BTW, other than this issue, this is a great contribution Sam!
Latest News: (loading..)
0
258 replies to this topic
#222
Posted 05 May 2010, 22:13
AndreN, on 02 May 2010, 15:52, said:
In html_output.php at Line 45
if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'false') ) {
I changed the last 'false' to 'False' and this restored my session IDs' and I was able to add contents to the cart again.This does not touch html_output.php, but your correction there is valid.
Quote
However with '$no_pword = true;' set in create_account.php and I follow the logic as explained in your account_mods.html i.e. PWA and complete the Create Account page and click the 'continue' button I get a cart empty message.
YET when I log in with the account credentials created by the above, I once again have contents in my cart.
With '$no_pword = false;' I get my cart with contents and functionality as it should be.
Any ideas why? What is killing/changing the Session ID ? I think this is something to do with the PWA logic.
YET when I log in with the account credentials created by the above, I once again have contents in my cart.
With '$no_pword = false;' I get my cart with contents and functionality as it should be.
Any ideas why? What is killing/changing the Session ID ? I think this is something to do with the PWA logic.
With this the only real diference for PWA is password creation & the possible redirect to CHECKOUT_SHIPPING, does that occur? this uses tep_href_link for redirects, so there should be no session issues, its nothing I`ve seen b4!
Edited by spooks, 05 May 2010, 22:14.
Sam
Remember, What you think I ment may not be what I thought I ment when I said it.
Contributions:
Auto Backup your Database, Easy way
Multi Images with Fancy Pop-ups, Easy way
Products in columns with multi buy etc etc
Disable any Category or Product, Easy way
Secure & Improve your account pages et al.
Remember, What you think I ment may not be what I thought I ment when I said it.
Contributions:
Auto Backup your Database, Easy way
Multi Images with Fancy Pop-ups, Easy way
Products in columns with multi buy etc etc
Disable any Category or Product, Easy way
Secure & Improve your account pages et al.
#223
Posted 06 May 2010, 21:13
Hi there,
I have a strange thing happening as well. I installed Sam's anti-hacker account recently and tested it but only to realise that some orders were saved in the database and some weren't even though the payments went through to the paypal account, otherwise I wouldn't have known they existed. Would anyone know why.
Denise
I have a strange thing happening as well. I installed Sam's anti-hacker account recently and tested it but only to realise that some orders were saved in the database and some weren't even though the payments went through to the paypal account, otherwise I wouldn't have known they existed. Would anyone know why.
Denise
#224
Posted 08 May 2010, 10:12
Denise Beck, on 06 May 2010, 21:13, said:
some orders were saved in the database and some weren't even though the payments went through to the paypal account
Thats nothing to do with this, its a paypal issue, see the support threads for your paypal module for solutions.
Sam
Remember, What you think I ment may not be what I thought I ment when I said it.
Contributions:
Auto Backup your Database, Easy way
Multi Images with Fancy Pop-ups, Easy way
Products in columns with multi buy etc etc
Disable any Category or Product, Easy way
Secure & Improve your account pages et al.
Remember, What you think I ment may not be what I thought I ment when I said it.
Contributions:
Auto Backup your Database, Easy way
Multi Images with Fancy Pop-ups, Easy way
Products in columns with multi buy etc etc
Disable any Category or Product, Easy way
Secure & Improve your account pages et al.
#225
Posted 13 May 2010, 22:54
spooks, on 10 April 2010, 20:09, said:
Yes, it has the form suggested by ClubOsc and provides a more secure form of PWA (Purchase Without Account), and makes the personal details input a seamless part of the checkout, removing any password input requirement in that mode. [img]http://forums.oscommerce.com/public/style_emoticons/default/smile.gif[/img]
Sam, I have the Anti-Hack Mods Add On installed and all appears to be working as it's supposed to. Great and thank you.
My question is that I also have this other PWA add on installed. Do I deduce correctly from your comments posted here and the docs that the Anti Hacker PWA is independant of that other PWA; so I can therefore tidy things up in my shop by removing a couple database mods and file changes that were specific to my original PWA? Apparently they are not causing any conflicts that I see but if I don't need them I'd like to remove them for housekeeping sake.
I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
#226
Posted 19 May 2010, 16:05
Hi Sam,
I need to allow the clients to pass a + (plus) sign through into their account details and I'm sure I simply need to add it in this code somewhere
but I can't get it to accept the addition no matter where I place it. If you could help it would be appreciated
I need to allow the clients to pass a + (plus) sign through into their account details and I'm sure I simply need to add it in this code somewhere
return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/i", "", urldecode($vars));
but I can't get it to accept the addition no matter where I place it. If you could help it would be appreciated
#227
Posted 06 June 2010, 21:20
Hello!!
Sorry for my poor english
Maybe it could be interesting to this contribution...
