Mettre en place un captcha maison afin d'éviter les spams russe sur un Prestashop 1.6
Dans ce tutoriel nous allons voir comment mettre en place une sécurité maison afin de ne plus se faire spammer sa boite mail.
On va crée un override du Controller Front Contact. Chemin du fichier: override/controllers/front/ContactController.php
<?php
/*
* 2007-2016 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2016 PrestaShop SA
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
class ContactController extends ContactControllerCore
{
/**
* Start forms process
* @see FrontController::postProcess()
*/
public function postProcess()
{
if (Tools::isSubmit('submitMessage')) {
$saveContactKey = $this->context->cookie->contactFormKey;
$extension = array('.txt', '.rtf', '.doc', '.docx', '.pdf', '.zip', '.png', '.jpeg', '.gif', '.jpg');
$file_attachment = Tools::fileAttachment('fileUpload');
$message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags.
$url = Tools::getValue('url');
// On va aller detecter l'extension du mail
$ext_mail = new SplFileInfo(trim(Tools::getValue('from')));
$ext_mail = $ext_mail->getExtension();
// on recupère la réponse du captcha
$captcha = (int)Tools::getValue('captcha');
if (!($from = trim(Tools::getValue('from'))) || !Validate::isEmail($from)) {
$this->errors[] = Tools::displayError('Invalid email address.');
}
// on interdit l'extension du mail en .ru
elseif ($ext_mail =='ru' ) {
$this->errors[] = Tools::displayError('Extension non permise.');}
// on veux que la valeur du champs soit a 2 (2 A dans Alexandre) on peux bien sur modifier
elseif ($captcha !=2) {
$this->errors[] = Tools::displayError('Vérification anti-spam - mauvaise réponse :(');}
elseif (!$message) {
$this->errors[] = Tools::displayError('The message cannot be blank.');
} elseif (!Validate::isCleanHtml($message)) {
$this->errors[] = Tools::displayError('Invalid message');
} elseif (!($id_contact = (int)Tools::getValue('id_contact')) || !(Validate::isLoadedObject($contact = new Contact($id_contact, $this->context->language->id)))) {
$this->errors[] = Tools::displayError('Please select a subject from the list provided. ');
} elseif (!empty($file_attachment['name']) && $file_attachment['error'] != 0) {
$this->errors[] = Tools::displayError('An error occurred during the file-upload process.');
} elseif (!empty($file_attachment['name']) && !in_array(Tools::strtolower(substr($file_attachment['name'], -4)), $extension) && !in_array(Tools::strtolower(substr($file_attachment['name'], -5)), $extension)) {
$this->errors[] = Tools::displayError('Bad file extension');
} elseif ($url === false || !empty($url) || $saveContactKey != (Tools::getValue('contactKey'))) {
$this->errors[] = Tools::displayError('An error occurred while sending the message.');
} else {
$customer = $this->context->customer;
if (!$customer->id) {
$customer->getByEmail($from);
}
$id_order = (int)$this->getOrder();
if (!((
($id_customer_thread = (int)Tools::getValue('id_customer_thread'))
&& (int)Db::getInstance()->getValue('
SELECT cm.id_customer_thread FROM '._DB_PREFIX_.'customer_thread cm
WHERE cm.id_customer_thread = '.(int)$id_customer_thread.' AND cm.id_shop = '.(int)$this->context->shop->id.' AND token = ''.pSQL(Tools::getValue('token')).''')
) || (
$id_customer_thread = CustomerThread::getIdCustomerThreadByEmailAndIdOrder($from, $id_order)
))) {
$fields = Db::getInstance()->executeS('
SELECT cm.id_customer_thread, cm.id_contact, cm.id_customer, cm.id_order, cm.id_product, cm.email
FROM '._DB_PREFIX_.'customer_thread cm
WHERE email = ''.pSQL($from).'' AND cm.id_shop = '.(int)$this->context->shop->id.' AND ('.
