Jump to content



- - - - -

pbpBB2 and osC shared account creation


  • Please log in to reply
213 replies to this topic

#81   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 21 January 2007 - 05:37 PM

Alex

I will be adding some links on the oscommerce header to take the user back to phpbb2 side

do I need to make sure they go through "trans_phpbb"  or can I just create direct links ?

#82   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 21 January 2007 - 10:39 PM

View Postanderskiel, on Jan 19 2007, 03:40 AM, said:

This is sligtly off topic, but could maybe be incorpoated as an antispam measure!

AlexStudio you seem to be quite familiar with this code by now. I seem to be getting an awful lot of spam-users in the forum. Some register to promote websites others just seem to be pointless bot-registrations. Due to the redirecting  for registration i have a feeling that these bots simply search for the

www.yoursite.com/phpbb2/profile.php?mode=register&agreed=true

page. Currently registrations go via the "agree to terms page" to the osc registration page. Then via an ekstra link to phpbb2 registration.
What i'm thinking is... If we change the name of the phpbb2 registration page we might be able to keep the bots trom registration. My problem is that I can't find the place to change that url. Any advise?

Anders
I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it:

Find in phpbb2/includes/usercp_registere.php line 37-41:
if ( !defined('IN_PHPBB') )
{
	die("Hacking attempt");
	exit;
}
Add after:
//// BOF osCommerce phpBB2 Integration v1.0
include($phpbb_root_path . 'includes/trans_osc.php');
if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) {
	die("Hacking attempt");
	exit;
}
//// EOF osCommerce phpBB2 Integration v1.0
This will kill all direct accesses to this file.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#83   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 21 January 2007 - 10:48 PM

View Postrossoe, on Jan 19 2007, 04:25 AM, said:

**** UPDATE TO POST ABOVE  ****

I just changed -
'S_LOGIN_ACTION' => append_sid(HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'login.php?action=process&redirect=portal.php'),

in "page_header" which solved the login from the box on portal front page.
My last problem is any attempt to logoff still takes me back to index.php

I can't understand why if I'm setting   as you told me to - how can it still goto index.php after logging out ??
I am not familiar with portal, so I don't know how exactly the logoff in box is doing.

However, there is an 'ugly' workaround by adding a line in index.php to redirectly users to portal.php, no matter where they came from. Just that the session in store will not be cleanned up and users are still logged in with the store.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#84   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 21 January 2007 - 10:51 PM

View Postrossoe, on Jan 22 2007, 01:37 AM, said:

Alex

I will be adding some links on the oscommerce header to take the user back to phpbb2 side

do I need to make sure they go through "trans_phpbb"  or can I just create direct links ?
Please utilize the trans_phpbb.php and add redirect target to point to what ever file in phpbb2 you want.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#85   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 21 January 2007 - 10:59 PM

Good idea with the spam bot prevention.

The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php

header('Location: ' .HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'logoff.php?redirect=portal.php&osCsid=' . $osCsid);

Any joy with the amendments to allow admin to delete users ? - as I imagine I'm going to get a few spam one's I'll need to kill.

#86   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 23 January 2007 - 11:14 AM

phpBB2 Integration v1.2 update released.

Changes in v1.2:
  • Added to kill hacking attempts which called up register page directly by spam bots.
  • Added to delete phpBB2 user records when deleting customers in osCom admin.
  • Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#87   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 23 January 2007 - 11:22 AM

Superb !  will I be able to update from previous release without too many probs ?  as I can't do a fresh install.

View PostAlexStudio, on Jan 23 2007, 11:14 AM, said:

phpBB2 Integration v1.2 update released.

Changes in v1.2:
  • Added to kill hacking attempts which called up register page directly by spam bots.
  • Added to delete phpBB2 user records when deleting customers in osCom admin.
  • Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page.


#88   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 23 January 2007 - 11:32 AM

View Postrossoe, on Jan 23 2007, 07:22 PM, said:

Superb !  will I be able to update from previous release without too many probs ?  as I can't do a fresh install.
well yes, it's easy enough and well documented in the install guide. 2 phpBB2 files drop in (might need to modify them manually if phpBB2 heavily modified) and 2 more osCommerce files modified.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#89   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 23 January 2007 - 12:08 PM

View Postrossoe, on Jan 22 2007, 06:59 AM, said:

The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php
I think I know why your logoff sends users to index.php. Fine in catalog/trans_phpbb.php line 26:
  } else $forward_page = 'index.php';
Change it to:
  } else $forward_page = 'portal.php';
Hope this works for you.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#90   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 23 January 2007 - 12:22 PM

thankyou, I'll give that a go tonight. I'm nearly finished with the site now, all I need is the MID from the bank and I'll snap on the protx module. plus a few style template changes on oscommerce side.

check it out - http://www.quantumproduct.co.uk

without your help it would not have been possible for me to get this working so ta ;)

Edited by rossoe, 23 January 2007 - 12:22 PM.


