Jump to content

Restrict the contact us email to registered users only

Recommended Posts


I am being badly spammed from the "contact us" form by non registered users.

Is there any way I can restrict who can email on there.

I would like to make it registered users only.

Thank you


Link to post
Share on other sites

Robots don't use the form - they just need a security token and can get one of those from anywhere. Robots already know what to POST to CubeCart. Thus, modifying the template or code that calls the template to show only to logged-in users probably won't work.

The solution then is to silently drop the processing of the POST submission if the session says this is not a logged in user. That, however, gives a false sense of completion to legitimate, but still not logged-in visitors, unless you add language to the form that makes plain that only logged-in customers will have their submissions read.

So maybe do both: not display the form unless logged in to deny legitimate visitors, and drop the processing of the robot-submitted POSTing of form data.

Be back soon.

Link to post
Share on other sites

Using a programmer's text editor, make these changes:

In the admin skin template documents.contact.php, find near line 17:

<div><label for="status">{$LANG.common.status}</label><span><input type="hidden" name="contact[status]" id="status" value="{$CONTACT.status}" class="toggle"></span></div>

On a new blank line after that, add:

<div><label for="liuo">Logged-in users only?</label><span><input type="hidden" name="contact[liuo]" id="liuo" value="{$CONTACT.liuo}" class="toggle"></span></div>

In the file /classes/cubecart.class.php, near line 1459, find:

     * Display contact page
    private function _contact()
        // Contact Form
        $contact = $GLOBALS['config']->get('Contact_Form');
        if ($contact && $contact['status']) {

On a new blank line after that, add:

if(empty($contact['liuo']) || ($contact['liuo'] && !empty($GLOBALS['user']->is()))){

In the same file, near line 1571, find:

            $content = $GLOBALS['smarty']->fetch('templates/content.contact.php');
            $GLOBALS['smarty']->assign('PAGE_CONTENT', $content);

On a new blank line after that, add:

} else { $GLOBALS['gui']->setError("You must be logged in to use the Contact Us form."); httpredir('index.php'); }

In admin, bring up the Contact Form settings page. Check the box for "Logged-in users only?". Save and have CubeCart clear its internal cache.

On the storefront, not being logged in, click the Contact Us document link. You should be sent to the homepage showing a red warning banner.

Log in to the storefront. Click the link to the Contact Us document link. You should be shown the Contact Us page.

This will also thwart robots from sending specially-crafted POST submissions. Unless they first create an account.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...