Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HoneyPot Captcha


Jack_mcs

Recommended Posts

@Jack_mcs Hi Jack is your honeypot meant to look like the image below as it appears to have grid list in it as well

I downloaded this from https://apps.oscommerce.com/t3rEO&honey-pot-captcha

and uploaded the includes folder from the v234 new files directory

I will go an un-install a download and ftp again and see if it's different

 

image.png.f49e9e584adaf4c43c20674ec28354ae.png

Link to comment
Share on other sites

That's just the result of using an existing module as the source to saving coding time. The text itself can be ignored but you need to check the pages that have forums on them.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Maybe I misunderstood. I understood your post to be about the mention of the grid/list line. I don't see any mention about saving bad words. The "have forums on them" should have been "have forms on them". This addon only works on pages that have forms, like contact us and create account. As for the bad words, they are entered in the modules settings.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

9 hours ago, SCH_001 said:

Hi Jack, I have just installed this on osCommerce Online Merchant v2.3.4.1 CE aka Frozen BS and when I enter a word in the bad word area and click save the bad words not saved

I also added the extra TOR IP's part as per above

Can you please assist

Thanks Jack, yes just putting it on the contact us page, and yes have that ticked in admin but seems to have not made a difference. So want to add some bad words but they will not save see my other posts one page back

Edited by SCH_001
Link to comment
Share on other sites

If you can't save the words, then something is wrong with your installation. The bad words is just another setting so there's no reason why one setting won't save but others will. But since you said this has not made a difference, I am wondering if you have the email and url options set to false. If they are set to true then spam emails won't be blocked. Have you tried sending an email with the contact us page that has an email address in it?

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Ok lets work on one item at a time, How can I correct the installation?
I have already uninstalled and re-installed and it has made no difference. I have also installed it on a test version of frozen and still won't save bad words

Also tested on Phoenix and same issue won't save bad words

Can we get this sorted first..

Link to comment
Share on other sites

  • 2 months later...

A new version has been uploaded with these changes:

  • Added an option to record known bad IP's from an external site and to check those at run-time.
  • Added an option to display a math captcha.
  • Added an option to block accounts that have numbers in the name.
  • Added an option to block accounts that have letters in the phone and fax fields.
  • Added an option to log details for create account attempts.
  • Added check for an account field containing html.
  • Added optional code change to fix a known problem with oscommerce handling textareas in configuration.
  • Corrected a logic error that would prevent the bad words filter from working for create account.
  • Corrected a mistake in the database commands for older shops.
  • Moved display text to a language file.

Some Notes:

This is not a direct replacement as previous versions were. Please follow the included instructions. Basically, you will need to remove any previous changes before applying these.

The new IP List option creates a list of known bad IP's provided by myip.ms. But they only supply a limited number on their site to prevent large files from being downloaded. So there is a cron script in the package that will check their site and add any new IP's they find to be bad. I run the script daily but you may wish to run it more often or less. But if you go beyond five days or so, you may miss some of the additions so I don't recommend that.

I added the match captcha at the request of one of my clients. Personally, I don't care for any challenge being presented to the visitor. To get rid of that was one of the main reasons for creating this addon. But it is there for those that want it.

I saw on these forums that Honey Pot wasn't always catching fake accounts. I spoke with one person about this privately and the reason was, for him at least, that he did not have the "Create Account Check" option enabled. That setting is the on/off switch for all of the account checks. It should always be on if you want to use any of the account checking options.

If you find that Honey Pot didn't block a fake account, please take a screenshot of that account in the customers section in admin and post it here along with what settings you are using for the Honey Pot module and I will take a look.

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thank You, @Jack_mcs

I just finished installing it and all appears to be well except for the math captcha.

It appears onscreen in all the forms I've assigned Honeypot to use, but it doesn't work for me.

For example, I'll fill out create account with legit information and then answer the captcha question:

7 + 2 = and in the accompanying text field I'll type in 9 and then try to submit but it will fail. 

