Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

a hack so beautiful (contact us)


yanarasod

Recommended Posts

i found in the contact page, that anyone sending a email can press the submit button and then click on stop button in their browser and i still recieved email, i tried this 3 times and and all those 3 emails reached me. i want to disable the function so that once pressed it doesn't allow clicking any more. this could allow anyone sending a lot of messages. any help appreciated??

Link to comment
Share on other sites

has anyone got a working solution to it

What has this to do with a hack ?! If you press submit from within osCommerce and Stop from your browser it depends on what point the script is if the email is already sent yes or no, nothing strange, hacking or whatever with that. It could be annoying if someone starts spamming you that way but besides recording IP's and make the Submit button dissapear if pressed once from a particular IP the best thing would be to install a contribution like Visual Verify Code over here

There would be a hack if the contact us page could be used to sent spam emails to other people through your shop.

Link to comment
Share on other sites

ok my question is:

 

i found this on dynamic drive

 

http://www.dynamicdrive.com/dynamicindex11/submitonce.htm

 

it disables the button once clicked, so can i remove the image button with that traditional button (as in dynamic drive's example), can it be done??

 

Their own note and besides that still Javascript dependant.

Note that the disabling effect is applied only to IE 4+ and NS 6+ browsers. All other browsers will still be able to sneak by and submit the form (degrades well). Also, the disabled buttons can easily be resurrected by reloading the page.
Link to comment
Share on other sites

ok, i think should forget it.

 

can you pllease tell me how do i add a extra field to the contact page, also print it in the email i recieve. many thanks in advance

Try this. Edit your (catalog)/contact_us.php:

 

Find

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {
?>

and replace with

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');
?>

 

Find

<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

and replace with

<?php if (!tep_session_is_registered('contactussubmitalreadyclicked')) { ?>				
				<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
<?php } else { ?>
				<td align="right">Picture 'Middle Finger' or whatever you feel approriate</td>

<?php } ?>

Link to comment
Share on other sites

Try this. Edit your (catalog)/contact_us.php:

 

Find

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {
?>

and replace with

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');
?>

 

Find

<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

and replace with

<?php if (!tep_session_is_registered('contactussubmitalreadyclicked')) { ?>				
				<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
<?php } else { ?>
				<td align="right">Picture 'Middle Finger' or whatever you feel approriate</td>

<?php } ?>

 

you cannot use php code for this as it is an entirely client-side issue.

You can only do this by disabling the button or replacing it via javascript on the client-side.

I personally replace the button with a "please wait" image the moment the button is pressed.

Treasurer MFC

Link to comment
Share on other sites

you cannot use php code for this as it is an entirely client-side issue.

You can only do this by disabling the button or replacing it via javascript on the client-side.

I personally replace the button with a "please wait" image the moment the button is pressed.

 

you could ofcourse create an email flood control server side with a timer which will not allow more than 1 email per minute for instance.

 

I use email queue so all emails are stored first in there so I could even make a check to see if the same client has already send another email within a certain timeframe and if so mark the email as "on hold" for manual release.

Treasurer MFC

Link to comment
Share on other sites

you cannot use php code for this as it is an entirely client-side issue.

You can only do this by disabling the button or replacing it via javascript on the client-side.

I personally replace the button with a "please wait" image the moment the button is pressed.

Hi Amanda,

 

Just try it and you should see the button disapear. The contact_us page calls itself again to see if there is success and so you can create a session upon that which will stay valid until the customer session ends.

Javascript solutions would be problematic indeed as those rely on the client browser settings.

 

Howard

Link to comment
Share on other sites

Hi Amanda,

 

Just try it and you should see the button disapear. The contact_us page calls itself again to see if there is success and so you can create a session upon that which will stay valid until the customer session ends.

Javascript solutions would be problematic indeed as those rely on the client browser settings.

 

Howard

 

ofcourse but only 1 email per session? Then make it a timestamp and unregister the variable after 5 minutes have past.

