Post by straightlight » Sun Aug 04, 2019 6:45 pm

arthena wrote:
Sun Aug 04, 2019 12:28 pm
Hi,
I have CSRF Protection Extension installed in version 3.0.2.0 and am still getting at least one fake account every few days. I have noticed that the account set up never has an address? how can this happen when any proper customer has to enter an address to set up an account?
Any ideas please?
As I said many times on the topic before, this extension does NOT prevent SPAM!

It simply kicks out the CSRF bots sitting behind the HTML forms. Re-Captcha V3 is still needed to work with it so that Re-Captcha doesn't have to work with many sitting-by bots awaiting for a user.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by carcaras3 » Thu Sep 19, 2019 11:20 pm

Hi All.
I am getting csrf class not found error. Only in front end. Back end works like a charm.
Any ideas!
OC Version. 3.0.2.0

Thanks

Newbie

Posts

Joined
Mon Jul 31, 2017 8:19 pm

Post by adriankoooo » Fri Jan 17, 2020 8:27 pm

Hello, it is available for 1.5? On download link I see it only for 2.x and 3.x.

Active Member

Posts

Joined
Thu Mar 03, 2011 6:52 am


Post by straightlight » Fri Jan 17, 2020 11:01 pm

There are no promises with v1.5x releases with CSRF protection due to an older use of Encryption library from Opencart as compared to OC v3.x releases.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Wed Apr 08, 2020 12:23 am

Hi,
I get fake registrations every day. But CSRF Protection is bit complicated for newbie. Please help me if I am doing steps right.
I am using OC 3.0.3.2

I placed csrf.xml in /public_html/catalog/language/en-gb/extension/vqmod/xml and csrf_helper.php in /public_html/system/helper/ folder

Then I edited and put

Code: Select all

 <form 
{% if csrf_form_input %}
{{ csrf_form_input }}
{% endif %} action="{{ action }}" method="post" enctype="multipart/form-data" class="form-horizontal">
in /public_html/catalog/view/theme/default/template/account/register.twig

But in which file should I put this?

Code: Select all

$csrf = new Csrf();
$csrf->csrf_start($this->registry);
$data['csrf_form_input'] = $csrf->csrf_form_input();
I tried in /public_html/catalog/controller/account/register.php but it does not look the right one.
Last edited by straightlight on Wed Apr 08, 2020 8:05 pm, edited 1 time in total.

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Wed Apr 08, 2020 8:06 pm

Please use code tags!

You are referring to an older version of the extension. Please use the latest one.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Thu Apr 09, 2020 12:40 am

straightlight wrote:
Wed Apr 08, 2020 8:06 pm
Please use code tags!

You are referring to an older version of the extension. Please use the latest one.
I downloaded extension yesterday. CRSF30.zip, updated on Mar, 29 2018. I guess it is latest version. Did I copied files to right place though?

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Thu Apr 09, 2020 12:47 am

mitrecyclers wrote:
Thu Apr 09, 2020 12:40 am
straightlight wrote:
Wed Apr 08, 2020 8:06 pm
Please use code tags!

You are referring to an older version of the extension. Please use the latest one.
I downloaded extension yesterday. CRSF30.zip, updated on Mar, 29 2018. I guess it is latest version.
The latest extension version only requires the use of VQMod.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Thu Apr 09, 2020 1:13 am

I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside. From where I can download latest version?

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Thu Apr 09, 2020 1:20 am

mitrecyclers wrote:
Thu Apr 09, 2020 1:13 am
I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside. From where I can download latest version?
As said on my previous reply, this is the previous version.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Thu Apr 09, 2020 7:47 pm

straightlight wrote:
Thu Apr 09, 2020 1:20 am
mitrecyclers wrote:
Thu Apr 09, 2020 1:13 am
I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside. From where I can download latest version?
As said on my previous reply, this is the previous version.
Yes I got that. My question is from where I can download the latest version? Can you please post link? I appreciate that.

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Thu Apr 09, 2020 7:48 pm

It's already on the extension page.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Thu Apr 09, 2020 10:51 pm

straightlight wrote:
Thu Apr 09, 2020 7:48 pm
It's already on the extension page.
What is so difficult in posting a link for that extension page? I appreciate that. as I have downloaded many times from https://www.opencart.com/index.php?rout ... earch=CSRF and everytime it is older version.

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Thu Apr 09, 2020 11:07 pm

mitrecyclers wrote:
Thu Apr 09, 2020 10:51 pm
straightlight wrote:
Thu Apr 09, 2020 7:48 pm
It's already on the extension page.
What is so difficult in posting a link for that extension page? I appreciate that. as I have downloaded many times from https://www.opencart.com/index.php?rout ... earch=CSRF and everytime it is older version.
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.

[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.

