Printable View
Have I missed it somewhere?
Where would you go to edit the Number that the word Human shows under?
Where would one go to change the word to a different word other than "HUMAN"
where is the configuration section? I am running 155f and I see no where to configure anything for the noncaptcha
Thank you I actually just located the information by going through all of the Configuration settings until I located it.
if I had only looked back to where I obviously asked this same question earlier I would have seen the answer!!
Would it be too hard to make it have its own section in the configuration of the website instead of in the Layout section? If I know how I would do it myself!
Thank you again!!
Not that hard. I have so many configurations that adding another wasn't worth the effort.. especially in a mobile environment the configuration list rolls off the screen.Quote:
Originally Posted by drm1963
Hi and thanks for this mod. I am wondering if the images in the zip folder are supposed to go to root or the images folder?
Files outside of admin folder and includes folder is for demonstration and to help you, not your site so they need not be uploaded anywhere.Quote:
Originally Posted by nootkan
Dave, what guidance should we give to 1.5.7 upgraders now that (at least some of) this functionality has been added to the core?
I have 1.5.7 installed and was looking at the code, but haven't had time to run my hacks at it. Looking at the default contact us form for example there is only one input line which should work for most sites, but I would tag it as a email field, bots just can't pass that up..Quote:
Originally Posted by swguy
All in all, I like what was done and would suggest NOT installing non-CAPTCHA at all... I'd like to do a down sized version to give the option of a slider test. Just to give it the full 3 levels of a Honeypot, but really should not need to go that far. I have yet to see a bot get passed level 1!Code:autocomplete="off"', 'email')
Sorry, I should have been more clear. Scenario:
- Cart is running 1.5.6 plus zenNonCaptcha.
- User wants to go to 1.5.7.
- What changes should be made?
Maybe run the uninstall.sql for example?
From the templates where it was installed, remove the email-pot divs and the block with if (SPAM_USE_SLIDER == 'true') ?
My Bad.. I would fully remove non-captcha files, I see I missed adding this part. the template files modified should be replaced or edited to match default template files of ZC1.5.7..Quote:
Originally Posted by swguy
remove all three honeypot lines.
after removing the ADMIN/includes/functions/extra_functions/init_noncaptcha.php file open the uninstall.sql file in a text editor, copy all and paste in the ADMIN Sql patch tool and run..Code:<div class="email-pot">
<label for="email-us"></label>
<?php echo zen_draw_input_field(SPAM_TEST_TEXT, '', ' id="email-us" title="do not fill in!" placeholder="do not fill in!" autocomplete="off"', 'email'); ?>
</div>
<div class="email-pot">
<p><?php echo HUMAN_TEXT_NOT_DISPLAYED; ?></p>
<?php echo zen_draw_radio_field(SPAM_TEST_USER, 'H1', '', 'id="user-1"') . '<span class="input-group-addon"><i class="fa fa-male fa-2x"></i></span>' . zen_draw_radio_field(SPAM_TEST_USER, 'C2', '', 'id="user-2"') . '<span class="input-group-addon"><i class="fa fa-laptop fa-2x"></i></span>'; ?>
</div>
<?php if (SPAM_USE_SLIDER == 'true') { ?>
<div class="slidecontainer">
<p><?php echo HUMAN_TEXT_DISPLAYED; ?></p>
<?php echo zen_draw_input_field(SPAM_TEST_IQ, '', ' min="0" max="50" value="25" class="slider" id="id1"', 'range'); ?>
<br /><br />
<span>Value:</span> <span id="f" style="font-weight:bold;color:red"></span>
</div>
<?php } ?>
If its missing..
After all is removed, upgrade to ZC1.5.7 per instructions.Code:DELETE FROM configuration WHERE configuration_key = 'SPAM_TEST_TEXT';
DELETE FROM configuration WHERE configuration_key = 'SPAM_TEST_USER';
DELETE FROM configuration WHERE configuration_key = 'SPAM_TEST_IQ';
DELETE FROM configuration WHERE configuration_key = 'SPAM_TEST';
DELETE FROM configuration WHERE configuration_key = 'HUMAN_TEXT_DISPLAYED';
DELETE FROM configuration WHERE configuration_key = 'HUMAN_TEXT_NOT_DISPLAYED';
DELETE FROM configuration WHERE configuration_key = 'SPAM_ERROR';
DELETE FROM configuration WHERE configuration_key = 'SPAM_USE_SLIDER';
DELETE FROM configuration WHERE configuration_key = 'SPAM_ANSWER';
I need to do some looking before I can tell you how to update other template files not part of the default install. The mod I'm updating right now well be part of that process/testing.
