Jump to content
olsonsp4c

osC reCaptcha

Recommended Posts

The new version is slightly delayed due to a project I'm working on coding for a client... sorry!

 

Scott

Share this post


Link to post
Share on other sites

I will be releasing the v1.4 of osC reCaptcha tomorrow. Check here for the announcement. I want to especially thank Glen for his great ideas. All of them will be implemented in this version and there are a few small errors that are corrected in the instructions. This new version will drastically change how this is implemented, making it more secure, flexible, and more easily integrated into your store.

 

Scott

Share this post


Link to post
Share on other sites

osC reCaptcha v1.4 is out: http://addons.oscommerce.com/info/6306

 

This is a major restructuring.

 

Since v1.3

----------

* Added reCaptcha box formatting options A (non-integrated color scheme and placement) and B (integrated color scheme and placement)

* Added instructions to add SSL security to reCaptcha

* Changed language define to main english file

* Added multi-language functionality

* Added database entries to secure reCaptcha keys for security purposes

* Fixed Customer Testimonials missing line

* Added update instructions

* Added additional screenshot

* Restructured instructions for changes

 

Thanks to SteveDallas for his helpful suggestions and code

 

Let me know if I missed anything!

 

Scott

Edited by olsonsp4c

Share this post


Link to post
Share on other sites

unfortunately, i don't know. you could search the reCaptcha forums or wiki to see - I did briefly and couldn't find anything conclusive on how to do it...

 

Scott

Share this post


Link to post
Share on other sites

Is this hard to include in Guest book with Anti Robot v3.0 becourse i cant get the catchka to work as it is now.

Share this post


Link to post
Share on other sites
Is this hard to include in Guest book with Anti Robot v3.0 becourse i cant get the catchka to work as it is now.

 

It wasn't made for that addon; however, I'm sure it could be adapted with some work. I don't use it personally, but you are welcome to give it a stab and let me know your progress. There would be 2 ways to figure it out.

 

1. Look where the current Captcha is and just replace it with the proper reCaptcha code

2. Remove all Captcha code you can find and then look through the file and compare with other addon inserts to determine where to put the reCaptcha code

 

Scott

Share this post


Link to post
Share on other sites

Scott,

Thanks for your work on this, I have been dealing with some moron since just before Xmas through our contact page. I went with option "A" because of your notation about possible support issues in future recaptcha releases. I would have prefered the nice clean look of Option "B" but also would rather not have to worry if and when something changes.

 

You done did a good thing and I really appreciate it. :D

 

Larry

Share this post


Link to post
Share on other sites

Hi

Just installed according to instructions in create_account.php and everything looks fine, but can register an account without filling in the form - what have I missed?

Thanks

Lollo

Share this post


Link to post
Share on other sites
Hi

Just installed according to instructions in create_account.php and everything looks fine, but can register an account without filling in the form - what have I missed?

Thanks

Lollo

 

most likely you missed the error redirect - you should go and double check all entries in that file.

 

Scott

Share this post


Link to post
Share on other sites

Hi again

Trying to get this working with the customer_testimonials_write, but how I try, I get the "The Security Code was not entered correctly: (reCAPTCHA output: incorrect-captcha-sol)". SSL is activated on my site, and I have tried both SSL and no SSL version, but same result - seems as something is not correct. What can I check?

Thanks

Lollo

Share this post


Link to post
Share on other sites
Hi again

Trying to get this working with the customer_testimonials_write, but how I try, I get the "The Security Code was not entered correctly: (reCAPTCHA output: incorrect-captcha-sol)". SSL is activated on my site, and I have tried both SSL and no SSL version, but same result - seems as something is not correct. What can I check?

Thanks

Lollo

 

are you using the integrated or non-integrated look? are you using Customer Testimonials 3.62?

 

Scott

Share this post


Link to post
Share on other sites
are you using the integrated or non-integrated look? are you using Customer Testimonials 3.62?

 

Scott

 

 

Latest download, ver 3.62, non integrated look. I got it to work fine in the create_account + contact_us page.

 

/Lollo

Share this post


Link to post
Share on other sites
Latest download, ver 3.62, non integrated look. I got it to work fine in the create_account + contact_us page.