[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases

Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Fri Apr 10, 2020 6:58 pm

straightlight wrote:
Thu Apr 09, 2020 11:07 pm
mitrecyclers wrote:
Thu Apr 09, 2020 10:51 pm
straightlight wrote:
Thu Apr 09, 2020 7:48 pm
It's already on the extension page.
What is so difficult in posting a link for that extension page? I appreciate that. as I have downloaded many times from https://www.opencart.com/index.php?rout ... earch=CSRF and everytime it is older version.
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.

[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.

[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases

Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.
I certainly have downloaded from same page. 100%. but you are saying it is not a latest version.

Attachments

csrferror.jpg

csrferror.jpg (180.61 KiB) Viewed 43642 times


For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by straightlight » Fri Apr 10, 2020 7:23 pm

mitrecyclers wrote:
Fri Apr 10, 2020 6:58 pm
straightlight wrote:
Thu Apr 09, 2020 11:07 pm
mitrecyclers wrote:
Thu Apr 09, 2020 10:51 pm

What is so difficult in posting a link for that extension page? I appreciate that. as I have downloaded many times from https://www.opencart.com/index.php?rout ... earch=CSRF and everytime it is older version.
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.

[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.

[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases

Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.
I certainly have downloaded from same page. 100%. but you are saying it is not a latest version.
There is nowhere to be said about not being the latest release. As per the updated date on the Marketplace, no updates have been made since last time since there is no need to. As per my above quote:
[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases
It is already indicated that CSRF has been tested on both release series.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by mitrecyclers » Sun Apr 12, 2020 1:37 pm

Finally managed to get this sorted. Installed VQMOD Manager and Copied

csrf.xml in /public_html/vqmod/xml
csrf_helper.php in /public_html/system/helper

then edited csrf.xml and added below code

Code: Select all

<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');

csrf_start();
]]></add>
</operation>
</file>
now I am able to see csrf value in my main page as

<form action="https://mitrecyclers.com/index.php?rout ... y/currency" method="post" enctype="multipart/form-data" id="form-currency"><input type="hidden" name="__csrf" value="XXXXXXRANDOMXXXXX">

Is that all? or do I have to do something further. Thanks.

For all of your Mobile phone needs.
https://mitrecyclers.com


Active Member

Posts

Joined
Tue Sep 25, 2018 5:34 pm

Post by Zanato » Mon Apr 13, 2020 4:08 pm

On a google search for 'opencart stop spam registrations' the very first result is viewtopic.php?t=200373 where you state...

straightlight wrote:
Mon Dec 11, 2017 8:20 pm
You can be ensured this will definitely stop the spamming on your site.
...but then when you go to the support page (ie. this thread) for the extension you say...

straightlight wrote:
Sun Aug 04, 2019 6:45 pm
As I said many times on the topic before, this extension does NOT prevent SPAM!
So I'm a little confused. Will this extension stop spam registrations and enquiries? If not, can you recommend a solution that does? I'd rather not enable captcha for users but if I must I must.

New member

Posts

Joined
Fri Oct 04, 2013 4:58 am
Location - Dublin, Ireland

Post by straightlight » Mon Apr 13, 2020 6:57 pm

Zanato wrote:
Mon Apr 13, 2020 4:08 pm
On a google search for 'opencart stop spam registrations' the very first result is viewtopic.php?t=200373 where you state...

straightlight wrote:
Mon Dec 11, 2017 8:20 pm
You can be ensured this will definitely stop the spamming on your site.
...but then when you go to the support page (ie. this thread) for the extension you say...

straightlight wrote:
Sun Aug 04, 2019 6:45 pm
As I said many times on the topic before, this extension does NOT prevent SPAM!
So I'm a little confused. Will this extension stop spam registrations and enquiries? If not, can you recommend a solution that does? I'd rather not enable captcha for users but if I must I must.
What it means is the Captcha form will prevent spammers as much as it can to successfully submit the values from an HTML form but it will not prevent scripts on remaining behind the forms while the CSRF Form protection may not help to submit values without Captcha or Re-Captcha but will kick the scripts behind the forms while these twos prevents submissions.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by jsw » Sat Apr 18, 2020 12:13 am

straightlight wrote:
Sun Aug 04, 2019 6:45 pm
arthena wrote:
Sun Aug 04, 2019 12:28 pm
Hi,
I have CSRF Protection Extension installed in version 3.0.2.0 and am still getting at least one fake account every few days. I have noticed that the account set up never has an address? how can this happen when any proper customer has to enter an address to set up an account?
Any ideas please?
As I said many times on the topic before, this extension does NOT prevent SPAM!

It simply kicks out the CSRF bots sitting behind the HTML forms. Re-Captcha V3 is still needed to work with it so that Re-Captcha doesn't have to work with many sitting-by bots awaiting for a user.
Thanks for the extension, straightlight! Installed it on OC v3.0.3.2 today. One little question, does it work well with Basic Captcha?

jsw
Newbie

Posts

Joined
Wed Jun 12, 2013 11:42 pm
Location - Canada
Who is online

Users browsing this forum: dev15 and 17 guests