Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Action Recorder


Roaddoctor

Recommended Posts

I need help

On my products page I have tabs - one tab is "Ask a Question". The form is setup with a spam-bot trap, but apparently a bot has found me that seems un-affected by the trap.

 

First, is there a way to strengthen the spam-bot-trap?

 

If not, then I thought that adding Action Recorder would be the next best thing to do, and I hate ReCaptcha.

 

So I cloned ar_tell_a_friend.php as ar_ask_a_question.php, language file etc. Made the needed changes, uploaded and installed the new Action Recorder. All is fine on that part.

 

I need help with last bit - merging the AR code into the Ask a Question processing file - includes/modules/product_info_process.php

 

Here is the code section to modify. Could someone help me with what needs to be added for AR to work.

        case '10':  // ask tab
        default:
          $form_type = 'ask';  // Default Ask a Question form
          $to_name = STORE_OWNER;
          $to_email_address = STORE_OWNER_EMAIL_ADDRESS;
          $from_name = tep_db_prepare_input ($_POST['from_name']);
          $from_email_address = tep_db_prepare_input ($_POST['from_email_address']);
          $from_state = tep_db_prepare_input ($_POST['from_state']);
          $from_company = tep_db_prepare_input ($_POST['from_company']);
          $from_phone = tep_db_prepare_input ($_POST['from_phone']);
		  $city = $_POST['city'];
          $address = $_POST['address'];

          $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name);
          $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n";
          $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n";
          $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n";
          $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n");
          $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']);

          if (empty ($from_name) ) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_FROM_NAME);
          }

          if (!tep_validate_email ($from_email_address)) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS);
          }

//          if (empty ($from_state) ) {
//            $error = true;
//           $messageStack->add_session ($form_type, ERROR_FROM_STATE);
//          }

          if (empty ($to_name) ) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_TO_NAME);
          }

          if (!tep_validate_email ($to_email_address)) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_TO_ADDRESS);
          }

          if ($error == false) {
            $message = tep_db_prepare_input ($_POST['message']) . "\n\n";
            $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n";

          // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently.
            if (isset($_POST['city']) &&
                $_POST['city'] == '' &&
                isset($_POST['address']) &&
                $_POST['address'] == '') {

              tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address);
           } //End spambot trap

            $messageStack->add_session ($form_type, $message_success, 'success');

            tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') );

          } // if ($error == false)
          break;
      } // switch ($_GET['tab']
    } // if (isset($_GET['tab']

  } elseif (tep_session_is_registered ('customer_id') ) {
    $account_query = tep_db_query ("select customers_firstname,
                                           customers_lastname,
                                           customers_email_address
                                   from " . TABLE_CUSTOMERS . "
                                   where customers_id = '" . (int) $customer_id . "'
                                 ");
    $account = tep_db_fetch_array($account_query);

    $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']);
    $from_email_address = $account['customers_email_address'];
  }

looking at some other AR examples, I think something like this is what is needed, but I have no idea where to place it or how to structure/order the code logic. I've made several attempts and just break the file :)

// begin ar
    $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name);
    if (!$actionRecorder->canPerform()) {
      $error = true;

      $actionRecorder->record(false);

      $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15)));
    }

and also somewhere

      $actionRecorder->record();

Thank you in advance for any help.

-Dave

Link to comment
Share on other sites

Some progress, this seems to be working as far as stopping the bot, though I have no idea if the code placement, ordering, is proper and correct. The message stacks are NOT behaving correctly, sometimes missing, and I think if the math test fails or is overlooked, you cant correct the math and resubmit because action recorder stops another attempt for X minutes.... still tinkering. Any feedback appreciated.

        case '10':  // ask tab
        default:
          $form_type = 'ask';  // Default Ask a Question form
          $to_name = STORE_OWNER;
          $to_email_address = STORE_OWNER_EMAIL_ADDRESS;
          $from_name = tep_db_prepare_input ($_POST['from_name']);
          $from_email_address = tep_db_prepare_input ($_POST['from_email_address']);
          $from_state = tep_db_prepare_input ($_POST['from_state']);
          $from_company = tep_db_prepare_input ($_POST['from_company']);
          $from_phone = tep_db_prepare_input ($_POST['from_phone']);
		  $city = $_POST['city'];
          $address = $_POST['address'];

          $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name);
          $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n";
          $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n";
          $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n";
          $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n");
          $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']);

          if (empty ($from_name) ) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_FROM_NAME);
          }

          if (!tep_validate_email ($from_email_address)) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS);
          }

//          if (empty ($from_state) ) {
//            $error = true;
//           $messageStack->add_session ($form_type, ERROR_FROM_STATE);
//          }

          if (empty ($to_name) ) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_TO_NAME);
          }

          if (!tep_validate_email ($to_email_address)) {
            $error = true;
            $messageStack->add_session ($form_type, ERROR_TO_ADDRESS);
          }

// begin simple maths - go burt!
$protect = tep_db_prepare_input($HTTP_POST_VARS['protect']);
$lock = tep_db_prepare_input(base64_decode($HTTP_POST_VARS['lock']));
 
if ($protect != $lock) {
  $error = true;
 
  $messageStack->add_session ($form_type, ENTRY_EMAIL_HUMAN_CHECK_ERROR);
}
// End simple maths

// begin ar
    $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name);
    if (!$actionRecorder->canPerform()) {
      $error = true;

      $actionRecorder->record(false);

      $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15)));
    }
// End ar

          if ($error == false) {
            $message = tep_db_prepare_input ($_POST['message']) . "\n\n";
            $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n";

          // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently.
            if (isset($_POST['city']) &&
                $_POST['city'] == '' &&
                isset($_POST['address']) &&
                $_POST['address'] == '') {

              tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address);
           } //End spambot trap

      $actionRecorder->record();

            $messageStack->add_session ($form_type, $message_success, 'success');

            tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') );

          } // if ($error == false)
          break; // yes error
      } // switch ($_GET['tab']
    } // if (isset($_GET['tab']

  } elseif (tep_session_is_registered ('customer_id') ) {
    $account_query = tep_db_query ("select customers_firstname,
                                           customers_lastname,
                                           customers_email_address
                                   from " . TABLE_CUSTOMERS . "
                                   where customers_id = '" . (int) $customer_id . "'
                                 ");
    $account = tep_db_fetch_array($account_query);

    $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']);
    $from_email_address = $account['customers_email_address'];
  }
?>

-Dave

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...