Spanish postcode have 5 digits like France postcode, Spanish country code in oscommerce is 195.
The first two digits of the postcode indicates that province is.
For example Málaga postcode begins for 29, Valencia for 46, Barcelona for 08, etc, etc.. here are all provinces with two firts digits of postcode http://www.codigospostales.com/
I hope that this information may be useful
Regards!!!
Sorry for my poor english
Maybe it could be interesting to this contribution...
Spanish postcode have 5 digits like France postcode, Spanish country code in oscommerce is 195.
The first two digits of the postcode indicates that province is.
For example Málaga postcode begins for 29, Valencia for 46, Barcelona for 08, etc, etc.. here are all provinces with two firts digits of postcode http://www.codigospostales.com/
I hope that this information may be useful
Regards!!!
#228
Posted 08 June 2010, 07:45
Hello, im having a problem where when selecting a new country, the state/province list does not get refresh for the selected country, am I doing something wrong or is it suppose to be this way? The original osc refresh itself once I select a new country. Anyone run into this problem and manage to fix it? Please help. Thank you very much.
#229
Posted 09 June 2010, 21:30
I followed instructions but when I create an account, I am seeing this error:
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 18
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 19
Notice: Undefined index: confirmation in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 21
Any suggestions?
Carry
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 18
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 19
Notice: Undefined index: confirmation in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 21
Any suggestions?
Carry
#231
Posted 11 June 2010, 18:56
Hi Sam,
It's a great addon
although I do not need all of the tweaks, just the security part.
I have two sites in which I have done some tweaking of, for example create account. I do not want to change what I have done.
Later on, when I have written install instructions it will become a contribution.
So, I wonder:
Which parts of your addon are for security only?
Keep up the good work!
Kindest
Sara
It's a great addon
although I do not need all of the tweaks, just the security part.I have two sites in which I have done some tweaking of, for example create account. I do not want to change what I have done.
Later on, when I have written install instructions it will become a contribution.
So, I wonder:
Which parts of your addon are for security only?
Keep up the good work!
Kindest
Sara
#232
Posted 12 June 2010, 04:02
Found the same error on the login page:
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/login.php on line 13
Notice: Undefined index: email_address in /var/www/vhosts/site.com/httpdocs/login.php on line 16
Anyone know what I could be doing wrong?
Php version: 5.2.13
MySQL 5.0.77
==========================
Looks like this mod is coded incorrectly???
PHP is case sensitive. The name attributes of your form elements are Name, Email, and Message. Consequently, you should be using $_POST['Name'], $_POST['Email'], and $_POST['Message'].
"Undefined index" means the variable you are trying to use doesn't exist. $_POST['Name'] and $_POST['name'] are completely different variables. They may look the same to you, but not to PHP.
Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/login.php on line 13
Notice: Undefined index: email_address in /var/www/vhosts/site.com/httpdocs/login.php on line 16
Anyone know what I could be doing wrong?
Php version: 5.2.13
MySQL 5.0.77
==========================
Looks like this mod is coded incorrectly???
PHP is case sensitive. The name attributes of your form elements are Name, Email, and Message. Consequently, you should be using $_POST['Name'], $_POST['Email'], and $_POST['Message'].
"Undefined index" means the variable you are trying to use doesn't exist. $_POST['Name'] and $_POST['name'] are completely different variables. They may look the same to you, but not to PHP.
Edited by carryG, 12 June 2010, 04:10.
#233
Posted 15 June 2010, 22:30
Common osC bug, nothing to do with this.
in application_top.php near line 312
find:
replace with:
[/quote]
Hi Sam I do not have neither of the above instead I have:
// navigation history
if (!tep_session_is_registered('navigation') || !is_object($navigation)) {
tep_session_register('navigation');
$navigation = new navigationHistory;
}
$navigation->add_current_page();
--------------------------------------
Should I change to yours?
Sara
in application_top.php near line 312
find:
replace with:
[/quote]
Hi Sam I do not have neither of the above instead I have:
// navigation history
if (!tep_session_is_registered('navigation') || !is_object($navigation)) {
tep_session_register('navigation');
$navigation = new navigationHistory;
}
$navigation->add_current_page();
--------------------------------------
Should I change to yours?
Sara
Edited by Juto, 15 June 2010, 22:31.
#234
Posted 16 June 2010, 03:02
replace with:
[/quote]
Thank you Sara - I had originally thought that was the case and had updated the site to that early on, cleared cache/cookies to be sure and it still persists.
Its a strange one that it continues...
[/quote]
Thank you Sara - I had originally thought that was the case and had updated the site to that early on, cleared cache/cookies to be sure and it still persists.
Its a strange one that it continues...
#237
Posted 02 July 2010, 18:22
Hi Sam first of all I'd like to say a great big thank you for creating this add on! I really appreciate that you to made it in the first place since you are not getting paid to do it or giving the support you have in this forum. It's contributors like you that make it possible for us to get shops on line where we might not have been able to otherwise. So thank you!!! 
