Jump to content



HowardR

Member Since 22 Mar 2013
OFFLINE Last Active Apr 12 2017 14:40
-----

#1755384 New Payflow requirement: TLS 1.2 & HTTP/1.1

Posted by HowardR on 02 April 2017 - 14:35

I think I finally understand the TLS 1.2 issue.  This is a very serious issue. There are a lot of OSCommerce owners that will wake up to a nasty surprise on May 1. Those of you who are not new to this, please let me know if I am wrong in any of my statements below:

 

1. This only affects PayFlow, if you have PayPal Express Checkout also installed in your store, that should keep working. So you won't be able to accept Credit Cards, but you will be able to still accept PayPal payments.

 

2. PayPal threatened to require TLS 1.2 on May 1, 2016. but they relented. Now they say that they are going to require it on May 1, 2017. I think that they are going to follow through this time.

 

3. If you have an older PayPal PayFlow module installed, it will stop working on May 1. If you have version 3.1 of the PayFlow module installed on May 1, you are OK.

 

4. There are two versions of 3.1 on addons created by Harald Ponce de Leon. Both work. The best one is the newest:

 

 

5. These versions require TLS 1.2  (the latest security standard)  which does not run on OpenSSL 0.9.8, which just happens to be the version of Open SSL that is installed on most servers these days, due to security problems that were encountered with early versions of OpenSSL 1.0.1 and 1.0.2.  You can test which version of TLS 1.2 that you have by using the following php code in a simple php file on your system:

 

<?php function get_tls_version($sslversion = null)

{

$c = curl_init();

curl_setopt($c, CURLOPT_URL, "https://www.howsmyssl.com/a/check");

curl_setopt($c, CURLOPT_RETURNTRANSFER, true);

if ($sslversion !== null)

{

curl_setopt($c, CURLOPT_SSLVERSION, $sslversion);

}

$rbody = curl_exec($c);

if ($rbody === false)

{

$errno = curl_errno($c);

$msg = curl_error($c);

curl_close($c);

return "Error! errno = " . $errno . ", msg = " . $msg;

}

else

{

$r = json_decode($rbody);

curl_close($c);

return $r->tls_version;

}

}

echo "<pre>\n";

echo "OS: " . PHP_OS . "\n";

echo "uname: " . php_uname() . "\n"; echo "PHP version: " . phpversion() . "\n";

$curl_version = curl_version();

echo "curl version: " . $curl_version["version"] . "\n";

echo "SSL version: " . $curl_version["ssl_version"] . "\n"; echo "SSL version number: " . $curl_version["ssl_version_number"] . "\n"; echo "OPENSSL_VERSION_NUMBER: " . dechex(OPENSSL_VERSION_NUMBER) . "\n"; echo "TLS test (default): " . get_tls_version() . "\n"; echo "TLS test (TLS_v1): " . get_tls_version(1) . "\n"; echo "TLS test (TLS_v1_2): " . get_tls_version(6) . "\n"; echo "</pre>\n";

?>

 

So, if you have a store that uses PayFlow and you are using an older PayPal module, you could find yourself in deep doodoo on May 1. You better start making the transition today.




#1755050 How I upgraded my database from 2.3.3 to 2.3.4

Posted by HowardR on 24 March 2017 - 16:08

I decided to switch my OSCommerce 2.3.3 store to a different URL. Instead of using 2.3.3 again in the new site, I decided to use 2.3.4 (the official version, not the Responsive/BootStrap version).

 

1. I installed my 2.3.4 store on my new URL. (Recommendation: don't change your username and password from those in your old store, since they are stored in the database.) In order to complete that installation, I used MySQL to created a new database which I called oscommerce234.

 

2. I logged into the admin of my 2.3.3 store and created a backup of my old database. Then I used FTP to download it to my home computer. Then I renamed it as backup233.sql and I used FTP to upload it to the backup directory (oscommerce-2.3.4/catalog/admin/backups) of my new store.

 

3. I downloaded the add-on which provides a .sql file for upgrading databases from 2.2MS2 to 2.3.3 (http://addons.oscommerce.com/info/8731).  It has been kept current and now includes the codes for upgrading from 2.3.3 to 2.3.4. (It does not, however, include the commands for upgrading to 2.3.4 Responsive/BootStrap.)

 

4. On my home computer I edited that upgrade file using my text editor (Notepad++). I only kept the commands for moving from 2.3.3 to 2.3.4. Then I saved the file with the name 233_to_234.sql and uploaded it using FTP to the backup directory (oscommerce-2.3.4/catalog/admin/backups) of my new store.  Here are the comments (lines that start with #) and commands that were in that file:

 

############

#2.3.4 SQL

############

#Increase column size

alter table sessions modify sesskey varchar(128) not null;

#Adds "Administration Tool -> Configuration -> Shipping/Packaging -> Allow Orders Not Matching Defined Shipping Zones"

insert into configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, set_function, date_added) values ('Allow Orders Not Matching Defined Shipping Zones ', 'SHIPPING_ALLOW_UNDEFINED_ZONES', 'False', 'Should orders be allowed to shipping addresses not matching defined shipping module shipping zones?', '7', '5', 'tep_cfg_select_option(array(\'True\', \'False\'), ', now());

 

5. Then I used Putty to log into the website of my new store. I logged into MySQL. Then at the MySQL prompts (mysql>) I created a new database which I called oscommerce233 and then I upgraded it by uploaded my backup233.sql file into it and then my 233_to_234.sql file into it. (Note that /var/www/html is the absolute path to my oscommerce-2.3.4 store; your absolute path will be different.)

 

mysql> CREATE DATABASE oscommerce233;

mysql> use oscommerce233;
mysql> source /var/www/html/oscommerce-2.3.4/catalog/admin/backups/backup233.sql;
mysql> source /var/www/html/oscommerce-2.3.4/catalog/admin/backups/233_to_234.sql;
mysql> quit;

 

6. Then I used FTP to download the two configure.php files (catalog/includes/configure.php and catalog/admin/includes/configure.php). I edited each of them using my text editor (notepad++) changing database references from oscommerce234 to oscommerce233. Then I uploaded both configure.php files back to the website. As a result, the following statement now appears in those configuration files:

 

define('DB_DATABASE', 'oscommerce233');

 

That's all there was to it. It seems that everything is working, but I won't know for sure until I get my store operational. If this doesn't work out, I can change the database references in those configuration files back to the way they were before (oscommerce234 instead of oscommerce233), and I'll be using the oscommerce234 database that was created when first setting up the oscommerce 2.3.4 store.