Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Captcha in account creation form can be bypassed #124

Closed
ivo2019 opened this issue Sep 16, 2019 · 14 comments
Closed

Captcha in account creation form can be bypassed #124

ivo2019 opened this issue Sep 16, 2019 · 14 comments
Assignees
@nenes25
Labels
2.x Prestashop 1.7 version

Comments

@ivo2019
Copy link

ivo2019 commented Sep 16, 2019

** Prestashop Version **
1.7.6.1

** Eicaptcha version **
2.04

** Do you use a specific theme **
Standard free theme that comes with the installation of Presta

Describe the bug
When I put products in shopping cart and go to checkout, I see the 1st step to create an account and it shows the captcha module, but I can just fill in all account details and click on 'SAVE' without clicking on the captcha module and it still creates my account and moves on to the next step.
I can also change my account password without clicking on the recaptcha and just bypass it and click on SAVE.

In the contact form it works fine. However I did notice an installation error after checking the installation.:
Errors
contacform.php override does not exists
I think this is a spelling mistake in the checker ('t' of contac(t)form is missing).
In the overrides the spelling is okay and the override is created. Probably only the spelling in the check is wrong, looking for contacform instead of contactform.
@nenes25 nenes25 added this to the 2.x milestone Nov 10, 2019
@silviots
Copy link

I have the same problem

@nenes25 nenes25 added the 2.x Prestashop 1.7 version label Dec 3, 2019
@NodokaMurmevent
Copy link

i also have this problem

@castellinosoftware
Copy link

Hi.
I have the same problem.

** Prestashop Version **
1.7.6.2
** Eicaptcha version **
2.04

The module works correctly when you create an account from account registration form, but not when you create an account from the cart registration form (during checkout phase)

I'm not so expert in Prestashop modules development, but I think the problem is that there are two different controllers, AuthController used by account registration form and OrderController used by cart registration form.

The module Eicaptcha override AuthController (so the reCaptcha works on account registration form), but dont override OrderController.
I made a try overriding OrderController and the reCaptcha seems to work.

@ivo71
Copy link

ivo71 commented Jan 15, 2020

Hi.
I have the same problem.

** Prestashop Version **
1.7.6.2
** Eicaptcha version **
2.04

The module works correctly when you create an account from account registration form, but not when you create an account from the cart registration form (during checkout phase)

I'm not so expert in Prestashop modules development, but I think the problem is that there are two different controllers, AuthController used by account registration form and OrderController used by cart registration form.

The module Eicaptcha override AuthController (so the reCaptcha works on account registration form), but dont override OrderController.
I made a try overriding OrderController and the reCaptcha seems to work.

Can you post what you exactly changed please? Thanks so much!

@LoicHaas
Copy link

Hi.
I have the same problem.

** Prestashop Version **
1.7.6.2
** Eicaptcha version **
2.04

The module works correctly when you create an account from account registration form, but not when you create an account from the cart registration form (during checkout phase)

I'm not so expert in Prestashop modules development, but I think the problem is that there are two different controllers, AuthController used by account registration form and OrderController used by cart registration form.

The module Eicaptcha override AuthController (so the reCaptcha works on account registration form), but dont override OrderController.
I made a try overriding OrderController and the reCaptcha seems to work.

Yes please, I have the same issue.

Prestashop Version
v1.7.2.4
Eicaptcha version
v2.0.4

@alfonsolr09
Copy link

alfonsolr09 commented Mar 22, 2020
edited

@castellinosoftware

Hi.
I have the same problem.

** Prestashop Version **
1.7.6.2
** Eicaptcha version **
2.04

The module works correctly when you create an account from account registration form, but not when you create an account from the cart registration form (during checkout phase)

I'm not so expert in Prestashop modules development, but I think the problem is that there are two different controllers, AuthController used by account registration form and OrderController used by cart registration form.

The module Eicaptcha override AuthController (so the reCaptcha works on account registration form), but dont override OrderController.
I made a try overriding OrderController and the reCaptcha seems to work.

Can you explain how you did it
or send the modified file please?