My error log is showing this:

[04-Nov-2019 16:54:12 UTC] PHP Warning:  imagecolordeallocate() expects exactly 2 parameters, 1 given in /home/xxxx/public_html/captcha.php on line 56
[04-Nov-2019 16:54:12 UTC] PHP Warning:  imagecolordeallocate() expects exactly 2 parameters, 1 given in /home/xxxx/public_html/captcha.php on line 57

...and that just goes whoosh over my head.  If you could please take a look I'd appreciate it!

- Andrea

Link to comment
Share on other sites

@puggybelleThat's strange. I ran it here with full errors enabled and php 7.3 and it didn't fail. But to fix it, find the following in the captcha.php file:

imagecolordeallocate( $text_color );
imagecolordeallocate( $background );

and change them to

imagecolordeallocate( $img, $text_color );
imagecolordeallocate( $img, $background );

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Hi @Jack_mcs

I changed those two entries in captcha.php and still not working.

No new entries in the error log, but...still can't create an account or send via Contact Us with the captcha enabled.

If Show Math Captcha is set to False, everything is fine.  It is stopping accounts with more than 2 words for first name, more than 1 for last name, not allowing numbers in the fields, etc.  It's just this one feature that won't cooperate!  Ugh!

I'm using PHP 7.0 for what it's worth. 

- Andrea

Link to comment
Share on other sites

The code requires the GD library and that may not be enabled on your server. To check it, go to admin->Tools->Server info and search for "GD Support". It should show enabled. If it isn't enabled or just not there, you will need to ask your host to enable it.

If that isn't the problem, please visit the page in IE, or any browser that shows missing images. In IE, it will be shown with an X on a black background. Right click on it and choose properties. The url should be the one to that file. Is it?

If both fail, after the application_top.php line near the top of the create_account.php file, add this under it. Then reload the page and see if there are any errors.

  error_reporting(E_ALL);
  ini_set('display_errors','1'); 

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

GD Support is enabled.

The captcha image is not missing in any web browser.

And when I turned on the error reporting...what a mess!

Lots of errors, but none related to Honeypot Captcha.  Lots of deprecated constructor errors, stuff like that.

Some of the contribs I'm using and whatnot. 

Does this look normal?  From create_account.php

question.JPG.0dfce6260f77f6381cce120c16907554.JPG

- Andrea

Link to comment
Share on other sites

I enabled the Honeypot setting in Log Tracker to Both, so I'm receiving emails when I try to create an account.

First thing in the email is my IP address, followed by: 

11-04-2019: Denied due to captcah

Captcha is misspelled - could there be typos in the contribution causing a problem? 

- Andrea

Link to comment
Share on other sites

39 minutes ago, puggybelle said:

Captcha is misspelled - could there be typos in the contribution causing a problem? 

Not exactly a typo, but in captcha.php try changing

// set session variable to total
$_SESSION['check'] = $numero;

to

// set session variable to total
$_SESSION['security_check'] = $numero;

to match the usage in includes/functions/honeypot.php

Always back up before making changes.

Link to comment
Share on other sites

Jack

My live store is OSC 2.3.4.1 and I just installed the HoneyPot Captcha and it appears to be working.

BUT a Quick question - at present I have it enabled for these pages

contact_us.php
create_account.php
password_reset.php
tell_a_friend.php

SHOULD it also be enabled for any others?

There are 57 in the setup - should it be enabled for ALL of them?

BTW I am updating to FROZEN and will be installing this in it also.

BJ

Link to comment
Share on other sites

5 hours ago, puggybelle said:

Does this look normal?  From create_account.php

Yes, that is correct. Did you make a change or were just expecting something else?

 

4 hours ago, puggybelle said:

Captcha is misspelled - could there be typos in the contribution causing a problem? 

No, it's not used in the code other than the actual file but that is working. The above is just due to a typo.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

1 hour ago, Chadduck said:

SHOULD it also be enabled for any others?

The only pages that matter are the ones with forms on them. You need to add the two include statements to the ones you want to protect. See the install instructions for the contact us page and make those same changes for the password_reset page. The others have coded examples already. Each page with a form will have error checking for the form near the top. The verify statement goes there. The display statement goes above the submit button code for the page.

1 hour ago, Chadduck said:

BTW I am updating to FROZEN and will be installing this in it also.

Frozen is no longer supported as an oscommerce package. You should be upgrading to Phoenix.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...