AlexStudio Posted January 18, 2007 Posted January 18, 2007 problem fixed The "Out of range value adjusted for column ..." mysql errors are due to MySQL 5 running with a strict sql-mode. You need to edit /etc/my.cnf and change sql-mode to something like: sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" Problem now fixed. still need help with this user thing!!!! It seems to me that when you tried to register a new account, it used the next available customers_id=3, but the user_id #3 in phpbb2 user table has already been taken. I will put this into my note and add some lines in the code to check phpbb_users table for the next available user_id. The fix of this issue will be included in the next upgrade. If you have more phpbb2 users than osCom customers, currently this contrib will not work for you. This contrib only works if you have more osCom customers than phpbb2 users. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
Optimalkiller Posted January 18, 2007 Posted January 18, 2007 (edited) All problems have been resolved. user error. I made sure that I have the exact amount of users onthe forum and osCommerce. All working now. BTW A big thank you to you for a great mod. Cheers Edited January 18, 2007 by Optimalkiller Quote
anderskiel Posted January 18, 2007 Author Posted January 18, 2007 This is sligtly off topic, but could maybe be incorpoated as an antispam measure! AlexStudio you seem to be quite familiar with this code by now. I seem to be getting an awful lot of spam-users in the forum. Some register to promote websites others just seem to be pointless bot-registrations. Due to the redirecting for registration i have a feeling that these bots simply search for the www.yoursite.com/phpbb2/profile.php?mode=register&agreed=true page. Currently registrations go via the "agree to terms page" to the osc registration page. Then via an ekstra link to phpbb2 registration. What i'm thinking is... If we change the name of the phpbb2 registration page we might be able to keep the bots trom registration. My problem is that I can't find the place to change that url. Any advise? Anders Quote
rossoe Posted January 18, 2007 Posted January 18, 2007 Ok so login using the link in the header works but the login box on the portal's front page that you helped me with still redirects to index.php and any attempt to logoff also takes me to index.php Here's my current phpbb2/login.php I've highlighted in red wherever I've added portal.php I can't understand why if I'm setting 'logoff.php?redirect=portal.php how can it still goto index.php after logging out ?? <?php/*************************************************************************** * login.php * ------------------- * begin : Saturday, Feb 13, 2001 * copyright : © 2001 The phpBB Group * email : [email protected] * * $Id: login.php,v 1.47.2.25 2006/12/16 13:11:24 acydburn Exp $ * * ***************************************************************************/ /*************************************************************************** * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * ***************************************************************************/ // // Allow people to reach login page if // board is shut down // define("IN_LOGIN", true); define('IN_PHPBB', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); //// BOF osCommerce phpBB2 Integration v1.0 include($phpbb_root_path . 'includes/trans_osc.php'); //// EOF osCommerce phpBB2 Integration v1.0 // // Set page ID for session management // $userdata = session_pagestart($user_ip, PAGE_LOGIN); init_userprefs($userdata); // // End session management // // session id check if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid'])) { $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid']; } else { $sid = ''; } if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) ) { $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : ''; $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; $sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $username) . "'"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { redirect(append_sid("portal.$phpEx", true)); } else { // If the last login is more than x minutes ago, then reset the login tries/time if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60))) { $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); $row['user_last_login_try'] = $row['user_login_tries'] = 0; } // Check to see if user is allowed to login again... if his tries are exceeded if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] && $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN) { message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time'])); } if( md5($password) == $row['user_password'] && $row['user_active'] ) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin); // Reset login tries $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); if( $session_id ) { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx"; redirect(append_sid($url, true)); } else { message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } // Only store a failed login