($customer->id ? 'id_customer = '.(int)$customer->id.' OR ' : '').'
id_order = '.(int)$id_order.')');
$score = 0;
foreach ($fields as $key => $row) {
$tmp = 0;
if ((int)$row['id_customer'] && $row['id_customer'] != $customer->id && $row['email'] != $from) {
continue;
}
if ($row['id_order'] != 0 && $id_order != $row['id_order']) {
continue;
}
if ($row['email'] == $from) {
$tmp += 4;
}
if ($row['id_contact'] == $id_contact) {
$tmp++;
}
if (Tools::getValue('id_product') != 0 && $row['id_product'] == Tools::getValue('id_product')) {
$tmp += 2;
}
if ($tmp >= 5 && $tmp >= $score) {
$score = $tmp;
$id_customer_thread = $row['id_customer_thread'];
}
}
}
$old_message = Db::getInstance()->getValue('
SELECT cm.message FROM '._DB_PREFIX_.'customer_message cm
LEFT JOIN '._DB_PREFIX_.'customer_thread cc on (cm.id_customer_thread = cc.id_customer_thread)
WHERE cc.id_customer_thread = '.(int)$id_customer_thread.' AND cc.id_shop = '.(int)$this->context->shop->id.'
ORDER BY cm.date_add DESC');
if ($old_message == $message) {
$this->context->smarty->assign('alreadySent', 1);
$contact->email = '';
$contact->customer_service = 0;
}
if ($contact->customer_service) {
if ((int)$id_customer_thread) {
$ct = new CustomerThread($id_customer_thread);
$ct->status = 'open';
$ct->id_lang = (int)$this->context->language->id;
$ct->id_contact = (int)$id_contact;
$ct->id_order = (int)$id_order;
if ($id_product = (int)Tools::getValue('id_product')) {
$ct->id_product = $id_product;
}
$ct->update();
} else {
$ct = new CustomerThread();
if (isset($customer->id)) {
$ct->id_customer = (int)$customer->id;
}
$ct->id_shop = (int)$this->context->shop->id;
$ct->id_order = (int)$id_order;
if ($id_product = (int)Tools::getValue('id_product')) {
$ct->id_product = $id_product;
}
$ct->id_contact = (int)$id_contact;
$ct->id_lang = (int)$this->context->language->id;
$ct->email = $from;
$ct->status = 'open';
$ct->token = Tools::passwdGen(12);
$ct->add();
}
if ($ct->id) {
$cm = new CustomerMessage();
$cm->id_customer_thread = $ct->id;
$cm->message = $message;
if (isset($file_attachment['rename']) && !empty($file_attachment['rename']) && rename($file_attachment['tmp_name'], _PS_UPLOAD_DIR_.basename($file_attachment['rename']))) {
$cm->file_name = $file_attachment['rename'];
@chmod(_PS_UPLOAD_DIR_.basename($file_attachment['rename']), 0664);
}
$cm->ip_address = (int)ip2long(Tools::getRemoteAddr());
$cm->user_agent = $_SERVER['HTTP_USER_AGENT'];
if (!$cm->add()) {
$this->errors[] = Tools::displayError('An error occurred while sending the message.');
}
} else {
$this->errors[] = Tools::displayError('An error occurred while sending the message.');
}
}
if (!count($this->errors)) {
$var_list = array(
'{order_name}' => '-',
'{attached_file}' => '-',
'{message}' => Tools::nl2br(stripslashes($message)),
'{email}' => $from,
'{product_name}' => '',
);
if (isset($file_attachment['name'])) {
$var_list['{attached_file}'] = $file_attachment['name'];
}
$id_product = (int)Tools::getValue('id_product');
if (isset($ct) && Validate::isLoadedObject($ct) && $ct->id_order) {
$order = new Order((int)$ct->id_order);
$var_list['{order_name}'] = $order->getUniqReference();
$var_list['{id_order}'] = (int)$order->id;
}
if ($id_product) {
$product = new Product((int)$id_product);
if (Validate::isLoadedObject($product) && isset($product->name[Context::getContext()->language->id])) {
$var_list['{product_name}'] = $product->name[Context::getContext()->language->id];
}
}
if (empty($contact->email)) {
/*Mail::Send($this->context->language->id, 'contact_form', ((isset($ct) && Validate::isLoadedObject($ct)) ? sprintf(Mail::l('Your message has been correctly sent #ct%1$s #tc%2$s'), $ct->id, $ct->token) : Mail::l('Your message has been correctly sent')), $var_list, $from, null, null, null, $file_attachment);*/
} else {
if (!Mail::Send($this->context->language->id, 'contact', Mail::l('Message from contact form').'',
