Post by crosland » Mon Dec 02, 2019 6:30 pm

OC 3.0.3.2 Chrome browser

I am satisfied that the basic captcha has stopped all registration spam attempts so I'm not looking foir a different solution, just a fix for a couple of problems.

Genuine customers are having problems withe captcha failing. The posted code just never matches the session data.

Sometimes I see errors like this in the error log:

Code: Select all

2019-11-30 17:39:23 - PHP Notice:  Undefined index: captcha in /vhost/vhost14/s/p/r/sprog-dcc.co.uk/www/catalog/controller/extension/captcha/basic.php on line 21
I added some debug to that file. In validate()

Code: Select all

		$this->log->write('validate() session data: ' . $this->session->data['captcha']);
		$this->log->write('validate() post data: ' . $this->request->post['captcha']);
and in captcha()

Code: Select all

		$this->log->write('captcha() session data: ' . $this->session->data['captcha']);
Sometimes it seems like the session data is stale

For example, captcha is displaying 83eb44. In validate I see the correct post data in my debug output but the session data is form an old captcha:
2019-12-02 10:21:21 - validate() session data: 0292c7
2019-12-02 10:21:21 - validate() post data: 83be44
2019-12-02 10:21:25 - captcha() session data: 1a9960

The failure causes a new captcha to be generated 1a9960. Again it is posted correctly but the session data is still wrong:
2019-12-02 10:23:40 - validate() session data: 0292c7
2019-12-02 10:23:40 - validate() post data: 1a9960
2019-12-02 10:23:43 - captcha() session data: ebb16f

I have checked at the browser end (google dev tools) that the captcha is never cached in the browser.

I have cleared the OC caches and turned them off - no difference.

Every time I see the session data generated in captcha() is not see by the validate() function.

Can anyone help?

New member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by crosland » Mon Dec 02, 2019 6:46 pm

I started a new seesion in s a different browser (IE). This time in the error log:
2019-12-02 10:41:51 - captcha() session data: a26dc9
2019-12-02 10:43:40 - PHP Notice: Undefined index: captcha in /vhost/vhost14/s/p/r/sprog-dcc.co.uk/www/catalog/controller/extension/captcha/basic.php on line 21
2019-12-02 10:43:40 - validate() session data:
2019-12-02 10:43:40 - validate() post data: a26dc9
2019-12-02 10:43:42 - captcha() session data: dc46a5
2019-12-02 10:44:04 - PHP Notice: Undefined index: captcha in /vhost/vhost14/s/p/r/sprog-dcc.co.uk/www/catalog/controller/extension/captcha/basic.php on line 21
2019-12-02 10:44:04 - validate() session data:
2019-12-02 10:44:04 - validate() post data: dc46a5
2019-12-02 10:44:06 - captcha() session data: f62cd5

Again the post data matches that required by the generated captcha session data but the validate() function cannot see the session data.

New member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by paulfeakins » Mon Dec 02, 2019 8:12 pm

Just use our Advanced Captcha, it doesn't annoy users and it blocks all spam:
https://www.opencart.com/index.php?rout ... n_id=36312

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by crosland » Wed Dec 04, 2019 5:01 am

I did say I wanted to fix the core code and not use a different solution :) but...

... do you have any screenshots to show what customers will see?

New member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by paulfeakins » Wed Dec 04, 2019 5:28 pm

crosland wrote:
Wed Dec 04, 2019 5:01 am
... do you have any screenshots to show what customers will see?
Nothing at all, it's complete invisible :)

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by crosland » Thu Dec 05, 2019 8:22 pm

So how does it work?

Does it work on shared hosting?

Does it rely on any URL other than my site?

New member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by paulfeakins » Thu Dec 05, 2019 8:31 pm

crosland wrote:
Thu Dec 05, 2019 8:22 pm
So how does it work?
I cannot share the secret or someone may find a way to break it. In time this will happen anyway unfortunately and no refund will be due in this case, but it has worked for around 2 years so far with 100% effectiveness. I cannot predict when the spammers will break it, it could be tomorrow, it could be in 5 years, it could be never.

crosland wrote:
Thu Dec 05, 2019 8:22 pm
Does it work on shared hosting?
Yes.

crosland wrote:
Thu Dec 05, 2019 8:22 pm
Does it rely on any URL other than my site?
No.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom

Post by crosland » Sat Dec 07, 2019 12:55 am

I got reCAPTCHA working on shared hosting so I'm good for now :)

Thank you.

New member

Posts

Joined
Fri Sep 13, 2019 9:04 pm

Post by paulfeakins » Sat Dec 07, 2019 1:02 am

crosland wrote:
Sat Dec 07, 2019 12:55 am
I got reCAPTCHA working on shared hosting so I'm good for now :)
Sure but you'll get less customers because some will be put off by the extra steps.

For quick, professional OpenCart support please email info@antropy.co.uk


User avatar
Guru Member

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - Reigate, Surrey, United Kingdom
Who is online

Users browsing this forum: No registered users and 33 guests