Themes free this types of themes available in this marketplace..

Share this post


Link to post
Share on other sites

Firstly thanks for the module. I just started to get a lot of spam through contact us page and it stopped after adding this module.
However is there something I have missed (after tripple checking) because I get odd bahaviour with the "send to a friend" functionality. I have PS 1.6.1.13 (with default theme) and downloaded the module from github (0.4.14). I also followed the instructions on github (https://github.com/nenes25/eicaptcha/blob/master/install-sendtoafriend.md) on how to install for send to a friend also (copied the two files). I even made diff against the files to verify the copying:

diff modules/eicaptcha/views/js/modules/sendtoafriend/sendtoafriend.js themes/default-bootstrap/js/modules/sendtoafriend/sendtoafriend.js
diff modules/eicaptcha/views/templates/front/modules/sendtoafriend/sendtoafriend-extra.tpl themes/default-bootstrap/modules/sendtoafriend/sendtoafriend-extra.tpl

Now if I go to a product and fill the fields and check the captcha then nothing happens when clicking the send button. Without checking captcha I get the error message asking to verify myself (I am not a robot).

Now the really odd part is that with a product without combinations if I click the cancel button (immediately or after filling the fields) the popup closes AND I get "product not available in this combination" even though it is a product with no combinations. But if I close the popup from the X in the top right corner everything is fine. If the product does have combinations then there is no problem.

Share this post


Link to post
Share on other sites

Hi,
This issue may be linked with your theme.
Could you please open an issue on github ?

Regards,

Share this post


Link to post
Share on other sites

Hello.

I have a mistake during installation.
What I need to add to file?

Release of version 2.0.4 for PS 1.7

 

 

eror.jpg

Share this post


Link to post
Share on other sites
On 20.07.2018 at 5:15 PM, hhennes said:

It's a false positive.
I'll fix it in next release ;)

 

Hi, Can you give me the approximate date of the next update?

Share this post


Link to post
Share on other sites

Hi,

I need to stop the .ru emails on PrestaShop 1.5.4.1. Please, is this module compatible with 1.5.4.1.?

Thank you very much for your help!

Best regards.

Devo

Share this post


Link to post
Share on other sites
On 7/28/2018 at 4:58 PM, devo said:

Hi,

I need to stop the .ru emails on PrestaShop 1.5.4.1. Please, is this module compatible with 1.5.4.1.?

Thank you very much for your help!

Best regards.

Devo

Easy... just go to seo urls and change the friendly url... contact-us to Talktous or something unique

Share this post


Link to post
Share on other sites

Hello, thanks for the module, is very useful. Just one detail, I found a js error when I try to create an account. I have the last version 2.04 with Ps 1.7.4.2. Anyway its allow me to register but if I could fix it would be better. Regards

 

recaptcha__es.js:517 Uncaught Error: reCAPTCHA has already been rendered in this element
    at Object.gY (recaptcha__es.js:517)
    at onloadCallback (iniciar-sesion?create_account=1:103)
    at GY (recaptcha__es.js:522)
    at V4 (recaptcha__es.js:509)
    at recaptcha__es.js:524
    at recaptcha__es.js:544

Share this post


Link to post
Share on other sites

Got this reply from the contactform....

1. incorrect response to CAPTCHA challenge. Please try again.

Followed the instructions.

Running PS 1.6.0.14

Share this post


Link to post
Share on other sites

Hello,

 

I installed ecaptcha and finally it did not work on my contact name. Saying that keys are not right.

Then I deinstalled and deleted the module.

Now on my contact form the button "send" does not work at all.

I don't have spam anymore, but actually nobody can write through contact form anymore.

Any ideas for non-professional user?

Already regretting installing ecaptcha

Thank you

Share this post


Link to post
Share on other sites

On prestashop 1.6.1.11

I solved inserting that code on ContactController.php 

On 2/19/2018 at 1:22 PM, TACS said:

} else if (!($gcaptcha = (int)(Tools::getValue('g-recaptcha-response')))){

    $this->errors[] = Tools::displayError('Captcha not verified');

            }

that code above didn't work, it just threw the contact page but the below code is what worked for me on 1.6.0.14

 

after the code (for me on line 53):

$this->errors[] = Tools::displayError('Bad file extension');
            } 

 

thanks at hhennes, TACS and you all.

