Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation on 01/08/2021 in all areas

  1. 3 points
    raiwa

    KissIT Image Thumbnailer Support

    Uploaded update with the above fixes and webp image support: KissIT image thumbnailer 3.5.0 Requires Phoenix 1.0.7.4+ Tested with Phoenix 1.0.7.12 Change log 3.5.0: - moved and cleaned up thumbs subdirectory creation and removed unnecessary .htaccess. Thanks to @vmn - fixed error in admin thumbs showing duplicated images in product and category listing. Thanks to @Denzel - added support for webp image format - updated pi gallery module to abstract_module - Added optional convert jpeg, png and gif images to webp thumbs (Pro Version)
  2. 2 points
    raiwa

    reset password vulnerability

    I got the following reported: Matt @ecartz, provided the following script/hook to fix this: class hook_shop_siteWide_reset_all_sessions { public function listen_accountUpdateTables($parameters) { if (isset($parameters['db']['customers']['customers_password'])) { $sessions_query = tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$_SESSION['customer_id']); } } } I made the hook which should be placed in: Phoenix 1.0.7.2.+: templates/default/includes/hooks/shop/siteWide/ Phoenix 1.0.5.1. - 1.0.7.1: includes/hooks/shop/siteWide/ reset_all_sessions.php Lower Phoenix and OSCommerce versions need to add the query to account_password.php line 49-50. So it should look like this: if (tep_validate_password($password_current, $check_customer['customers_password'])) { tep_db_query("update customers set customers_password = '" . tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id . "'"); tep_db_query("update customers_info set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'"); // session destroy on password reset tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$customer_id ); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link('account.php', '', 'SSL')); Matt asked me to publish this here so other users can test it before adding it to core. It is already in use in one live store. Please test and report back.
  3. 2 points
    Uploaded PWA 4.3.5. with the above fix for Phoenix 1.0.7.12 Purchase without account 4.3.5 Compatibility: CE Phoenix 1.0.7.12.+. Tested with Phoenix 1.0.7.12. PHP 7.0-7.4 Older Phoenix versions please use PWA Phoenix 4.3.0.-4.3.4 Older CE BS versions please use PWA for BS 3.0.5 Older 2.3.4.(1.) versions please use PWA for BS 2.5r2 Changes Version. 4.3.5 - Updated customer data module for Phoenix 1.0.7.12+ compatibility.
  4. 1 point
    @raiwa email formating error: in file includes/hooks/admin/siteWide/oPwa.php line 39 $link = $check_status['customers_guest'] != '1' ? MODULE_NOTIFICATIONS_UPDATE_ORDER_TEXT_INVOICE_URL . ' ' . tep_catalog_href_link('account_history_info.php', 'order_id=' . $data['orders_id']) . "\n" : ''; should be replaced with: $link = $check_status['customers_guest'] != '1' ? sprintf(MODULE_NOTIFICATIONS_UPDATE_ORDER_TEXT_INVOICE_URL . ' ',tep_catalog_href_link('account_history_info.php', 'order_id=' . $data['orders_id'])) . "\n" : ''; to avoid the %s being printed in the email (%s defined in MODULE_NOTIFICATIONS_UPDATE_ORDER_TEXT_INVOICE_URL )
  5. 1 point
    Apologies to @René H4 for splitting out chit-chat in another thread into this one. Because a couple of the posts in that old thread were of an earlier date than the first post in this (Rene's) thread, the merge means that the topic now looks like it was made by me. Hope that makes sense. It (hopefully) should not affect the conversation.
  6. 1 point
    Yes works perfect thanks!
  7. 1 point
    Jack_mcs

    Easy Populate V 3.0

    A new version has been uploaded with these changes: Free Version: Added an option (bottom of the page) to clear the temp directory. Added a language file (not complete). Added the old tableblock class since the new one removes the table, which is needed here for display purposes. Changed code to remove php warnings. Changed the options code to use the stored settings. Changed the model setting to a database option and loaded the model size dynamically so it no longer needs to be set. Changed the Export section to allow clicking on the text to set the checkbox, as opposed to having to click the checkbox. Changed all references of Froogle to Google Shopping since that is once again free, sort of. Changed Header Tags SEO names to use the Phoenix names. Changed layout to use BS4 controls. Fixed many security holes. Fixed the custom create section. Fixed the additional images code to load properly. Fixed some problems found in the original addon as well as some of mine in the previous version. Moved the information message on file creations to the header instead of it blocking the page. Removed definitions from the functions file. Removed the magic quotes code. Replaced the block of code for deleting a product with a call to the stock functions. PRO Version: Added an option to upload all images from within Easy Populate. Added an option to check image usage. Please note: Since google shopping is once again, partially, free, I changed the old Froogle code to work with it. But the output still follows the rules of the original Froogle. So while this option may work for some shops, if you plan to upload to Google Shopping, you would probably be better off using the Google Feeder addon. I may change the code in this addon to provide a full Google Shopping feed at some point but I'm not sure it is worth the time since the other addon exists.
  8. 1 point
    Jack_mcs

    Easy Populate V 3.0

    Yes. It will be released this week.
  9. 1 point
    ArtcoInc

    How To Install SSL Correctly

    @XplorMedia There are 3 areas that need to be set up correctly ... 1) Your website is XplorMedia.com. It is NOT www.XplorMedia.com. Note the www. prefix. You need to make sure that your SSL certificate and website name match. 2a) You need to make sure your .htaccess file redirects people to the correct name. In other words, if people type www.XplorMedia.com, your .htaccess file needs to redirect them to XplorMedia.com (without the www.). 2b) Your .htaccess file must then redirect people to your https:// site. 3) In osCommerce, there are two configuration files: <shop root>/includes/configure.php <shop root>/<your admin directory>/includes/configure.php BOTH of these need to be edited to reflect that you are using a SSL certificate. For example, <?php define('HTTP_SERVER', 'https://XplorMedia.com'); define('HTTPS_SERVER', 'https://XplorMedia.com'); define('ENABLE_SSL', true); Note that there is no www. in the URLs (since your site, and SSL certificate aren't using it), that the httpS is in BOTH URLs, and that ENABLE_SSL is set to true. HTH Malcolm
×