 

/Lollo

 

have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

Share this post


Link to post
Share on other sites
have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

 

Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

<!-- body //-->

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

<!-- start modification for reCaptcha -->

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- end modification for reCaptcha -->

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

Share this post


Link to post
Share on other sites
have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

 

Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

<!-- body //-->

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

<!-- start modification for reCaptcha -->

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- end modification for reCaptcha -->

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

Share this post


Link to post
Share on other sites
have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

 

Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

<!-- body //-->

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

<!-- start modification for reCaptcha -->

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- end modification for reCaptcha -->

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

Share this post


Link to post
Share on other sites
have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

 

Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

<!-- body //-->

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

<!-- start modification for reCaptcha -->

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- end modification for reCaptcha -->

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

Share this post


Link to post
Share on other sites
have you gone back through the steps for the customer testimonials reCaptcha to make sure it was installed correctly? It sounds like you are missing a part of the code.

 

Scott

 

Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

<!-- body //-->

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

<!-- start modification for reCaptcha -->

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- end modification for reCaptcha -->

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

Share this post


Link to post
Share on other sites
Hi again,

 

I have tried to re install this part (it works on create account and contact_us), with the same result. I do not understand, due to my limited skill here. Have tried with both

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>"

 

and

 

"<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY, null, ($request_type == 'SSL')); ?></td>"

 

This is the present code:

 

"<?php

/*

$Id: customer_testimonials.php 10/20/2008 Exp $

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CUSTOMER_TESTIMONIALS);

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

$testimonials_error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'insert')) {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

 

if (empty($testimonials_title)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_TITLE_REQUIRED);

}

if (empty($testimonials_name)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_NAME_REQUIRED);

}

if (empty($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_EMAIL_REQUIRED);

}

if (!tep_validate_email($testimonials_email)) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (empty($html_text)) {

$testimonials_error = true;

$messageStack->add('testimonials', ERROR_TESTIMONIALS_DESCRIPTION_REQUIRED);

}

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (!$resp->is_valid) {

$testimonials_error = true;

$messageStack->add('testimonials', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

// end modification for reCaptcha

 

if (!$testimonials_error) {

$sql_data_array = array('testimonials_title' => $testimonials_title,

'testimonials_location' => $testimonials_location,

'testimonials_name' => $testimonials_name,

'testimonials_email' => $testimonials_email,

'testimonials_html_text' => $html_text);

 

if ($HTTP_GET_VARS['action'] == 'insert') {

$insert_sql_data = array('date_added' => 'now()',

'status' => '0');

$sql_data_array = array_merge($sql_data_array, $insert_sql_data);

tep_db_perform(TABLE_CUSTOMER_TESTIMONIALS, $sql_data_array);

$testimonials_id = tep_db_insert_id();

// email notification added by maestro

$email_text = TESTIMONIAL_NOTIFICATION_TEXT . $testimonials_name . TESTIMONIAL_CONJ . $testimonials_location . '.' . "\n\n" .

TESTIMONIAL_NOTIFICATION_TITLE . $testimonials_title . "\n\n" .

TESTIMONIAL_NOTIFICATION_HTML_TEXT . $html_text . "\n\n" .

TESTIMONIAL_NOTIFICATION_APPROVE;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, TESTIMONIAL_NOTIFICATION_SUBJECT, $email_text, $testimonials_name, $testimonials_email);

}

$testimonials_id = '';

$testimonials_title = '';

$testimonials_location = '';

$testimonials_name = '';

$testimonials_email = '';

$html_text = '';

tep_redirect(tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=success'));

} else {

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

$testimonials_title = tep_db_prepare_input($HTTP_POST_VARS['testimonials_title']);

$testimonials_location = tep_db_prepare_input($HTTP_POST_VARS['testimonials_location']);

$testimonials_name = tep_db_prepare_input($HTTP_POST_VARS['testimonials_name']);

$testimonials_email = tep_db_prepare_input($HTTP_POST_VARS['testimonials_email']);

$html_text = tep_db_prepare_input($HTTP_POST_VARS['html_text']);

}

}

 

$breadcrumb->add(NAVBAR_TITLE2, tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

 

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

 

 

