Guest ChrisWebPub Posted March 6, 2008 Share Posted March 6, 2008 People use captcha's far too often, for instance, why on god's green earth would you use a captcha during checkout process? Do you want to make sure that a spambot doesn't make a purchase? How many spam bots have credit cards? Honestly. You use captcha's to defend email functions and user submitted content functions. No other shopping cart to my knowledge puts one in the checkout/registration process, and for very good reason. You want to make things easy for people to checkout, not hard. Additionally, the captcha is one of the more user-unfriendly captchas because it is case sensitive. Most captchas, 90% of them, are case insensitive, and people are used to that. Making it case sensitive just frustrates users and turns them off. So, does anyone know of a way to disable the captcha for checking out/registration, while keeping it for things like contact forms and email to a friend? Or, does anyone know of a way to just completely disable "Send to a friend" that is a feature I do not need or want really. Quote Link to comment Share on other sites More sharing options...
Guest Brivtech Posted March 6, 2008 Share Posted March 6, 2008 Here we go with the statistics again. Do you have a source to qualify them, or are they presented to reflect your opinion? Clearly, they've been added in because the developers have been asked by many users to have it. Although I agree that a spambot isn't going to order groceries online, it does provide a channel for them to register, for the purposes of accessing mailing lists, and presenting their spam links within user profiles. In the case of CubeCart, the risk isn't necessarily in the form of spam, but attacks at the store's administration. If the captcha wasn't there, it would be possible for a bit to keep registering, and overload the email system, as well as clog up the database. it also opens up a possibility of the spambots inserting maliscious code into the database where its not wanted. CubeCart has been professionally security audited, so such attacks are highly unlikley, however, as technology moves on, the potential of new forms of threats is ever present. I'm sure the developers wouldn't have gone to the trouble of programming it if it wasn't wanted in the first place, or considered important for the system's security. You are quite welcome to disable it if you don't want to use it, go to General Settings and look for: Enable Script/Bot Flood Control? Quote Link to comment Share on other sites More sharing options...
kinetic Posted March 25, 2008 Share Posted March 25, 2008 YAY Brivtech!!!!! I personally and ALL my Clients LOVE the Captcha features and NONE of their many many customers has ever complained Solving a little captcha puzzle people have come to realize is a SMALL PRICE to pay to ensure spambots cant do their wicked deeds.... I seriously find it funny the user above didnt even look in their general settings to turn it off or on and even funnier that once told where it was that they probably DID turn it off because now the poor homeless spambots have a friend in him Quote Link to comment Share on other sites More sharing options...
Guest madshears Posted March 31, 2008 Share Posted March 31, 2008 well just as a refrence... I did have a bot get on my other store (non cubecart) that made false purchase after purchase. I had about 30 or 40 a day for about 2 weeks.. that is kind of a pain in the * anyway.. i enabled captcha, and all of those fale orders came to a sudden stop. I am glad it is there. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2008 Share Posted April 7, 2008 I will agree that CAPTCHA should be there but it should be case insensitive. In these days when so many people don't even seem to know the shift key exists for letters, you have to expect them to not use it. Pathetic to me, but it's true. I did a custom dealer lookup feature for Kinetic where we used CAPTCHA but only on the first submission. On future searches within the same search session it's not required. I did it with a simple POST var, but could have set a cookie for it as well. I think once a person validates themselves as human, they shouldn't have to keep proving it during their session. But that's just my two cents. :wacko: Quote Link to comment Share on other sites More sharing options...
Guest ChrisWebPub Posted December 8, 2008 Share Posted December 8, 2008 YAY Brivtech!!!!! I personally and ALL my Clients LOVE the Captcha features and NONE of their many many customers has ever complained Solving a little captcha puzzle people have come to realize is a SMALL PRICE to pay to ensure spambots cant do their wicked deeds.... I seriously find it funny the user above didnt even look in their general settings to turn it off or on and even funnier that once told where it was that they probably DID turn it off because now the poor homeless spambots have a friend in him Don't be a twit. You can turn it off in admin, and it TURNS IT OFF EVERYWHERE. Meaning you have no protection to the email features, which get spammed heavily. I want to merely turn it off during REGISTRATION. Did you not read the original post or in your attempt to denigrate me did your reading comprehension abilities fail? Also, the idea that not having a captcha during registration is going to result in something like a MYSQL insert attack is really some of the most ridiculous hyperbole I've ever seen. You know, I shop online for almost everything. I've still never seen another cart anywhere that puts a captcha for registration. Furthermore, you may be happy if your customers are tech savvy people, but if you're hoping to sell things to people who aren't computer savvy, who perhaps do not have the best eye sight in the world, people who are easily frustrated, etc, making them guess at a CAPTCHA to have the honor to pay you money is NOT a good idea. Quote Link to comment Share on other sites More sharing options...
