Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

pbpBB2 and osC shared account creation


anderskiel

Recommended Posts

problem fixed

 

The "Out of range value adjusted for column ..." mysql errors are due to MySQL 5 running with a strict sql-mode.

You need to edit /etc/my.cnf and change sql-mode to something like:

 

sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"

 

Problem now fixed. still need help with this user thing!!!!

It seems to me that when you tried to register a new account, it used the next available customers_id=3, but the user_id #3 in phpbb2 user table has already been taken.

 

I will put this into my note and add some lines in the code to check phpbb_users table for the next available user_id. The fix of this issue will be included in the next upgrade.

 

If you have more phpbb2 users than osCom customers, currently this contrib will not work for you. This contrib only works if you have more osCom customers than phpbb2 users.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

  • Replies 209
  • Created
  • Last Reply

Top Posters In This Topic

This is sligtly off topic, but could maybe be incorpoated as an antispam measure!

 

AlexStudio you seem to be quite familiar with this code by now. I seem to be getting an awful lot of spam-users in the forum. Some register to promote websites others just seem to be pointless bot-registrations. Due to the redirecting for registration i have a feeling that these bots simply search for the

 

www.yoursite.com/phpbb2/profile.php?mode=register&agreed=true

 

page. Currently registrations go via the "agree to terms page" to the osc registration page. Then via an ekstra link to phpbb2 registration.

 

 

What i'm thinking is... If we change the name of the phpbb2 registration page we might be able to keep the bots trom registration. My problem is that I can't find the place to change that url. Any advise?

 

Anders

Link to comment
Share on other sites

Ok so login using the link in the header works but the login box on the portal's front page that you helped me with still redirects to index.php

 

and any attempt to logoff also takes me to index.php

 

Here's my current phpbb2/login.php

I've highlighted in red wherever I've added portal.php

 

I can't understand why if I'm setting

'logoff.php?redirect=portal.php
how can it still goto index.php after logging out ??

 

<?php

/***************************************************************************

* login.php

* -------------------

* begin : Saturday, Feb 13, 2001

* copyright : © 2001 The phpBB Group

* email : [email protected]

*

* $Id: login.php,v 1.47.2.25 2006/12/16 13:11:24 acydburn Exp $

*

*

***************************************************************************/

 

/***************************************************************************

*

* This program is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

***************************************************************************/

 

//

// Allow people to reach login page if

// board is shut down

//

define("IN_LOGIN", true);

 

define('IN_PHPBB', true);

$phpbb_root_path = './';

include($phpbb_root_path . 'extension.inc');

include($phpbb_root_path . 'common.'.$phpEx);

 

//// BOF osCommerce phpBB2 Integration v1.0

include($phpbb_root_path . 'includes/trans_osc.php');

//// EOF osCommerce phpBB2 Integration v1.0

 

//

// Set page ID for session management

//

$userdata = session_pagestart($user_ip, PAGE_LOGIN);

init_userprefs($userdata);

//

// End session management

//

 

// session id check

if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))

{

$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];

}

else

{

$sid = '';

}

 

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )

{

if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )

{

$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';

$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

 

$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try

FROM " . USERS_TABLE . "

WHERE username = '" . str_replace("\\'", "''", $username) . "'";

if ( !($result = $db->sql_query($sql)) )

{

message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);

}

 

if( $row = $db->sql_fetchrow($result) )

{

if( $row['user_level'] != ADMIN && $board_config['board_disable'] )

{

redirect(append_sid("portal.$phpEx", true));

}

else

{

// If the last login is more than x minutes ago, then reset the login tries/time

if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))

{

$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);

$row['user_last_login_try'] = $row['user_login_tries'] = 0;

}

 

// Check to see if user is allowed to login again... if his tries are exceeded

if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&

$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)

{

message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));

}

 

if( md5($password) == $row['user_password'] && $row['user_active'] )

{

$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

 

$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;

$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

 

// Reset login tries

$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);

 

if( $session_id )

{

$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";

redirect(append_sid($url, true));

}

else

{

message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);

}

}

// Only store a failed login attempt for an active user - inactive users can't login even with a correct password

elseif( $row['user_active'] )

{

// Save login tries and last login

if ($row['user_id'] != ANONYMOUS)

{

$sql = 'UPDATE ' . USERS_TABLE . '

SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '

WHERE user_id = ' . $row['user_id'];

$db->sql_query($sql);

}

}

 

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';

$redirect = str_replace('?', '&', $redirect);

 

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))

{

message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');

}

 

$template->assign_vars(array(

'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")

);

 

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');

 

message_die(GENERAL_MESSAGE, $message);

}

}

else

{

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";

$redirect = str_replace("?", "&", $redirect);

 

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))

{

message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');

}

 

$template->assign_vars(array(

'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")

);

 

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>');

 

message_die(GENERAL_MESSAGE, $message);

}

}

else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) ///////////////// LOG OUT START HERE /////////////////////////

{

// session id check

if ($sid == '' || $sid != $userdata['session_id'])

{

message_die(GENERAL_ERROR, 'Invalid_session');