Speaking of 1.5.7 and this mod....
In doing the Accessibility check for 1.5.7 we had noticed what Scott pointed out and dropped the mod out of our test site to not confuse matters.
However, when looking at a 1.5.6c site with the mod installed, we get three accessibility errors with regard to form labels.
Apologies, as I am dumbing this down for those that might not know.
When display:none or display:hidden are used, the browser still processes the data it is not going to display. For instance, if you were to remove the image and header defines for the logo and did display:none for the logoWrapper, the accessibility will take a hit for the items that are not defined even though they will not be displayed. Even a hidden 404 error that might not be picked up without the right tool.
Such is the case with the hidden form input for e-mail-us.Code:<div class="email-pot"><label for="email-us">
<input type="email" name="xp0YOfVCAM" id="email-us" title="do not fill in!" placeholder="do not fill in!" autocomplete="off"></div>
The label is started but needs to be finished likeCode:<div class="email-pot"><label for="email-us">EMail</label>
<input type="email" name="xp0YOfVCAM" id="email-us" title="do not fill in!" placeholder="do not fill in!" autocomplete="off">
Also, the labels are missing on the two radio buttons.
I did not find a github location for this or I would have done a commit to address this.
Thanks for your work on this mod. Several of our clients have been greatly relieved with its use.
Bear in mind that some of this functionality is actually built in to 1.5.7, so the relevance of this mod might only be 1.5.6 or prior.
It's just a dumb input field... in past 155 and in 157 it's just an input field with no labels at all... In my mind, coming from years of reversing coding, code that looks like it belongs can easily get bypassed by human eyes, bots only see input and can't read labels... lest I've not tight my bot to read yet... Unfortunately, I use hidden labels which are label tags that live within the input field. When moving things over I try to change them so others can follow, but looks like I failed here..Quote:
Originally Posted by dbltoe
The radio buttons, level2 is not meant to have labels but the FontAwesome computer/human icons.. This can be changed if you like to labels. Never should any of them be selected.
As a side note: while live I find that there is really no need for the fields other then to catch bots that use no url's or email address within any fields listed in the observer.
With ZC1.5.7, there is no need for this mod, and if you wish to clean this one, github is NonCAPTCHA our post an update to ZC. I've had issues with accessibility readers, basically I don't play well with them, so I can always use pointers.. :D
Installed on 1.5.3. Turned off slider but still getting spam accounts. I did change hidden fields name under layout setting. Is there anything else I need to do to make it work?
Not tested on that old of a cart... comparing ZC151 with 156c, all the pieces are there so I see no reason for it not working! I would need more hints to guess why. like link to site, what other mods so on. What's in the spam account fields!Quote:
Originally Posted by jsarwar
Sorry for returning on this so late. I read it differently before and reread it with the latest post.
Accessibility does not care about a physical/visible label for a radio button but, it does penalize if a reader can't find something to tell the visually impaired what the button is about. Even with FontAwesome icons, the reader would want labels. From the FontAwesome folks.Quote:
Originally Posted by davewest
Thus, you won't find arial tags for the FontAwesome icons currently used in Zen Cart as the setting is already there.Quote:
FontAwesome CDN helps you automate accessibility support more easily so your icons work for the most people possible. You only need turn on a setting, use our simple syntax, and any icons you use will have all of the best practices and manual techniques below applied automatically.
Meanwhile, until the buttons are converted to FontAwesome icons, sites will take an accessibility hit for no label in the code.
Good article at https://fontawesome.com/how-to-use/o.../accessibility talking about labeling being determined by the reason for using the icon.