#91   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 23 January 2007 - 10:29 PM

Alex

when I update to v1.2

the Replace phpbb2/common.php  causes a "hacking attempt" error when I try and login
obviously this is because it's trying to goto portal instead of index.

Is it worth me just sticking with v1.0 ?

I don't want it to be insecure though !

#92   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 23 January 2007 - 11:01 PM

View Postrossoe, on Jan 24 2007, 06:29 AM, said:

Alex

when I update to v1.2

the Replace phpbb2/common.php  causes a "hacking attempt" error when I try and login
obviously this is because it's trying to goto portal instead of index.

Is it worth me just sticking with v1.0 ?

I don't want it to be insecure though !
In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#93   rossoe

rossoe
  • Members
  • 58 posts
  • Real Name:Ross

Posted 24 January 2007 - 10:21 AM

Cool, I'll have a look - it's actually only the amended common.php file that won't work due to the added hacking security. All the rest of the updates seem to work fine. I'm assuming it is getting upset with the trid being attached to a file other than index.php

oh by the way the change to trans_phpbb.php has totally sorted the logout :)

View PostAlexStudio, on Jan 23 2007, 11:01 PM, said:

In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them.


#94   anderskiel

anderskiel
  • Members
  • 22 posts
  • Real Name:Anders

Posted 24 January 2007 - 04:45 PM

View PostAlexStudio, on Jan 21 2007, 11:39 PM, said:

I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it:

Find in phpbb2/includes/usercp_registere.php line 37-41:
if ( !defined('IN_PHPBB') )
{
	die("Hacking attempt");
	exit;
}
Add after:
//// BOF osCommerce phpBB2 Integration v1.0
include($phpbb_root_path . 'includes/trans_osc.php');
if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) {
	die("Hacking attempt");
	exit;
}
//// EOF osCommerce phpBB2 Integration v1.0
This will kill all direct accesses to this file.

I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?

Anders

#95   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 24 January 2007 - 09:35 PM

View Postanderskiel, on Jan 25 2007, 12:45 AM, said:

I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?

Anders
Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead.

If the link in registration agreement page leads you to profile.php, you missed some file in phpbb2 modification, probably phpbb2/templates/subSilver/agreement.tpl
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#96   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 24 January 2007 - 09:44 PM

View Postanderskiel, on Jan 25 2007, 12:45 AM, said:

I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something?
If the trans_phpbb.php involved, then it could be the new security check in phpbb2/common.php line 163 - 172, which will kill any attempts with an irregular trid (presumed faking trid). It can be problematic if your osCsid has other characters than a-zA-Z0-9 (normal alphanumeric characters).
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#97   anderskiel

anderskiel
  • Members
  • 22 posts
  • Real Name:Anders

Posted 24 January 2007 - 10:54 PM

View PostAlexStudio, on Jan 24 2007, 10:35 PM, said:

Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead.


Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page?

Thanks

Anders

#98   AlexStudio

AlexStudio
  • Members
  • 1,092 posts
  • Real Name:Alex Li
  • Gender:Male
  • Location:Taipei, Taiwan

Posted 24 January 2007 - 11:04 PM

View Postanderskiel, on Jan 25 2007, 06:54 AM, said:

Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page?

Thanks

Anders
Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true

You will also need to modify your phpbb2/profile.php to handle the new parameters.
Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

#99   anderskiel

anderskiel
  • Members
  • 22 posts
  • Real Name:Anders

Posted 26 January 2007 - 10:10 PM

View PostAlexStudio, on Jan 25 2007, 12:04 AM, said:

Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true

You will also need to modify your phpbb2/profile.php to handle the new parameters.


Not sure exactly what you mean - but i think i have fixed it by adding

if ($_SERVER['HTTP_REFERER'] != "http://www.yourdomaine.com/catalog/create_account.php") 
{
	die("Hacking attempt");
	exit;
}

to the beginning of includes/usercp_register.php

Now i just have to see if the spammers will get around that  :'(

Anders

#100   anderskiel

anderskiel
  • Members
  • 22 posts
  • Real Name:Anders

Posted 26 January 2007 - 10:28 PM

Oops placing it at the top cuts all access to the anything to do with the profile.php  :blink:

However moving it down to just below:

	$template->set_filenames(array(
		'body' => 'profile_add_body.tpl')
	);

that should work :D

Anders