Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HoneyPot Captcha


Jack_mcs

Recommended Posts

HI @Jack_mcs . you are the legend. ?

Thank you so much buddy. Almost spending one month on it, i finally figure that out about the captcha and honey pot. 

Its finally working on the create_accoint.php .. but one problem still here, I don't know why but for creating account, my website using this link

http://www.randpaseka.com/catalog/login.php?form=account

 

I figure that out this code coming from the login.php .  I see the code for the contact_us.php and the creating_account.php in the instruction file. Can i get it the code for the login.php. I attach my login file below, please check 

 

login.php

Link to comment
Share on other sites

You would have to edit the tep_draw_forms lines and include the other code for HP to display and verify. It is not something I can offer in a support thread. But it is not included in the package because I don't see the need for it. The most a hacker could do is guess at an email address and password.  I suppose he could have a script to try email variations but I doubt they would spend the time on such wild guessing since the chances of finding a matching pair seem very unlikely. And even if that was not an issue, there isn't anything in HP's code that could identify someone as a hacker on that page. So I suggest not bothering trying to figure that change out. 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

Even it's giving error on create_account.php .. 

after submit the form I get two errors. 

first one is "The account could not be created. Please contact us for assistance."

and second one is in header

"Warning: Wrong parameter count for round() in /home/content/98/5512298/html/catalog/includes/functions/honeypot.php on line 124"

Thanks

Link to comment
Share on other sites

The first one is not an error. That is the message displayed when Honey Pot stops a submission. 

I can't guess at the second since I don't know what your shops version is and what your Honey Pot settings are.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

I don't see anything in the settings that would cause a valid account from being created. I might be that you have a mistake in  the code in the create_account.php file. You can use the included one for a quick test. You can also the account check option to false. That will stop all of the checks on the create account page from being ran.

Also, you have the allow url and allow email settings set to true. That is fine if you want to allow that but it prevents Honey Pot from catching spammers.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

okay, I noticed, when I check account option set to false so it will bypass the numbers and captcha option. I mean if you even put the wrong value there so its still by pass and creating account instead of giving the error. and if you set to true so its giving me same two errors. 

Also, you can see new honeypot settings as you said in the link below. 

https://tinyurl.com/y8cppelb

 

the only issue we faced is that, its bypass the number and captcha option even we put the wrong value.  

Link to comment
Share on other sites

Yhe captcha code requires the latest version of the GD Library so your server may not have that version, or it may not even be installed. You will need to check with your host on that.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

On 3/6/2021 at 10:22 PM, Jack_mcs said:

Yhe captcha code requires the latest version of the GD Library so your server may not have that version, or it may not even be installed. You will need to check with your host on that.

Okay, 

I have one question, I searched and find out, The honeypot creating one hidden field in the forms to stop the bot attacks. So because we already installed honeypot, If I select "none" instead of "number" and "image" in the show captcha field so it still work, right ? I mean the hidden field still there, or no ?

 

Thanks 

Link to comment
Share on other sites

3 hours ago, sunnybutt222 said:

So because we already installed honeypot, If I select "none" instead of "number" and "image" in the show captcha field so it still work, right ? I mean the hidden field still there, or no ?

Yes, it will block spam with or without the captcha. Actually, I don't recommend using the captcha because it needlessly bothers legitimate customers.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

6 hours ago, Jack_mcs said:

Yes, it will block spam with or without the captcha. Actually, I don't recommend using the captcha because it needlessly bothers legitimate customers.

okay, I Closed that out the captcha. please see the link below to check out the screenshot of the new settings of honey pot. 

As you mentioned, its also protect spam without captcha, Please check the settings and let me know if i miss something. I checked in the Inspect element I don't see any hidden field there. 

 

Thanks

Link to comment
Share on other sites

  • 3 weeks later...
On 3/9/2021 at 4:57 AM, sunnybutt222 said:

please see the link below

There isn't a link in your post. Also be sure to post one of the fake accounts.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 1 month later...

A new version has been uploaded with these changes:

  • Added an option to delete all fake accounts for those sites where there are too many to delete normally. Pro Version only.
  • Changed code to fully follow the status setting.
  • Changed code to not allow empty emails.
  • Changed the V2 database install file so it is automatic.
  • Corrected mistake in the create account page for Phoenix.
  • Corrected mistake in the captcha file for the numbers captcha.
  • Corrected a mistake in the postal code check that would allow invalid postal codes through when the option was set to both.
  • Corrected Fake Accounts check orders code to return accurate counts, Pro version only.
  • Moved the changes for the contact_us and create_account pages to the templates directory.
  • Reduced the file size of the log file.
  • Removed the check for the Purchase Without Account page.
  • Removed the return statement in the hook for Phoenix that was causing duplicate displays.

