Re: [RELEASED] CSRF Protection Form
Posted: Wed Jul 16, 2014 7:29 pm
Package updated from the downloads tab. crsf.zip file.
OpenCart Community Forum - Discuss shopping cart and e-commerce solutions.
https://forum.opencart.com/
No OC version posted. For documentation instructions, please read the guide on the marketplace where you downloaded the CSRF Form Protection. Full details are provided.
Code: Select all
$csrf = new Csrf();
$csrf->csrf_start($this->registry);
$data['csrf_form_input'] = $csrf->csrf_form_input();
Code: Select all
<form ...
Code: Select all
{% if csrf_form_input %}
{{ csrf_form_input }}
{% endif %}
Code: Select all
Fatal error: Call to a member function csrf_form_input() on a non-object in /var/www/vhosts/domain.tld/htdocs/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16
TWIG is v3markward wrote: ↑Tue Feb 13, 2018 2:39 pmI downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php
Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files and I don't know how to edit TWIG files if I have to.
Sorry if this seems a stupid question you have answered before, but I'm getting overwhelmed with fake registrations for accounts and affiliates. I have already removed all affiliate links, removed countries etc but nothing seems to be stopping the fake registrations.
Hopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, installed another anti-spam extension, and even removed USA from my countries list as we don't ship there and that was the address being used. Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.kevtheirish wrote: ↑Wed Feb 14, 2018 12:58 am
TWIG is v3
from what Ive read there's a html and a php to edit, the only issue I ran in to was that 2.0.2.0 has tpl not html... so I'm as lost as you
I've done those things too... getting a bit ticked off (@ james kelvin) right nowmarkward wrote: ↑Wed Feb 14, 2018 2:07 amHopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.
Hope a solution can be found
Where and how you did added the CSRF PHP code in the controller and how did you use the input line from the TPL file? More information is needed.HarryHirsch wrote: ↑Tue Feb 13, 2018 9:50 pmI too get aThis happens on every Form, also i can't login to the backend anymoreCode: Select all
Fatal error: Call to a member function csrf_form_input() on a non-object in /var/www/vhosts/domain.tld/htdocs/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16
OC Version is 1.5.6.1
I downloaded the csrf.zip (includes only a csrf.php) and copied this to system/library/ and the csrfformprotection1562.zip (includes only the xml) and copied to vqmod/xml
The are no other files and no readme
Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
<?php echo $csrf_form_input; ?>
<div class="form-group">
<label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
<input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
</div>
Is there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?markward wrote: ↑Tue Feb 13, 2018 2:39 pmI downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php
Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.
After adding the <?php echo $csrf_form_input; ?> code, check your view source on the browser to see if the __csrf input form shows. An XML file should be implicit with my package. Ensure to use VQMod Manager to troubleshoot the XML file.kevtheirish wrote: ↑Wed Feb 14, 2018 9:49 am2.0.2.0
Can you confirm that this version only contains (2) .php files? Is this + the edits all that is needed?
i dont have a login.html, mine is login.tpl I assume the .tpl is supposed to be edited?
the first "<form" I have is actually
so I added it hereCode: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
is that correct?Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data"> <?php echo $csrf_form_input; ?> <div class="form-group"> <label class="control-label" for="input-email"><?php echo $entry_email; ?></label> <input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" /> </div>
There are no core files to edit as core files should never be modified. Use VQMod, see the above reply.markward wrote: ↑Wed Feb 14, 2018 3:34 pmIs there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?markward wrote: ↑Tue Feb 13, 2018 2:39 pmI downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php
Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.