Announcement

Collapse
No announcement yet.

Someone is creating new fake customers accounts

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Mike521w I just stumbled upon this thread and was thinking I could try to use your module to help protect our cart from protecting our site fraudulent bot "carding" by trying to prevent them from even adding something to the cart.

    Already have reCaptcha v3 set up and installed your module using ADPR in the action list and 0.3 as the tolerance level.

    On the PROD page I added this inside the add to cart form:

    Code:
    <input type="hidden" name="GoogleReCaptchaResponse" value="">
    And this directly after the form element:

    Code:
    [script src="https://www.google.com/recaptcha/api.js?render=our_site_key"][/script]
    [script]
    grecaptcha.ready(function() {
    grecaptcha.execute('our_site_key', {action: 'Add2Cart'}).then(function(token) {
    jQuery("#js-purchase-product input[name='GoogleReCaptchaResponse']").val(token);
    });
    });
    [/script]
    It works great as long as the customer adds a product to the cart before the token expires which I believe is 2 minutes.

    I would assume a fix for that would be to run the recaptcha function with on submit or on click.

    But it gets tricky (for me at least). Since this form uses an ajax add to cart function I also need it to run the recaptcha function again so a new token is given on the next attempt to add the same product to the cart again.

    I can send the ajax code privately since it will not let me post here.

    Any help would be greatly appreciated.

    Not opposed to hiring someone to help with this either.

    Comment


      Hi @sidFeyDesigns, sorry for the delayed response, it's been a while since I logged in.

      Your setup sounds good to me. I agree, if your customer looks at the product page for a while before adding to cart, then the token will expire. The solution would be to run the `grecaptcha.execute()` on form submit.

      This should still work even if you're using ajax to submit the form, and the customer might re-submit the same form later. For example maybe something like:

      Code:
      [script]
      let handleButtonClick = event => {
          event.preventDefault();
          grecaptcha.execute('our_site_key', {action: 'Add2Cart'}).then(function(token) {
              jQuery("#js-purchase-product input[name='GoogleReCaptchaResponse']").val(token);
      
              //proceed with add to cart ajax here, maybe something like:
              jQuery.ajax( jQuery("#js-purchase-product").attr("action"), jQuery("#js-purchase-product").serialize(), response=>{
                  //do something with the response
              });
          });
      };
      [/script]
      <button type="submit" onClick="handleButtonClick">Submit</button>
      I just wrote this off the top of my head, syntax etc may be wrong and I'm not sure about the setup for jQuery.ajax, I could have things reversed. But anyway that's a general idea

      Comment


        Hi @Mike521w! Thank you for creating this module, I have been trying to get reCaptcha set up on my forms for a while now and this is the closest I've come.

        I only dabble in development, but I'm trying to implement this on my ICSQ form on my LOGN page and I'm not getting it to work.

        I have my API keys, set to reCaptcha v3. My form has the ID="ICSQ". Here is my code:

        [script src="https://www.google.com/recaptcha/api.js?render=ABCDEFG"][/script]
        [script type="text/javascript"]
        function onClick(e) {
        e.preventDefault();
        grecaptcha.ready(function() {
        grecaptcha.execute('ABCDEFG', {action: 'homepage'}).then(function(token) {
        jQuery("#ICSQ input[name='GoogleReCaptchaResponse']").val(token);
        });
        });
        }
        [/script]
        and in my form:
        [input name="GoogleReCaptchaResponse" value="" type="hidden" required aria-required="true"]
        And then in the module I have it set to monitor ICSQ, and have played with lots of tolerances but I can't get it to let me pass through the form without a 403 no matter if I set to the tolerance as low as 0 or 0.01. I get a 403 no matter what.

        I was also able to view the module code and can see where it sets the return page to 403 - I was thinking I'd like to set this to my 404 page instead. Is that a bad idea? Any assistance would be appreciate!

        Thank you,
        Sami

        Comment

        Working...
        X