Share this post


Link to post
Share on other sites
On 06/12/2018 at 02:14, cool cellphone case said:

erro.thumb.jpg.326738af05a40195c561aa4f540b52f4.jpgapenas a caixa de verificação "Eu não sou um robot" funciona, outras não estão a funcionar, "informações de erro" ERRO para o proprietário do site: tipo de chave inválido 

360 截图 20181206121235818.jpg

você pode verificar no meu site iphone xs max case

https://www.devicessmart.com

 

ANY SOLUTION?

I HAVE THE SAME PROBLEM...

 

 

Share this post


Link to post
Share on other sites

Great module, but it does not work during ONEPAGECHECKOUT (INSTANT CHECKOUT & CREATE ACCOUNT FORM) and 5-STEPS STANDARD CHECKOUT (only INSTANT CHECKOUT - CREATE ACCOUNT FORM works in this case). Are you able to fix it? The Captcha appears, but is not required to proceed.

Edited by karcharoth (see edit history)

Share this post


Link to post
Share on other sites
On 4/4/2018 at 3:10 PM, Muad'Dib said:

 


$message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags.

// ReCaptcha Challenge
$secretkey = Configuration::get('CAPTCHA_PRIVATE_KEY');
$remoteip = $_SERVER['REMOTE_ADDR'];

[...]

elseif (!($gcaptcha = Tools::getValue('g-recaptcha-response')) ||
              !($decode = json_decode(file_get_contents($api_url = "https://www.google.com/recaptcha/api/siteverify?secret=".$secretkey."&response=".$gcaptcha."&remoteip=".$remoteip), true)) ||
              !(intval($decode['success'] == true)))
        $this->errors[] = Tools::displayError('You need to take the Captcha challenge to use this form (Javascript).');
elseif (!$message)
        $this->errors[] = Tools::displayError('The message cannot be blank.');

 

Hello guys

I installed this module but spammers are still doing their "job" (creating new spam accounts) by disabling javascript.
I don't understand which file should I change with this code? As I understand "ContactController.php" used for "Contact us" page on site. But I need to protect also my "create an account" page. 

I have only this code in override ContactController.php (see below)
And I can't see any signs of "$message = Tools::getValue('message');" or something in this file. Please explain this for me. Should I change PHP or any TPL files? Thank you.

<?php
class ContactController extends ContactControllerCore
{
  /*
    * module: eicaptcha
    * date: 2019-04-19 17:23:56
    * version: 0.4.15
    */
    public function checkAccess() {
    return (bool)Hook::exec('contactFormAccess');
  }
  /*
    * module: eicaptcha
    * date: 2019-04-19 17:23:56
    * version: 0.4.15
    */
    public function initCursedPage() {
    parent::setMedia();
    if (!empty($this->redirect_after)) {
      parent::redirect();
    }
    if (!$this->content_only && ($this->display_header || (isset($this->className) && $this->className))) {
      parent::initHeader();
    }
    parent::initContent();
    if (!$this->content_only && ($this->display_footer || (isset($this->className) && $this->className))) {
      parent::initFooter();
    }
    parent::display();
    die;
  }
}

 

Share this post


Link to post
Share on other sites

Just wondering if anyone has a similar mod or instructions on how to add recaptcha to the customer registration page, I've managed to stop spam messages in the contact form but now they're registering with all manner of stupid names, thing is I just don't understand why because it's not like they're getting advertising or anything, anyone with any help much appreciated.

Marko

Share this post


Link to post
Share on other sites

the free ones just do the deregistration after the registration is done. firstly they fully register the person and then they afterwards make them temporary in the database.

our module is not free but the does not do this , at first instance the customer will be registered as not full member until they click link on the email.

