pete2007 Posted August 14, 2020 Share Posted August 14, 2020 Oscommerce Version: 2.3.4 Hello, we are trying to add a Google Recaptcha to the customer login form by editing the following files: includes/modules/content/login/templates/login_form.php includes/modules/content/login/cm_login_form.php The google recaptcha tick box is visible but we are able to login without ticking the box. Are we editing the correct files? Thank you in advance. Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 14, 2020 Share Posted August 14, 2020 If you want to use Google Recaptcha, there is an addon for it. I don't know the link but you should be able to find it in the apps section. But I suggest you install the more powerful Honey Pot addon instead. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
pete2007 Posted August 14, 2020 Author Share Posted August 14, 2020 Hi Jack, Thank you for your reply. I think you installed the honey pot addon for us? How can we use it for the login form or does this work instantly? Thanks, Pete Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 14, 2020 Share Posted August 14, 2020 Hi Pete, Sorry, didn't recognize your username. It is possible to enable HP on that page but there aren't any checks in the code that would catch a spammer. To be clear, when you go to .../login.php, there is an option to login to an existing account or a button to create a new account. Are you trying to prevent both of those options from working? It seems a waste of time to check the login since the person will already have an account at that point. If it is the new account page, that should already be handled by HP. Please describe what it is you are trying to do in more detail and I'll take another look. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
pete2007 Posted August 14, 2020 Author Share Posted August 14, 2020 3 minutes ago, Jack_mcs said: Hi Pete, Sorry, didn't recognize your username. It is possible to enable HP on that page but there aren't any checks in the code that would catch a spammer. To be clear, when you go to .../login.php, there is an option to login to an existing account or a button to create a new account. Are you trying to prevent both of those options from working? It seems a waste of time to check the login since the person will already have an account at that point. If it is the new account page, that should already be handled by HP. Please describe what it is you are trying to do in more detail and I'll take another look. Hi Jack, Thank you for your reply. All I was trying to do is add the recaptcha to the returning customer login section, isn't worth installing here? I thought it may prevent any brute force attempts etc.. We already have the recaptcha inside the register an account page. Thanks, Pete Link to comment Share on other sites More sharing options...
Jack_mcs Posted August 14, 2020 Share Posted August 14, 2020 49 minutes ago, pete2007 said: All I was trying to do is add the recaptcha to the returning customer login section, isn't worth installing here? I thought it may prevent any brute force attempts etc.. First, take a look at admin->Modules->Action Recorder for the login module. You can set the time between tries as well as how many tries. Second, in the cm_login_form.php file, after $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); add this if (substr_count($email_address, '@') > 1) { $error = true; } else { and find } if ($error == true) { and change to } } if ($error == true) { The above changes will prevent attacks where the spammer tries to enter multiple email addresses. I don't know if a spammer would try that on a login page but it won't hurt to add it just in case. Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
pete2007 Posted August 14, 2020 Author Share Posted August 14, 2020 Thank you Jack once again, most appreciated. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.