Bottom line appears to be that everything gets a label even if the label is to tell the reader that the icon is just a decoration.
FEC module is installed. I noticed download is missing include/modules/create account it has all other files for module folders. I downloaded latest one.Quote:
Originally Posted by davewest
I've not used FEC sense updating from ZC1.3.9 and advancing my template code.. There are no modules in this mod for create_account the existing code triggers the observerQuote:
Originally Posted by jsarwar
if FEC is missing that in its account creation form, or the $antiSpam tests, then CAPTCHA would fail! Also the latest download is for ZC156c so you should use a compare program to make changes in your older ZC.Code:$zco_notifier->notify('NOTIFY_CREATE_ACCOUNT_CAPTCHA_CHECK');
I'm thinking I don't really want text readers speaking about hidden elements... After testing, the radio field can be deleted, bots seem to pass it by, however, they love the slider.. they always pick the last number in the max setting. Have you tested ZC157 simple input text field?Quote:
@dbltoe
Accessibility does not care about a physical/visible label for a radio button but, it does penalize if a reader can't find something to tell the visually impaired what the button is about. Even with FontAwesome icons, the reader would want labels. From the FontAwesome folks.
Dave, I'm wondering about the jscript_nonCaptcha files. Two questions:
a) Does it make sense to just have one copy of the actual javascript logic, and have the individual jscript_ files include it, rather than replicating the same JS in 7 places?
b) It seems like after
var slideCol = document.getElementById("id1");
you should have
if (slideCol != null) {
for folks who set "Use Spam Slider" to False in Admin > Configuration > Layout Settings.
The script was to mirror a number/word for the user to figure out where they was going. Script does no more then that. With IE it fails all together so maybe a IE kill.. Although a null would be good too.. I used the script with other scripts and just set it out by it self for the mod, With jscript_ wouldn't it load on all pages, not just forms? I did that with colorbox some time back and it loads everywhere.Quote:
Originally Posted by swguy
Some results form past tracking. I'm still using this on my 156 site while setting up 157..
1) bots was not using the input field at all.
2) I had the input field set as type email and the auto-fill form plugins was hitting it. Remove type email and that fixed it.
3) bots would guess at the radio buttons, any selected would be wrong.
3) bots love the slider and would always pick the default or last number (max number).
With 157, no need for any of this so far. I'm almost done with my edits and started testing, well start deep testing soon..
I'm moving on, but I know some of you have to support older installs. The life of web masters.. I no longer have anything to do with Windoze or a need to hack it... IE decided slider should be as they wish it and not as all the others went with... Thus I couldn't get the script to have an IE response.
If loaded in /includes/templates/TEMPLATENAME/jscript/jscript_xxxxxx.js (or.php) then yes.Quote:
Originally Posted by davewest
But if loaded in /includes/modules/pages/PAGENAME/jscript_xxxxxxx.js(or .php) then only loads when ?main_page=PAGENAME
Ref: https://docs.zen-cart.com/user/templ...-jscript-files
I'd be happy to do the changes I suggested - just let me know.
Please do. With IE going down a different path with HTML5 and not reading the response from the slider the same as Mozilla the script needs help. I don't have any MS OS any more for VM, used the disks to scare away the birds. I can't test the script.Quote:
Originally Posted by swguy
I have made non-CAPTCHA and Honey-pots work for IE v10 and IE v11 on zc156a. The slider is a bit ugly but functions. I need to put up a notice for IE users to upgrade to something else as IE 11 supports ends this year.
non-CAPTCHA and Honey-pots is currently in my dev env on 157a and it works. I only use non-CAPTCHA and Honey-pots for creating accounts and contact-us pages.
I can post my changes if they might be of use.
Attachment 19282 Initial slide in IE 11
Attachment 19284 Button pressed and value changed in IE 11
- - - - -
environment Dev: Zen Cart 157a; Apache 2.4.46; PHP 7.4.9; MySQL 5.7.31; Windows 10
CAPTCHA is built into ZC157x and has no need for any CAPTCHA add-ons... eye testing nor honey.. so all you're adding is frustration to your customers..Quote:
Originally Posted by OldNGrey
Allot of users refuse to upgrade to a HTML5 enabled browser. All they see of the slider is a text input field.