$var_list, $contact->email, $contact->name, null, null,
$file_attachment, null, _PS_MAIL_DIR_, false, null, null, $from) /*||
!Mail::Send($this->context->language->id, 'contact_form', ((isset($ct) && Validate::isLoadedObject($ct)) ? sprintf(Mail::l('Your message has been correctly sent #ct%1$s #tc%2$s'), $ct->id, $ct->token) : Mail::l('Your message has been correctly sent')), $var_list, $from, null, null, null, $file_attachment, null, _PS_MAIL_DIR_, false, null, null, $contact->email)*/) {
$this->errors[] = Tools::displayError('An error occurred while sending the message.');
}
}
}
if (count($this->errors) > 1) {
array_unique($this->errors);
} elseif (!count($this->errors)) {
$this->context->smarty->assign('confirmation', 1);
}
}
}
}
}
Modification du contact-form.tpl
Chemin: /themes/default-bootstrap/contact-form.tpl
{*
* 2007-2016 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2016 PrestaShop SA
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*}
{capture name=path}{l s='Contact'}{/capture}
<h1 class="page-heading bottom-indent">
{l s='Customer service'} - {if isset($customerThread) && $customerThread}{l s='Your reply'}{else}{l s='Contact us'}{/if}
</h1>
{if isset($confirmation)}
<p class="alert alert-success">{l s='Your message has been successfully sent to our team.'}</p>
<ul class="footer_links clearfix">
<li>
<a class="btn btn-default button button-small" href="{if isset($force_ssl) && $force_ssl}{$base_dir_ssl}{else}{$base_dir}{/if}">
<span>
<i class="icon-chevron-left"></i>{l s='Home'}
</span>
</a>
</li>
</ul>
{elseif isset($alreadySent)}
<p class="alert alert-warning">{l s='Your message has already been sent.'}</p>
<ul class="footer_links clearfix">
<li>
<a class="btn btn-default button button-small" href="{if isset($force_ssl) && $force_ssl}{$base_dir_ssl}{else}{$base_dir}{/if}">
<span>
<i class="icon-chevron-left"></i>{l s='Home'}
</span>
</a>
</li>
</ul>
{else}
{include file="$tpl_dir./errors.tpl"}
<form action="{$request_uri}" method="post" class="contact-form-box" enctype="multipart/form-data">
<fieldset>
<h3 class="page-subheading">{l s='send a message'}</h3>
<div class="clearfix">
<div class="col-xs-12 col-md-3">
<div class="form-group selector1">
<label for="id_contact">{l s='Subject Heading'}</label>
{if isset($customerThread.id_contact) && $customerThread.id_contact && $contacts|count}
{assign var=flag value=true}
{foreach from=$contacts item=contact}
{if $contact.id_contact == $customerThread.id_contact}
<input type="text" class="form-control" id="contact_name" name="contact_name" value="{$contact.name|escape:'html':'UTF-8'}" readonly="readonly" />
<input type="hidden" name="id_contact" value="{$contact.id_contact|intval}" />
{$flag=false}
{/if}
{/foreach}
{if $flag && isset($contacts.0.id_contact)}
<input type="text" class="form-control" id="contact_name" name="contact_name" value="{$contacts.0.name|escape:'html':'UTF-8'}" readonly="readonly" />
<input type="hidden" name="id_contact" value="{$contacts.0.id_contact|intval}" />
{/if}
</div>
{else}
<select id="id_contact" class="form-control" name="id_contact">
<option value="0">{l s='-- Choose --'}</option>
{foreach from=$contacts item=contact}
<option value="{$contact.id_contact|intval}"{if isset($smarty.request.id_contact) && $smarty.request.id_contact == $contact.id_contact} selected="selected"{/if}>{$contact.name|escape:'html':'UTF-8'}</option>
{/foreach}
</select>
</div>
<p id="desc_contact0" class="desc_contact{if isset($smarty.request.id_contact)} unvisible{/if}"> </p>
{foreach from=$contacts item=contact}
<p id="desc_contact{$contact.id_contact|intval}" class="desc_contact contact-title{if !isset($smarty.request.id_contact) || $smarty.request.id_contact|intval != $contact.id_contact|intval} unvisible{/if}">
<i class="icon-comment-alt"></i>{$contact.description|escape:'html':'UTF-8'}
</p>
{/foreach}
{/if}
<p class="form-group">
<label for="email">{l s='Email address'}</label>