attempt for an active user - inactive users can't login even with a correct password elseif( $row['user_active'] ) { // Save login tries and last login if ($row['user_id'] != ANONYMOUS) { $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . ' WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); } } $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; $redirect = str_replace('?', '&', $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } } else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ""; $redirect = str_replace("?", "&", $redirect); if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url')) { message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); } $template->assign_vars(array( 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") ); $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("portal.$phpEx") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } } else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) ///////////////// LOG OUT START HERE ///////////////////////// { // session id check if ($sid == '' || $sid != $userdata['session_id']) { message_die(GENERAL_ERROR, 'Invalid_session'); } if( $userdata['session_logged_in'] ) { //// BOF osCommerce phpBB2 Integration v1.0 $sql = "select osCsid, sess_uid, sess_uip, sess_logged, sess_trans from trans_phpbb where sess_uid = '" . $userdata[ 'user_id' ] ."'"; if ( !($result = $db->sql_query($sql)) ) { message_die(GENERAL_ERROR, 'Error in obtaining transata', '', __LINE__, __FILE__, $sql); } if( $row = $db->sql_fetchrow($result) ) { $osCsid = $row[ 'osCsid' ]; //// <----------------------------------------Prepare to logoff osC $sql = "update trans_phpbb set sess_trans = '' where sess_uid = '" . $userdata[ 'user_id' ] . "'"; $db->sql_query($sql); //// <----------------------------------------------Cleanup phpBB session data in trans_phpbb table } //// EOF osCommerce phpBB2 Integration v1.0 session_end($userdata['session_id'], $userdata['user_id']); } if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect'])) { $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']); $url = str_replace('&', '&', $url); redirect(append_sid($url, true)); } //// BOF osCommerce phpBB2 Integration v1.0 else if( isset( $HTTP_GET_VARS[ 'trans' ]) && $HTTP_GET_VARS[ 'trans' ] == 'yes' ) { header('Location: ' .HTTP_SERVER . DIR_WS_HTTP_CATALOG . 'index.php'); session_write_close(); exit(); } else { header('Location: ' .HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'logoff.php?redirect=portal.php&osCsid=' . $osCsid); session_write_close(); exit(); //// EOF osCommerce phpBB2 Integration v1.0 } } else { $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx"; redirect(append_sid($url, true)); } } else { // // Do a full login page dohickey if // user not already logged in // if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN)) { $page_title = $lang['Login']; include($phpbb_root_path . 'includes/page_header.'.$phpEx); $template->set_filenames(array( 'body' => 'login_body.tpl') ); $forward_page = ''; if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) ) { $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; $forward_match = explode('&', $forward_to); if(count($forward_match) > 1) { for($i = 1; $i < count($forward_match); $i++) { if( !ereg("sid=", $forward_match[$i]) ) { if( $forward_page != '' ) { $forward_page .= '&'; } $forward_page .= $forward_match[$i]; } } $forward_page = $forward_match[0] . '?' . $forward_page; } else { $forward_page = $forward_match[0]; } } } $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; $s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : ''; make_jumpbox('viewforum.'.$phpEx); $template->assign_vars(array( 'USERNAME' => $username, 'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], //// BOF osCommerce phpBB2 Integration v1.0 // 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), 'U_SEND_PASSWORD' => HTTP_SERVER . DIR_WS_HTTP_CATALOG . 'password_forgotten.php', //// EOF osCommerce phpBB2 Integration v1.0 'S_HIDDEN_FIELDS' => $s_hidden_fields) ); $template->pparse('body'); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { redirect(append_sid("portal.$phpEx", true)); } } ?> Quote
rossoe Posted January 18, 2007 Posted January 18, 2007 **** UPDATE TO POST ABOVE **** I just changed - 'S_LOGIN_ACTION' => append_sid(HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'login.php?action=process&redirect=portal.php'), in "page_header" which solved the login from the box on portal front page. My last problem is any attempt to logoff still takes me back to index.php I can't understand why if I'm setting 'logoff.php?redirect=portal.php as you told me to - how can it still goto index.php after logging out ?? Quote
rossoe Posted January 21, 2007 Posted January 21, 2007 Alex I will be adding some links on the oscommerce header to take the user back to phpbb2 side do I need to make sure they go through "trans_phpbb" or can I just create direct links ? Quote