 

 

 

 

 

Share this post


Link to post
Share on other sites

I have this same issue as many others on Presta 1.6 where hunderds of spam accounts are created.

This issue for account creation to send spam, Spam account creation seems related to this is. https://github.com/nenes25/eicaptcha/issues/96

Please check if you can work out a solution for this issue. Ill check both posts to see if there is any update. 

Till now i could only stop it with ip region blocking at server level. 

Share this post


Link to post
Share on other sites
Posted (edited)
On 4/22/2019 at 9:47 PM, Hacktronics India said:

Thank you works fine with Prestashop 1.6.17, now no more spam customers registration.

Sorry this doesn't worked, it works for human, but for bots they are able to do spam registration with www.somepornsite.domain without any issue. The Captcha has no effect on the bots.

Finally I managed to stop the spam registrations via changes in controllers/front/AuthController.php by adding the validation code in protected function processSubmitAccount().

        if(stripos(Tools::getValue('firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');
        if(stripos(Tools::getValue('customer_firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('customer_lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');

 

Edited by Hacktronics India (see edit history)

Share this post


Link to post
Share on other sites
On 4/27/2019 at 2:53 PM, Hacktronics India said:

Finally I managed to stop the spam registrations via changes in controllers/front/AuthController.php by adding the validation code in protected function processSubmitAccount().


        if(stripos(Tools::getValue('firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');
        if(stripos(Tools::getValue('customer_firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('customer_lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');

 

Hello.... Just wondering where in the protected function processSubmitAccount() section is it safe to place this code??

Share this post


Link to post
Share on other sites
22 hours ago, BeatsMe said:

Hello.... Just wondering where in the protected function processSubmitAccount() section is it safe to place this code??

I put it just before the call to // Preparing customer

Share this post


Link to post
Share on other sites

all hacktronics india did was stop a specific attack in which if  the bot fills www in firstname  lastname etc only then it will reject the form. all other attacks will continue. its not a fix , its just a temporary way around  till another type of attack happens.

Share this post


Link to post
Share on other sites
42 minutes ago, MackStores.Com said:

all hacktronics india did was stop a specific attack in which if  the bot fills www in firstname  lastname etc only then it will reject the form. all other attacks will continue. its not a fix , its just a temporary way around  till another type of attack happens.

Yes, but you can write regex and stop other attacks, you can also write a custom validator for the names, I had just posted a sample to tell, where to look, and what type of code need to be placed.

Share this post


Link to post
Share on other sites
3 minutes ago, PrestaPros said:

We've created a free module for reCaptcha. For now it is for PS 1.6, but we are going to make it also for 1.7

More details: https://prestapros.com/en/blog/free-module-recaptcha-for-prestashop-registration-form

Does this work any differently from Ei Captcha by hhennes because we have that module installed with both keys from Google and they are still able to get through the registrations? 

Thanks

Marko

Share this post


Link to post
Share on other sites

We don't know how the other module works, but in our clients shops our module works and blocks attacs

Share this post


Link to post
Share on other sites
Just now, PrestaPros said:

We don't know how the other module works, but in our clients shops our module works and blocks attacs

I'm not overly technically minded but I read it was something to do with javascript, and the bot bypasses that which is how they manage to still register.   Anything is worth a try I guess, I've blocked the last IP they used which is probably futile I know, but if it gives me a bit of breathing space until another IP is used then worth it.   

Thanks

Marko

Share this post


Link to post
Share on other sites
5 minutes ago, ThankBooks said:

I'm not overly technically minded but I read it was something to do with javascript, and the bot bypasses that which is how they manage to still register.   Anything is worth a try I guess, I've blocked the last IP they used which is probably futile I know, but if it gives me a bit of breathing space until another IP is used then worth it.   

Thanks

Marko

Validation is made in PHP. We've installed modul for a couple of shops, and no fake accouns were made so far...

Share this post


Link to post
Share on other sites
Just now, PrestaPros said:

Validation is made in PHP. We've installed modul for a couple of shops, and no fake accouns were made so far...

