Announcement

Collapse
No announcement yet.

Someone is creating new fake customers accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Mike521w I just stumbled upon this thread and was thinking I could try to use your module to help protect our cart from protecting our site fraudulent bot "carding" by trying to prevent them from even adding something to the cart.

    Already have reCaptcha v3 set up and installed your module using ADPR in the action list and 0.3 as the tolerance level.

    On the PROD page I added this inside the add to cart form:

    Code:
    <input type="hidden" name="GoogleReCaptchaResponse" value="">
    And this directly after the form element:

    Code:
    [script src="https://www.google.com/recaptcha/api.js?render=our_site_key"][/script]
    [script]
    grecaptcha.ready(function() {
    grecaptcha.execute('our_site_key', {action: 'Add2Cart'}).then(function(token) {
    jQuery("#js-purchase-product input[name='GoogleReCaptchaResponse']").val(token);
    });
    });
    [/script]
    It works great as long as the customer adds a product to the cart before the token expires which I believe is 2 minutes.

    I would assume a fix for that would be to run the recaptcha function with on submit or on click.

    But it gets tricky (for me at least). Since this form uses an ajax add to cart function I also need it to run the recaptcha function again so a new token is given on the next attempt to add the same product to the cart again.

    I can send the ajax code privately since it will not let me post here.

    Any help would be greatly appreciated.

    Not opposed to hiring someone to help with this either.

    Comment


      Hi @sidFeyDesigns, sorry for the delayed response, it's been a while since I logged in.

      Your setup sounds good to me. I agree, if your customer looks at the product page for a while before adding to cart, then the token will expire. The solution would be to run the `grecaptcha.execute()` on form submit.

      This should still work even if you're using ajax to submit the form, and the customer might re-submit the same form later. For example maybe something like:

      Code:
      [script]
      let handleButtonClick = event => {
          event.preventDefault();
          grecaptcha.execute('our_site_key', {action: 'Add2Cart'}).then(function(token) {
              jQuery("#js-purchase-product input[name='GoogleReCaptchaResponse']").val(token);
      
              //proceed with add to cart ajax here, maybe something like:
              jQuery.ajax( jQuery("#js-purchase-product").attr("action"), jQuery("#js-purchase-product").serialize(), response=>{
                  //do something with the response
              });
          });
      };
      [/script]
      <button type="submit" onClick="handleButtonClick">Submit</button>
      I just wrote this off the top of my head, syntax etc may be wrong and I'm not sure about the setup for jQuery.ajax, I could have things reversed. But anyway that's a general idea

      Comment

      Working...
      X