AlexStudio Posted January 21, 2007 Posted January 21, 2007 This is sligtly off topic, but could maybe be incorpoated as an antispam measure! AlexStudio you seem to be quite familiar with this code by now. I seem to be getting an awful lot of spam-users in the forum. Some register to promote websites others just seem to be pointless bot-registrations. Due to the redirecting for registration i have a feeling that these bots simply search for the www.yoursite.com/phpbb2/profile.php?mode=register&agreed=true page. Currently registrations go via the "agree to terms page" to the osc registration page. Then via an ekstra link to phpbb2 registration. What i'm thinking is... If we change the name of the phpbb2 registration page we might be able to keep the bots trom registration. My problem is that I can't find the place to change that url. Any advise? Anders I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it: Find in phpbb2/includes/usercp_registere.php line 37-41: if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } Add after: //// BOF osCommerce phpBB2 Integration v1.0 include($phpbb_root_path . 'includes/trans_osc.php'); if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) { die("Hacking attempt"); exit; } //// EOF osCommerce phpBB2 Integration v1.0 This will kill all direct accesses to this file. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
AlexStudio Posted January 21, 2007 Posted January 21, 2007 **** UPDATE TO POST ABOVE **** I just changed - 'S_LOGIN_ACTION' => append_sid(HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'login.php?action=process&redirect=portal.php'), in "page_header" which solved the login from the box on portal front page. My last problem is any attempt to logoff still takes me back to index.php I can't understand why if I'm setting as you told me to - how can it still goto index.php after logging out ?? I am not familiar with portal, so I don't know how exactly the logoff in box is doing. However, there is an 'ugly' workaround by adding a line in index.php to redirectly users to portal.php, no matter where they came from. Just that the session in store will not be cleanned up and users are still logged in with the store. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
AlexStudio Posted January 21, 2007 Posted January 21, 2007 Alex I will be adding some links on the oscommerce header to take the user back to phpbb2 side do I need to make sure they go through "trans_phpbb" or can I just create direct links ? Please utilize the trans_phpbb.php and add redirect target to point to what ever file in phpbb2 you want. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
rossoe Posted January 21, 2007 Posted January 21, 2007 Good idea with the spam bot prevention. The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php header('Location: ' .HTTPS_SERVER . DIR_WS_HTTP_CATALOG . 'logoff.php?redirect=portal.php&osCsid=' . $osCsid); Any joy with the amendments to allow admin to delete users ? - as I imagine I'm going to get a few spam one's I'll need to kill. Quote
AlexStudio Posted January 23, 2007 Posted January 23, 2007 phpBB2 Integration v1.2 update released. Changes in v1.2: Added to kill hacking attempts which called up register page directly by spam bots. Added to delete phpBB2 user records when deleting customers in osCom admin. Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
rossoe Posted January 23, 2007 Posted January 23, 2007 Superb ! will I be able to update from previous release without too many probs ? as I can't do a fresh install. phpBB2 Integration v1.2 update released. Changes in v1.2: Added to kill hacking attempts which called up register page directly by spam bots. Added to delete phpBB2 user records when deleting customers in osCom admin. Commented out deleting user in phpBB admin page. Now can only delete customer and user account at the same time in osCom admin page. Quote
AlexStudio Posted January 23, 2007 Posted January 23, 2007 Superb ! will I be able to update from previous release without too many probs ? as I can't do a fresh install. well yes, it's easy enough and well documented in the install guide. 2 phpBB2 files drop in (might need to modify them manually if phpBB2 heavily modified) and 2 more osCommerce files modified. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
AlexStudio Posted January 23, 2007 Posted January 23, 2007 The logoff is just the same as normal phpbb2 - it's in the header which I keep the same. so it's odd that's it's not working as desired when I make the adjustment to login.php I think I know why your logoff sends users to index.php. Fine in catalog/trans_phpbb.php line 26: } else $forward_page = 'index.php'; Change it to: } else $forward_page = 'portal.php'; Hope this works for you. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
rossoe Posted January 23, 2007 Posted January 23, 2007 (edited) thankyou, I'll give that a go tonight. I'm nearly finished with the site now, all I need is the MID from the bank and I'll snap on the protx module. plus a few style template changes on oscommerce side. check it out - http://www.quantumproduct.co.uk without your help it would not have been possible for me to get this working so ta ;) Edited January 23, 2007 by rossoe Quote