}

 

if( $userdata['session_logged_in'] )

{

//// BOF osCommerce phpBB2 Integration v1.0

$sql = "select osCsid, sess_uid, sess_uip, sess_logged, sess_trans from trans_phpbb where sess_uid = '" . $userdata[ 'user_id' ] ."'";

if ( !($result = $db->sql_query($sql)) )

{

message_die(GENERAL_ERROR, 'Error in obtaining transata', '', __LINE__, __FILE__, $sql);

}

if( $row = $db->sql_fetchrow($result) )

{

$osCsid = $row[ 'osCsid' ]; //// <----------------------------------------Prepare to logoff osC

$sql = "update trans_phpbb set sess_trans = '' where sess_uid = '" . $userdata[ 'user_id' ] . "'";

$db->sql_query($sql); //// <----------------------------------------------Cleanup phpBB session data in trans_phpbb table

}

//// EOF osCommerce phpBB2 Integration v1.0

session_end($userdata['session_id'], $userdata['user_id']);

}

 

if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))

{

$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);

$url = str_replace('&', '&', $url);

redirect(append_sid($url, true));

}

//// BOF osCommerce phpBB2 Integration v1.0

else if( isset( $HTTP_GET_VARS[ 'trans' ]) && $HTTP_GET_VARS[ 'trans' ] == 'yes' )

{

header('Location: ' .HTTP_SERVER . DIR_WS_HTTP_CATALOG . 'index.php');

session_write_close();

exit();

}

else

{

header('Location: ' .HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'logoff.php?redirect=portal.php&osCsid=' . $osCsid);

session_write_close();

exit();

//// EOF osCommerce phpBB2 Integration v1.0

}

}

else

{

$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";

redirect(append_sid($url, true));

}

}

else

{

//

// Do a full login page dohickey if

// user not already logged in

//

if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))

{

$page_title = $lang['Login'];

include($phpbb_root_path . 'includes/page_header.'.$phpEx);

 

$template->set_filenames(array(

'body' => 'login_body.tpl')

);

 

$forward_page = '';

 

if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )

{

$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

 

if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )

{

$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];

$forward_match = explode('&', $forward_to);

 

if(count($forward_match) > 1)

{

for($i = 1; $i < count($forward_match); $i++)

{

if( !ereg("sid=", $forward_match[$i]) )

{

if( $forward_page != '' )

{

$forward_page .= '&';

}

$forward_page .= $forward_match[$i];

}

}

$forward_page = $forward_match[0] . '?' . $forward_page;

}

else

{

$forward_page = $forward_match[0];

}

}

}

 

$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

 

$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';

$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

 

make_jumpbox('viewforum.'.$phpEx);

$template->assign_vars(array(

'USERNAME' => $username,

 

'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],

'L_SEND_PASSWORD' => $lang['Forgotten_password'],

 

//// BOF osCommerce phpBB2 Integration v1.0

// 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

'U_SEND_PASSWORD' => HTTP_SERVER . DIR_WS_HTTP_CATALOG . 'password_forgotten.php',

//// EOF osCommerce phpBB2 Integration v1.0

 

'S_HIDDEN_FIELDS' => $s_hidden_fields)

);

 

$template->pparse('body');

 

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);

}

else

{

redirect(append_sid("portal.$phpEx", true));

}

 

}

 

?>

Link to comment
Share on other sites

**** UPDATE TO POST ABOVE ****

 

I just changed -

'S_LOGIN_ACTION' => append_sid(HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'login.php?action=process&redirect=portal.php'),

 

in "page_header" which solved the login from the box on portal front page.

 

 

My last problem is any attempt to logoff still takes me back to index.php

 

I can't understand why if I'm setting

'logoff.php?redirect=portal.php
as you told me to - how can it still goto index.php after logging out ??
Link to comment
Share on other sites

This is sligtly off topic, but could maybe be incorpoated as an antispam measure!

 

AlexStudio you seem to be quite familiar with this code by now. I seem to be getting an awful lot of spam-users in the forum. Some register to promote websites others just seem to be pointless bot-registrations. Due to the redirecting for registration i have a feeling that these bots simply search for the

 

www.yoursite.com/phpbb2/profile.php?mode=register&agreed=true

 

page. Currently registrations go via the "agree to terms page" to the osc registration page. Then via an ekstra link to phpbb2 registration.

What i'm thinking is... If we change the name of the phpbb2 registration page we might be able to keep the bots trom registration. My problem is that I can't find the place to change that url. Any advise?

 

Anders

I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it:

 

Find in phpbb2/includes/usercp_registere.php line 37-41:

if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}

Add after:

//// BOF osCommerce phpBB2 Integration v1.0
include($phpbb_root_path . 'includes/trans_osc.php');
if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) {
die("Hacking attempt");
exit;
}
//// EOF osCommerce phpBB2 Integration v1.0

This will kill all direct accesses to this file.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

**** UPDATE TO POST ABOVE ****

 

I just changed -

'S_LOGIN_ACTION' => append_sid(HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'login.php?action=process&redirect=portal.php'),

 

in "page_header" which solved the login from the box on portal front page.

