Roaddoctor Posted March 4, 2015 Posted March 4, 2015 I need help On my products page I have tabs - one tab is "Ask a Question". The form is setup with a spam-bot trap, but apparently a bot has found me that seems un-affected by the trap. First, is there a way to strengthen the spam-bot-trap? If not, then I thought that adding Action Recorder would be the next best thing to do, and I hate ReCaptcha. So I cloned ar_tell_a_friend.php as ar_ask_a_question.php, language file etc. Made the needed changes, uploaded and installed the new Action Recorder. All is fine on that part. I need help with last bit - merging the AR code into the Ask a Question processing file - includes/modules/product_info_process.php Here is the code section to modify. Could someone help me with what needs to be added for AR to work. case '10': // ask tab default: $form_type = 'ask'; // Default Ask a Question form $to_name = STORE_OWNER; $to_email_address = STORE_OWNER_EMAIL_ADDRESS; $from_name = tep_db_prepare_input ($_POST['from_name']); $from_email_address = tep_db_prepare_input ($_POST['from_email_address']); $from_state = tep_db_prepare_input ($_POST['from_state']); $from_company = tep_db_prepare_input ($_POST['from_company']); $from_phone = tep_db_prepare_input ($_POST['from_phone']); $city = $_POST['city']; $address = $_POST['address']; $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name); $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n"; $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n"; $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n"; $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n"); $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']); if (empty ($from_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_NAME); } if (!tep_validate_email ($from_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS); } // if (empty ($from_state) ) { // $error = true; // $messageStack->add_session ($form_type, ERROR_FROM_STATE); // } if (empty ($to_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_NAME); } if (!tep_validate_email ($to_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_ADDRESS); } if ($error == false) { $message = tep_db_prepare_input ($_POST['message']) . "\n\n"; $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n"; // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently. if (isset($_POST['city']) && $_POST['city'] == '' && isset($_POST['address']) && $_POST['address'] == '') { tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address); } //End spambot trap $messageStack->add_session ($form_type, $message_success, 'success'); tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') ); } // if ($error == false) break; } // switch ($_GET['tab'] } // if (isset($_GET['tab'] } elseif (tep_session_is_registered ('customer_id') ) { $account_query = tep_db_query ("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "' "); $account = tep_db_fetch_array($account_query); $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']); $from_email_address = $account['customers_email_address']; } looking at some other AR examples, I think something like this is what is needed, but I have no idea where to place it or how to structure/order the code logic. I've made several attempts and just break the file :) // begin ar $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name); if (!$actionRecorder->canPerform()) { $error = true; $actionRecorder->record(false); $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15))); } and also somewhere $actionRecorder->record(); Thank you in advance for any help. -Dave
Roaddoctor Posted March 4, 2015 Author Posted March 4, 2015 Some progress, this seems to be working as far as stopping the bot, though I have no idea if the code placement, ordering, is proper and correct. The message stacks are NOT behaving correctly, sometimes missing, and I think if the math test fails or is overlooked, you cant correct the math and resubmit because action recorder stops another attempt for X minutes.... still tinkering. Any feedback appreciated. case '10': // ask tab default: $form_type = 'ask'; // Default Ask a Question form $to_name = STORE_OWNER; $to_email_address = STORE_OWNER_EMAIL_ADDRESS; $from_name = tep_db_prepare_input ($_POST['from_name']); $from_email_address = tep_db_prepare_input ($_POST['from_email_address']); $from_state = tep_db_prepare_input ($_POST['from_state']); $from_company = tep_db_prepare_input ($_POST['from_company']); $from_phone = tep_db_prepare_input ($_POST['from_phone']); $city = $_POST['city']; $address = $_POST['address']; $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name); $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n"; $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n"; $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n"; $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n"); $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']); if (empty ($from_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_NAME); } if (!tep_validate_email ($from_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS); } // if (empty ($from_state) ) { // $error = true; // $messageStack->add_session ($form_type, ERROR_FROM_STATE); // } if (empty ($to_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_NAME); } if (!tep_validate_email ($to_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_ADDRESS); } // begin simple maths - go burt! $protect = tep_db_prepare_input($HTTP_POST_VARS['protect']); $lock = tep_db_prepare_input(base64_decode($HTTP_POST_VARS['lock'])); if ($protect != $lock) { $error = true; $messageStack->add_session ($form_type, ENTRY_EMAIL_HUMAN_CHECK_ERROR); } // End simple maths // begin ar $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name); if (!$actionRecorder->canPerform()) { $error = true; $actionRecorder->record(false); $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15))); } // End ar if ($error == false) { $message = tep_db_prepare_input ($_POST['message']) . "\n\n"; $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n"; // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently. if (isset($_POST['city']) && $_POST['city'] == '' && isset($_POST['address']) && $_POST['address'] == '') { tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address); } //End spambot trap $actionRecorder->record(); $messageStack->add_session ($form_type, $message_success, 'success'); tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') ); } // if ($error == false) break; // yes error } // switch ($_GET['tab'] } // if (isset($_GET['tab'] } elseif (tep_session_is_registered ('customer_id') ) { $account_query = tep_db_query ("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "' "); $account = tep_db_fetch_array($account_query); $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']); $from_email_address = $account['customers_email_address']; } ?> -Dave
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.