Page 11 of 19
Re: [RELEASED] CSRF Protection Form
Posted: Sun Aug 04, 2019 6:45 pm
by straightlight
arthena wrote: ↑Sun Aug 04, 2019 12:28 pm
Hi,
I have CSRF Protection Extension installed in version 3.0.2.0 and am still getting at least one fake account every few days. I have noticed that the account set up never has an address? how can this happen when any proper customer has to enter an address to set up an account?
Any ideas please?
As I said many times on the topic before, this extension does NOT prevent SPAM!
It simply kicks out the CSRF bots sitting behind the HTML forms. Re-Captcha V3 is still needed to work with it so that Re-Captcha doesn't have to work with many sitting-by bots awaiting for a user.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Sep 19, 2019 11:20 pm
by carcaras3
Hi All.
I am getting csrf class not found error. Only in front end. Back end works like a charm.
Any ideas!
OC Version. 3.0.2.0
Thanks
Re: [RELEASED] CSRF Protection Form
Posted: Fri Jan 17, 2020 8:27 pm
by adriankoooo
Hello, it is available for 1.5? On download link I see it only for 2.x and 3.x.
Re: [RELEASED] CSRF Protection Form
Posted: Fri Jan 17, 2020 11:01 pm
by straightlight
There are no promises with v1.5x releases with CSRF protection due to an older use of Encryption library from Opencart as compared to OC v3.x releases.
Re: [RELEASED] CSRF Protection Form
Posted: Wed Apr 08, 2020 12:23 am
by mitrecyclers
Hi,
I get fake registrations every day. But CSRF Protection is bit complicated for newbie. Please help me if I am doing steps right.
I am using OC 3.0.3.2
I placed csrf.xml in /public_html/catalog/language/en-gb/extension/vqmod/xml and csrf_helper.php in /public_html/system/helper/ folder
Then I edited and put
Code: Select all
<form
{% if csrf_form_input %}
{{ csrf_form_input }}
{% endif %} action="{{ action }}" method="post" enctype="multipart/form-data" class="form-horizontal">
in /public_html/catalog/view/theme/default/template/account/register.twig
But in which file should I put this?
Code: Select all
$csrf = new Csrf();
$csrf->csrf_start($this->registry);
$data['csrf_form_input'] = $csrf->csrf_form_input();
I tried in /public_html/catalog/controller/account/register.php but it does not look the right one.
Re: [RELEASED] CSRF Protection Form
Posted: Wed Apr 08, 2020 8:06 pm
by straightlight
Please use code tags!
You are referring to an older version of the extension. Please use the latest one.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 12:40 am
by mitrecyclers
straightlight wrote: ↑Wed Apr 08, 2020 8:06 pm
Please use code tags!
You are referring to an older version of the extension. Please use the latest one.
I downloaded extension yesterday. CRSF30.zip, updated on Mar, 29 2018. I guess it is latest version. Did I copied files to right place though?
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 12:47 am
by straightlight
mitrecyclers wrote: ↑Thu Apr 09, 2020 12:40 am
straightlight wrote: ↑Wed Apr 08, 2020 8:06 pm
Please use code tags!
You are referring to an older version of the extension. Please use the latest one.
I downloaded extension yesterday. CRSF30.zip, updated on Mar, 29 2018. I guess it is latest version.
The latest extension version only requires the use of VQMod.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 1:13 am
by mitrecyclers
I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside. From where I can download latest version?
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 1:20 am
by straightlight
mitrecyclers wrote: ↑Thu Apr 09, 2020 1:13 am
I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside.
From where I can download latest version?
As said on my previous reply, this
is the previous version.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 7:47 pm
by mitrecyclers
straightlight wrote: ↑Thu Apr 09, 2020 1:20 am
mitrecyclers wrote: ↑Thu Apr 09, 2020 1:13 am
I know I am asking very basic questions. but do you have any manual, or probably latest version have the manual inside.
From where I can download latest version?
As said on my previous reply, this
is the previous version.
Yes I got that. My question is from where I can download the latest version? Can you please post link? I appreciate that.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 7:48 pm
by straightlight
It's already on the extension page.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 10:51 pm
by mitrecyclers
straightlight wrote: ↑Thu Apr 09, 2020 7:48 pm
It's already on the extension page.
What is so difficult in posting a link for that extension page? I appreciate that. as I have downloaded many times from
https://www.opencart.com/index.php?rout ... earch=CSRF and everytime it is older version.
Re: [RELEASED] CSRF Protection Form
Posted: Thu Apr 09, 2020 11:07 pm
by straightlight
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.
[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.
[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases
Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.
Re: [RELEASED] CSRF Protection Form
Posted: Fri Apr 10, 2020 6:58 pm
by mitrecyclers
straightlight wrote: ↑Thu Apr 09, 2020 11:07 pm
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.