kinetic Posted December 9, 2008 Share Posted December 9, 2008 Im a twit? at least i know how to remove the captcha from the reg.tpl and reg.inc.php so that theres no captcha for registration if that makes me a twit then At least im a smarter twit than you and you evidently didnt read what I wrote or what anyone else wrote and Ill say it a again not one of my many clients has ever stated the captcha on the reg forms was inhibiting sales or signups and I have a client who has done nearly half a million in sales in 3 years... with captcha on and yes I know turning it off in admin turns it off everywhere... but at least Id look to commenting it out and disabling it in the files responsible for it in the place you dont want it BEFORE I went on a forum and started whining.... open up some files and start reading code... Kinetic :( Quote Link to comment Share on other sites More sharing options...
Guest ChrisWebPub Posted December 9, 2008 Share Posted December 9, 2008 Im a twit? at least i know how to remove the captcha from the reg.tpl and reg.inc.php so that theres no captcha for registration if that makes me a twit then At least im a smarter twit than you and you evidently didnt read what I wrote or what anyone else wrote and Ill say it a again not one of my many clients has ever stated the captcha on the reg forms was inhibiting sales or signups and I have a client who has done nearly half a million in sales in 3 years... with captcha on and yes I know turning it off in admin turns it off everywhere... but at least Id look to commenting it out and disabling it in the files responsible for it in the place you dont want it BEFORE I went on a forum and started whining.... open up some files and start reading code... Kinetic I did you prick. Why do you have to be such an ass when someone asks for help? I swear this culture of incompetence on this forum is so annoying. I removed it and registration was failing. Removing it from merely the skin, from the form from showing up didn't do a damn thing because the validation code was still checking for it. I removed it from the validation code and the registration form ceased functioning at all. If cubecart was well made you could have an admin option to turn it on or off, in each location where it is located. But, that is yet another minor annoyance. Really, the biggest weakness of cubecart is a lack of appropriate admin options for the existing features. Other carts have the ability to customize a lot more and turn things on and off from the admin that cubecart does not. Then posting here you get losers like you trying to make themselves feel big rather than helping, and moderators who tell you to go look for an unofficial mod at a third party site. Cubecart is using third party mods as a crutch for too many features, and that is wrong. The people at Jelsoft don't do that, they probably have the best development team for php web application software out there. When they go to release a new version of vbulletin then don't say "Oh look, there is a third party guy who hacked together a functional thing for that feature, we don't need to worry about supporting it or adding it to our software, people can just go get it from him." No, that is the amateurish solution. What you should do is look at the most popular contributions, realize that your customers want them, and make them standard. You may be pleased that your big client doing $150k a year in gross revenue has no complaints, but from where I'm standing that is low volume, and I've used many different shopping carts, so whereas your client might not know there are better options out there, I do. When you get phone calls from customers who cannot figure out the checkout process with a 1 page simple checkout, is adding a captcha going to be a good decision? Has your client ever measured how many people abandon carts at the captcha stage? And again, what is the reason for it? If your form is vulnerable to hacking through user submitted data, a catpcha will not save you. Someone will discover it, post it to a script-kiddie forum, and then they'll just Google for sites running the software and get in. It does not protect you from any activity someone will spend the time to do themselves. No other shopping cart I've ever seen puts a captcha on checkout or registration. The fact is a captcha only protects you against automated activities, which are activities that someone is not going to spend the time to do manually, hacking your site does not fall into this category. Spam is pretty much the only thing that falls into this category. You need a captcha on systems that allow a person to send an email through your site, or to post content that is then seen publicly, thats it. A risk of fake orders? Does a bot have a credit card? In years of being in ecommerce without a catpcha on my checkout process I've never once seen a fake order. In 5 years of being a senior moderator and head of the ecommerce section of the largest webmaster forum on the Internet I never once saw anyone report a fake order from a bot. If a captcha is so necessary why does no other software or site of note use one on the checkout process? And why does posting that you want to remove it invite an attack? I'm half tempted to change my official review of the software and stop recommending it to others, but I have to remember YOU are not staff so I shouldn't really blame them for your attitude. Quote Link to comment Share on other sites More sharing options...
