Roaddoctor Posted March 4, 2015 Share Posted March 4, 2015 I need help On my products page I have tabs - one tab is "Ask a Question". The form is setup with a spam-bot trap, but apparently a bot has found me that seems un-affected by the trap. First, is there a way to strengthen the spam-bot-trap? If not, then I thought that adding Action Recorder would be the next best thing to do, and I hate ReCaptcha. So I cloned ar_tell_a_friend.php as ar_ask_a_question.php, language file etc. Made the needed changes, uploaded and installed the new Action Recorder. All is fine on that part. I need help with last bit - merging the AR code into the Ask a Question processing file - includes/modules/product_info_process.php Here is the code section to modify. Could someone help me with what needs to be added for AR to work. case '10': // ask tab default: $form_type = 'ask'; // Default Ask a Question form $to_name = STORE_OWNER; $to_email_address = STORE_OWNER_EMAIL_ADDRESS; $from_name = tep_db_prepare_input ($_POST['from_name']); $from_email_address = tep_db_prepare_input ($_POST['from_email_address']); $from_state = tep_db_prepare_input ($_POST['from_state']); $from_company = tep_db_prepare_input ($_POST['from_company']); $from_phone = tep_db_prepare_input ($_POST['from_phone']); $city = $_POST['city']; $address = $_POST['address']; $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name); $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n"; $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n"; $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n"; $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n"); $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']); if (empty ($from_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_NAME); } if (!tep_validate_email ($from_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS); } // if (empty ($from_state) ) { // $error = true; // $messageStack->add_session ($form_type, ERROR_FROM_STATE); // } if (empty ($to_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_NAME); } if (!tep_validate_email ($to_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_ADDRESS); } if ($error == false) { $message = tep_db_prepare_input ($_POST['message']) . "\n\n"; $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n"; // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently. if (isset($_POST['city']) && $_POST['city'] == '' && isset($_POST['address']) && $_POST['address'] == '') { tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address); } //End spambot trap $messageStack->add_session ($form_type, $message_success, 'success'); tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') ); } // if ($error == false) break; } // switch ($_GET['tab'] } // if (isset($_GET['tab'] } elseif (tep_session_is_registered ('customer_id') ) { $account_query = tep_db_query ("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "' "); $account = tep_db_fetch_array($account_query); $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']); $from_email_address = $account['customers_email_address']; } looking at some other AR examples, I think something like this is what is needed, but I have no idea where to place it or how to structure/order the code logic. I've made several attempts and just break the file :) // begin ar $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name); if (!$actionRecorder->canPerform()) { $error = true; $actionRecorder->record(false); $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15))); } and also somewhere $actionRecorder->record(); Thank you in advance for any help. -Dave Link to comment Share on other sites More sharing options...
Roaddoctor Posted March 4, 2015 Author Share Posted March 4, 2015 Some progress, this seems to be working as far as stopping the bot, though I have no idea if the code placement, ordering, is proper and correct. The message stacks are NOT behaving correctly, sometimes missing, and I think if the math test fails or is overlooked, you cant correct the math and resubmit because action recorder stops another attempt for X minutes.... still tinkering. Any feedback appreciated. case '10': // ask tab default: $form_type = 'ask'; // Default Ask a Question form $to_name = STORE_OWNER; $to_email_address = STORE_OWNER_EMAIL_ADDRESS; $from_name = tep_db_prepare_input ($_POST['from_name']); $from_email_address = tep_db_prepare_input ($_POST['from_email_address']); $from_state = tep_db_prepare_input ($_POST['from_state']); $from_company = tep_db_prepare_input ($_POST['from_company']); $from_phone = tep_db_prepare_input ($_POST['from_phone']); $city = $_POST['city']; $address = $_POST['address']; $email_subject = sprintf (TEXT_ASK_EMAIL_SUBJECT, $from_name); $email_intro = sprintf (TEXT_ASK_EMAIL_INTRO, $products_data['products_name'], $products_data['products_model']) . "\n\n"; $email_customer = TEXT_ASK_EMAIL_FROM . $from_name . "\n" . $from_company . "\n" . $from_state . "\n" . $from_email_address . "\n" . $from_phone . "\n\n"; $email_link = "\n\n" . sprintf (TEXT_ASK_EMAIL_LINK, tep_href_link (FILENAME_PRODUCT_INFO, 'products_id=' . (int) $_GET['products_id']) ) . "\n\n\n"; $email_sig = sprintf (TEXT_ASK_EMAIL_SIGNATURE, STORE_NAME . "\n" . HTTP_SERVER . DIR_WS_CATALOG . "\n"); $message_success = sprintf (TEXT_ASK_EMAIL_SUCCESSFUL_SENT, $products_data['products_name']); if (empty ($from_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_NAME); } if (!tep_validate_email ($from_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_FROM_ADDRESS); } // if (empty ($from_state) ) { // $error = true; // $messageStack->add_session ($form_type, ERROR_FROM_STATE); // } if (empty ($to_name) ) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_NAME); } if (!tep_validate_email ($to_email_address)) { $error = true; $messageStack->add_session ($form_type, ERROR_TO_ADDRESS); } // begin simple maths - go burt! $protect = tep_db_prepare_input($HTTP_POST_VARS['protect']); $lock = tep_db_prepare_input(base64_decode($HTTP_POST_VARS['lock'])); if ($protect != $lock) { $error = true; $messageStack->add_session ($form_type, ENTRY_EMAIL_HUMAN_CHECK_ERROR); } // End simple maths // begin ar $actionRecorder = new actionRecorder('ar_ask_a_question', (tep_session_is_registered('customer_id') ? $customer_id : null), $name); if (!$actionRecorder->canPerform()) { $error = true; $actionRecorder->record(false); $messageStack->add_session ($form_type, sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES') ? (int)MODULE_ACTION_RECORDER_ASK_A_QUESTION_EMAIL_MINUTES : 15))); } // End ar if ($error == false) { $message = tep_db_prepare_input ($_POST['message']) . "\n\n"; $email_body = $email_intro . $email_customer . $message . $email_link . $email_sig . "\n\n"; // Spambot trap: If the hidden fields exist and are null, send normally, otherwise fail silently. if (isset($_POST['city']) && $_POST['city'] == '' && isset($_POST['address']) && $_POST['address'] == '') { tep_mail($to_name, $to_email_address, $email_subject, $email_body, $from_name, $from_email_address); } //End spambot trap $actionRecorder->record(); $messageStack->add_session ($form_type, $message_success, 'success'); tep_redirect (tep_href_link (FILENAME_PRODUCT_INFO, tep_get_all_get_params (array ('action', 'tab') ) . 'tab=' . $form_type . '#tabs-10') ); } // if ($error == false) break; // yes error } // switch ($_GET['tab'] } // if (isset($_GET['tab'] } elseif (tep_session_is_registered ('customer_id') ) { $account_query = tep_db_query ("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "' "); $account = tep_db_fetch_array($account_query); $from_name = tep_db_input ($customer['customers_firstname']) . ' ' . tep_db_input ($customer['customers_lastname']); $from_email_address = $account['customers_email_address']; } ?> -Dave Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.