Protect your email form from unnecessary abuse.
Find in contact_us.php Datei
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$error = false;
Change to:
$error = false;
if (isset($_GET['action']) && ($_GET['action'] == 'send') && isset($_POST['formid']) && ($_POST['formid'] == $sessiontoken)) {
// safetycode check
$t = trim($_POST['verify']);
if ($t == '') {
$captcha_error = ENTER_THE_SAFETY_CODE;
$error = true;
$messageStack->add('create_account', $captcha_error);
} else if (trim($_SESSION['thecode']) == '') {
$captcha_error = NO_SAFETY_CODE;
$error = true;
$messageStack->add('create_account', $captcha_error);
} else if ($_SESSION['thecode'] != strtoupper($t)) {
$captcha_error = INVALID_SAFETY_CODE;
$error = true;
$messageStack->add('create_account', $captcha_error);
}
else
{ // safetycode -->
Find:
tep_redirect(tep_href_link('contact_us.php', 'action=success'));
}
}
Add below:
} // --> safetycode end
Find:
<div class="buttonSet">
<span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?></span>
</div>
Change to:
Code for BS:
<div class="buttonSet">
<div class="col-sm-12" style="margin:12px;">
<label for="inputFromEmail" class="control-label col-sm-3"><?php echo SAFETY_CODE; ?> <?php echo '<font color="#990000" size="1px"><b><i class="fas fa-asterisk"></i></b></font>'; ?></label>
<span class="pull-right"><img class="pls_safety" src="image.php" width="70" height="32" alt="Please enter the values from this image" />
<input type="text" name="verify" size="7" maxlength="8" /> <?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'fa fa-send', null, 'primary', null, 'btn-success'); ?>
</span>
</div>
</div>
Code for: 2.3.4
<div class="buttonSet">
<div class="col-sm-12" style="margin:12px;">
<label for="inputFromEmail" class="control-label col-sm-3"><?php echo SAFETY_CODE; ?> <?php echo '<font color="#990000" size="1px"><b><i class="fas fa-asterisk"></i></b></font>'; ?></label>
<span class="pull-right"><img class="pls_safety" src="image.php" width="70" height="32" alt="Please enter the values from this image" />
<input type="text" name="verify" size="7" maxlength="8" /> <?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?>
</span>
</div>
</div>
Add to language file in catalog/includes/languages/english.php
define('SAFETY_CODE', 'Confirmation Code:');
define('ENTER_THE_SAFETY_CODE', 'Please enter the verification code!');
define('NO_SAFETY_CODE', 'No verification code was generated!<br>Please enter the verification code again.');
define('INVALID_SAFETY_CODE', 'Invalid verification code!');
Create a new file named image.php and transfer it to your main directory.
<?php
include_once('includes/application_top.php');
function generate_verification() {
srand((double)microtime()*1000000);
$rand = rand(0,999999999);
$thecode = substr(strtoupper(md5($rand)), 2, 5);
$thecode = str_replace("O", "A", $thecode);
$thecode = str_replace("0", "B", $thecode);
$_SESSION['thecode'] = $thecode;
}
generate_verification();
header("Content-type: image/png");
$image = imagecreate(60,20);
$background_color = imagecolorallocate ($image, 255, 255, 255);
$textcolor = imagecolorallocate($image, 221, 0, 0);
imagestring($image,5,8,2,$_SESSION['thecode'],$textcolor);
imagepng($image);
imagedestroy($image);
tep_session_register('thecode');
?>