My last problem is any attempt to logoff still takes me back to index.php

 

I can't understand why if I'm setting as you told me to - how can it still goto index.php after logging out ??

I am not familiar with portal, so I don't know how exactly the logoff in box is doing.

 

However, there is an 'ugly' workaround by adding a line in index.php to redirectly users to portal.php, no matter where they came from. Just that the session in store will not be cleanned up and users are still logged in with the store.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Alex

 

I will be adding some links on the oscommerce header to take the user back to phpbb2 side

 

do I need to make sure they go through "trans_phpbb" or can I just create direct links ?

Please utilize the trans_phpbb.php and add redirect target to point to what ever file in phpbb2 you want.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Good idea with the spam bot prevention.

 

The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php

 

header('Location: ' .HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'logoff.php?redirect=portal.php&osCsid=' . $osCsid);

 

Any joy with the amendments to allow admin to delete users ? - as I imagine I'm going to get a few spam one's I'll need to kill.

Link to comment
Share on other sites

phpBB2 Integration v1.2 update released.

 

Changes in v1.2:

  • Added to kill hacking attempts which called up register page directly by spam bots.
  • Added to delete phpBB2 user records when deleting customers in osCom admin.
  • Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Superb ! will I be able to update from previous release without too many probs ? as I can't do a fresh install.

 

phpBB2 Integration v1.2 update released.

 

Changes in v1.2:

  • Added to kill hacking attempts which called up register page directly by spam bots.
  • Added to delete phpBB2 user records when deleting customers in osCom admin.
  • Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page.

Link to comment
Share on other sites

Superb ! will I be able to update from previous release without too many probs ? as I can't do a fresh install.

well yes, it's easy enough and well documented in the install guide. 2 phpBB2 files drop in (might need to modify them manually if phpBB2 heavily modified) and 2 more osCommerce files modified.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php

I think I know why your logoff sends users to index.php. Fine in catalog/trans_phpbb.php line 26:

  } else $forward_page = 'index.php';

Change it to:

  } else $forward_page = 'portal.php';

Hope this works for you.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

thankyou, I'll give that a go tonight. I'm nearly finished with the site now, all I need is the MID from the bank and I'll snap on the protx module. plus a few style template changes on oscommerce side.

 

check it out - http://www.quantumproduct.co.uk

 

without your help it would not have been possible for me to get this working so ta ;)

Edited by rossoe
Link to comment
Share on other sites

Alex

 

when I update to v1.2

 

the Replace phpbb2/common.php causes a "hacking attempt" error when I try and login

obviously this is because it's trying to goto portal instead of index.

 

Is it worth me just sticking with v1.0 ?

 

I don't want it to be insecure though !

Link to comment
Share on other sites

Alex

 

when I update to v1.2

 

the Replace phpbb2/common.php causes a "hacking attempt" error when I try and login

obviously this is because it's trying to goto portal instead of index.

 

Is it worth me just sticking with v1.0 ?

 

I don't want it to be insecure though !

In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Cool, I'll have a look - it's actually only the amended common.php file that won't work due to the added hacking security. All the rest of the updates seem to work fine. I'm assuming it is getting upset with the trid being attached to a file other than index.php

 

oh by the way the change to trans_phpbb.php has totally sorted the logout :)

 

In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them.
Link to comment
Share on other sites

I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it:

 

Find in phpbb2/includes/usercp_registere.php line 37-41:

if ( !defined('IN_PHPBB') )
{
die("Hacking attempt");
exit;
}

Add after:

//// BOF osCommerce phpBB2 Integration v1.0
include($phpbb_root_path . 'includes/trans_osc.php');
if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) {
die("Hacking attempt");
exit;
}
//// EOF osCommerce phpBB2 Integration v1.0

This will kill all direct accesses to this file.

 

I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?

 

Anders

Link to comment
Share on other sites

I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?

 

Anders

Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead.

 

If the link in registration agreement page leads you to profile.php, you missed some file in phpbb2 modification, probably phpbb2/templates/subSilver/agreement.tpl

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?

If the trans_phpbb.php involved, then it could be the new security check in phpbb2/common.php line 163 - 172, which will kill any attempts with an irregular trid (presumed faking trid). It can be problematic if your osCsid has other characters than a-zA-Z0-9 (normal alphanumeric characters).

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead.

 

 

Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page?

 

Thanks

 

Anders

Link to comment
Share on other sites

Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page?

 

Thanks

 

Anders

Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true

 

You will also need to modify your phpbb2/profile.php to handle the new parameters.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true

 

You will also need to modify your phpbb2/profile.php to handle the new parameters.

 

 

Not sure exactly what you mean - but i think i have fixed it by adding

 

if ($_SERVER['HTTP_REFERER'] != "http://www.yourdomaine.com/catalog/create_account.php") 
{
die("Hacking attempt");
exit;
}

 

to the beginning of includes/usercp_register.php

 

Now i just have to see if the spammers will get around that :'(

 

Anders

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...