Post your script. Does it work on FF too?
The slider displays in FF, Chrome, Edge and IE 11 & 10.
HTML Code:<script type="text/javascript">
$(document).ready(function () {
var slideCol = document.getElementById("id1");
var y = document.getElementById("f");
y.innerHTML = slideCol.value; // Display the default slider value
slideCol.onchange = displayCol;
// Update the current slider value (each time you drag the slider handle)
slideCol.oninput = displayCol;
function displayCol() {
y.innerHTML = this.value;
if (this.value == "<?php echo SPAM_TEST; ?>") {
y.innerHTML = "<?php echo SPAM_ANSWER; ?>";
}
}
});
</script>
So basically you named the function and then hit both the onchange and oninput events... It works, most of the responses are at a micro second... based on focus or order. The input event comes before the corresponding change event if any... However, I beleave all but IE respond to both onchange and oninput. IE response is to the onchange event. So you could just use the onchange event, but that leads to other problems with other browsers.Quote:
Originally Posted by OldNGrey
For example, this is from an article in Mozilla..
Maybe a suggestion such as below; This would not support IE8 and below, but only IE9 and above are HTML5 browsers.Quote:
The onchange event occurs when a control loses the input focus and its value has been modified since gaining focus.
As shown in the quote above, onchange should always fire after oninput, so the fact that Firefox waits for the range slider to lose focus before firing the event (for both mouse and keyboard) seems to be the correct behaviour. Chrome does not wait until the control is unfocused when using the keyboard, but it does so with the mouse.
IE11, of course, is completely wrong on two counts: It doesn’t recognize oninput when applied to a range slider and it responds to onchange as if it was oninput, firing the event immediately instead of waiting until the slider stops moving or loses focus.
Code:$(document).ready(function () {
var slideCol = document.getElementById("id1");
var y = document.getElementById("f");
var ie = 'ActiveXObject' in window;
y.innerHTML = slideCol.value; // Display the default slider value
if (ie) {
slideCol.onchange = displayCol; // Update slider value (IE)
} else {
slideCol.oninput = displayCol; // Update slider value (Mozilla)
}
function displayCol() {
y.innerHTML = this.value;
if (this.value == "20") {
y.innerHTML = "Humen";
}
}
});
Just wanted to say thanks for this plugin, store got hit with a pretty clever script that created accounts, placed items in the cart and then checked out via eway, had over 1000 attempted transactions in a couple of hours. Added this and all stopped, is a great temp fix until I get time to upgrade to 1.5.7c.
I'm using Zen Cart 1.5.7d and the built in spam prevention doesn't seem to be working. I'm still getting a lot of spam messages through the contact us page.
Is there some setting or code that needs to be changed to make it work?
The question is... What files on your site are different from a standard 1.5.7d install.
What template are you using? A store-bought template might not have the proper code imbedded in their files.
I'm using the default responsive classic template, no changes to the contact us template file.
Actually, it seems to be working as intended. I did some testing by making the hidden field visible and then sending some messages putting something in the antispam field and other times leaving it empty. I did not get any of the messages when I put something in the antispam field.
So it seems the bots just somehow figured it out.
Can someone suggest any change to the code to fool the bots and make it work?
In many cases, it's not a bot but a third-world script kiddie being paid to sit at the screen and paste data into the fields.
You might try adding lat9's Access Blocker for that additional help. https://www.zen-cart.com/downloads.php?do=file&id=2237
Hi,
I have a store in 3 languages. How can I get the question etc on 3 languages?
Thanks,
Ingrid
Hi,
I have run into another issue :(
My Cuntact Us page displays an error:
Sorry, is your subject correct? Our system requires a minimum of 2 characters. Please try again.
Any ideas?
Ingrid
Can this slider non-CAPTCHA be used with 1.5.8a, or are there plans to update it for that version? I loved it with 1.5.7, but it doesn't seem to work with 1.5.8a. I used reCAPTCHA instead, but that is sending through some spam, unfortunately, and the non-CAPTCHA slider seemed to work 100% with the past versions. Thanks for any insight.