Shopping Cart Community : Forum Archive » [SC] Custom Code

[MOD] Replace ISC Captcha with ReCaptcha

Martin

2011-03-09 00:02:43

Not a particularly hard one this but I had to think outside the box to get it around the Javascript validation...



The mod should allow you to replace the ISC Captcha system for reviews and replace it with the Recaptcha service. Naturally you will need to get your API keys before you do anything and I'm not going to reinvent the wheel telling you how to do that... Find out yourself :arrow:





Note: This modification assumes that you have decided to force captcha to be used on reviews regardless of your Captcha settings in ISC Admin.



Right.. modification is as follows:



Create a folder structure like this one: /modules/custom/recaptcha (ie: add "custom" inside modules, and then a "recaptcha" inside that)



Download the reCaptcha PHP library from here



Place the recaptchalib.php file in your newly created folder ie: in /modules/custom/recaptcha



Open recaptchalib.php



Find:
/**
* The reCAPTCHA server URL's
*/

Before, Add:
$recaptcha_private_key = 'Your_Private_API_key_for_this_site';
$recaptcha_public_key = 'Your_Public_API_key_for_this_site';
... and edit the values to the correct API key...





Open /includes/classes/class.review.php



Find:
$captcha = '';
if(isset($_POST['captcha'])) {
$captcha = $_POST['captcha'];
}
$captcha_check = true;

// Should reviews be approved automatically?
if(GetConfig('AutoApproveReviews')) {
$status = 1;
}
else {
$status = 0;
}

// Do we need to check captcha?
if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}


Replace with:
//***************************************
// MOD Use ReCaptcha instead of ISC system

require_once(dirname(__FILE__).'/../../modules/custom/recaptcha/recaptchalib.php');

if(isset($recaptcha_private_key) && isset($recaptcha_public_key)) {

$resp = recaptcha_check_answer ($recaptcha_private_key,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);

// Invalid recaptcha so do as per normal ISC system
if (!$resp->is_valid) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}

}
/*
* If the recaptcha key isn't set we gracefully degrade
* back to the ISC system rather than leave it wide open
*/

else {
$captcha = '';
if(isset($_POST['captcha'])) {
$captcha = $_POST['captcha'];
}
$captcha_check = true;

// Should reviews be approved automatically?
if(GetConfig('AutoApproveReviews')) {
$status = 1;
}
else {
$status = 0;
}
//***************************************
// MOD Force Capcha for reviews

// Do we need to check captcha?
//if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
if(isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}
// MOD END Force Captcha for reviews
//***************************************
}

// MOD END Use ReCaptcha instead of ISC system
//***************************************



Open: /modules/comments/builtincomments/module.builtincomments.php



Find:
// Is captcha enabled?
if (GetConfig('CaptchaEnabled') == false) {
$GLOBALS['HideReviewCaptcha'] = "none";
}
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}

Replace with:
//***************************************
// MOD Force Capcha for reviews

/*
// Is captcha enabled?
if (GetConfig('CaptchaEnabled') == false) {
$GLOBALS['HideReviewCaptcha'] = "none";
}
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}
*/

//***************************************
// MOD Use ReCaptcha instead of ISC system

require_once(dirname(__FILE__).'/../../custom/recaptcha/recaptchalib.php');

if(isset($recaptcha_private_key) && isset($recaptcha_public_key)) {
$GLOBALS['CaptchaImage'] = recaptcha_get_html($recaptcha_public_key);
$GLOBALS['CaptchaImage'] .= "
<script type=\"text/javascript\">
\$(function(){
$('#captcha').hide();
$('#captcha').val('true');
});
</script>
";
}
/*
* If the recaptcha key isn't set we gracefully degrade
* back to the ISC system rather than leave it wide open
*/
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}
// MOD END Force Captcha for reviews
//***************************************



That's about it... This is a "free" mod but once again I would appreciate it if you would donate to the next charity bucket or sponsored form you see by way of passing it forward... Especially if you intend to resell this on to clients...

Martin

2011-07-27 21:53:20

Well... this modification is now worthless as today has proven that some b**tard has taken the time to write the necessary code to break the recaptcha and start submitting review spam all over again.



I'm going to look at alternative solutions at some point but basically I think it's time to admit that spammers all need shooting, or having their heads removed with a dull spoon...

Martin

2011-07-27 22:45:09

This mod has been rewritten to take advantage of the Akismet API system and hopefully it will be considerably more reliable than the cr*p Google still haven't admitted is broken.