kinetic Posted December 9, 2008 Share Posted December 9, 2008 Open /includes/content/reg.inc.php FIND: $spamCode = fetchSpamCode($_POST['ESC'], true); REPLACE WITH: // $spamCode = fetchSpamCode($_POST['ESC'], true); FIND: } elseif($config['floodControl']==true && (!isset($_POST['spamcode']) || ($spamCode['SpamCode']!==strtoupper($_POST['spamcode'])) || (get_ip_address()!==$spamCode['userIp']))) { $errorMsg = $lang['reg']['error_code']; REPLACE WITH: /*} elseif($config['floodControl']==true && (!isset($_POST['spamcode']) || ($spamCode['SpamCode']!==strtoupper($_POST['spamcode'])) || (get_ip_address()!==$spamCode['userIp']))) { $errorMsg = $lang['reg']['error_code'];*/ FIND: if($config['floodControl']==1) { $spamCode = strtoupper(randomPass(5)); $ESC = createSpamCode($spamCode); $imgSpambot = imgSpambot($ESC); $reg->assign("VAL_ESC",$ESC); $reg->assign("TXT_SPAMBOT",$lang['reg']['spambot']); $reg->assign("IMG_SPAMBOT",$imgSpambot); $reg->parse("reg.spambot"); } REAPLCE WITH: /*if($config['floodControl']==1) { $spamCode = strtoupper(randomPass(5)); $ESC = createSpamCode($spamCode); $imgSpambot = imgSpambot($ESC); $reg->assign("VAL_ESC",$ESC); $reg->assign("TXT_SPAMBOT",$lang['reg']['spambot']); $reg->assign("IMG_SPAMBOT",$imgSpambot); $reg->parse("reg.spambot"); }*/ Save, CLose , reUpload /includes/content/reg.inc.php You can also remove or comment out the spambot section in your /skins/YOUR SKIN/styleTemplates/content/reg.tpl the section starting with: <!-- BEGIN: spambot --> and closes with <!-- END: spambot --> not bad for a twit... Quote Link to comment Share on other sites More sharing options...
kinetic Posted December 9, 2008 Share Posted December 9, 2008 Sir William the "human Checker" you did for my clients dealer locator was a much better use of captcha, a simple captcha thats hard for bots and only makes the human do it once per session or even via a cookie is cool. With CubeCarts new 4.3 using reCaptcha which allows for visually impaired users to have an audio cue and helps reCaptchas project in scanning in old hard to read text and (each captcha solved helps them sort out what the badly damaged or smeared text is as alot of the documents reCaptcha scans are very old and sometimes very hard to read scanners can only be taught to "guess" so well and humans can do it much easier with greater accuracy). Ive also found reCaptcha's puzzles to be somewhat loose which is good if it is really hard to make it out on the second word it will accept a broader range of right answers and includes as with any good captcha, a way to refresh and get a new puzzle. I will agree that CAPTCHA should be there but it should be case insensitive. In these days when so many people don't even seem to know the shift key exists for letters, you have to expect them to not use it. Pathetic to me, but it's true. I did a custom dealer lookup feature for Kinetic where we used CAPTCHA but only on the first submission. On future searches within the same search session it's not required. I did it with a simple POST var, but could have set a cookie for it as well. I think once a person validates themselves as human, they shouldn't have to keep proving it during their session. But that's just my two cents. Quote Link to comment Share on other sites More sharing options...
