Post by straightlight » Wed Jul 16, 2014 7:29 pm

Package updated from the downloads tab. crsf.zip file.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Mon Oct 23, 2017 1:07 am

An updated version for Opencart v3.x releases has been released in order to import the CSRF token in the TWIG file when using overrides / VQMod / OCMod. Instructions provided.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Evilonion » Fri Jan 05, 2018 12:00 am

hi

I've installed this module, can i ask what i do once i have enabled it and enabled logs?
Ive refreshed all cache files as well.

Is there something else to switch on for this captcha system to work?
I currently have google recaptcha v2 robot.

Active Member

Posts

Joined
Sun Oct 30, 2016 8:07 pm

Post by straightlight » Fri Jan 05, 2018 5:44 am

Evilonion wrote:
Fri Jan 05, 2018 12:00 am
hi

I've installed this module, can i ask what i do once i have enabled it and enabled logs?
Ive refreshed all cache files as well.

Is there something else to switch on for this captcha system to work?
I currently have google recaptcha v2 robot.
No OC version posted. For documentation instructions, please read the guide on the marketplace where you downloaded the CSRF Form Protection. Full details are provided.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by Evilonion » Fri Jan 05, 2018 8:13 am

sorry, opencart 3.0.2
I've enabled the installed and enabled the module i just didn't know if there was anything further that has to be done?
or is enabling it enough?

Active Member

Posts

Joined
Sun Oct 30, 2016 8:07 pm

Post by straightlight » Sat Jan 06, 2018 6:24 am

Once enabled, you need to edit each of your TWIG files (preferably with VQMod) and add the following in their relative controllers and method name where HTML forms would be used from the TWIG files.

For instance, in the controllers,

Code: Select all

$csrf = new Csrf();

$csrf->csrf_start($this->registry);

$data['csrf_form_input'] = $csrf->csrf_form_input();
Then, in the relative TWIG files, where:

Code: Select all

<form ...
shows, add below each:

Code: Select all

{% if csrf_form_input %}
{{ csrf_form_input }}
{% endif %}
This is also useful for AJAX Requests and when using the API with Opencart.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by jacky96136 » Fri Feb 09, 2018 4:41 pm

Hi, Once I add the xml file to vqmod/xml folder (version 1.6.5.4). My backend system mulfunction. Even in the login page, the username and password field disappeared.

Newbie

Posts

Joined
Wed Mar 13, 2013 12:01 am

Post by straightlight » Sat Feb 10, 2018 6:42 am

Could you elaborate that a little? What do you mean by malfunctioning and what is the result of the form disappearing? More information is needed.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by kevtheirish » Tue Feb 13, 2018 12:18 pm

...soo lost :P
I PM'ed you on this

Active Member

Posts

Joined
Mon Jan 16, 2012 2:58 am

Post by markward » Tue Feb 13, 2018 2:39 pm

I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files and I don't know how to edit TWIG files if I have to.

Sorry if this seems a stupid question you have answered before, but I'm getting overwhelmed with fake registrations for accounts and affiliates. I have already removed all affiliate links, removed countries etc but nothing seems to be stopping the fake registrations.

Newbie

Posts

Joined
Tue Feb 13, 2018 2:24 pm

Post by HarryHirsch » Tue Feb 13, 2018 9:50 pm

I too get a

Code: Select all

Fatal error: Call to a member function csrf_form_input() on a non-object in /var/www/vhosts/domain.tld/htdocs/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16
This happens on every Form, also i can't login to the backend anymore
OC Version is 1.5.6.1
I downloaded the csrf.zip (includes only a csrf.php) and copied this to system/library/ and the csrfformprotection1562.zip (includes only the xml) and copied to vqmod/xml

The are no other files and no readme

Newbie

Posts

Joined
Tue Feb 13, 2018 7:45 pm

Post by kevtheirish » Wed Feb 14, 2018 12:58 am

markward wrote:
Tue Feb 13, 2018 2:39 pm
I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files and I don't know how to edit TWIG files if I have to.

