Page 1 of 1

Strange false account registrations

Posted: Mon Jan 21, 2019 8:01 pm
by xavierpages
Hi,
Last months I have received several false account registrations mainly from Russia and Ukrania. The strange thing is that I have removed almost all fields from registration forms (leaving only e-mail and country and password) but the spam registration fills all fields. I don't know how this is possible... Is there any way to enter all these data via registration form a part form main registration form?
https://www.influxsheetmusic.com/index. ... t/register
Thank you very much in advanced for your help!
Xavier.
Running opencart 2.3.0.2

Re: Strange false account registrations

Posted: Mon Jan 21, 2019 10:53 pm
by ADD Creative
The full POST values are sent to the customer model. They will be posting directly to the controller and not using your form.
https://github.com/opencart/opencart/bl ... er.php#L21

You could add or change some validation to to check that the values you don't have on your form are not set.
https://github.com/opencart/opencart/bl ... r.php#L355

For example to check address_1 isn't set you could add something like this.

Code: Select all

if (!empty($this->request->post['address_1'])) {
	$this->error['address_1'] = $this->language->get('error_address_1');
}
Another option would be to add a token to the form and check it is correct on POST.

Re: Strange false account registrations

Posted: Tue Jan 22, 2019 12:06 am
by xavierpages
Thank you very much for you help! I will try to add some conditions here to avoid false registrations.
Best wishes,
Xavier.