Ah, I'll install and see how it goes then, thanks for producing :)

Marko

Share this post


Link to post
Share on other sites
On 4/29/2019 at 12:14 PM, PrestaPros said:

We don't know how the other module works, but in our clients shops our module works and blocks attacs

Although it has stopped the spammers, it's also stopping people from using instant checkout or from even creating an account if they have already placed an item in their basket.   I had a user report this today and I tried it myself and replicated the issue.   A basic registration works OK but it's when customers add an item to their basket and then try registering using instant checkout that the issue crops up.

Share this post


Link to post
Share on other sites
38 minutes ago, ThankBooks said:

Although it has stopped the spammers, it's also stopping people from using instant checkout or from even creating an account if they have already placed an item in their basket.   I had a user report this today and I tried it myself and replicated the issue.   A basic registration works OK but it's when customers add an item to their basket and then try registering using instant checkout that the issue crops up.

Can you give a link to a shop that it doesn't work?

What is the issue? reCaptcha does not shows up? Validation shows error?

Share this post


Link to post
Share on other sites
Posted (edited)

When the customer tried registering via instant checkout, they claim reCaptcha wasn't visible, the next time they tried it challenged them with pictures but whatever they did it refused to acknowledge the user had correctly validated.   I tried too, and although it looks like it's validated, hitting the 'Save' button to register the details just returns the error "Please use recaptcha".   I had to disable the mod temporarily to allow the user to continue, but have enabled it again just now so you can see what it's doing.

 

Edited by ThankBooks (see edit history)

Share this post


Link to post
Share on other sites
On 4/26/2019 at 9:53 PM, Hacktronics India said:

Finally I managed to stop the spam registrations via changes in controllers/front/AuthController.php by adding the validation code in protected function processSubmitAccount().


        if(stripos(Tools::getValue('firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');
        if(stripos(Tools::getValue('customer_firstname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid First Name.');
        if(stripos(Tools::getValue('customer_lastname'), 'www') !== false)
            $this->errors[] = Tools::displayError('Please enter a valid Last Name.');

 

Thanks @Hacktronics India -- that seems to be a good simple solution to this particular method where the spammers are injecting things into the lastname field on the account signup form.

I took it a step further and added 'http' in addition 'www' since some of the spammy urls they're using might not include a www.

Share this post


Link to post
Share on other sites

actually, worryingly too is the fact the referrer was prestashop.com - either they've masked the referrer or the spammers are active on these forums too - how worrying is that?!

Share this post


Link to post
Share on other sites

This works great as it stopped all those Russians spammers but how to adapt it to the create an user screen? I am getting a bunch of new accounts being created with spam. Thanks

Share this post


Link to post
Share on other sites
On 1/15/2019 at 3:15 PM, karcharoth said:

Great module, but it does not work during ONEPAGECHECKOUT (INSTANT CHECKOUT & CREATE ACCOUNT FORM) and 5-STEPS STANDARD CHECKOUT (only INSTANT CHECKOUT - CREATE ACCOUNT FORM works in this case). Are you able to fix it? The Captcha appears, but is not required to proceed.

I have the same problem. Any idea how to fix it?

Share this post


Link to post
Share on other sites

hi, thanks for the guide, I installed the plugin and it seems to work, but anyway I receive fake new registrations and spam messages, does anyone know how I can solve it? thank you!

Share this post


Link to post
Share on other sites
18 hours ago, peppeg85 said:

hi, thanks for the guide, I installed the plugin and it seems to work, but anyway I receive fake new registrations and spam messages, does anyone know how I can solve it? thank you!

You can use our module but its paid and stops all kinds of spams. Easy to change contact Us url too from the modul e. plus it stops fake registrations by sending e mail for validation.

 

Share this post


Link to post
Share on other sites
On 6/30/2019 at 3:27 AM, Belus99 said:

I have the same problem. Any idea how to fix it?

It does not but our module works with One page Checkout but it is paid. additionally you get many more features

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More