Post by xavierpages » Mon Jan 21, 2019 8:01 pm

Hi,
Last months I have received several false account registrations mainly from Russia and Ukrania. The strange thing is that I have removed almost all fields from registration forms (leaving only e-mail and country and password) but the spam registration fills all fields. I don't know how this is possible... Is there any way to enter all these data via registration form a part form main registration form?
https://www.influxsheetmusic.com/index. ... t/register
Thank you very much in advanced for your help!
Xavier.
Running opencart 2.3.0.2

Newbie

Posts

Joined
Mon Feb 20, 2017 6:59 am

Post by ADD Creative » Mon Jan 21, 2019 10:53 pm

The full POST values are sent to the customer model. They will be posting directly to the controller and not using your form.
https://github.com/opencart/opencart/bl ... er.php#L21

You could add or change some validation to to check that the values you don't have on your form are not set.
https://github.com/opencart/opencart/bl ... r.php#L355

For example to check address_1 isn't set you could add something like this.

Code: Select all

if (!empty($this->request->post['address_1'])) {
	$this->error['address_1'] = $this->language->get('error_address_1');
}
Another option would be to add a token to the form and check it is correct on POST.

www.add-creative.co.uk


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by xavierpages » Tue Jan 22, 2019 12:06 am

Thank you very much for you help! I will try to add some conditions here to avoid false registrations.
Best wishes,
Xavier.

Newbie

Posts

Joined
Mon Feb 20, 2017 6:59 am
Who is online

Users browsing this forum: No registered users and 5 guests