OpenCart Community

Package updated from the downloads tab. crsf.zip file.

An updated version for Opencart v3.x releases has been released in order to import the CSRF token in the TWIG file when using overrides / VQMod / OCMod. Instructions provided.

hi

I've installed this module, can i ask what i do once i have enabled it and enabled logs?
Ive refreshed all cache files as well.

Is there something else to switch on for this captcha system to work?
I currently have google recaptcha v2 robot.

Evilonion wrote: ↑

Fri Jan 05, 2018 12:00 am

hi

I've installed this module, can i ask what i do once i have enabled it and enabled logs?
Ive refreshed all cache files as well.

Is there something else to switch on for this captcha system to work?
I currently have google recaptcha v2 robot.

No OC version posted. For documentation instructions, please read the guide on the marketplace where you downloaded the CSRF Form Protection. Full details are provided.

sorry, opencart 3.0.2
I've enabled the installed and enabled the module i just didn't know if there was anything further that has to be done?
or is enabling it enough?

Once enabled, you need to edit each of your TWIG files (preferably with VQMod) and add the following in their relative controllers and method name where HTML forms would be used from the TWIG files.

For instance, in the controllers,
Then, in the relative TWIG files, where:
shows, add below each:
This is also useful for AJAX Requests and when using the API with Opencart.

Hi, Once I add the xml file to vqmod/xml folder (version 1.6.5.4). My backend system mulfunction. Even in the login page, the username and password field disappeared.

Could you elaborate that a little? What do you mean by malfunctioning and what is the result of the form disappearing? More information is needed.

...soo lost
I PM'ed you on this

I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files and I don't know how to edit TWIG files if I have to.

Sorry if this seems a stupid question you have answered before, but I'm getting overwhelmed with fake registrations for accounts and affiliates. I have already removed all affiliate links, removed countries etc but nothing seems to be stopping the fake registrations.

I too get a This happens on every Form, also i can't login to the backend anymore
OC Version is 1.5.6.1
I downloaded the csrf.zip (includes only a csrf.php) and copied this to system/library/ and the csrfformprotection1562.zip (includes only the xml) and copied to vqmod/xml

The are no other files and no readme

markward wrote: ↑

Tue Feb 13, 2018 2:39 pm

I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files and I don't know how to edit TWIG files if I have to.

Sorry if this seems a stupid question you have answered before, but I'm getting overwhelmed with fake registrations for accounts and affiliates. I have already removed all affiliate links, removed countries etc but nothing seems to be stopping the fake registrations.

TWIG is v3
from what Ive read there's a html and a php to edit, the only issue I ran in to was that 2.0.2.0 has tpl not html... so I'm as lost as you

kevtheirish wrote: ↑

Wed Feb 14, 2018 12:58 am

TWIG is v3
from what Ive read there's a html and a php to edit, the only issue I ran in to was that 2.0.2.0 has tpl not html... so I'm as lost as you

Hopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, installed another anti-spam extension, and even removed USA from my countries list as we don't ship there and that was the address being used. Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.

I had 100+ affiliates registered to one account and am getting around 20-30 fake registrations a day. This is a major hassle - especially since I have no idea the motive. A lot of people seem to be getting hit by this judging by other posts.

Hope a solution can be found

markward wrote: ↑

Wed Feb 14, 2018 2:07 am

Hopefully we'll get some more information. I've tried turning on customer approval, removed all affiliate links, Registrations are still coming in bypassing the required fields on the account registration forms (including "James Kelvin" mentioned on other threads). Also banning IPs has no effect.
Hope a solution can be found

I've done those things too... getting a bit ticked off (@ james kelvin) right now

HarryHirsch wrote: ↑

Tue Feb 13, 2018 9:50 pm

I too get a

Code: Select all

Fatal error: Call to a member function csrf_form_input() on a non-object in /var/www/vhosts/domain.tld/htdocs/vqmod/vqcache/vq2-admin_view_template_common_login.tpl on line 16

This happens on every Form, also i can't login to the backend anymore
OC Version is 1.5.6.1
I downloaded the csrf.zip (includes only a csrf.php) and copied this to system/library/ and the csrfformprotection1562.zip (includes only the xml) and copied to vqmod/xml

The are no other files and no readme

Where and how you did added the CSRF PHP code in the controller and how did you use the input line from the TPL file? More information is needed.

2.0.2.0
Can you confirm that this version only contains (2) .php files? Is this + the edits all that is needed?
i dont have a login.html, mine is login.tpl I assume the .tpl is supposed to be edited?



the first "<form" I have is actually
so I added it here
is that correct?

markward wrote: ↑

Tue Feb 13, 2018 2:39 pm

I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.

Is there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?

kevtheirish wrote: ↑

Wed Feb 14, 2018 9:49 am

2.0.2.0
Can you confirm that this version only contains (2) .php files? Is this + the edits all that is needed?
i dont have a login.html, mine is login.tpl I assume the .tpl is supposed to be edited?



the first "<form" I have is actually

Code: Select all

            <form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">

so I added it here

Code: Select all

<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
<?php echo $csrf_form_input; ?>
              <div class="form-group">
                <label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
                <input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
              </div>

is that correct?

After adding the <?php echo $csrf_form_input; ?> code, check your view source on the browser to see if the __csrf input form shows. An XML file should be implicit with my package. Ensure to use VQMod Manager to troubleshoot the XML file.

markward wrote: ↑

Wed Feb 14, 2018 3:34 pm

markward wrote: ↑

Tue Feb 13, 2018 2:39 pm

I downloaded the version for 2.0.3.1 I can only see two files in the folder: catalog/model/tool/csrf.php and system/library/csrf.php

Is it only these two files that need to be uploaded and if so do I need to do anything else afterwards? I am not confident adding code to core files.

Is there any update on this from anyone? Can anyone (Straightlight?) tell me what other core files need to be edited and what the additional code is for version 2.0.3.1?

There are no core files to edit as core files should never be modified. Use VQMod, see the above reply.

There is no xml file in the package