| View previous topic :: View next topic |
| Author |
Message |
olc
Joined: 12 Mar 2004
Posts: 63
|
 Posted: Wed Mar 22, 2006 9:00 pm Post subject: Submit without validation |
 |
|
Hi I need some help oin this
the quikstore program does no internal form validation
other then via a java script file
anyone by simply turning java script off within their browser
can submit screwing up order numbers and more
without filling in anything
I know some online processers validate data once forwarded
from quikstore to them but we do not use one and I'm sure were not alone..
Does anyone know how to prevent somone from completing an order
without having java script on?
This is the only way I see of stopping this.
_________________
Thanks
OL |
|
| Back to top |
|
 |
Rick
Joined: 05 Apr 1999
Posts: 6833
Location: Virginia
|
| Posted: Wed Mar 22, 2006 9:13 pm Post subject: |
|
|
OL,
Why, what is happenning? Are you getting a bunch of orders without being validated?
Rick |
|
| Back to top |
|
|
olc
Joined: 12 Mar 2004
Posts: 63
|
| Posted: Wed Mar 22, 2006 9:17 pm Post subject: |
|
|
Lately a ton of them
about 15 today alone
it just screws up the order numbers etc
I do not care if we lose people with java turned off anymore
_________________
Thanks
OL |
|
| Back to top |
|
|
Rick
Joined: 05 Apr 1999
Posts: 6833
Location: Virginia
|
| Posted: Wed Mar 22, 2006 10:43 pm Post subject: |
|
|
OL,
Boy, that is hard to believe. Can you send me the URL to the site. I can't imagine 15 people having the javascript turned off in the same day. That would be highly unusual.
Are you sure the validation is working and those are not fradulent orders?
Rick |
|
| Back to top |
|
|
drmike29
Joined: 06 Apr 1999
Posts: 295
Location: baltimore, md, USA
|
| Posted: Thu Mar 23, 2006 2:19 am Post subject: |
|
|
OL,
I agree with Rick. In 6 years of using Quikstore, I haven't seen more than a handful of people bothering to by-pass the Javascript validation. I don't think there are that many individuals that would know how to turn off the Java validation to begin with. More likely it is 1 person just trying to give you a hard time. Check out the IP Address that is attempting to place these orders and block off that IP Address from accessing your website.
Mike |
|
| Back to top |
|
|
olc
Joined: 12 Mar 2004
Posts: 63
|
| Posted: Thu Mar 23, 2006 2:23 am Post subject: |
|
|
| Rick wrote: |
OL,
Boy, that is hard to believe. Can you send me the URL to the site. I can't imagine 15 people having the JavaScript turned off in the same day. That would be highly unusual.
Are you sure the validation is working and those are not fradulent orders?
Rick |
of course they are bad orders by a few people that know java is the only validation we have
I said 15 orders submitted with no feilds filled in they just turn off their java script add something to the cart checkout and submit an order, add something to their cart checkout hit submit again etc , what's hard to image?
I asked in the first post was there a way to only have the form submit if java script is turned on?
this way they have to at least fill in all the fields before submitting a bogus order
also we did have a few good orders this year where people had java turned off and missed some important info fields we needed to process by mistake, but that's rare
_________________
Thanks
OL |
|
| Back to top |
|
|
olc
Joined: 12 Mar 2004
Posts: 63
|
| Posted: Thu Mar 23, 2006 2:40 am Post subject: |
|
|
| drmike29 wrote: |
OL,
I agree with Rick. In 6 years of using Quikstore, I haven't seen more than a handful of people bothering to by-pass the Javascript validation. I don't think there are that many individuals that would know how to turn off the Java validation to begin with. More likely it is 1 person just trying to give you a hard time. Check out the IP Address that is attempting to place these orders and block off that IP Address from accessing your website.
Mike |
Depends on what business your in and how hard up the competition is
first they spammed the hell out of us via the quikstore program page load warning log and email alert option, I had to turn that option off
here's a typical log entry
PAGE LOAD WARNING
ERROR DATE = Sunday, March 19, 2006 at 03:09 AM
ERROR FILE = cart.cgi
LINE NUMBER = 803
HOST IP ADDR = 202.75.7.249
REMOTE_HOST =
BROWSER =
PAGE = yearned5745@EDITED.com
QUERY STRING =
POST VARIABLES = item-light_57|129.95|balls=yearned5745@EDITED.com,store_type=yearned5745@EDITED.com,page=yearned5745@EDITED.com,add_to_cart=thinContent-Type: multipart/alternative; boundary=da22838f459067ff43978b3c871a60f9
MIME-Version: 1.0
Subject: the violin was also silent. ho looks into the shadowy
bcc: frekiforbes@aol.com
This is a multi-part message in MIME format.