{if isset($customerThread.email)}
<input class="form-control grey" type="text" id="email" name="from" value="{$customerThread.email|escape:'html':'UTF-8'}" readonly="readonly" />
{else}
<input class="form-control grey validate" type="text" id="email" name="from" data-validate="isEmail" value="{$email|escape:'html':'UTF-8'}" />
{/if}
</p>
{if !$PS_CATALOG_MODE}
{if (!isset($customerThread.id_order) || $customerThread.id_order > 0)}
<div class="form-group selector1">
<label>{l s='Order reference'}</label>
{if !isset($customerThread.id_order) && isset($is_logged) && $is_logged}
<select name="id_order" class="form-control">
<option value="0">{l s='-- Choose --'}</option>
{foreach from=$orderList item=order}
<option value="{$order.value|intval}"{if $order.selected|intval} selected="selected"{/if}>{$order.label|escape:'html':'UTF-8'}</option>
{/foreach}
</select>
{elseif !isset($customerThread.id_order) && empty($is_logged)}
<input class="form-control grey" type="text" name="id_order" id="id_order" value="{if isset($customerThread.id_order) && $customerThread.id_order|intval > 0}{$customerThread.id_order|intval}{else}{if isset($smarty.post.id_order) && !empty($smarty.post.id_order)}{$smarty.post.id_order|escape:'html':'UTF-8'}{/if}{/if}" />
{elseif $customerThread.id_order|intval > 0}
<input class="form-control grey" type="text" name="id_order" id="id_order" value="{if isset($customerThread.reference) && $customerThread.reference}{$customerThread.reference|escape:'html':'UTF-8'}{else}{$customerThread.id_order|intval}{/if}" readonly="readonly" />
{/if}
</div>
{/if}
{if isset($is_logged) && $is_logged}
<div class="form-group selector1">
<label class="unvisible">{l s='Product'}</label>
{if !isset($customerThread.id_product)}
{foreach from=$orderedProductList key=id_order item=products name=products}
<select name="id_product" id="{$id_order}_order_products" class="unvisible product_select form-control"{if !$smarty.foreach.products.first} style="display:none;"{/if}{if !$smarty.foreach.products.first} disabled="disabled"{/if}>
<option value="0">{l s='-- Choose --'}</option>
{foreach from=$products item=product}
<option value="{$product.value|intval}">{$product.label|escape:'html':'UTF-8'}</option>
{/foreach}
</select>
{/foreach}
{elseif $customerThread.id_product > 0}
<input type="hidden" name="id_product" id="id_product" value="{$customerThread.id_product|intval}" readonly="readonly" />
{/if}
</div>
{/if}
{/if}
{if $fileupload == 1}
<p class="form-group">
<label for="fileUpload">{l s='Attach File'}</label>
<input type="hidden" name="MAX_FILE_SIZE" value="{if isset($max_upload_size) && $max_upload_size}{$max_upload_size|intval}{else}2000000{/if}" />
<input type="file" name="fileUpload" id="fileUpload" class="form-control" />
</p>
{/if}
</div>
<div class="col-xs-12 col-md-9">
<div class="form-group">
<label for="message">{l s='Message'}</label>
<textarea class="form-control" id="message" name="message">{if isset($message)}{$message|escape:'html':'UTF-8'|stripslashes}{/if}</textarea>
</div>
</div>
</div>
<!-- on injecte un nouveau champs input modif alexandre sixtrone -->
<p class="form-group">
<label for="captcha">Vérification Anti-spam</label>
<p>Combien de A dans Alexandre ?</p>
<input type="text" name="captcha" class="form-control" value=""/>
</p>
<!-- on injecte un nouveau champs input modif alexandre sixtrone -->
<div class="submit">
<input type="text" name="url" value="" class="hidden" />
<input type="hidden" name="contactKey" value="{$contactKey}" />
<button type="submit" name="submitMessage" id="submitMessage" class="button btn btn-default button-medium"><span>{l s='Send'}<i class="icon-chevron-right right"></i></span></button>
</div>
</fieldset>
</form>
{/if}
{addJsDefL name='contact_fileDefaultHtml'}{l s='No file selected' js=1}{/addJsDefL}
{addJsDefL name='contact_fileButtonHtml'}{l s='Choose File' js=1}{/addJsDefL}
Laisser un commentaire