The mod should allow you to replace the ISC Captcha system for reviews and replace it with the Akismet service. Naturally you will need to get your API keys before you do anything and I'm not going to reinvent the wheel telling you how to do that... Find out yourself :arrow:





Note: This modification should work whether you have force captcha on or not...



Right.. modification is as follows:



Create a folder structure like this one: /modules/custom/akismet (ie: add "custom" inside modules, and then a "akismet" inside that)



Download the Akismet PHP library from here



Place the Akismet.class.php file in your newly created folder ie: in /modules/custom/akismet



Open Akismet.class.php



Find:
/**
* The Akismet PHP5 Class

Before, Add:
$akismet_api_key = '[YOUR_API_KEY_HERE]';
... and edit the values to the correct API key...





Open /includes/classes/class.review.php



Find:
$captcha = '';
if(isset($_POST['captcha'])) {
$captcha = $_POST['captcha'];
}
$captcha_check = true;

// Should reviews be approved automatically?
if(GetConfig('AutoApproveReviews')) {
$status = 1;
}
else {
$status = 0;
}

// Do we need to check captcha?
if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}


Replace with:
//***************************************
// MOD Use Akismet instead of ISC system

require_once(dirname(__FILE__).'/../../modules/custom/akismet/Akismet.class.php');

if(isset($akismet_api_key) && !empty($akismet_api_key)) {

$akismet = new Akismet(GetConfig('ShopPathNormal'), $akismet_api_key);

$akismet->setCommentAuthor($reviewPostData['revfromname']);
$akismet->setCommentContent(($reviewPostData['revtitle']."\n".$reviewPostData['revtext']));
$akismet->setPermalink($prodLink);
$akismet->setCommentType('comment');

// Invalid recaptcha so do as per normal ISC system
if ($akismet->isCommentSpam()) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage("Sorry, review scored as spam... Please contact me with a copy of your review by email if genuine", MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}

}
/*
* If the recaptcha key isn't set we gracefully degrade
* back to the ISC system rather than leave it wide open
*/

else {
$captcha = '';
if(isset($_POST['captcha'])) {
$captcha = $_POST['captcha'];
}
$captcha_check = true;

// Should reviews be approved automatically?
if(GetConfig('AutoApproveReviews')) {
$status = 1;
}
else {
$status = 0;
}
//***************************************
// MOD Force Capcha for reviews

// Do we need to check captcha?
//if(GetConfig('CaptchaEnabled') && isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
if(isc_strtolower($captcha) != isc_strtolower($GLOBALS['ISC_CLASS_CAPTCHA']->LoadSecret())) {
$_SESSION['productReviewData'] = $reviewPostData;
FlashMessage(GetLang('ReviewBadCaptcha'), MSG_ERROR, $prodReviewsLink, 'reviews');
exit;
}
// MOD END Force Captcha for reviews
//***************************************
}

// MOD END Use Akismet instead of ISC system
//***************************************



Open: /modules/comments/builtincomments/module.builtincomments.php



Find:
// Is captcha enabled?
if (GetConfig('CaptchaEnabled') == false) {
$GLOBALS['HideReviewCaptcha'] = "none";
}
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}

Replace with:
//***************************************
// MOD Force Capcha for reviews

/*
// Is captcha enabled?
if (GetConfig('CaptchaEnabled') == false) {
$GLOBALS['HideReviewCaptcha'] = "none";
}
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}
*/

//***************************************
// MOD Use Akismet instead of ISC system

require_once(dirname(__FILE__).'/../../custom/akismet/Akismet.class.php');

if(isset($akismet_api_key) && !empty($akismet_api_key)) {
$GLOBALS['CaptchaImage'] .= "
<script type=\"text/javascript\">
\$(function(){
$('#captcha').hide();
$('#captcha').val('true');
});
</script>
";
}
/*
* If the recaptcha key isn't set we gracefully degrade
* back to the ISC system rather than leave it wide open
*/
else {
// Generate the captcha image
$GLOBALS['ISC_CLASS_CAPTCHA'] = GetClass('ISC_CAPTCHA');
$GLOBALS['ISC_CLASS_CAPTCHA']->CreateSecret();
$GLOBALS['CaptchaImage'] = $GLOBALS['ISC_CLASS_CAPTCHA']->ShowCaptcha();
}
// MOD END Force Captcha for reviews
//***************************************



That's about it... This is a "free" mod but once again I would appreciate it if you would donate to the next charity bucket or sponsored form you see by way of passing it forward... Especially if you intend to resell this on to clients...

mipra

2011-08-07 19:05:43

thank you...it works flawlesly!

