Jump to content
pete2007

Adding Google Recaptcha to Customer Login Form

Recommended Posts

Oscommerce Version: 2.3.4

Hello, we are trying to add a Google Recaptcha to the customer login form by editing the following files:

includes/modules/content/login/templates/login_form.php
includes/modules/content/login/cm_login_form.php

The google recaptcha tick box is visible but we are able to login without ticking the box.

Are we editing the correct files? Thank you in advance.

 

Share this post


Link to post
Share on other sites

If you want to use Google Recaptcha, there is an addon for it. I don't know the link but you should be able to find it in the apps section. But I suggest you install the more powerful Honey Pot addon instead.

Share this post


Link to post
Share on other sites

Hi Jack,

Thank you for your reply.

I think you installed the honey pot addon for us? How can we use it for the login form or does this work instantly?

Thanks,

Pete

Share this post


Link to post
Share on other sites

Hi Pete,  

Sorry, didn't recognize your username.  It is possible to enable HP on that page but there aren't any checks in the code that would catch a spammer. To be clear, when you go to .../login.php, there is an option to login to an existing account or a button to create a new account. Are you trying to prevent both of those options from working? It seems a waste of time to check the login since the person will already have an account at that point. If it is the new account page, that should already be handled by HP. Please describe what it is you are trying to do in more detail and I'll take another look.

Share this post


Link to post
Share on other sites
3 minutes ago, Jack_mcs said:

Hi Pete,  

Sorry, didn't recognize your username.  It is possible to enable HP on that page but there aren't any checks in the code that would catch a spammer. To be clear, when you go to .../login.php, there is an option to login to an existing account or a button to create a new account. Are you trying to prevent both of those options from working? It seems a waste of time to check the login since the person will already have an account at that point. If it is the new account page, that should already be handled by HP. Please describe what it is you are trying to do in more detail and I'll take another look.

Hi Jack,

Thank you for your reply.

All I was trying to do is add the recaptcha to the returning customer login section, isn't worth installing here? I thought it may prevent any brute force attempts etc..

We already have the recaptcha inside the register an account page.

Thanks,
Pete

Share this post


Link to post
Share on other sites
49 minutes ago, pete2007 said:

All I was trying to do is add the recaptcha to the returning customer login section, isn't worth installing here? I thought it may prevent any brute force attempts etc..

First, take a look at admin->Modules->Action Recorder for the login module. You can set the time between tries as well as how many tries. 

Second, in the cm_login_form.php file, after 

        $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);      

add this

        if (substr_count($email_address, '@') > 1) {
          $error = true;
        } else {     

and find

      }

      if ($error == true) {

and change to 

       }
      }

      if ($error == true) {

The above changes will prevent attacks where the spammer tries to enter multiple email addresses. I don't know if a spammer would try that on a login page but it won't hurt to add it just in case.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×