@Guiguimps
Copy link

@castellinosoftware and @alfonsolr09

I added override/controllers/front/OrderController.php
with this content :

use PrestaShop\PrestaShop\Core\Foundation\Templating\RenderableProxy;

class OrderController extends OrderControllerCore
{
    public function initContent()
    {
        if ( Tools::isSubmit('submitCreate') ) {
            Hook::exec('actionContactFormSubmitCaptcha');
            if ( ! sizeof( $this->context->controller->errors ) ) {
                parent::initContent();
            } else {
                $this->restorePersistedData($this->checkoutProcess);
                $this->checkoutProcess->handleRequest();
                $presentedCart = $this->cart_presenter->present($this->context->cart);
                
                $this->checkoutProcess
                ->setNextStepReachable()
                ->markCurrentStep()
                ->invalidateAllStepsAfterCurrent();

                $this->saveDataToPersist($this->checkoutProcess);
                
                if (!$this->checkoutProcess->hasErrors()) {
                if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$this->ajax) {
                        return $this->redirectWithNotifications(
                            $this->checkoutProcess->getCheckoutSession()->getCheckoutURL()
                        );
                    }
                }
                $this->context->smarty->assign([
                    'checkout_process' => new RenderableProxy($this->checkoutProcess),
                    'cart' => $presentedCart,
                ]);
                $this->context->smarty->assign([
                    'display_transaction_updated_info' => Tools::getIsset('updatedTransaction'),
                ]);
                
                FrontController::initContent();

                $this->setTemplate('checkout/checkout');
             }
        } else {
            parent::initContent();
        }
    }
}

The important thing is :
$this->checkoutProcess->handleRequest(); where handleRequest(); has no parameters
FrontController::initContent();
• and don't forget the use condition in the begining of the file

I don't know if it's a good modification, but it seems to work

@alfonsolr09
Copy link

@castellinosoftware and @alfonsolr09

I added override/controllers/front/OrderController.php
with this content :

use PrestaShop\PrestaShop\Core\Foundation\Templating\RenderableProxy;

class OrderController extends OrderControllerCore
{
    public function initContent()
    {
        if ( Tools::isSubmit('submitCreate') ) {
            Hook::exec('actionContactFormSubmitCaptcha');
            if ( ! sizeof( $this->context->controller->errors ) ) {
                parent::initContent();
            } else {
                $this->restorePersistedData($this->checkoutProcess);
                $this->checkoutProcess->handleRequest();
                $presentedCart = $this->cart_presenter->present($this->context->cart);
                
                $this->checkoutProcess
                ->setNextStepReachable()
                ->markCurrentStep()
                ->invalidateAllStepsAfterCurrent();

                $this->saveDataToPersist($this->checkoutProcess);
                
                if (!$this->checkoutProcess->hasErrors()) {
                if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$this->ajax) {
                        return $this->redirectWithNotifications(
                            $this->checkoutProcess->getCheckoutSession()->getCheckoutURL()
                        );
                    }
                }
                $this->context->smarty->assign([
                    'checkout_process' => new RenderableProxy($this->checkoutProcess),
                    'cart' => $presentedCart,
                ]);
                $this->context->smarty->assign([
                    'display_transaction_updated_info' => Tools::getIsset('updatedTransaction'),
                ]);
                
                FrontController::initContent();

                $this->setTemplate('checkout/checkout');
             }
        } else {
            parent::initContent();
        }
    }
}

The important thing is :
$this->checkoutProcess->handleRequest(); where handleRequest(); has no parameters
FrontController::initContent();
• and don't forget the use condition in the begining of the file

I don't know if it's a good modification, but it seems to work

@Guiguimps

I did what you said, I copied the file, but I can still skip the captcha without confirming it

@Guiguimps
Copy link

Sorry, I'm not enough a good programmer to help you... I think we should wait for the next release

@antoni-alvarez
Copy link

antoni-alvarez commented May 13, 2020
edited

I've the same issue with Prestashop 1.7.6.5 and 2.0.4, with custom theme.

@alfonsolr09
Copy link

@nenes25 how can i do?

@eramirezprotec
Copy link

This is the solution.

Thank you very much, @Guiguimps

For those fighting with this problem:

1 - Create the following file: modules\eicaptcha\override\controllers\front\OrderController.php
2 - Copy the file content and paste it as the new content of the file created in the previous step (remember adding "<?php" at the beginning of the file).
3 - In the BO, go to Modules > Module Manager, and find Ei Captcha (eicaptcha). Now, reset it.
4 - Configure it (Site key, Secret key, etc.)
5 - That's it. On the checkout page, you will not be able to advance unless you check the captcha.

This was referenced Oct 16, 2020
Closed
Closed
Closed
Closed
Closed
nenes25 added a commit that referenced this issue Oct 31, 2020
@nenes25
Fix OPC verification
191b6dd 
Issues #109 #124 #74 #99 #108
@nenes25
Copy link
Owner

nenes25 commented Oct 31, 2020

Thanks all about your contributions , this is fixed now :)

@nenes25 nenes25 closed this as completed Oct 31, 2020
@alfonsolr09
Copy link

Is there a new versión of the module??

@valbewe valbewe mentioned this issue Feb 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nenes25 nenes25

Labels
2.x Prestashop 1.7 version
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests