结帐时的 WooCommerce 安全性
WooCommerce security on checkout
我一直在尝试向结帐表单添加一种安全措施,例如验证码或安全问题。我已经尝试使用 PHP、附加组件、插件,但找不到任何有效的方法。你们知道我该怎么做吗?这样我就不会从机器人那里收到很多订单。最好在代码中。我尝试使用
$number = 2
//other wordpress/woocommerce code
'human' => array(
'label' => __( 'Are you a human?', 'woocommerce' ),
'placeholder' => __( 'What is 1 + 1?', 'woocommerce' ),
'required' => true,
'validate' => $number
),
在 woocommerce/includes/class-wc-countries.php
但它不起作用:它显示了表格,但我可以输入任何内容,它会继续,即使我输入了例如324.
出于安全目的,您可以使用 Google NoCaptcha Recaptcha
您可以按照以下说明生成自己的验证码:
扩展我关于 customizing the checkout fields 的教程,我们可以从添加和显示一些字段开始:
这将添加计算检查字段:
function so_31413975_filter_checkout_fields($fields){
$fields['extra_fields'] = array(
'human_check' => array(
'type' => 'text',
'label' => __( 'What is 1+1?', 'stack-overflow' ),
'placeholder' => __( 'Enter a number', 'stack-overflow' )
)
);
return $fields;
}
add_filter( 'woocommerce_checkout_fields', 'so_31413975_filter_checkout_fields' );
结帐时显示
function so_31413975_extra_checkout_fields(){
$checkout = WC()->checkout(); ?>
<div class="extra-fields">
<h3><?php _e( 'Are you human?', 'stack-overflow' ); ?></h3>
<?php
// because of this foreach, everything added to the array in the previous function will display automagically
foreach ( $checkout->checkout_fields['extra_fields'] as $key => $field ) : ?>
<?php woocommerce_form_field( $key, $field, $checkout->get_value( $key ) ); ?>
<?php endforeach; ?>
</div>
<?php }
add_action( 'woocommerce_checkout_after_customer_details' ,'so_31413975_extra_checkout_fields' );
我喜欢蜜罐,这是人类本应保留空白但机器人可能会尝试填补的领域。他们抓住了机器人,但甚至不向人类展示,而人类不必做任何事情。赢了,赢了!因为这是一个隐藏的输入,所以我无法通过上面的函数添加它。因此我们将直接在结帐模板中添加标记。
function so_31413975_add_honeypot(){ ?>
<p style="display:none" id="sweetness"><label for="sweetness" class=""><?php _e('Leave this field blank', 'stack-overflow' );?> </label><input type="text" class="input-text " name="sweetness" id="sweetness" placeholder="<?php _e( 'Do not write here', 'stack-overflow' );?>" value=""></p>
<?php
}
add_action( 'woocommerce_checkout_before_order_review', 'so_31413975_add_honeypot' );
WooCommerce 只允许某些类型的验证。在 required、city、phone 等之外,我们必须对发布的信息进行自己的验证。通过添加错误通知,我们停止完成订单。
function so_31413975_validate_checkout(){
if ( !isset( $_POST['sweetness'] ) || ( isset( $_POST['sweetness'] ) && trim( $_POST['sweetness'] ) !== '' ) ){
wc_add_notice( __( 'You seem like a bot.', 'stack-overflow' ), 'error' );
}
if ( ! isset( $_POST['human_check'] ) || ( isset( $_POST['human_check'] )&& intval( $_POST['human_check'] ) !== 2 ) ){
wc_add_notice( __( 'Please enter the correct number', 'stack-overflow' ), 'error' );
}
}
add_action( 'woocommerce_checkout_process', 'so_31413975_validate_checkout' );
您可以编辑表单所在的页面:隐藏按钮,直到用户正确输入验证码,或正确回答数学问题:
http://jsfiddle.net/robinvandernoord/pexhLL2g
<div id="place_order" style="display:none">
<button onclick="alert('yay')">Place Order</button>
</div>
<p style="text-align: left;">[woocommerce_checkout]</p>
<h2>are you human?</h2>
<script>
function enable() {
var user = document.getElementById("user").value;
if (user === answer) {
var docu = document.getElementById("place_order").style;
docu.display = "block";
var eneb = document.getElementById("enable").style;
eneb.display = "none";
var met = document.getElementById("math").style;
met.display = "none";
var user = document.getElementById("user").style;
user.display = "none";
} else {
makeMath();
}
}
</script>
<div id="math"></div>
<script>
function makeMath() {
var random1 = Math.floor(Math.random() * 5);
var random2 = Math.floor(Math.random() * 5);
answer = random1 + random2;
var mat = document.getElementById("math");
mat.innerHTML = ""
mat.innerHTML += "what is ";
switch (random1) {
case 0:
mat.innerHTML += "zero";
break;
case 1:
mat.innerHTML += "one";
break;
case 2:
mat.innerHTML += "two";
break;
case 3:
mat.innerHTML += "three"
break;
case 4:
mat.innerHTML += "four";
break;
case 5:
mat.innerHTML += "five";
break;
case 6:
mat.innerHTML += "six";
break;
default:
mat.innerHTML += random1;
break;
}
/*
//mat.innerHTML += " plus ";
*/
mat.innerHTML += " plus ";
switch (random2) {
case 0:
mat.innerHTML += "zero";
break;
case 1:
mat.innerHTML += "one";
break;
case 2:
mat.innerHTML += "two";
break;
case 3:
mat.innerHTML += "three"
break;
case 4:
mat.innerHTML += "four";
break;
case 5:
mat.innerHTML += "five";
break;
case 6:
mat.innerHTML += "six";
break;
default:
mat.innerHTML += random1;
break;
}
/*
note
*/
mat.innerHTML += "?";
/*
note
*/
switch (answer) {
case 1:
answer = "one";
break;
case 2:
answer = "two";
break;
case 3:
answer = "three";
break;
case 4:
answer = "four";
break;
case 5:
answer = "five";
break;
case 6:
answer = "six";
break;
case 7:
answer = "seven";
break;
case 8:
answer = "eight";
break;
case 9:
answer = "nine";
break;
case 10:
answer = "ten";
break;
case 11:
answer = "eleven"
break;
case 12:
answer = "twelve"
break;
default:
answer = answer;
break;
}
}
makeMath();
</script>
<input id="user"></input>
<div onclick="enable()" id="enable">
<button style="color: white; background-color: #d64181;">Go</button>
</div>
有人也可以在控制台中得到答案,但只有人类知道,对吧? ;)
我一直在尝试向结帐表单添加一种安全措施,例如验证码或安全问题。我已经尝试使用 PHP、附加组件、插件,但找不到任何有效的方法。你们知道我该怎么做吗?这样我就不会从机器人那里收到很多订单。最好在代码中。我尝试使用
$number = 2
//other wordpress/woocommerce code
'human' => array(
'label' => __( 'Are you a human?', 'woocommerce' ),
'placeholder' => __( 'What is 1 + 1?', 'woocommerce' ),
'required' => true,
'validate' => $number
),
在 woocommerce/includes/class-wc-countries.php 但它不起作用:它显示了表格,但我可以输入任何内容,它会继续,即使我输入了例如324.
出于安全目的,您可以使用 Google NoCaptcha Recaptcha
您可以按照以下说明生成自己的验证码:
扩展我关于 customizing the checkout fields 的教程,我们可以从添加和显示一些字段开始:
这将添加计算检查字段:
function so_31413975_filter_checkout_fields($fields){
$fields['extra_fields'] = array(
'human_check' => array(
'type' => 'text',
'label' => __( 'What is 1+1?', 'stack-overflow' ),
'placeholder' => __( 'Enter a number', 'stack-overflow' )
)
);
return $fields;
}
add_filter( 'woocommerce_checkout_fields', 'so_31413975_filter_checkout_fields' );
结帐时显示
function so_31413975_extra_checkout_fields(){
$checkout = WC()->checkout(); ?>
<div class="extra-fields">
<h3><?php _e( 'Are you human?', 'stack-overflow' ); ?></h3>
<?php
// because of this foreach, everything added to the array in the previous function will display automagically
foreach ( $checkout->checkout_fields['extra_fields'] as $key => $field ) : ?>
<?php woocommerce_form_field( $key, $field, $checkout->get_value( $key ) ); ?>
<?php endforeach; ?>
</div>
<?php }
add_action( 'woocommerce_checkout_after_customer_details' ,'so_31413975_extra_checkout_fields' );
我喜欢蜜罐,这是人类本应保留空白但机器人可能会尝试填补的领域。他们抓住了机器人,但甚至不向人类展示,而人类不必做任何事情。赢了,赢了!因为这是一个隐藏的输入,所以我无法通过上面的函数添加它。因此我们将直接在结帐模板中添加标记。
function so_31413975_add_honeypot(){ ?>
<p style="display:none" id="sweetness"><label for="sweetness" class=""><?php _e('Leave this field blank', 'stack-overflow' );?> </label><input type="text" class="input-text " name="sweetness" id="sweetness" placeholder="<?php _e( 'Do not write here', 'stack-overflow' );?>" value=""></p>
<?php
}
add_action( 'woocommerce_checkout_before_order_review', 'so_31413975_add_honeypot' );
WooCommerce 只允许某些类型的验证。在 required、city、phone 等之外,我们必须对发布的信息进行自己的验证。通过添加错误通知,我们停止完成订单。
function so_31413975_validate_checkout(){
if ( !isset( $_POST['sweetness'] ) || ( isset( $_POST['sweetness'] ) && trim( $_POST['sweetness'] ) !== '' ) ){
wc_add_notice( __( 'You seem like a bot.', 'stack-overflow' ), 'error' );
}
if ( ! isset( $_POST['human_check'] ) || ( isset( $_POST['human_check'] )&& intval( $_POST['human_check'] ) !== 2 ) ){
wc_add_notice( __( 'Please enter the correct number', 'stack-overflow' ), 'error' );
}
}
add_action( 'woocommerce_checkout_process', 'so_31413975_validate_checkout' );
您可以编辑表单所在的页面:隐藏按钮,直到用户正确输入验证码,或正确回答数学问题:
http://jsfiddle.net/robinvandernoord/pexhLL2g
<div id="place_order" style="display:none">
<button onclick="alert('yay')">Place Order</button>
</div>
<p style="text-align: left;">[woocommerce_checkout]</p>
<h2>are you human?</h2>
<script>
function enable() {
var user = document.getElementById("user").value;
if (user === answer) {
var docu = document.getElementById("place_order").style;
docu.display = "block";
var eneb = document.getElementById("enable").style;
eneb.display = "none";
var met = document.getElementById("math").style;
met.display = "none";
var user = document.getElementById("user").style;
user.display = "none";
} else {
makeMath();
}
}
</script>
<div id="math"></div>
<script>
function makeMath() {
var random1 = Math.floor(Math.random() * 5);
var random2 = Math.floor(Math.random() * 5);
answer = random1 + random2;
var mat = document.getElementById("math");
mat.innerHTML = ""
mat.innerHTML += "what is ";
switch (random1) {
case 0:
mat.innerHTML += "zero";
break;
case 1:
mat.innerHTML += "one";
break;
case 2:
mat.innerHTML += "two";
break;
case 3:
mat.innerHTML += "three"
break;
case 4:
mat.innerHTML += "four";
break;
case 5:
mat.innerHTML += "five";
break;
case 6:
mat.innerHTML += "six";
break;
default:
mat.innerHTML += random1;
break;
}
/*
//mat.innerHTML += " plus ";
*/
mat.innerHTML += " plus ";
switch (random2) {
case 0:
mat.innerHTML += "zero";
break;
case 1:
mat.innerHTML += "one";
break;
case 2:
mat.innerHTML += "two";
break;
case 3:
mat.innerHTML += "three"
break;
case 4:
mat.innerHTML += "four";
break;
case 5:
mat.innerHTML += "five";
break;
case 6:
mat.innerHTML += "six";
break;
default:
mat.innerHTML += random1;
break;
}
/*
note
*/
mat.innerHTML += "?";
/*
note
*/
switch (answer) {
case 1:
answer = "one";
break;
case 2:
answer = "two";
break;
case 3:
answer = "three";
break;
case 4:
answer = "four";
break;
case 5:
answer = "five";
break;
case 6:
answer = "six";
break;
case 7:
answer = "seven";
break;
case 8:
answer = "eight";
break;
case 9:
answer = "nine";
break;
case 10:
answer = "ten";
break;
case 11:
answer = "eleven"
break;
case 12:
answer = "twelve"
break;
default:
answer = answer;
break;
}
}
makeMath();
</script>
<input id="user"></input>
<div onclick="enable()" id="enable">
<button style="color: white; background-color: #d64181;">Go</button>
</div>
有人也可以在控制台中得到答案,但只有人类知道,对吧? ;)