Can you, or anyone else, tell me if I would need to install Anti XSS add on if I've already got your's? I'm not sure about everything it covers.
Thanks
Can you, or anyone else, tell me if I would need to install Anti XSS add on if I've already got your's? I'm not sure about everything it covers.
Thanks
#238
Posted 12 July 2010, 18:03
Thanks for such a great contribution. I've got it running on my development site, and am nearly ready to port it over.
Is there a way to allow a + sign? I could see this as important in the comments sections and sort. When I add it, it doesn't seem to work for me, yet when i add other symbols, they work perfectly fine.
$vars = preg_replace("/[\*]/i", "\*.", urldecode($vars));
$vars = preg_replace("/[%]/i", "%.", urldecode($vars));
$vars = preg_replace("/[&]/i", "&.", urldecode($vars));
$vars = preg_replace("/[\$]/i", "\$.", urldecode($vars));
$vars = preg_replace("/\+/i", "\+.", urldecode($vars));
return preg_replace("/[^\p{L}\p{M}\w\r\/@ :{}!%&\+\*\$\,#_.-]/i", "", urldecode($vars));
I realize the more i add, the more I leave myself open. I did a couple preg_replace's to add a dot before some of the symbols that could be riskier - i know the code isn't clean, but i'm a novice at preg_replace. Of course, it doesn't seem to make a difference without the first lines, in regards to the + sign.
Thanks for your help.
Is there a way to allow a + sign? I could see this as important in the comments sections and sort. When I add it, it doesn't seem to work for me, yet when i add other symbols, they work perfectly fine.
$vars = preg_replace("/[\*]/i", "\*.", urldecode($vars));
$vars = preg_replace("/[%]/i", "%.", urldecode($vars));
$vars = preg_replace("/[&]/i", "&.", urldecode($vars));
$vars = preg_replace("/[\$]/i", "\$.", urldecode($vars));
$vars = preg_replace("/\+/i", "\+.", urldecode($vars));
return preg_replace("/[^\p{L}\p{M}\w\r\/@ :{}!%&\+\*\$\,#_.-]/i", "", urldecode($vars));
I realize the more i add, the more I leave myself open. I did a couple preg_replace's to add a dot before some of the symbols that could be riskier - i know the code isn't clean, but i'm a novice at preg_replace. Of course, it doesn't seem to make a difference without the first lines, in regards to the + sign.
Thanks for your help.
#239
Posted 16 July 2010, 21:10
I have discovered my own answer about the plus sign. the answer is to use rawurldecode in place of urldecode. It allows for the plus sign, but has no other obvious issues.
Now, my question is, we're still disallowing the most dangerous symbols as ' " ; \ - Yet, there has to be some way of allowing these with little danger, otherwise forums like this one wouldn't allow them. My answer of using the dots is not a good one. what happens when Mr. O'Neil puts in his name to order a product? Maybe he'll think he just mistyped his own name.. haha.
Although, I'm not sure how to do it, couldn't the user input be done similar to the password field, using hex characters? I'm still leery about installing this mod on my main site, because of its harsh filtering. Also, I'll need to make it work with oscAffiliate, which has its own signup page and password fields (I'll need to re-create the wheel on that one, I'm sure.)
Now, my question is, we're still disallowing the most dangerous symbols as ' " ; \ - Yet, there has to be some way of allowing these with little danger, otherwise forums like this one wouldn't allow them. My answer of using the dots is not a good one. what happens when Mr. O'Neil puts in his name to order a product? Maybe he'll think he just mistyped his own name.. haha.
Although, I'm not sure how to do it, couldn't the user input be done similar to the password field, using hex characters? I'm still leery about installing this mod on my main site, because of its harsh filtering. Also, I'll need to make it work with oscAffiliate, which has its own signup page and password fields (I'll need to re-create the wheel on that one, I'm sure.)
Edited by Kagonesti, 16 July 2010, 21:11.
#240
Posted 14 August 2010, 20:16
Hi
and first thank you for lovely contribution
and just one question
don't know why is missing * from
ENTRY_TELEPHONE_NUMBER but code look ok
Thankx
and first thank you for lovely contribution
and just one question
don't know why is missing * from
ENTRY_TELEPHONE_NUMBER but code look ok
<td class="main"><?php echo ENTRY_TELEPHONE_NUMBER; ?></td>
<td class="main"><?php echo tep_draw_input_field('telephone') . ' ' . (tep_not_null(ENTRY_TELEPHONE_NUMBER_TEXT) ? '<span class="inputRequirement">' . ENTRY_TELEPHONE_NUMBER_TEXT . '</span>': ''); ?></td>
but in live website don't show and when customer put data and see no * next to phone just try go without and have warring to put telephone numberThankx
