Jump to content



John W

Member Since 05 Nov 2002
ONLINE Last Active Today, 20:52
-----

#1752091 cURL error (60): Peer certificate cannot be authenticated with given CA certi...

Posted by John W on 12 January 2017 - 18:38

@Jack_mcs

 

On the older Aim modules http://addons.oscomm....com/info/5662

they had the code below that was removed. 

        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);

It's been a few years or more, so I don't remember exactly.  There were post on Authorize.net and I beleive on their github too.  There were at least a few different processor modules using this as standard until it was pointed out that this setting created a security hole and was dissabling security built into curl.  But, once this was changed then the certificates have to be kept up or it can't verify the peer.  You can search around and find more info on it but i don't remember exactly what they called the exploit.  I only use this module and I've poured through a lot of the A.net stuff so it sticks out for me.




#1752049 cURL error (60): Peer certificate cannot be authenticated with given CA certi...

Posted by John W on 12 January 2017 - 00:35

@clustersolutions

 

If you need more help let me know.  I think that will work though.




#1752037 cURL error (60): Peer certificate cannot be authenticated with given CA certi...

Posted by John W on 11 January 2017 - 19:20

You have to update your certificate file.  I meant to post this last Friday and forgot.  I have this in ext/modules/payment/authorizenet/authorize.net.crt

Common Name: GeoTrust Global CA
Organization: GeoTrust Inc.
Valid From: May 20, 2002
Valid To: May 20, 2022
Issuer: GeoTrust Global CA, GeoTrust Inc.
Thumbprint (SHA-1): ‎DE28 F4A4 FFE5 B92F A3C5 03D1 A349 A7F9 962A 8212
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----


Common Name: Entrust.net Secure Server Certification Authority
Organization: Entrust.net
Valid From: May 25, 1999
Valid To: May 25, 2019
Issuer: Entrust.net Secure Server Certification Authority, Entrust.net
Thumbprint (SHA-1): ‎99A6 9BE6 1AFE 886B 4D2B 8200 7CB8 54FC 317E 1539
-----BEGIN CERTIFICATE-----
MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
-----END CERTIFICATE-----


Common Name: Entrust.net Certification Authority (2048)
Organization: Entrust.net
Valid From: December 24, 1999
Valid To: July 24, 2029
Issuer: Entrust.net Certification Authority (2048), Entrust.net
Thumbprint (SHA-1): 5030 0609 1D97 D4F5 AE39 F7CB E792 7D7D 652D 3431
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u
ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp
bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx
NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3
d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl
MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u
ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL
Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr
hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW
nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi
VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E
BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ
KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy
T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT
J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e
nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----


Common Name: Entrust Root Certification Authority
Organization: Entrust, Inc.
Valid From: November 27, 2006
Valid To: November 27, 2026
Issuer: Entrust Root Certification Authority, Entrust, Inc.
Thumbprint (SHA-1): B31E B1B7 40E3 6C84 02DA DC37 D44D F5D4 6749 52F9
-----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
0vdXcDazv/wor3ElhVsT/h5/WrQ8
-----END CERTIFICATE-----


Common Name: Baltimore CyberTrust Root
Organization: Baltimore
Valid From: May 12, 2000
Valid To: May 12, 2025
Issuer: Baltimore CyberTrust Root, Baltimore
Thumbprint: D4DE 20D0 5E66 FC53 FE1A 5088 2C78 DB28 52CA E474
-----BEGIN CERTIFICATE-----
MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
-----END CERTIFICATE-----



#1750794 Addons

Posted by John W on 06 December 2016 - 12:56

I was helping Gary with testing on this and I sent out 50 requests yesterday and received 8 positive reviews within a couple hours.  The key thing here is this module makes it easy generate those request in a minute or two.  Amazon is the leader in online sales and they do this, so why don't you? That's how I see it.  One sale can easily pays for this module.  @douglaswalker posted on a thread that he was able to get over 1k reviews inn a year, so that motivated me to ask. 

 

Bottom line is you should try this for £20.00 and you'll make that back in addtional profit.  Just so everyone knows I put my money where my mouth is, I sent the donation in after I had it for testing because it's worth it. 




#1750326 Time to get secure (if you haven't already)

Posted by John W on 24 November 2016 - 01:12

Hey @ArtcoInc,

 

Maybe now is a good time to think about moving your catalog to your root directory.  What do you think?  You can rewrite anyone that goes to your /catalog/  directory easily. 




#1750302 Google Adwords

Posted by John W on 23 November 2016 - 15:19

A few people here asked that we have a thread on Adwords, so I'll start it.  I've used Adwords since 2003 when you could do a nickel a click.  Then, it became a dime and the race was off.  Over time I've learned a lot and had a love/hate relationship.  This year Adwords account managers have helped me in updating and learning new features.  Currently, my ROI is the best it's been in at least a very long time, so I’ll try to share some ideas. For me, a big key is getting a repeat customer, but I also get some good sales from it.