Guest ChrisWebPub Posted December 9, 2008 Share Posted December 9, 2008 I'm sure your solution will help others, but I actually long since fixed the issue by simply turning it off for the entire site, then adding a different captcha back in where I needed it. Quote Link to comment Share on other sites More sharing options...
kinetic Posted December 9, 2008 Share Posted December 9, 2008 At least I dint call anyone no names... well I called myself a twit but never did I resort to using bad language not calling anyone names and provided a solution as well and I only said I find it funny... If you are so good with e-commerce and have tried all these things (although I bet you didnt apply the fixes I provided in reg.inc.php...) because I know they work and dont much care for CubeCart nor its customers of which Im one and love to call them twits and you have so much professional EXPERIENCE how come you act so badly on this forum? liek you are some big shot and deserve better treatment than anyone else? you have CubeCart 4? you paid for a license? how come you havent submitted a bug report or a ticket? the developers at cubecart are helpful and usually will go above and beyond to help customers especially when its so simple a tweak my goodness I do must get back to my low volume clients Kinetic Quote Link to comment Share on other sites More sharing options...
Guest ChrisWebPub Posted December 9, 2008 Share Posted December 9, 2008 I expect more from paid software. When cubecart was free, well, thats one thing. It isn't anymore. These little annoyances shouldn't exist. Oh, and I submitted a bug report once for a very simple authorize.net issue, that was 9 months ago I think. Hasn't been fixed yet. That is a genuine bug, and not just a feature I'd like to be able to turn off which is more a feature request. Quote Link to comment Share on other sites More sharing options...
kinetic Posted December 9, 2008 Share Posted December 9, 2008 I expect more from paid software. When cubecart was free, well, thats one thing. It isn't anymore. These little annoyances shouldn't exist. Oh, and I submitted a bug report once for a very simple authorize.net issue, that was 9 months ago I think. Hasn't been fixed yet. That is a genuine bug, and not just a feature I'd like to be able to turn off which is more a feature request. what version of CubeCart are you running? Upgrading to 4.3 for us was a breeze and well worth it in getting all their v3 mods upgraded to v4 versions btw captcha was originally a 3rd party mod and has now become standardized in cube cart as well SEO URLs and many more CubeCart does its core developments and doesnt steal 3rd party developers code and just make it standard to they let the 3rd party developers make a buck or two and if the mod is deemed a must have then usually cubecart will make a deal with them and make it standard this is pretty much standard practice for any system out their you can download install and set up social networks, multiple shoppoing carts, forums including vBulletin I believe they have 3rd party developers? selling mods? providing tweaks hacks and annoyances relief? I personally LOVE CubeCart 3rd party developers and dont mind buying their modifications and extending CubeCart I love writing my own hacks and tweaks and share them w/o 3rd party developers a feature or request or feature request would take longer to be developed letting other coders write their mods opens up development much faster and much broader a single team of even skilled individuals will never come up with the same volume of mods as a broad based open source network and have them as stable quicker... Quote Link to comment Share on other sites More sharing options...
Guest ChrisWebPub Posted December 9, 2008 Share Posted December 9, 2008 A reliance on third party developers is a sign of amateurish programming and business. Note, I say, a reliance, not mere existance. The issue with modifications is that they all are of course done manually, and when upgrading your core software you have to then go back and usually redo them and there can be conflicts. vbulletin of course has mods, but they also take the most popular ones and make them standard, because by making them included features you increase the value of your product and make upgrades easier for those with those features. They don't rely on mods to provide the functionality their customers need. Cubecart really seems to, and they seem to be okay with that. I see posts all over this forum where someone asks for a feature and the answer given is "go buy a mod." Or "its easy to hack that, you just change these 4 files like so and voila" The fact that you can hack up software to obtain necessary functionality does not mean it is not necessary to provide such necessary functionality out of the box. oh, and I'm using 4.3 on one site and 4.22 on another right now. I never used version 3, both sites are new. Quote Link to comment Share on other sites More sharing options...
Guest phproiwish Posted April 7, 2009 Share Posted April 7, 2009 omg. you both cannot possibly have this much time on you hands. lol....... Quote Link to comment Share on other sites More sharing options...
Guest aguser Posted April 7, 2009 Share Posted April 7, 2009 A reliance on third party developers is a sign of amateurish programming and business. Thats a bit harsh isn't it? I mean many projects especially open source projects take codes from other developers and the end result is typically great for all involved. Anyways, as long as you have fixed your problem and raised your concerns then the matter should be closed and perhaps it's best this thread gets closed so as to not allow anymore name calling etc <_< Quote Link to comment Share on other sites More sharing options...
