Access Blocker for Zen Cart v1.5.5 (and later)

Version 1.1.1 by lat9

Copyright (C) 2019, Vinos de Frutas Tropicales

Released under the General Public License (see the file named license.txt in the plugin's distribution for full details). This script is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Current Support Thread at Zen Cart Forums: https://www.zen-cart.com/showthread.php?225161-Access-Blocker-Support-Thread

This drop-in plugin provides your store with admin-level controls to block (or limit) actions provided by the contact_us, create_account and login pages. If access is blocked via configuration (see the Configuration tab for details):

  1. contact_us. The message appears to be sent, but no email is actually generated.
  2. create_account. An account appears to have been created, but it's not (and no emails are sent). The message (defined in the plugin's message-file) is displayed to give the illusion of an account having been created.
  3. login. The login is denied, with the "standard" Error: Sorry, there is no match for that email address and/or password. message being displayed.

Some features of the plugin require that you request a free API key from the ipdata.co service. That service identifies "known" threats, based on a supplied IP address — Access Blocker makes that request based on the IP address used to access your site.

This section identifies the procedure you'll use to install/update or remove the plugin for your Zen Cart.

There are no core-file overwrites required by Access Blocker. Just rename the YOUR_ADMIN folder to match your Zen Cart admin's folder name and then copy the plugin's files to your store's file-system:

  1. /includes/classes/ipData.php
  2. /includes/classes/observers/auto.access_blocker.php
  3. /includes/languages/english/extra_definitions/access_blocker_messages.php
  4. /YOUR_ADMIN/includes/auto_loaders/config.access_blocker_admin.php
  5. /YOUR_ADMIN/includes/init_includes/init_access_blocker_admin.php
  6. /YOUR_ADMIN/includes/languages/english/extra_definitions/access_blocker_admin_names.php

On the next admin login or admin page-refresh, the plugin will perform its automatic installation to set its default configuration values into your store's database.

First, delete the plugin's files that were copied to your Zen Cart installation's file-system. Then use your admin's Tools->Run SQL Patches to run the file /docs/access_blocker/uninstall/access_blocker_uninstall.sql.

Once you've installed Access Blocker, you'll see an additional option in your admin's Configuration menu — Access Blocker — with the following available settings:

Name Description
Plugin Version Identifies the current version of the plugin. The setting's last_modified date is set to the version's release date.
Enable Access Blocker? When enabled, the plugin blocks unwanted accesses to your store's contact_us, create_account and login pages, based on "threats" identified by the ipdata.co service and/or additional elements identified below.
ipData Service: API Key Enter the API key you received from the ipData service. Leave the setting empty if no ipdata.co information should be used.
Block by: Country Enter, using a comma-separated list, the 2-character ISO country-codes for any countries to be blocked. All IP addresses originating in these countries will be blocked.

Note: This setting does not apply if the ipData Service: API Key is empty.
Block by: Organization Enter, using a comma-separated list, any "organizations" (based on the ipData response) to be blocked. If the organization associated with an IP address contains any of the strings entered here, the access will be blocked.

Note: This setting does not apply if the ipData Service: API Key is empty.
Block by: IP Address Enter, using a comma-separated list, any specific IP addresses to block. If you enter only the upper segments of an IP address, e.g. 192.168.1., all matching IP addresses, e.g. 192.168.1.0-192.168.1.255 will be blocked.
Block by: Host Address Enter, using a comma-separated list, any "host addresses" to block. If the host-address that originates the IP address contains any of the strings entered here, the access will be blocked.
Block by: Email Address Enter, using a comma-separated list, any "email addresses" to block. If the email-address entered contains any of the strings entered here, the access will be blocked.

You can block accesses for a specific email address (joe@example.com) or for an entire email domain (@example.com).
Block by: Message Keywords Enter, using a comma-separated list, any words in a contact_us message that should result in a block. If the message contains any of the words entered here, the associated contact-us email will not be sent.
Block by: Create-account Company Enter, using a comma-separated list, any companies used in a create_account request that should result in a block. If the company, as entered, contains any of the phrases entered here, no account will be created.
Enable Debug? When enabled, the plugin creates a monthly log, /logs/accesses_blocked_YYYY_mm.log, of the accesses denied by the plugin.

This section identifies the files added by this plugin as well as the plugin's change history.

The plugin provides the following files in its distribution zip-file.

  1. /includes/classes/ipData.php
  2. /includes/classes/observers/auto.access_blocker.php
  3. /includes/languages/english/extra_definitions/access_blocker_messages.php
  4. /YOUR_ADMIN/includes/auto_loaders/config.access_blocker_admin.php
  5. /YOUR_ADMIN/includes/init_includes/init_access_blocker_admin.php
  6. /YOUR_ADMIN/includes/languages/english/extra_definitions/access_blocker_admin_names.php
  • v1.1.1, 2019-10-07:
    • BUGFIX: Correct PHP notices when submitted variables are missing.
    • The following files were changed:
      1. /includes/classes/observers/auto.access_blocker.php
      2. /YOUR_ADMIN/includes/init_includes/init_access_blocker_admin.php
  • v1.1.0, 2019-06-26:
    • CHANGE: Reduce calls to ipdata.co, when an email-address and/or content-specific blocks have been configured.
    • CHANGE: Enable create-account requests to be blocked by company.
    • The following files were changed:
      1. /includes/classes/observers/auto.access_blocker.php
      2. /YOUR_ADMIN/includes/init_includes/init_access_blocker_admin.php
  • v1.0.1, 2019-06-19:
    • BUGFIX: Correct the debug logging; IP Addresses not reported due to incorrect variable name.
    • CHANGE: For site performance, only check for blocked requests on the potentially-blocked pages.
    • CHANGE: Modify the plugin's configuration settings, changing the "list-type" settings to use a textarea box instead of a simple input.
    • The following files were changed:
      1. /includes/classes/observers/auto.access_blocker.php
      2. /YOUR_ADMIN/includes/init_includes/init_access_blocker_admin.php
  • v1.0.0, 2019-03-02:
    • Initial public release.