--da22838f459067ff43978b3c871a60f9
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
succeeded. his circle assembled every unday on the third, their delight was greater, was more festal than on any former occasion. ature herself had the same expression. he evening was most beautiful the full moon shone, magnificent dark blue
--da22838f459067ff43978b3c871a60f9--
.
REQUEST URL = /cgi-bin/edited/edited.cgi
REQUEST_METHOD = POST
HTTP COOKIES =
these ips are always different and the submitted order ips are alway aol
bellatlantic etc can't ban them
_________________
Thanks
OL |
|
| Back to top |
|
|
Rick
Joined: 05 Apr 1999
Posts: 6833
Location: Virginia
|
| Posted: Thu Mar 23, 2006 6:13 pm Post subject: |
|
|
OL,
Just so you know, I did a recent update 2.12.177 to "help" stop that specific page load warning. It now deletes those form fields when they get passed in. But, it won't stop all of them.
Also, Since reading this, I just added a web update to 2.12.178 that allows you to set required fields in the qs_main. If the fields are empty when they click to process the order, it will display the missing fields for them to re-enter. The order will not be processed until all fields are filled in.
However! While this will help for legitimate orders, you should keep in mind that if they put junk in the fields, the order will still go through. So, it really does not help your situation much. I think Mikes idea of banning the ip block is a better solution.
NOTE: If you are using a credit card plug-in, these field name entries in the qs_main may need to be changed to match your order form fields for the specific plug-in.
Rick |
|
| Back to top |
|
|
olc
Joined: 12 Mar 2004
Posts: 63
|
| Posted: Thu Mar 23, 2006 6:54 pm Post subject: |
|
|
Thanks Rick
Atleast now they will have to fill in all the fields
I will also turn that page load warning email back on
as long as its not the 75+ I used to get thats fine
if possible could you please consider a visual code to enter upon submitting an order, somthing like the phbb regisration page has
for the new php version your working on?
Thanks
Ed
_________________
Thanks
OL |
|
| Back to top |
|
|
drmike29
Joined: 06 Apr 1999
Posts: 295
Location: baltimore, md, USA
|
| Posted: Sun Oct 12, 2008 12:36 am Post subject: |
|
|
We are currently running the 2.12.175 version. 2 months ago when the ShoppingCartServer.com server went down and was restored, we lost use of FrontPage extensions. We had FP validation of the checkout forms. Since that feature no longer works, we have been receiving 'orders' with blank fields. Seems like the 2.12.178 version would solve our problems.
Can I somehow get a copy of the 2.12.178 update from anyone?
Thanks.
Mike |
|
| Back to top |
|
|
Rick
Joined: 05 Apr 1999
Posts: 6833
Location: Virginia
|
| Posted: Sat Oct 18, 2008 1:46 pm Post subject: |
|
|
Mike,
I just sent you a copy.
Rick |
|
| Back to top |
|
|
drmike29
Joined: 06 Apr 1999
Posts: 295
Location: baltimore, md, USA
|
| Posted: Mon Oct 20, 2008 2:06 am Post subject: |
|
|
Thanks Rick. You are the best.
Mike |
|
| Back to top |
|
|
drmike29
Joined: 06 Apr 1999
Posts: 295
Location: baltimore, md, USA
|
| Posted: Wed Dec 30, 2009 3:19 pm Post subject: |
|
|
We are running this version and the Required Field function IS working. To keep things simple, I made just the 6 fields below required. However, when these fields are left blank and the error page appears with these fields to be filled in, they are in the order as below:
Billing Address
Billing Phone
Billing Name
Email Address
Billing Zip
Billing City
This listing order is not consistent with the fields on the order form, nor in the required fields listing in the qs.main file. I can't exactly figure out why this page requests these fields in this rather non-logical order.
The preferred order would be along the lines of:
Billing Name
Billing Address
Billing City
Billing Zip
Billing Phone
Email Address
This is not a major issue, but any thoughts?
Thanks.
Mike |
|
| Back to top |
|
|
Rick
Joined: 05 Apr 1999
Posts: 6833
Location: Virginia
|
| Posted: Mon Jan 11, 2010 11:33 pm Post subject: |
|
|
Mike,
Perl does not keep associative arrays in order. Not sure why it does this but between the incoming form fields and the list coming from the config, they get out of order like that. Not much we can do really.
Rick |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
