John
May 4, 2012, 07:52 AM
Hi everyone!
Due to multiple spam reports that we have been receiving recently from our Customers we found a loophole in our software and here is a solution that will help you prevent bots from spamming on your site:
1. open and edit the following file: /includes/classes/rlAccount.class.php
2. find a string below (line ~980):
if ( $security_code != $_SESSION['ses_security_code'] )
3. replace it with a line below:
if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
4. save the changes
5. open and edit the following file: /includes/controllers/registration.php
6. find a string below (line ~143):
$rlHook -> load('beforeRegister');
7. and post the following code below the line above
/* check security image code */
if ( $config['security_img_registration'] )
{
if ( $_POST['security_code'] != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
{
$errors[] = $lang['security_code_incorrect'];
$error_fields[] = 'security_code';
}
}
/* check email */
$email = $_POST['profile']['mail'];
if ( !$rlValid -> isEmail( $email ) )
{
$errors[] = $lang['notice_bad_email'];
$error_fields[] = 'profile[mail]';
}
if ( $rlDb -> getOne('ID', "`Mail` = '{$email}'", 'accounts') )
{
$errors[] = str_replace('{email}', $email, $lang['notice_account_email_exist']);
$error_fields[] .= 'profile[mail]';
}
8. save the changes
Feel free to ask your questions in the thread.
John
Due to multiple spam reports that we have been receiving recently from our Customers we found a loophole in our software and here is a solution that will help you prevent bots from spamming on your site:
1. open and edit the following file: /includes/classes/rlAccount.class.php
2. find a string below (line ~980):
if ( $security_code != $_SESSION['ses_security_code'] )
3. replace it with a line below:
if ( $security_code != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
4. save the changes
5. open and edit the following file: /includes/controllers/registration.php
6. find a string below (line ~143):
$rlHook -> load('beforeRegister');
7. and post the following code below the line above
/* check security image code */
if ( $config['security_img_registration'] )
{
if ( $_POST['security_code'] != $_SESSION['ses_security_code'] || empty($_SESSION['ses_security_code']) )
{
$errors[] = $lang['security_code_incorrect'];
$error_fields[] = 'security_code';
}
}
/* check email */
$email = $_POST['profile']['mail'];
if ( !$rlValid -> isEmail( $email ) )
{
$errors[] = $lang['notice_bad_email'];
$error_fields[] = 'profile[mail]';
}
if ( $rlDb -> getOne('ID', "`Mail` = '{$email}'", 'accounts') )
{
$errors[] = str_replace('{email}', $email, $lang['notice_account_email_exist']);
$error_fields[] .= 'profile[mail]';
}
8. save the changes
Feel free to ask your questions in the thread.
John