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

The last Phoenix version I installed it into is 1.0.7.15, though it may work in later versions.  The shop files are in the Changed... directories. Although I see that older versions were uploaded so I have uploaded a new version with those changes.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

10 hours ago, Jack_mcs said:

The last Phoenix version I installed it into is 1.0.7.15, though it may work in later versions.  The shop files are in the Changed... directories. Although I see that older versions were uploaded so I have uploaded a new version with those changes.

Spoted several bugs:

- When creating account:

Notice: Undefined index: street_address in /includes/hooks/shop/siteWide/honeypot_verify.php on line 42

Notice: Undefined index: telephone in /includes/hooks/shop/siteWide/honeypot_verify.php on line 48

 

- Fake accounts:

Notice: Undefined index: PT in /admin/includes/functions/honeypot.php on line 87

Link to comment
Share on other sites

For the telephone error, change this

$telephone = $customer_details['telephone'];

to

$telephone = ($customer_details['telephone'] ?? null);

You can do similar for the street address but that should be enabled so you may not have your modules setup completely,

For the last error, I see I didn't copy the new post code list to admin. To fix that, in includes/functions/honeypot.php copy lines 239 through 404 and copy them over lines 70 through 88 in admin/includes/functions/honeypot.php.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

1 hour ago, Jack_mcs said:

For the telephone error, change this


$telephone = $customer_details['telephone'];

to


$telephone = ($customer_details['telephone'] ?? null);

You can do similar for the street address but that should be enabled so you may not have your modules setup completely,

For the last error, I see I didn't copy the new post code list to admin. To fix that, in includes/functions/honeypot.php copy lines 239 through 404 and copy them over lines 70 through 88 in admin/includes/functions/honeypot.php.

Well.. i would sugest that you update the module with these new fixes as for sure someone else will have those bugs aswell.

Link to comment
Share on other sites

  • 3 weeks later...

I just installed this today on osC v2.3.4.1. When I edit the module configuration, no matter which pages I have checked or unchecked the resulting pages list in the configuration item MODULE_HEADER_TAGS_HONEYPOT_PAGES ends up being empty. All of the other configuration changes seem to be stored properly. I ended up getting it to work by manually editing the configuration items in the database but this is tedious, of course.

I haven't looked into the code yet to try to figure out why this is occuring. Perhaps it has something to do with the fact that I have extra pages that I've added to my store at the same level as contact_us.php. Those extra files do show up in the checkbox list but I left them unchecked.

Any ideas where I should start looking?

Don

Portland, OR USA

Link to comment
Share on other sites

@dkinzer I've only seen this once in a older shop so I didn't troubleshoot it. To get around it I made the following change to these files:

includes/honeypot/modules/honeypot_verify_general.php
includes/hooks/shop/siteWide/honeypot_verify.php

Replace:

    $allowed_pages = explode(';', MODULE_HEADER_TAGS_HONEYPOT_PAGES);    

with

    if (! empty(MODULE_HEADER_TAGS_HONEYPOT_PAGES)) {
          $allowed_pages = explode(';', MODULE_HEADER_TAGS_HONEYPOT_PAGES);    
    } else {
          $allowed_pages = array('contact_us.php', 'create_account.php', 'customer_testimonials_write.php', 'tell_a_friend.php'); 
    }
 

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

1 hour ago, Jack_mcs said:

I've only seen this once in a older shop so I didn't troubleshoot it.

Here's another clue: I've noticed that the "accordian" menu on the left side of the admin pages does not display properly when the page is accessed using HTTPS but it works perfectly with HTTP. I decided to see if the configuration of the honey pot was similarly affected. It turns out that the checked pages get put into MODULE_HEADER_TAGS_HONEYPOT_PAGES when the page is accessed using HTTP but not when using HTTPS.

Does that trigger anything for you?

Don

Portland, OR USA

Link to comment
Share on other sites

There's nothing in the code for HP to check for https. But not having the admin's configure file setup correctly can cause problems so that might be the cause. You should check your admin configure file and make sure all links are to https. If you need help with it, please post a new request in the general forum since the problem isn't related to this addon.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

An associate of mine installed the honeypot addon to his site, and since then all he's had is trouble with addon generating errors everywhere and causing his site to fallover. As he uses phoenix, he posted some of his issues on the new phoenix forum but got some help. He was mostly was referred to this forum as this is where addon was published and author is on this forum.

He tried signing up to this forum but got no luck as siging onto this forum is almost impossible. So, I've decided to help him out by posting his issue and link on here for the author to respond to.

https://phoenixcart.org/forum/viewtopic.php?f=10&t=591

This is the same addon I did not want to use because it was poorly done and does not work. Even on this forum, addon has countless issues cataloged in posts. I hope author deals with these issues once and for all.

Edited by KenSO
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...