Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

sky_diver

Pioneers
  • Posts

    38
  • Joined

  • Last visited

  • Days Won

    1

sky_diver last won the day on October 7 2010

sky_diver had the most liked content!

2 Followers

Profile Information

sky_diver's Achievements

  1. Coding in the Nude... Ala NaKeD

  2. This place is like the Bermuda triangle, you post in the wrong place and it vanishes.

  3. Nic, I am humbled that despite my unruly behavior towards you, and all my attempts to ruffle you up, you prove to be quite the gentleman. I wish you the best of luck in all your endeavors and thank you for your efforts provided here. Without what you have done, I would not have done. There are lots of things out here, online and at various open source forums and such, that are not always what they seem. Rumors start, people, such as I, sometimes fall prey to them. Without open source and the communities that follow them many people would not have the benefits they do now. I apologize for being such a pain in *ss. I like to stir things up and get peoples juice flowing at times, but at the end of the day we are all here for similar cause. Well done to you Nic.
  4. This thread fits quite well as this is the ultimate upgrade to the IP Trap. Because of this update the IP Trap is now obsolete. For even greater protection one should use the PHPIDS for osCommerce 1.4 by Celextel, http://addons.oscommerce.com/info/7374 . It makes use of great features for securing you site as well as the IP Containment and Management System.
  5. Excellent work Celextel. Glad to see you placed my Ip Containment and Management system into the code base. This is a great contribution that many store owners should find as a lifesaver.
  6. For those that need direction on adding a link for admin access to the banned_ip.php page, I have updated the install file. Thanks everyone for your comments. As always there will always be people that would rather run older contributions for various reasons. This is a personal choice, and I wish you all the best of luck no matter what your choices are. For me the choice is clear, I would rather experience the comfort and durability of a Nike VS a no name brand. Gas mileage goes further in a modern vehicle compared to the clunkers of the past. Webster's dictionary is more apt to being correct than others... ect; ect;
  7. There is an IP Containment and Management System available from me. Bless you for asking dear.
  8. Thank you for the kind tips. A new IP Containment and Management System is now available.

  9. Reputation marks are but a joke to say the least. What I offered in this thread was honest advice. I once used this so called IP-Trap and quickly saw it was sub-standard. Yes it works somewhat, but overall is much more difficult than should be. It follows none of the standards used in osCommerce and introduces new functions that replicate already existing ones. The application uses more resources than should be allowed, and even the file size could be reduced considerably. I do not come here offering thrown together contributions loosely based on the code of others, nor do I then turn around and offer "cheap" support for other things once I have their attention. I have clear conscience and clear intentions. If any one person wants a better suited IP Address containment and management system, then I shall provide every person with one.
  10. Nothing to do with XSS. This is just a poor addon. It has an overabundance of flaws and does not secure your site from anything more than a snooping bot or otherwise. Using this will place your payment modules at risk as it may block their callback URLs. It is also very resource intensive. There are much more elegant ways to implement something that will block prying eyes. If you read this topic well you will see that many users suffer from trying to use this addon. This mod appears to be started from an idea posted on these forums between a few other individuals some time back. Perhaps real support can be found in that thread.
  11. Issue is now gone and all works correctly. Thank you! :thumbsup: With the checks in place as they are, there should be no need for an annoying CAPTCHA system, which will make things easier on the customer.
  12. Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit. I just replaced my contact_us.php with what you provided.
  13. I applied it with active countries. Just leave your files as is anywhere you have the active country code. I believe for that particular section of Sams code, it does basically the same thing and provides dropdown menus of the Providences/states. And I do use Master Password 1.4 as well. So those changes will work for you.
  14. Excellent addon for security. Much better than any type of false trap. There was one error in includes/functions/account_secure.php: At the end it has an extra ) needs to be replaced with ; For those using Master Password v1.0 with MD5 hash, you will have a couple of querks getting it going. Just replace your includes/functions/password_funcs.php with the following: //// // This funstion validates a plain text password with an // encrpyted password function tep_validate_password($plain, $encrypted) { // anti-hacker account $old_exist = true; // if passwords exist in dbase that have not been hexed set to true // EOF anti-hacker account if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($plain) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $plain) == $stack[0]) { return true; // anti-hacker account } elseif ($old_exist) { for ($i=0; $i < strlen($plain)-1; $i+=2) { $password .= chr(hexdec($plain[$i].$plain[$i+1])); } // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($password) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $password) == $stack[0]) return true; // EOF anti-hacker account } } return false; } //// // This function makes a new password from a plaintext password. function tep_encrypt_password($plain) { $password = ''; for ($i=0; $i<10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; }
×
×
  • Create New...