Re: [RELEASED] CSRF Protection Form
One use is the attackers use bots to register on multiple sites and therefore send out lots of registration emails to victims. The purpose if to fill up their victims mailboxes in the hope that the victim doesn't spot more important emails about more malicious activity. Then I would expect they wil...
Jump to post- Tue Jan 12, 2021 9:05 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
The only problematic with this is that you'd also be deleting a valid customer's account which may not yet have an address; GDPR / SCA / CCPA . Of course. I checked my database for the entries of the last 10 years. And there is not a single customer registered without address_id which appears natur...
Jump to post- Tue Jan 12, 2021 9:01 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
Regarding the address_id=0, not an issue, since the csrf_helper uses a session superglobal, you could re-call that session into your browser by creating an event and use the __csrf key to avoid these sorts of activities on occurring (undocumented process though). ;) I am too stupid for these things...
Jump to post- Sat Jan 09, 2021 9:47 pm
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
As explained on previous posts of this topic, this extension does NOT prevent any fake registrations. It simply kicks out the bots out of the HTML forms. You still need to enable the best captcha extension you may find in order for the CSRF filter not to get overflood by bots behind the forms. Yes,...
Jump to post- Thu Jan 07, 2021 11:08 pm
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
It will only prevent manually and from the header controller. Nowhere else. Which is why, the XML file propagates by buffer in order for all template files to capture the generated token from the helper file. Fine, straightlight, I admit I do not understand anything. The script as installed by me d...
Jump to post- Thu Jan 07, 2021 10:43 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
That's intended to have an error there. The csrf_helper uses a buffer to output the token and cannot be added manually with the object without using the regex for security purposes on the catalog-end side. As explained previously, you simply need workaround the paths in the XML for all your TWIG fi...
Jump to post- Wed Jan 06, 2021 3:25 am
- Replies 374
- Views 178595
Re:
Yes there are only 2 files in the vQmod version of this extension. You must have vQmod installed. BUT I converted it to OCmod so download my version below and install it vie admin: extension --> installer VQmod version of CSRF Protection Form Extension https://www.opencart.com/index.php?route=marke...
Jump to post- Wed Jan 06, 2021 2:33 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
@supak111: I have downloaded this OCmod version and will try it on a test installation of OC. Many thanks! @Straightlight: I have asked the host manager to enable zlib.compression_output on a php level and will see if that changes anything. I have installed now vqmod on another hosting account where...
Jump to post- Tue Jan 05, 2021 11:15 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
Hello Straightlight, I enabled zlib.compression_output in .htaccess. Regarding the file paths: I have some customized templates. I have now deleted the customized account/register.twig for testing purposes. Of course I cleared the cache on the server and in my browser, Safari. Nevertheless calling i...
Jump to post- Mon Jan 04, 2021 8:52 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
Hi khnaz35, thanks for caring! I am not on cPanel. We have some russian/ucranian/indian customers, so .... that's not an option. I was hoping for the CFSR script to block these robot submissions but seemingly I am unable to have it installed. Even with a "VQMODDED Startup" the xml does not...
Jump to post- Mon Jan 04, 2021 1:29 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
Ok, I succeeded to install VQmode and the CSRF script. This is a multi shop. I suppose I need to install some of the files to the other installations as well, don't I? Which ones, please? If this is not considered abuse, may I ask one more question which is related to the contact forms that come usu...
Jump to post- Sun Jan 03, 2021 2:15 am
- Replies 374
- Views 178595
Re: [RELEASED] CSRF Protection Form
@supak111 I'd appreciate your ocmod version as I have no idea how to install this extension in my 3.0.2 and 3.0.6 installations. Straightlight is talking about overwriting existing files of a library, which library? The zip I downloaded contains only 2 files, one xml file which seems to need VQmod w...
Jump to post- Fri Jan 01, 2021 12:29 am
- Replies 374
- Views 178595
Re: Problem multistore setup OC 2.2
sorry for my long problem description - the solution was simple yet kind of strange. I had saved the italian store's URL as itdomain.eu - that did not work. When I added a trailing slash, it worked: itdomain.eu/ !!! I never thought this could be possible. I came to this idea when I looked up the cod...
Jump to post- Fri Nov 18, 2016 5:02 am
- Replies 1
- Views 375
Problem multistore setup OC 2.2
I have already setup a multistore on two different domains, one in german, one in french. All runs fine. The french store is store_id 1. Now I wanted to add an italian version under an italian domain. Setting up the OC on this new domain, all ok. Next step: add this as a new store to the core-store'...
Jump to post- Fri Nov 18, 2016 4:34 am
- Replies 1
- Views 375
Re: password reset not working
yes, kind of. I prefer using my solution since the password is email associated not necessarily customer_id associated. When soliciting the password reset, people provide their email address, not their customer_id. Some customers have more than one customer_id but with the same email address, as I n...
Jump to post- Thu Mar 31, 2016 10:00 am
- Replies 11
- Views 17534
Re: password reset not working
It works as soon as I also modified catalog/controller/account/reset.php where it says $this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']); That cant work since editPassword needs the customer email. Modify into: $this->model_account_customer-...
Jump to post- Thu Mar 31, 2016 8:29 am
- Replies 11
- Views 17534
Re: password reset not working
no but thanks for caring anyway. I looked up the code and come to this consideration: The scripts that apply for resetting the password are: catalog/controller/account/reset.php catalog/model/account/customer.php in customer.php there is called the function getCustomerByCode($code) and then obviousl...
Jump to post- Thu Mar 31, 2016 8:02 am
- Replies 11
- Views 17534
password reset not working
I installed 2.2.0.0 and migrated from my old 1.5 installation. No problem so far. All logins continue to work. There are just people who forgot their passwords and here I see an issue: The password forgotten/reset function does not work. No error message is displayed but here is what happens: After ...
Jump to post- Thu Mar 31, 2016 7:29 am
- Replies 11
- Views 17534
PayPal Warenkorb Mwst Versandkosten & Shop Warenkorb
Installation 1.5.5.1 PayPal Standard Auf der PayPal Seite werden Mwst. und Versandkosten zu einer Position zusammenaddiert und die Produktpreise werden Netto angezeigt. Das dürfte den einen oder anderen aufmerksamen Kunden irritieren. Produktpreise sollten bereits incl. Mwst. angezeigt und die Versa...
Jump to post- Fri Jun 07, 2013 2:34 am
- Replies 1
- Views 599
Re: SAGEPAY & GIFT AID ERRORS HELP NEEDED [1.4.7]
Have a look at:
http://forum.opencart.com/viewtopic.php ... 86#p243186
- Tue Jan 24, 2012 2:30 am
- Replies 3
- Views 1219