Sorry if this seems a stupid question you have answered before, but I'm getting overwhelmed with fake registrations for accounts and affiliates. I have already removed all affiliate links, removed countries etc but nothing seems to be stopping the fake registrations.
TWIG is v3
from what Ive read there's a html and a php to edit, the only issue I ran in to was that 2.0.2.0 has tpl not html... so I'm as lost as you

Active Member

Posts

Joined
Mon Jan 16, 2012 2:58 am

Post by markward » Wed Feb 14, 2018 2:07 am

kevtheirish wrote:
Wed Feb 14, 2018 12:58 am

TWIG is v3
from what Ive read there's a html and a php to edit, the only issue I ran in to was that 2.0.2.0 has tpl not html... so I'm as lost as you
Hopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, installed another anti-spam extension, and even removed USA from my countries list as we don't ship there and that was the address being used. Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.

I had 100+ affiliates registered to one account and am getting around 20-30 fake registrations a day. This is a major hassle - especially since I have no idea the motive. A lot of people seem to be getting hit by this judging by other posts.

Hope a solution can be found

Newbie

Posts

Joined
Tue Feb 13, 2018 2:24 pm

Post by kevtheirish » Wed Feb 14, 2018 2:10 am

markward wrote:
Wed Feb 14, 2018 2:07 am
Hopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.
Hope a solution can be found
I've done those things too... getting a bit ticked off (@ james kelvin) right now :P

Active Member

Posts

Joined
Mon Jan 16, 2012 2:58 am

Post by straightlight » Wed Feb 14, 2018 6:38 am

HarryHirsch wrote:
Tue Feb 13, 2018 9:50 pm
I too get a

Code: Select all

Fatal error: Call to a member function csrf_form_input() on a non-object in /var/www/vhosts/domain.tld/htdocs/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16
This happens on every Form, also i can't login to the backend anymore
OC Version is 1.5.6.1
I downloaded the csrf.zip (includes only a csrf.php) and copied this to system/library/ and the csrfformprotection1562.zip (includes only the xml) and copied to vqmod/xml

The are no other files and no readme
Where and how you did added the CSRF PHP code in the controller and how did you use the input line from the TPL file? More information is needed.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by kevtheirish » Wed Feb 14, 2018 9:49 am

2.0.2.0
Can you confirm that this version only contains (2) .php files? Is this + the edits all that is needed?
i dont have a login.html, mine is login.tpl I assume the .tpl is supposed to be edited?



the first "<form" I have is actually

Code: Select all

            <form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
so I added it here

Code: Select all

<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
<?php echo $csrf_form_input; ?>
              <div class="form-group">
                <label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
                <input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
              </div>
is that correct?

Active Member

Posts

Joined
Mon Jan 16, 2012 2:58 am

Post by markward » Wed Feb 14, 2018 3:34 pm

markward wrote:
Tue Feb 13, 2018 2:39 pm
I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.
Is there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?

Newbie

Posts

Joined
Tue Feb 13, 2018 2:24 pm

Post by straightlight » Wed Feb 14, 2018 6:36 pm

kevtheirish wrote:
Wed Feb 14, 2018 9:49 am
2.0.2.0
Can you confirm that this version only contains (2) .php files? Is this + the edits all that is needed?
i dont have a login.html, mine is login.tpl I assume the .tpl is supposed to be edited?



the first "<form" I have is actually

Code: Select all

            <form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
so I added it here

Code: Select all

<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
<?php echo $csrf_form_input; ?>
              <div class="form-group">
                <label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
                <input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
              </div>
is that correct?
After adding the <?php echo $csrf_form_input; ?> code, check your view source on the browser to see if the __csrf input form shows. An XML file should be implicit with my package. Ensure to use VQMod Manager to troubleshoot the XML file.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Wed Feb 14, 2018 6:37 pm

markward wrote:
Wed Feb 14, 2018 3:34 pm
markward wrote:
Tue Feb 13, 2018 2:39 pm
I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.
Is there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?
There are no core files to edit as core files should never be modified. Use VQMod, see the above reply.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by k2tec » Wed Feb 14, 2018 11:58 pm

There is no xml file in the package

User avatar
Active Member

Posts

Joined
Mon Apr 12, 2010 8:06 pm
Who is online

Users browsing this forum: No registered users and 17 guests