By the way, how do I do this with the contact us form captcha?



thank you

Martin

2011-11-28 13:58:29

So now some pr**k has worked out how to beat the Akismet mod as well and is sending random pieces of crap at my store from a variety of IP's and I'm guessing testing to see if the review appears before attempting the next stage of actually sending the spam URL...



So got to figure out how to up the ante...



I just love spammer... to long and painful death... preferably... :evil:

Superbank

2017-06-10 06:35:55

Wow!



That's just what I was dreaming of.



Recently my Interspire Shopping Cart Product Review section has been spammed by thousands of spam messages, so I had to disable Product Reviews completely.



But after disabling the Product Comments I found that all the previous comments do not show up any more. This is not a good solution for me as I have hundreds of good product comments already and I want them to be visible on the product's page.



Is this thread alive or not?



The latest Google Recaptcha 2 is the best captcha system today!



It has not been cracked and Google is constantly upgrading its Recaptcha 2 staying always ahead of crackers.



We are not talking about the so called Captcha Solving Services where human operators will solve bulk captchas for a fee. There is no remedy against this kind of activity.



What I'm dreaming of is incorporating the new Google Recaptcha 2 in my Interspire Shopping Cart Prtoduct Comment section.



I am using Interspire Shopping Cart version 6.1.1.



Can anyone help me to change the original ISC captcha to Google Recaptcha 2 ?



Any help will be very much appreciated.

kasbahouse

2017-08-04 21:44:14

is there an update on this issue? i tried to use it and always get wrong captchA

tks

Superbank

2017-08-05 16:02:58

is there an update on this issue? i tried to use it and always get wrong captchA

tks

Would you please provide more details and screenshots.



I want to change the original ISC captcha to Google Recaptcha 2.



Is the above PHP code modification applicable to Google Recaptcha 2?

kasbahouse

2017-08-05 19:55:51

here is the screen shot

kasbahouse

2017-08-05 19:56:51

i put the text correct but still issue

very strange

windows server 20008 r2

Superbank

2017-08-06 04:43:21

Are you using the latest version of reCaptcha library?



This is the old style reCaptcha on your screenshot.



I think the latest reCaptcha v2 is more secure, isn't it?

kasbahouse

2017-08-06 13:30:55

yes, i downoloaded it from https://code.google.com/archive/p/recaptcha/downloads

Superbank

2017-08-07 05:21:51

I will try to implement Google reCaptcha v2 in my ISC product comments next month.



I will post the results.



Then we can share our experience.



My PHP version is PHP 5.6

azeoeko

2018-06-14 15:48:09

Hi, is it possible to help me out with the latest recapthca v2 ?



Need to update my site on the signup forms when creating a new customer.



Please help.

dannypritchett01

2018-08-07 22:49:46

I have the Recaptcha V2 working on my site for the user registeration.

Superbank

2018-08-08 03:07:30

I have disabled explicit user registration in ISC PHP code (login.php).



The reason for that were spam attacks using the login.php?register vulnerability.



Anyway the new customers can still register upon placing their first order after they leave shopping cart and move to the next step.

azeoeko

2019-09-30 19:30:43

dannypritchett01 or Superbank help me to fix this?



I want to disable it on create an account



But still showing:

Please copy the characters from the image into the text field below. Doing this helps us prevent automated submissions.



I disable it but still asking...... Incorrect Captcha words

Superbank

2019-10-02 06:56:54


dannypritchett01 or Superbank help me to fix this?



I want to disable it on create an account



But still showing:

Please copy the characters from the image into the text field below. Doing this helps us prevent automated submissions.



I disable it but still asking...... Incorrect Captcha words


I have edited the /includes/classes/class.customer.php file


<?php

class ISC_CUSTOMER
{
public function HandlePage()
{
$action = "";
if (isset($_REQUEST['action'])) {
$action = isc_strtolower($_REQUEST['action']);
}

switch ($action)
{
case "change_password": {
$this->SaveNewPassword();
break;
}
case "send_password_email": {
$this->SendPasswordEmail();
break;
}
case "reset_password": {
$this->ResetPassword();
break;
}
case "check_login": {
$this->CheckLogin();
break;
}
case "save_new_account": {
//$this->CreateAccountStep2(); //Disable creating a new account
$this->ShowLoginPage(); //Insert this line
break;
}
case "create_account": {
//$this->CreateAccountStep1(); //Disable creating a new account
$this->ShowLoginPage(); //Insert this line
break;
}
case "logout": {
$this->Logout();
break;
}
default: {
$this->ShowLoginPage();
}
}
}
Top

Shopping Cart Community : Forum Archive » [SC] Custom Code