Anti spam honey pot |
Greet addon! Some bots can get through the CSRF protection in some way, so this is a nice extra security for bots. I had some issues with our excluded CSRF URIs so I fix this by adding the following core code to the function honey_pot_verify in MY_Security.php:
PHP Code: // Check if URI has been whitelisted from CSRF checks So this is new function code: PHP Code: public function honey_pot_verify() (02-29-2016, 05:35 AM)ardavan Wrote: Hey @Martin7483, Hi @ardavan, You can test it by filling in some value in the hidden input field using the browser developers tool like in Google Chrome by pressing F12 and then sent the form.
Hi,
Thanks for the update. Sorry for the late reply Been very busy with work and family stuff. But will be here more from now on
It has been a while, but I have recently come a cross an issue with the honey pot.
I never created an expire time for the token. Update the ./config/config.php file and add PHP Code: $config['honey_pot_expire'] = 3600; Update the ./core/MY_Security.php file and add the following lines PHP Code: protected $_honey_pot_expire; // The time the token remains valid for. Default is 1 hour The code provided in the OP has also been updated
Can we use $config['honey_pot_exclude_uris'] like the CSRF exclude URI?
I really need this exclusion cause I need the honey pot for just some url but not the whole website which currently, it checks the honey pot for all urls. |
Welcome Guest, Not a member yet? Register Sign In |