Jump to content

Recommended Posts

43 minutes ago, Jack_mcs said:

Please give it a try and let me know if it doesn't work.

It seems to have worked BUT I didn't try any hacker things except for http://www.google.com as the email on the page where it asks for the email address.

The code sent a password reset email - and I was able to reset the password.

Thanks.  I just din't know IF it was necessary to do anything besides adding the include(s).  It looked like it may be necessary.

Thanks again.

BJ

Share this post


Link to post
Share on other sites
1 hour ago, tonymazz said:

In reviewing this I noticed a define missing in the languages

define('FORM_REQUIRED_INPUT', 'Enter Total Here');

That definition was added in the Frozen version. If you are using an older version of oscommerce, it probably should be removed from the honeypot code. In the display module, find this

	  tep_draw_input_field("security_check", NULL, "required aria-required=\"true\" id=\"captchaAnswer\"") .
	  FORM_REQUIRED_INPUT . '

and change to

	  tep_draw_input_field("security_check", NULL, "required aria-required=\"true\" id=\"captchaAnswer\"") . '

 

Share this post


Link to post
Share on other sites
1 hour ago, puggybelle said:

Where is MODULE_HEADER_TAGS_HONEYPOT_CREATE_ACCOUNT_SECURITY_FAILURE defined?  I can't find it.

It isn't defined. I will fix it in the next version. For now, just replace

MODULE_HEADER_TAGS_HONEYPOT_CREATE_ACCOUNT_SECURITY_FAILURE

with

'some text here'

Be sure to use the apostrophes as shown.

Share this post


Link to post
Share on other sites
1 hour ago, Chadduck said:

Thanks.  I just din't know IF it was necessary to do anything besides adding the include(s).  It looked like it may be necessary.

I'll rewrite the code in the next version. For now, if it causes problems then don't use it for that page.

Share this post


Link to post
Share on other sites
16 minutes ago, Jack_mcs said:

If you are using an older version of oscommerce, it probably should be removed from the honeypot code.

Thank you.

I am having an issue with my tests, allowing incorrect math sum to still create accounts. When the field is left empty, one cannot continue however any answer will allow the account creation. Any idea what I may be missing? Thanks again...


Tony Mazz

Share this post


Link to post
Share on other sites

@tonymazzBe sure to apply the fix to the captcha.php file mention on the last page or two.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×