[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.
[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases
Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.
I certainly have downloaded from same page. 100%. but you are saying it is not a latest version.
Re: [RELEASED] CSRF Protection Form
Posted: Fri Apr 10, 2020 7:23 pm
by straightlight
mitrecyclers wrote: ↑Fri Apr 10, 2020 6:58 pm
straightlight wrote: ↑Thu Apr 09, 2020 11:07 pm
It's on the first post of this topic already. If you're asking this remark / question, it means you haven't read the description of this extension either from the forum or on the Marketplace.
[29-03-2018] - The CSRF helper has been improved with a more stronger algorithm form or string for better protection and also PHP 7+ compatibility.
[20-03-2018] - CSRF Support Forum topic updated by providing instructions for multiple social login free extensions.
[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases
Thanks to the forum user: neelgajjar addressing that the latest CSRF release no longer creates flooded registration. All back to normal with v2.x releases, according to his feedback.
I certainly have downloaded from same page. 100%.
but you are saying it is not a latest version.
There is nowhere to be said about not being the latest release. As per the updated date on the Marketplace, no updates have been made since last time since there is no need to. As per my above quote:
[25-02-2018] - CSRF v3.2 for OC v2.x and v3.x releases
It is already indicated that CSRF has been tested on both release series.
Re: [RELEASED] CSRF Protection Form
Posted: Sun Apr 12, 2020 1:37 pm
by mitrecyclers
Finally managed to get this sorted. Installed VQMOD Manager and Copied
csrf.xml in /public_html/vqmod/xml
csrf_helper.php in /public_html/system/helper
then edited csrf.xml and added below code
Code: Select all
<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
now I am able to see csrf value in my main page as
<form action="
https://mitrecyclers.com/index.php?rout ... y/currency" method="post" enctype="multipart/form-data" id="form-currency"><input type="hidden" name="__csrf" value="XXXXXXRANDOMXXXXX">
Is that all? or do I have to do something further. Thanks.
Re: [RELEASED] CSRF Protection Form
Posted: Mon Apr 13, 2020 4:08 pm
by Zanato
On a google search for '
opencart stop spam registrations' the very first result is
viewtopic.php?t=200373 where you state...
straightlight wrote: ↑Mon Dec 11, 2017 8:20 pm
You can be ensured this will definitely stop the spamming on your site.
...but then when you go to the support page (ie. this thread) for the extension you say...
straightlight wrote: ↑Sun Aug 04, 2019 6:45 pm
As I said many times on the topic before, this extension does NOT prevent SPAM!
So I'm a little confused. Will this extension stop spam registrations and enquiries? If not, can you recommend a solution that does? I'd rather not enable captcha for users but if I must I must.
Re: [RELEASED] CSRF Protection Form
Posted: Mon Apr 13, 2020 6:57 pm
by straightlight
Zanato wrote: ↑Mon Apr 13, 2020 4:08 pm
On a google search for '
opencart stop spam registrations' the very first result is
viewtopic.php?t=200373 where you state...
straightlight wrote: ↑Mon Dec 11, 2017 8:20 pm
You can be ensured this will definitely stop the spamming on your site.
...but then when you go to the support page (ie. this thread) for the extension you say...
straightlight wrote: ↑Sun Aug 04, 2019 6:45 pm
As I said many times on the topic before, this extension does NOT prevent SPAM!
So I'm a little confused. Will this extension stop spam registrations and enquiries? If not, can you recommend a solution that does? I'd rather not enable captcha for users but if I must I must.
What it means is the Captcha form will prevent spammers as much as it can to successfully submit the values from an HTML form but it will not prevent scripts on remaining behind the forms while the CSRF Form protection may not help to submit values without Captcha or Re-Captcha but will kick the scripts behind the forms while these twos prevents submissions.
Re: [RELEASED] CSRF Protection Form
Posted: Sat Apr 18, 2020 12:13 am
by jsw
straightlight wrote: ↑Sun Aug 04, 2019 6:45 pm
arthena wrote: ↑Sun Aug 04, 2019 12:28 pm
Hi,
I have CSRF Protection Extension installed in version 3.0.2.0 and am still getting at least one fake account every few days. I have noticed that the account set up never has an address? how can this happen when any proper customer has to enter an address to set up an account?
Any ideas please?
As I said many times on the topic before, this extension does NOT prevent SPAM!
It simply kicks out the CSRF bots sitting behind the HTML forms. Re-Captcha V3 is still needed to work with it so that Re-Captcha doesn't have to work with many sitting-by bots awaiting for a user.
Thanks for the extension, straightlight! Installed it on OC v3.0.3.2 today. One little question, does it work well with Basic Captcha?