Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Today
  3. you would need to add the account module for navbar modules and/or the account block for footer with content modules and/or buttons for header
  4. I cannot see a logout button either on frozen 2.341 Do you know how to fix this?
  5. Jack_mcs

    where can i go to learn

    The domain you mentioned doesn't appear to be valid so I can't comment on what is needed for it. But, in general, you can use this thread to switch to the latest version. Hosts use a third-party service to provide packages to install. That third-party can only include packages recognized by the owner of the package. Since @Harald Ponce de Leon has not done that with the Community Edition, they can't include. The one they include is a very old and should not be used.
  6. peterbuzzin

    PayPal App v5.018 Log In with PayPal is now dead

    You could, but you'd need to do that on every instance of echo $_POST or echo $_GET. This was partly why I couldn't understand why the decision was made to change $HTTP_POST_VARS/$HTTP_GET_VARS to $_POST/$_GET (unless previously global functionality has been compensated for also [and that's global in terms of applying the process before utilisation of variables and not super global]) aside from a bit of a waste of effort. Anyway, as mentioned this might be better in a separate thread/topic so this one can stay on topic.
  7. 241

    PayPal App v5.018 Log In with PayPal is now dead

    could you not use htmlspecialchars($_GET['keyname'] )
  8. peterbuzzin

    PayPal App v5.018 Log In with PayPal is now dead

    I know I said about creating a separate thread (and I hope you still do) but until then I've just thought of something that could be a vulnerability with regards to Frozen and the removal of $HTTP_POST_VARS and $HTTP_GET_VARS, what is being done to escape the $_POST and $_GET variables instead? Without escaping them someone could easily perform Cross-Site Scripting (XSS) client side attacks/injections on form fields. The $HTTP_POST_VARS and $HTTP_GET_VARS were a creation of do_magic_quotes_gpc() function in compatibility.php and even if they referred to the now deprecated PHP variables names offered basic protection against XSS. Is there compensation for this by the use of a similar function to loop through all $_POST and $_GET arrays in frozen before they're used? If not, then on forms where the original input is outputted back on the page (as an example) on submission if a naked echo $_GET['keyname'] is being used instead of $HTTP_GET_VAR['keyname'] this could/will have disastrous outcomes! As an example, if you had <textarea><?php echo $_GET['keyname'];?></textarea> that could easily be turned into and output like.... <textarea>{start point of injection}</textarea> <script>naughty javascript inserted here</script>Enter your Card details:<input type="text" required></input> <textarea>{end point of injection}</textarea>
  9. hello, Has this issue been fixed.. as we are still experiencing some orders not being updated after successful checkout. i read this forum i didnt see a fix however we see no rows with null order id.in orders_status_history table
  10. peterbuzzin

    Stop Google adding bogus names

    These are penetration/vulnerability tests performed by hacker bots. They're mostly automated and will attempt to insert code into the registration input fields (as well as any other forms they can find), submit the form and then wait to see if they can produce an error or unintended result from that submission. If they get an error an unintended result then they'll test further to gain entry and/or inject code so that your store harvests information for their gain such as displaying credit card fields to your store visitors that they'll then clean out after capturing the data. As long as long as your store isn't using a very old version of osC then you should be fine and you can just delete the bogus registrations. To minimise the amount of these registrations look into integrating Google reCaptcha for your forms.
  11. milerwan

    Country State Selector BS v3.0

    From "admin -> Modules -> Header Tags -> Country/States Selector", you have to edit the module and tick the missing page(s) to apply the script : address_book_process.php checkout_payment_address.php checkout_shipping_address.php create_account.php
  12. I can't remember anything on osc that's ok on php7.0 and not on 7.1 The main differences on 7.1 are to do with exception handling and some dynamic function calls so it doesn't really matter. 7.2 is a different animal though!
  13. peterbuzzin