 

First, you need to tie in Analytics, which is now part of Adwords.  Analytics can show you what sales you are getting through different ads and you can get the actual order id.   This helps in adjusting ads or even stopping those that don't pay off.  I look a lot at last 7 days and 30 days.  The 7 day view is good because you can see how small bid adjustments can cost a lot.  This can be done in the Adwords screens too.

https://adwords.google.com/analytics/

 

And using a Google Feeder like Jack's, you need to set up with Google Shopping.  Jack has a great support thread on this and the Google shopping team will help you if needed.  I was slow to get this going, but it's really working well on some items I sell.  This gets you the ad boxes you see with pics at the top of Google as well as Google Shopping.

https://merchants.google.com/

 

That covers the basics but AdWords and Analytics have a lot of features. 

  1. The biggest thing with AdWords is the better your ad is, the less you have to pay and still rank high.  So, take advantage of all the little extras like extended links and callouts.  Use all the characters you can but keep substance. 
  2. Once you create a base ad, you can copy and edit to make versions to test.  I added "Fully Secure Website" to one of my ads and it get 4 times the click through than any of my others in that ad group.  I did this based on switching to all SSL all the time.  Adwords also serves it higher, so it likes it.
  3.  You can also tailor you bids based on areas like states (Texas for instance).  Adjust based on days of the week or time of the day.  Adjust up or down for phones with browsers.  I bid that down because my biggest competitor on this isn't responsive in their site design.
  4. Remarketing was a huge fail for me that burned up cash with no ROI.
  5. Small bid adjustments that make you rank higher can cost way more than expected, so the 7 day running view is key.  The other key is look at it every day.  

There is some trial and error, but this can get you sales you are otherwise missing.  A lot probably depends on your margin, but for me I'll give 200 to sell 1600 especially since some will repeat.

 

There's a lot more to this and I'm not sure how much this helps, but hopefully others have something to add.  Or, if anyone has questions, maybe I can help. 




#1750124 Time to get secure (if you haven't already)

Posted by John W on 19 November 2016 - 17:50

I didn't drop at all from doing this, but bumped up a couple.  This is how I did it in my .htaccess but I also want everything as www since I've had that so long.  I had it done differently at first but that way could glitch.  This works perfectly for me since June.

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]



#1749612 Announcing new Product Ads on Facebook

Posted by John W on 06 November 2016 - 01:30

@crimble crumble

It's not the easiest thing to navigate and I can't always remember where I set something.  The key for me was limiting my cpc bid.  To answer your question if i understand it correctly.  Basically, FB has so many people on it that you have crossover of members that have been on your site.  FB says they have about 2 billion subscribers, so it's a numbers game.  People that come to you from Google are also on FB.  With the pixel code FB knows whos been on your site. 




#1749285 Font and background colors

Posted by John W on 29 October 2016 - 15:36

Bootstrap has a customizer that you can use to customize a lot.  It takes a little playing around with but it's pretty easy.  If you do this, you will have to update it yourself over time becasuse it becomes your bootstrap.css.  Personally, I like it a lot.

 

http://getbootstrap.com/customize/
 




#1748648 Charge credit card again AFTER the initial sale... legal ?

Posted by John W on 16 October 2016 - 21:38

@phi148

Hi Bill,

 

Search a customer that you had a charge for using the A.net search function.  You'll see a button labeled "view rebillable transactions" on the top right of the table showing the customer name you searched.  When you click that you will see all the transactions that can still be added on.  I just checked one of my customers and his oldest is Aug 1st. 

 

If you need more help let me know and I can walk you through the A.net parts.  I know it pretty well.




#1748589 show out of stock button in place of buy now when stock is less than 1

Posted by John W on 15 October 2016 - 21:40

This isn't perfect and needs some updating, and you need to test this first.  In the file product_listing.php around line 168 find

      if (PRODUCT_LIST_BUY_NOW > 0) {
        $prod_list_contents .= '       <div class="col-xs-6 text-right">' . tep_draw_button(IMAGE_BUTTON_BUY_NOW, 'fa fa-shopping-cart', tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $listing['products_id']), NULL, NULL, 'btn-success btn-sm') . '</div>';
      }

Change to

      if (PRODUCT_LIST_BUY_NOW > 0) {
        if ((STOCK_CHECK == 'true') && ($listing['products_quantity'] < 1)) {
          $prod_list_contents .= '        <div class="col-xs-6 text-right"><button type="button" class="btn btn-danger">Out of<br> Stock</button></div>';
        } else {
          $prod_list_contents .= '       <div class="col-xs-6 text-right">' . tep_draw_button(IMAGE_BUTTON_BUY_NOW, 'fa fa-shopping-cart', tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $listing['products_id']), NULL, NULL, 'btn-success btn-sm') . '</div>';
        }
      }



#1746653 spam mail with our domain?