rossoe Posted January 23, 2007 Posted January 23, 2007 Alex when I update to v1.2 the Replace phpbb2/common.php causes a "hacking attempt" error when I try and login obviously this is because it's trying to goto portal instead of index. Is it worth me just sticking with v1.0 ? I don't want it to be insecure though ! Quote
AlexStudio Posted January 23, 2007 Posted January 23, 2007 Alex when I update to v1.2 the Replace phpbb2/common.php causes a "hacking attempt" error when I try and login obviously this is because it's trying to goto portal instead of index. Is it worth me just sticking with v1.0 ? I don't want it to be insecure though ! In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
rossoe Posted January 24, 2007 Posted January 24, 2007 Cool, I'll have a look - it's actually only the amended common.php file that won't work due to the added hacking security. All the rest of the updates seem to work fine. I'm assuming it is getting upset with the trid being attached to a file other than index.php oh by the way the change to trans_phpbb.php has totally sorted the logout :) In your case, the portal stuff is a heavily mod phpBB2. You must do file comparing, not just replace them. Quote
anderskiel Posted January 24, 2007 Author Posted January 24, 2007 I did find this in my phpBB2 also, I have mine fixed by killing those attempts by the method you mentioned. Here is how I did it: Find in phpbb2/includes/usercp_registere.php line 37-41: if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); exit; } Add after: //// BOF osCommerce phpBB2 Integration v1.0 include($phpbb_root_path . 'includes/trans_osc.php'); if ($mode == 'register' && (isset($HTTP_GET_VARS['agreed']) || isset($HTTP_POST_VARS['agreed']))) { die("Hacking attempt"); exit; } //// EOF osCommerce phpBB2 Integration v1.0 This will kill all direct accesses to this file. I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something? Anders Quote
AlexStudio Posted January 24, 2007 Posted January 24, 2007 I tried adding the above code, but it gives me "hacking attempt" when using the link from my osC registration page. I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something? Anders Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead. If the link in registration agreement page leads you to profile.php, you missed some file in phpbb2 modification, probably phpbb2/templates/subSilver/agreement.tpl Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
AlexStudio Posted January 24, 2007 Posted January 24, 2007 I had a look at the 1.2 update and found the trans_osc.php file. Edited to my website and uploaded that. How ever i still get killed when following the link in osC registration page. Am I missing something? If the trans_phpbb.php involved, then it could be the new security check in phpbb2/common.php line 163 - 172, which will kill any attempts with an irregular trid (presumed faking trid). It can be problematic if your osCsid has other characters than a-zA-Z0-9 (normal alphanumeric characters). Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
anderskiel Posted January 24, 2007 Author Posted January 24, 2007 Well, the code added to kill spam bot hackings only works if mode=register&agreed present. This shouldn't be happening if you are registering in osC because the phpBB2/profile.php doesn't take place. The code in 1.0 - 1.2 use catalog/create_account.php instead. Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page? Thanks Anders Quote
AlexStudio Posted January 24, 2007 Posted January 24, 2007 Ok I see, I was trying to keep a link from the osC registration form open to those who only want to use the forum not the shop. But i guess that wouldnt work without leaving the /phpBB2/mode=register&agreed=true - link in the form. Or is there anyway of killing all direct entries to the phpBB registration, except those coming from the link in osC registration page? Thanks Anders Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true You will also need to modify your phpbb2/profile.php to handle the new parameters. Quote Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.
anderskiel Posted January 26, 2007 Author Posted January 26, 2007 Yes, you can change the parameters with the registration link to get passed. Let's say mode=phpbb_register&agreed_phpbb=true You will also need to modify your phpbb2/profile.php to handle the new parameters. Not sure exactly what you mean - but i think i have fixed it by adding if ($_SERVER['HTTP_REFERER'] != "http://www.yourdomaine.com/catalog/create_account.php") { die("Hacking attempt"); exit; } to the beginning of includes/usercp_register.php Now i just have to see if the spammers will get around that :'( Anders Quote
anderskiel Posted January 26, 2007 Author Posted January 26, 2007 Oops placing it at the top cuts all access to the anything to do with the profile.php :blink: However moving it down to just below: $template->set_filenames(array( 'body' => 'profile_add_body.tpl') ); that should work :D Anders Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.