It should. However, Johnathan did addressed on the forum that Captcha V3 may differ with Captcha V2 which V2 might be working better as opposed to V3. In this case, an extension from the Marketplace would be rather suggested to use.jsw wrote: ↑Sat Apr 18, 2020 12:13 amThanks for the extension, straightlight! Installed it on OC v3.0.3.2 today. One little question, does it work well with Basic Captcha?straightlight wrote: ↑Sun Aug 04, 2019 6:45 pmAs I said many times on the topic before, this extension does NOT prevent SPAM!arthena wrote: ↑Sun Aug 04, 2019 12:28 pmHi,
I have CSRF Protection Extension installed in version 3.0.2.0 and am still getting at least one fake account every few days. I have noticed that the account set up never has an address? how can this happen when any proper customer has to enter an address to set up an account?
Any ideas please?
It simply kicks out the CSRF bots sitting behind the HTML forms. Re-Captcha V3 is still needed to work with it so that Re-Captcha doesn't have to work with many sitting-by bots awaiting for a user.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Thanks, I've installed Google reCAPTCHA extension that came with OC v3 along with your vQmod. reCAPTCHA v3 gives an "invalid key type" error but reCAPTCHA v2 works fine so that's what I'm using now. Have a great weekend!straightlight wrote: ↑Sat Apr 18, 2020 1:02 amIt should. However, Johnathan did addressed on the forum that Captcha V3 may differ with Captcha V2 which V2 might be working better as opposed to V3. In this case, an extension from the Marketplace would be rather suggested to use.
Thanks for your feedback.jsw wrote: ↑Sat Apr 18, 2020 9:39 pmThanks, I've installed Google reCAPTCHA extension that came with OC v3 along with your vQmod. reCAPTCHA v3 gives an "invalid key type" error but reCAPTCHA v2 works fine so that's what I'm using now. Have a great weekend!straightlight wrote: ↑Sat Apr 18, 2020 1:02 amIt should. However, Johnathan did addressed on the forum that Captcha V3 may differ with Captcha V2 which V2 might be working better as opposed to V3. In this case, an extension from the Marketplace would be rather suggested to use.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Just a note to other forum user do install google reCaptcha together with this extension it will work amazingly.
And for reCaptcha do use only V2 versions hence the V3 is not yet done by default opencart.
Lastly don't forget to turn on the reCaptcha from store settings
Regards
Khnaz35
Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature
I have downloaded crsf30.zip.
I have uploaded system/helper/csrf_helper.php and vqmod/xml/csrf.xml
I am running OC 3.0.3.3.
As csrf.xml didn't seem to change my theme files (I am not using 'default') I made some changes in my own vQmod xml file.
Code: Select all
<file name="catalog/controller/account/register.php">
<operation info="Enable CSRF protection in register form to stop spam registrations.">
<search position="before"><![CDATA[
// Captcha
]]></search>
<add><![CDATA[
$csrf = new Csrf();
$csrf->csrf_start($this->registry);
$data['csrf_form_input'] = $csrf->csrf_form_input();
]]></add>
</operation>
</file>
<file name="catalog/view/theme/luxury/template/account/register.twig">
<operation info="Add CSRF protection to register form to stop spam registrations.">
<search position="after"><![CDATA[
<form action="{{ action }}" method="post" enctype="multipart/form-data" class="form-horizontal">
]]></search>
<add><![CDATA[
{% if csrf_form_input %}
{{ csrf_form_input }}
{% endif %}
]]></add>
</operation>
</file>
I looked through all my Extensions/Extensions but do not see any CSRF module there.
It won't be. Do you have the ZLIB library installed on your server as per Opencart's requirements since installation? If so, please provide the XML file as an attachment. Only a partial solution has been posted on the above.I looked through all my Extensions/Extensions but do not see any CSRF module there.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
You need to edit your XML file to match all TWIG files of your custom themes.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
PSMDanny wrote: ↑Thu Nov 01, 2018 5:12 amHi and thank you for creating this wonderful extension and spending so much time here on helping users (that don't read).
Just wanted to note:
couple of minutes ago I downloaded the extension and started testing on Opencart 3020 with vqmod 2.6.2 Admin test was correct... frontend test was not correct (= no csrf tokens...)
So I started debuging the xml file and found out that in the current downloadable version (csrf.xml) there was code missing for the catalog/controller/common/header.php
So I added following code to the xml and everything seems to be working:
<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
Thanks again and good luck!
Best Regards,
Danny
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
straightlight wrote: ↑Wed Aug 19, 2020 11:45 pmIt must be applied straight to your TWIG files as replied above for the catalog-end side, not on the header controller.
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Then, you're doing something wrong.nightwing wrote: ↑Wed Aug 19, 2020 11:52 pmHey straighlight, yes I have been going through the post and saw your comment. I have the default theme, the xml file is as is and still only works for admin.straightlight wrote: ↑Wed Aug 19, 2020 11:45 pmIt must be applied straight to your TWIG files as replied above for the catalog-end side, not on the header controller.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Refreshed Modification, Cleared Theme and SAAS Cache, Cleared Browser Cache & Cookies, Close and reopen the browser logged in and this only works for admin page. I am using the default theme, and I have no modules that makes changes to the forms.
I do use cloudflare (Just to add) I cleared the cloudflare cache as well. Still doesnt work...
[Edited]
I installed on my local host (default theme) and its the same effect, admin has it, catalog doesnt.
straightlight wrote: ↑Thu Aug 20, 2020 4:25 amThen, you're doing something wrong.nightwing wrote: ↑Wed Aug 19, 2020 11:52 pmHey straighlight, yes I have been going through the post and saw your comment. I have the default theme, the xml file is as is and still only works for admin.straightlight wrote: ↑Wed Aug 19, 2020 11:45 pmIt must be applied straight to your TWIG files as replied above for the catalog-end side, not on the header controller.
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Code: Select all
<file name="admin/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
Code: Select all
<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
You said "It must be applied straight to your TWIG files as replied above for the catalog-end side, not on the header controller."
If it works like this, is there some possibility that it is as not secure?
It works for my lab even after removing these:
Code: Select all
<file name="catalog/view/theme/*/template/product/*.twig" error="skip">
<operation error="skip">
<search position="replace" regex="true"><![CDATA[~(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)~i]]></search>
<add><![CDATA[$1]]></add>
</operation>
</file>
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
straightlight wrote: ↑Sat Aug 22, 2020 2:55 amThe times when and where it won't be secured is when the header is not being called from the controller from installed extensions you might be using.
Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing
Users browsing this forum: No registered users and 89 guests