Jump to content

Recommended Posts

HI @Jack_mcs . you are the legend. 😎

Thank you so much buddy. Almost spending one month on it, i finally figure that out about the captcha and honey pot. 

Its finally working on the create_accoint.php .. but one problem still here, I don't know why but for creating account, my website using this link

http://www.randpaseka.com/catalog/login.php?form=account

 

I figure that out this code coming from the login.php .  I see the code for the contact_us.php and the creating_account.php in the instruction file. Can i get it the code for the login.php. I attach my login file below, please check 

 

login.php

Share this post


Link to post
Share on other sites

You would have to edit the tep_draw_forms lines and include the other code for HP to display and verify. It is not something I can offer in a support thread. But it is not included in the package because I don't see the need for it. The most a hacker could do is guess at an email address and password.  I suppose he could have a script to try email variations but I doubt they would spend the time on such wild guessing since the chances of finding a matching pair seem very unlikely. And even if that was not an issue, there isn't anything in HP's code that could identify someone as a hacker on that page. So I suggest not bothering trying to figure that change out. 

Share this post


Link to post
Share on other sites

Even it's giving error on create_account.php .. 

after submit the form I get two errors. 

first one is "The account could not be created. Please contact us for assistance."

and second one is in header

"Warning: Wrong parameter count for round() in /home/content/98/5512298/html/catalog/includes/functions/honeypot.php on line 124"

Thanks

Share this post


Link to post
Share on other sites

The first one is not an error. That is the message displayed when Honey Pot stops a submission. 

I can't guess at the second since I don't know what your shops version is and what your Honey Pot settings are.

Share this post


Link to post
Share on other sites

even I put the right answer in the Captcha or numbers, It's showing same result (number one error). 

for the second, please see the below link of honey pot settings. 

https://tinyurl.com/y7nl9peh

also, this is my shop version 

'PROJECT_VERSION', 'osCommerce Online Merchant v2.3');

 

thanks Jack 

Share this post


Link to post
Share on other sites

I don't see anything in the settings that would cause a valid account from being created. I might be that you have a mistake in  the code in the create_account.php file. You can use the included one for a quick test. You can also the account check option to false. That will stop all of the checks on the create account page from being ran.

Also, you have the allow url and allow email settings set to true. That is fine if you want to allow that but it prevents Honey Pot from catching spammers.

Share this post


Link to post
Share on other sites

okay, I noticed, when I check account option set to false so it will bypass the numbers and captcha option. I mean if you even put the wrong value there so its still by pass and creating account instead of giving the error. and if you set to true so its giving me same two errors. 

Also, you can see new honeypot settings as you said in the link below. 

https://tinyurl.com/y8cppelb

 

the only issue we faced is that, its bypass the number and captcha option even we put the wrong value.  

Share this post


Link to post
Share on other sites

Yhe captcha code requires the latest version of the GD Library so your server may not have that version, or it may not even be installed. You will need to check with your host on that.

Share this post


Link to post
Share on other sites
On 3/6/2021 at 10:22 PM, Jack_mcs said:

Yhe captcha code requires the latest version of the GD Library so your server may not have that version, or it may not even be installed. You will need to check with your host on that.

Okay, 

I have one question, I searched and find out, The honeypot creating one hidden field in the forms to stop the bot attacks. So because we already installed honeypot, If I select "none" instead of "number" and "image" in the show captcha field so it still work, right ? I mean the hidden field still there, or no ?

 

Thanks 

Share this post


Link to post
Share on other sites
3 hours ago, sunnybutt222 said:

So because we already installed honeypot, If I select "none" instead of "number" and "image" in the show captcha field so it still work, right ? I mean the hidden field still there, or no ?

Yes, it will block spam with or without the captcha. Actually, I don't recommend using the captcha because it needlessly bothers legitimate customers.

Share this post


Link to post
Share on other sites
6 hours ago, Jack_mcs said:

Yes, it will block spam with or without the captcha. Actually, I don't recommend using the captcha because it needlessly bothers legitimate customers.

okay, I Closed that out the captcha. please see the link below to check out the screenshot of the new settings of honey pot. 

As you mentioned, its also protect spam without captcha, Please check the settings and let me know if i miss something. I checked in the Inspect element I don't see any hidden field there. 

 

Thanks

Share this post


Link to post
Share on other sites
On 3/9/2021 at 4:57 AM, sunnybutt222 said:

please see the link below

There isn't a link in your post. Also be sure to post one of the fake accounts.

Share this post


Link to post
Share on other sites

A new version has been uploaded with these changes:

  • Added an option to delete all fake accounts for those sites where there are too many to delete normally. Pro Version only.
  • Changed code to fully follow the status setting.
  • Changed code to not allow empty emails.
  • Changed the V2 database install file so it is automatic.
  • Corrected mistake in the create account page for Phoenix.
  • Corrected mistake in the captcha file for the numbers captcha.
  • Corrected a mistake in the postal code check that would allow invalid postal codes through when the option was set to both.
  • Corrected Fake Accounts check orders code to return accurate counts, Pro version only.
  • Moved the changes for the contact_us and create_account pages to the templates directory.
  • Reduced the file size of the log file.
  • Removed the check for the Purchase Without Account page.
  • Removed the return statement in the hook for Phoenix that was causing duplicate displays.

 

Share this post


Link to post
Share on other sites

The last Phoenix version I installed it into is 1.0.7.15, though it may work in later versions.  The shop files are in the Changed... directories. Although I see that older versions were uploaded so I have uploaded a new version with those changes.

Share this post


Link to post
Share on other sites
10 hours ago, Jack_mcs said:

The last Phoenix version I installed it into is 1.0.7.15, though it may work in later versions.  The shop files are in the Changed... directories. Although I see that older versions were uploaded so I have uploaded a new version with those changes.

Spoted several bugs:

- When creating account:

Notice: Undefined index: street_address in /includes/hooks/shop/siteWide/honeypot_verify.php on line 42

Notice: Undefined index: telephone in /includes/hooks/shop/siteWide/honeypot_verify.php on line 48

 

- Fake accounts:

Notice: Undefined index: PT in /admin/includes/functions/honeypot.php on line 87

Share this post


Link to post
Share on other sites
20 minutes ago, Jack_mcs said:

Please always include your version of oscommerce and php.

PHP 7.0

Phoenix 1.0.8.0

Share this post


Link to post
Share on other sites

For the telephone error, change this

$telephone = $customer_details['telephone'];

to

$telephone = ($customer_details['telephone'] ?? null);

You can do similar for the street address but that should be enabled so you may not have your modules setup completely,

For the last error, I see I didn't copy the new post code list to admin. To fix that, in includes/functions/honeypot.php copy lines 239 through 404 and copy them over lines 70 through 88 in admin/includes/functions/honeypot.php.

Share this post


Link to post
Share on other sites
1 hour ago, Jack_mcs said:

For the telephone error, change this


$telephone = $customer_details['telephone'];

to


$telephone = ($customer_details['telephone'] ?? null);

You can do similar for the street address but that should be enabled so you may not have your modules setup completely,

For the last error, I see I didn't copy the new post code list to admin. To fix that, in includes/functions/honeypot.php copy lines 239 through 404 and copy them over lines 70 through 88 in admin/includes/functions/honeypot.php.

Well.. i would sugest that you update the module with these new fixes as for sure someone else will have those bugs aswell.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×