is there a way to simply have the tell a friend sidebox where someone can put in the email without having to login ?
or do i get a 3rd party script?
thx
Printable View
is there a way to simply have the tell a friend sidebox where someone can put in the email without having to login ?
or do i get a 3rd party script?
thx
Sling,
this was done to keep the spam down,
Note: in the Email settings ... there is a switch to allow guests to tell a friend ...
However, heed Merlin's caution as you do open yourself up for a lot of spamming as now anyone can say anything to anyone via your site ...
Quote:
Allow Guest To Tell A Friend
Allow guests to tell a friend about a product.
If set to [false], then tell-a-friend will prompt for login if user is not already logged in.
true
false
I've just had a spammer abuse this feature too so have switched on the registration requirement for security.
This is very annoying though as (in some industry sectors at least) I would expect recommendations to be made more often by people who are not registered. eg: people planning a holiday
Perhaps there is a middle-ground solution? Any suggestions/ideas?
Many (most?) sites have figured out a way of sending "tell-a-friend" emails without creating an account and, one would assume, without being overwhelmed by spammers, so it likely can be done.
I take it /includes/functions/functions_email is the primary script for this? Anyone know if this was based on an older less secure pre-existing script (Matt's Scripts, etc.)?
Just turn off the setting in the Admin that you have to be logged in to Tell a Friend and you don't need an account ... there are no code changed required just flip the switch in the Admin Configuration settings ... (See above)
The caution is the door you are opening to spammers ... :unsure:
yep, understoood - I was only suggesting that a reworked ZC script for sendmail might allow Tell-A-Friend to work without login and without opening ourselves to spammers..
For instance I've used NMS Formmail on many many sites and it seems quite secure. (It is a rewriting of the original Matt's Formmail script.) Perhaps a rewriting of the email script in Zen-Cart could also be made more secure?
I believe you could use Captcha add-on to manage this more securely ...