 

besides, I thought the problem was that users can click 2,3,4 times rapidly on the send button (before the page switches) and thus launching multiple duplicate emails. The same feature reported earlier with the order confirmation button.

Treasurer MFC

Link to comment
Share on other sites

ofcourse but only 1 email per session? Then make it a timestamp and unregister the variable after 5 minutes have past.

 

besides, I thought the problem was that users can click 2,3,4 times rapidly on the send button (before the page switches) and thus launching multiple duplicate emails. The same feature reported earlier with the order confirmation button.

didn't read about that earlier 'feature' but I was a bit to quick and you are correct that the earlier solution doesn't work against rapid clicking.

The following little change should though:

	if (tep_validate_email($email_address) && (!tep_session_is_registered('contactussubmitalreadyclicked'))) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);
// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');

The

	// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');

with the 'success' part can be removed.

 

The caveat is indeed just one mail per session which might be unacceptable (or not) and you could add some time trigger or whatever somewhere to re-activate the button.

Link to comment
Share on other sites

hi, just a little confused with the final version of the code, is the final

 

Find

 if (tep_validate_email($email_address)) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

 

and replace with

  if (tep_validate_email($email_address) && (!tep_session_is_registered('contactussubmitalreadyclicked'))) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);
// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');

 

 

Find

<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

 

and replace with

 

<?php if (!tep_session_is_registered('contactussubmitalreadyclicked')) { ?>				
				<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
<?php } else { ?>
				<td align="right">Picture 'Middle Finger' or whatever you feel approriate</td>

<?php } ?>

Link to comment
Share on other sites

hi, just a little confused with the final version of the code, is the final

 

Find

 if (tep_validate_email($email_address)) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

 

and replace with

  if (tep_validate_email($email_address) && (!tep_session_is_registered('contactussubmitalreadyclicked'))) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);
// Disable Submit button after been clicked once
tep_session_register('contactussubmitalreadyclicked');

Find

<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

 

and replace with

 

<?php if (!tep_session_is_registered('contactussubmitalreadyclicked')) { ?>				
				<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
<?php } else { ?>
				<td align="right">Picture 'Middle Finger' or whatever you feel approriate</td>

<?php } ?>

That's it. But be aware that this only gives one email possibility per session so might not suit your needs. It could be enhanced with a counter (maybe even admin configurable) or something for more flexibility.

Link to comment
Share on other sites

ok, i will always be aware of that. one last time the same question, can i use dynamicdrive.com's example which posted earlier in the topic. it uses a button instead of a image and as such the button is disabled, so the user needs to refresh or come back to page again. can i replacre the image with the button. the only doubt i am having is whehthere tha image buttons is associated with any kind of security. thanks

Link to comment
Share on other sites

ok, i will always be aware of that. one last time the same question, can i use dynamicdrive.com's example which posted earlier in the topic. it uses a button instead of a image and as such the button is disabled, so the user needs to refresh or come back to page again. can i replacre the image with the button. the only doubt i am having is whehthere tha image buttons is associated with any kind of security. thanks

Instead of

					<td align="right">Picture 'Middle Finger' or whatever you feel approriate</td>

you can show whatever you like.

Link to comment
Share on other sites

actually howard I think your very first suggestion with vvc is as good as it can get. It is what I deploy.

 

So when the form is submitted the vvc is checked. Even if you place a bot re-submitting the same arguments the php part of the vvc will generate another code and it will fail. So no accidental or intentional re-submission is possible.

Link to comment
Share on other sites

actually howard I think your very first suggestion with vvc is as good as it can get. It is what I deploy.

 

So when the form is submitted the vvc is checked. Even if you place a bot re-submitting the same arguments the php part of the vvc will generate another code and it will fail. So no accidental or intentional re-submission is possible.

Yes, I agree vvc is the most elegant solution but for those who do not seem to like vvc for some reason it is an alternative (though a bit restrictive this way :D ).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...