How to protect PrestaShop from spambots  

 

       1. Download CleanTalk API from Github.com.

       2. Unzip the downloaded archive to your <root directory>/classes/. You will see the folder with the name "php-antispam-master". Rename it to "cleantalk".

       3. Go to <root directory>/classes/ and open Validate.php. Add the following functions to this script:

 

public static function spamCheckUser($name, $email)
{
session_start(); //Sessions is required
require_once (dirname(__FILE__) . '/cleantalk/cleantalk.class.php');
$config_url = 'http://moderate.cleantalk.org'; //server adress
$auth_key = 'your access key'; //access key
$sender_nickname = 'John Dow';
if ($name!='')
$sender_nickname = $name;
$sender_email = 's@cleantalk.org';
if ($email!='')
$sender_email = $email;
$sender_ip = null;
if (isset($_SERVER['REMOTE_ADDR']))
$sender_ip = $_SERVER['REMOTE_ADDR'];
// The facility in which to store the query parameters
$ct_request = new CleantalkRequest();
$ct_request->auth_key = $auth_key;
$ct_request->agent = 'php-api';
$ct_request->sender_email = $sender_email; 
$ct_request->sender_ip = $sender_ip; 
$ct_request->sender_nickname = $sender_nickname; 
$ct_request->js_on = 1;
$ct = new Cleantalk();
$ct->server_url = $config_url;
// Check
$ct_result = $ct->isAllowUser($ct_request);
return $ct_result;
}

public static function spamCheckMessage($name, $email, $message)
{
session_start();
require_once (dirname(__FILE__) . '/cleantalk/cleantalk.class.php');
// Take params from config
$config_url = 'http://moderate.cleantalk.org';
$auth_key = 'your access key'; // access key
$sender_nickname = 'John Dow';
if ($name!='')
$sender_nickname = $name;
$sender_email = 'stop_email@example.com';
if ($email!='')
$sender_email = $email;
$sender_ip = null;
if (isset($_SERVER['REMOTE_ADDR']))
$sender_ip = $_SERVER['REMOTE_ADDR'];
$sender_message = null; 
if ($message!='')
$sender_message = $message;
// The facility in which to store the query parameters
$ct_request = new CleantalkRequest();
$ct_request->auth_key = $auth_key;
$ct_request->agent = 'php-api';
$ct_request->sender_email = $sender_email; 
$ct_request->sender_ip = $sender_ip; 
$ct_request->sender_nickname = $sender_nickname; 
$ct_request->message = $sender_message;
$ct_request->js_on = 1;
$ct = new Cleantalk();
$ct->server_url = $config_url;
// Check
$ct_result = $ct->isAllowMessage($ct_request);
return $ct_result;
}

 

      4. To protect registration form, go to <root directory>/controllers/front/ and open AuthController.php.  

 

Paste the following code:

$spamCheckResult = Validate::spamCheckUser($customer->firstname.' '.$customer->lastname, $customer->email);
if ($spamCheckResult->allow == 0) {
$this->errors[] = Tools::displayError('User forbidden. Reason: '.$spamCheckResult->comment);
}
After this line (#442):

if (!count($this->errors)) {

 

      5. To protect comments, go to <root directory>/modules/productcomments/controllers/front/ and open default.php.

 

Paste the following code:

$customer_name = $this->context->customer->firstname.' '.$this->context->customer->lastname;
$customer_email = $this->context->customer->email;
$customer_message = strip_tags(Tools::getValue('content'));
$spamCheckResult = Validate::spamCheckMessage($customer_name, $customer_email, $customer_message);
if ($spamCheckResult->allow == 0) {
$errors[] = $module_instance->l('Message forbidden. Reason: '.$spamCheckResult->comment, 'default');
}

After this line (#70):

$errors = array();

Notice: to protect comments, you need to have this module installed in your prestashop directory.

 

      6. To protect newsletter sign-ups, go to <root directory>/modules/blocknewsletter/ and open blocknewsletter.php.  

 

Paste the following code at the top of the newsletterRegistration() function:

 if (!empty($_POST['email']) && Validate::isEmail($_POST['email']))
 {
 $spamCheckResult = Validate::spamCheckUser('', $_POST['email']);
 if ($spamCheckResult->allow == 0)
 return $this->error = $this->l('User forbidden. Reason: '.$spamCheckResult->comment);
 }

 

Use the blacklisted e-mail s@cleantalk.org to create a ticket. As a result, you will see the blocking message at the top of the page