Posted by John W on 17 August 2016 - 14:47

I set up SPF 9 years ago and it's pretty easy to do.  Make sure you cover your home ip if you use outlook or the like to send mail through you smtp server.  It has to be listed on your DNS settings for it to publish.  I setup DKIM a few years ago and it helped with valid emails especially when using a new server with new mail ip.  My datacenter had recommended using http://www.dnsstuff.com/tools to check DNS entries and it's also helpful with email settings although it's changed with time and I haven't used it much lately.  There are other tools online for checking your DKIM to make sure it's correct.

 

Realize that these spam emails will still exist after you set these up but more mail servers will realize they are spam after you setup spf and dkim.  Of course, your server needs to require you authenticate to send and receive email and I use SSL for all my email connections. 
 




#1744609 Upgrading Password functions to native php 5.5+

Posted by John W on 17 June 2016 - 18:56

As of Php 5.5 and higher there are very strong password functions built in that are the recommended method of handing passwords.  After seeing Burt's post on
https://github.com/g...Commerce/issues I decided to work on implementing it. You should read more at http://php.net/manua...q.passwords.php where there is some great info if you're interested.  It explains why we should do this.  

On a current OSC site the password is being hashed and stored something like this
$P$DR08dUINt6wXeu5R5TmaJGluO9toq80
and after upgrading to Php native hashing functions it will be something like this
$2y$10$iI3eIn44i71QFq0oi0Dh3emM4Syvvd9/dxVCq22oVa6HnKxjOzeiy
which is much stronger for more reasons than just length.  

First, I test everything on my local machine (test server) with the help of the NetBeans IDE (free). Before putting this on your live site test it first although I do have it running on my live site using Php 5.6.  

Assuming you are running Php 5.5 or higher and you are using a current BS version this should be pretty easy.  All customers that have passwords hashed with the older systems will be automatically updated when they log in.  There are only two files to change and a sql statement to execute.  Note that the current password field setting of VARCHAR(60) will work now but may be a problem going forward.

 

On includes/modules/content/login/cm_login_form.php around line 58 find

            if (tep_password_type($customer['customers_password']) != 'phpass') {

change to

            if (tep_password_type($customer['customers_password']) != 'phpnative') {

replace includes/functions/password_funcs.php with this file

<?php
/*
  $Id$

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2010 osCommerce

  Released under the GNU General Public License
*/

////
// This function validates a plain text password with a
// salted, phpass password or native php 5.5 and higer password hashing
  function tep_validate_password($plain, $encrypted) {
    if (tep_not_null($plain) && tep_not_null($encrypted)) {

      if (password_verify($plain, $encrypted)) {
        return true;
      }

      if (tep_password_type($encrypted) == 'salt') {
        return tep_validate_old_password($plain, $encrypted);
      }

      if (!class_exists('PasswordHash')) {
        include(DIR_WS_CLASSES . 'passwordhash.php');
      }

      $hasher = new PasswordHash(10, true);

      return $hasher->CheckPassword($plain, $encrypted);
    }

    return false;
  }

////
// This function validates a plain text password with a
// salted password
  function tep_validate_old_password($plain, $encrypted) {
    if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
      $stack = explode(':', $encrypted);

      if (sizeof($stack) != 2) return false;

      if (md5($stack[1] . $plain) == $stack[0]) {
        return true;
      }
    }

    return false;
  }

////
// This function encrypts a phpass password from a plaintext
// password.
  function tep_encrypt_password($plain) {
    return password_hash($plain, PASSWORD_DEFAULT);
  }

// This function returns the type of the encrpyted password
// (phpass or salt)
  function tep_password_type($encrypted) {
    if (preg_match('/^[A-Z0-9]{32}\:[A-Z0-9]{2}$/i', $encrypted) === 1) {
      return 'salt';
    }

    If (substr($encrypted, 0, 3) === '$P$') {
      return 'phpass';
    }

    return 'phpnative';
  }

Run this sql statemnent in phpMyAdmin.  This isn't mandotory at this time but could/will be in the future.

ALTER TABLE `customers` CHANGE `customers_password` `customers_password` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL;

You can check by using a test account to make sure the password changes format.

Post sny problems or questions and I'll try to help.  Assuming this goes well and is well received we'll work on the admin password functions, which should be simple.

 




#1741092 Authorize.Net Technical Updates - implementing Akamai's technology

Posted by John W on 21 March 2016 - 18:25

This is easy to update in your authorize.net module.  You can update your links now and I've been using the new ones for several months without a problem.  Just find all of these links to the secure server and update them wiht the 2 behind secure like the second link here.  There are probably 3 references. 

https://secure.autho...ay/transact.dll

change to

https://secure2.auth...ay/transact.dll

 

If you need more help let me know.  Also, let me know which module you are using.




#1740604 How to use the different stylesheets in the bootstrap version

Posted by John W on 12 March 2016 - 13:10

User.css affects everything and that's how cascading style sheets work, but I found another error in your user.css that's causing problems and it's before your footer element.  Find this in your user.css and you willl notice it's missing the closing bracket.  Try closing that.  That's why I asked if I could see your site so I could look for the cause of the problem. 

.btn-info {
    color: #fff;
    background-color: #dfe0ff;