Guest Katya Posted May 22, 2010 Share Posted May 22, 2010 Open /includes/content/reg.inc.php FIND: $spamCode = fetchSpamCode($_POST['ESC'], true); REPLACE WITH: // $spamCode = fetchSpamCode($_POST['ESC'], true); FIND: } elseif($config['floodControl']==true && (!isset($_POST['spamcode']) || ($spamCode['SpamCode']!==strtoupper($_POST['spamcode'])) || (get_ip_address()!==$spamCode['userIp']))) { $errorMsg = $lang['reg']['error_code']; REPLACE WITH: /*} elseif($config['floodControl']==true && (!isset($_POST['spamcode']) || ($spamCode['SpamCode']!==strtoupper($_POST['spamcode'])) || (get_ip_address()!==$spamCode['userIp']))) { $errorMsg = $lang['reg']['error_code'];*/ FIND: if($config['floodControl']==1) { $spamCode = strtoupper(randomPass(5)); $ESC = createSpamCode($spamCode); $imgSpambot = imgSpambot($ESC); $reg->assign("VAL_ESC",$ESC); $reg->assign("TXT_SPAMBOT",$lang['reg']['spambot']); $reg->assign("IMG_SPAMBOT",$imgSpambot); $reg->parse("reg.spambot"); } REAPLCE WITH: /*if($config['floodControl']==1) { $spamCode = strtoupper(randomPass(5)); $ESC = createSpamCode($spamCode); $imgSpambot = imgSpambot($ESC); $reg->assign("VAL_ESC",$ESC); $reg->assign("TXT_SPAMBOT",$lang['reg']['spambot']); $reg->assign("IMG_SPAMBOT",$imgSpambot); $reg->parse("reg.spambot"); }*/ Save, CLose , reUpload /includes/content/reg.inc.php You can also remove or comment out the spambot section in your /skins/YOUR SKIN/styleTemplates/content/reg.tpl the section starting with: <!-- BEGIN: spambot --> and closes with <!-- END: spambot --> not bad for a twit... Quote Link to comment Share on other sites More sharing options...
Guest Katya Posted May 22, 2010 Share Posted May 22, 2010 My first time on the forum, is this code good for the latest version, it does not appear to be exactly correct I have the latest version. I do not like the spam code in the checkout cart it's pretty hard. I even had a difficult time getting through a dummy checkout session. I love it though for the tell a friend and such, so I don't want to missable it completely. I also just paid the $180.00 after installing and upgrading to the newest version and do hope I get friendly help here. Please and thank you :yeahhh: Quote Link to comment Share on other sites More sharing options...
vokf Posted May 23, 2010 Share Posted May 23, 2010 Tut- tut.. A reliance on third party developers is a sign of amateurish programming and business. Best switch off the Internet and go back to coding everything by hand, in binary - don't forget to unplug that BIOS chip first! lol My home router (Linksys) uses BusyBox (Linux), and my DJ playback device is based on Linux.. I'd prefer projects use trusted, mature code than write everything from scratch. This quickly becomes a temporal argument, ie, you'll be dead before its finished if you insist on doing everything yourself. I'd actually prefer CubeCart to use 3rd party projects if they give a leg-up on functionality, with more time allowed for testing. I guess what's been shown by Kinetic is that minor tweaks are easily possible to CubeCart. Its a dammed good platform, and with CC4, it is possible to create a complete store without resorting to mods/code tweaks. However, with a bit of effort, it's possible to fine-tune to individual requirements- and I guess thats where most customers fit in and for the existence of cubecartforums.org Quote Link to comment Share on other sites More sharing options...
Al Brookbanks Posted June 8, 2010 Share Posted June 8, 2010 People use captcha's far too often, for instance, why on god's green earth would you use a captcha during checkout process? Do you want to make sure that a spambot doesn't make a purchase? How many spam bots have credit cards? Honestly. It's actually VERY important. Without it bots can create thousands if not millions of accounts that will bloat your database, potentially corrupt it and bring your website to its knees. When that happens you get no sales at all. If it bloats it at a minimum then you'll have a fun job going through the account trying to work out which ones are real and which ones are not. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.