    PayPal App v5.018 Log In with PayPal is now dead

    Unfortunately I think HPDL isn't keeping up-to-date with PayPal patches. The changes and feature deprecations at PayPal have been publicised for sometime now. With regards to Frozen, I'm not aware of the point when it became a fork. osCommerce v2.3.4.1 as downloaded from the homepage doesn't come with the PayPal App. It has PayPal modules which are active at the time of installation but not the App. The App adds additional includes/apps and includes/hooks directories, if you have these present then you're halfway there. Hop you don't mind me asking, I'm happy to continue to help/advise but I'm just thinking this thread could go very off topic and I don't want the fixes to get lost amongst it all. Would you mind creating a new thread and tagging me in it and we can carry on chatting about it there if you like.
  14. JcMagpie

    AB Testing

    Sod's Law 😊 never used it but looks like a new add-on. https://apps.oscommerce.com/SlEyQ&amp;a-b-testing-optimize-conversion-rate
  15. JcMagpie

    AB Testing

    Not aware of a off the shelf add-on for osC but you can make one, code is on github. https://phpab.github.io/
  16. JcMagpie

    where can i go to learn

    If your old site is heavily modified or runs a complex template then you will have more work to do. If you have coding experiance then sure you can take a crack at bootstraping your existing site ( many people have done this) or simply download the CE version which is already Bootstraped and use it. You can then learrn bootstrap while using and modifying it.
  17. Oh ok @BrockleyJohnI got the ticks before install so thought all was good. Found option in my cpanel to set the php version which was 5.4 so changed it to 7.1 and all is now good in edge Will this break the frozen version I have installed as I am comparing the too Many thanks for your assistance
  18. You are running php5.5 or below. The minimum for Edge is php7.0 (and the max is 7.1 currently)
  19. my version is not frozen but it is 2.3.4.1 CE with BS4, would still think you should be able to logout though I use coupon codes and they can be changed without issue, also clients can log out when ever they wish so would assume there is a issue with the session not allowing the coupon to be changed, think it would be a good start to see why it cannot be logged out first Kindest regards
  20. pete2007

    PayPal Express ~ Duplicate Orders

    @peterbuzzin works perfectly, most appreciated once again!
  21. I think that @BrockleyJohn is right. Resolve the logging out problem first.
  22. Hi @BrockleyJohn thank you for that info this then gives me Fatal error: Arrays are not allowed as constants in /home/santrocom/public_html/edge/includes/languages/english/modules/content/footer/cm_footer_information_links.php on line 27 Line 27 of that files only has ); const MODULE_CONTENT_FOOTER_INFORMATION_DATA = array( 'privacy.php' => 'Privacy &amp; Cookie Policy', 'conditions.php' => 'Terms &amp; Conditions', 'shipping.php' => 'Shipping &amp; Returns', 'contact_us.php' => 'Contact Us' );
  23. deepsonline

    AB Testing

    Hello All, Has anyone successfully tried AB Testing ? Or there any version exists with this? Any leads would be greatly appreciated. Thanks in advance
  24. Hotclutch

    where can i go to learn

    The best documentation for bootstrap is found on the official bootstrap site itself. https://getbootstrap.com/docs/4.3/getting-started/introduction/ There are other useful sites to learn from like W3schools: https://www.w3schools.com/
  25. What something like this, Sure just edit as you like, The text is in the language file, to enable add to cart just remove the disable class from the button in product_listing file. The symbol is also in the file just remove it. $prod_list_contents .= tep_draw_button(OUT_OF_STOCK_STAMP, '', tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . (int)$listing['products_id']), NULL, array('params' => 'data-has-attributes="' . ((tep_has_product_attributes((int)$listing['products_id']) === true) ? '1' : '0') . '" data-in-stock="' . (int)$listing['in_stock'] . '" data-product-id="' . (int)$listing['products_id'] . '"'), 'btn-danger btn-sm btn-product-listing btn-buy') . PHP_EOL; But remember if you have the product info no stock button active you will need to make the same changes to that also.
  26. JcMagpie

    where can i go to learn

    Your here you can find all you need in this forum, just roll up your sleeves and get on with it. Nothing to update, they have the official version for download.
  27. Of course it's possible! It sounds like you have much bigger problems than discount codes.
  1. Load more activity
×