<table width="100%">

<tr>

<td width="2%" class="col_left"><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?></td>

<td width="96%"><table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="100%" valign="top">

 

<form name="customer_testimonial" method="post" action="<?php echo tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS_WRITE, 'action=insert', 'SSL'); ?>">

<tr>

<td width="100%" class="col_center">

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading" colspan="2"><?php echo HEADING_TITLE2; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('testimonials') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('testimonials'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo TEXT_TESTIMONIALS_SUCCESSFUL; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$testimonials_name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$testimonials_email = $account['customers_email_address'];

}

?>

<tr>

<td>

<table width="100%" border="0" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_INTRO; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td><table align="center" width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><b><?php echo TEXT_TESTIMONIALS_WRITE; ?></b></td>

<td class="inputRequirement" align="right"><?php echo FORM_REQUIRED_INFORMATION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td class="infoBox"><table width="100%" border="0" cellspacing="0" cellpadding="7" class="infoBoxContents">

<tr>

<td><table width="100%" border="0" cellspacing="0" cellpadding="0">

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_TITLE; ?><br>

<?php echo tep_draw_input_field('testimonials_title', $testimonials_title, '', true); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_NAME; ?><br>

<?php echo tep_draw_input_field('testimonials_name', $testimonials_name, '', true); ?> <span class="inputRequirement">*</span></td>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_EMAIL; ?><br>

<?php echo tep_draw_input_field('testimonials_email'); ?> <span class="inputRequirement">*</span></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td class="main"><?php echo TEXT_TESTIMONIALS_LOCATION; ?><br>

<?php echo tep_draw_input_field('testimonials_location', $testimonials_location); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>

</tr>

<tr>

<td valign="top" class="main"><?php echo TEXT_BANNERS_HTML_TEXT; ?> <span class="inputRequirement">*</span><br>

<?php echo tep_draw_textarea_field('html_text', 'soft', '130', '10', $html_text); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr></table>

<table cellpadding="0" cellspacing="0" border="0">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr><td class="main"><b><?php echo ENTRY_SECURITY_CHECK1; ?></b></td></tr></table>

<?php echo tep_draw_infoBox_top(); ?>

 

<table border="0" width="100%" cellspacing="0" cellpadding="2">

 

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" cellspacing="2" cellpadding="2">

<tr>

<?php

$languages_query = tep_db_query("select code from " . TABLE_LANGUAGES . " where directory = '" . $language . "'");

$language_id = tep_db_fetch_array($languages_query);

?>

<script>

var RecaptchaOptions = {

theme : 'clean',

tabindex : 3,

lang : '<?php if (in_array($language_id['code'] ,array('en', 'nl', 'fr', 'de', 'pt', 'ru', 'es', 'tr'))) {echo $language_id['code']; } else {echo 'en'; } ?>',

};

</script>

<td><?php echo recaptcha_get_html(RECAPTCHA_PUBLIC_KEY); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

 

</table>

 

<?php echo tep_draw_infoBox_bottom(); ?>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td class="main" align="left" valign="middle"><?php echo '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS) . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>

<td class="main" align="right" valign="middle"><?php echo tep_image_submit('button_submit.gif', IMAGE_BUTTON_SUBMIT); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table>

 

</td>

</tr>

</table>

 

</td>

</tr>

</table>

</form></td>

</tr>

<?php

}

?>

</table>

 

 

</td>

<td width="2%" class="col_right"><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?></td>

</tr>

</table>

 

 

 

 

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

 

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>"

 

If I do not use this tool on this page, will the

 

"function ct_sanitise($vartosanitise) {

$vartosanitise = preg_replace("/[^0-9]/i", "", $vartosanitise);

return $vartosanitise;

}"

 

which is implemented on the customer_testimonials protect the page?

 

Maybe it has something to do with the "SSL" function. Has tried to switch on and off in OsCommerce, but same result.

 

Maybe you see what is wrong right away.

 

 

Thanks

 

Lollo

 

It could be that the form tag has not been moved into proper placement, that is my guess - i looked at the rest of the code and it looks good - I have it working on three different sites currently for customer_testimonials and have installed for many other clients and it dropped in just fine... wish I could help more.

 

Scott

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×