Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Biancoblu

♥Ambassador
  • Posts

    740
  • Joined

  • Last visited

  • Days Won

    10

Reputation Activity

  1. Like
    Biancoblu got a reaction from joli1811 in ckeditor   
    I don't know what osc version you are on, but you could try this http://www.clubosc.com/easiest-install-ever-fck-editor.html
    I'm using it myself, it installs very quickly and works as it should.
    Should it not work for you, try posting on that blog, it's worth it. :thumbsup:
  2. Like
    Biancoblu reacted to burt in add on validation   
    This is not a good idea. Who is to say that 1 addon is better than another. If you are attempting to make a "loaded" version of osCommerce, then fork osCommerce on github and make the changes on there.
     
    Something in the future will be a rating system for addons.
  3. Like
    Biancoblu reacted to Taipo in Hardcore Security for osCommerce HTACCESS   
    Here is the working code: ver 1.0.1
     

    ########## Hardcore Security for osCommerce HTACCESS v1.0.1 ########### ########## AUTHOR: TE TAIPO - [email protected] ########### ## See readme.txt for instructions ########### Options +SymLinksIfOwnerMatch # disable the server signature ServerSignature off # set the server administrator email SetEnv SERVER_ADMIN [email protected] # ~~~~ START OF FILTERING ~~~~~ # # secure htaccess and other files <FilesMatch "(\.htaccess|\.htpasswd)$"> Order Allow,Deny Deny from all </FilesMatch> # add whatever configuration files here that are hosted on your server # that you want blocked <FilesMatch "^(php\.ini|php5\.ini)$"> Order allow,deny Deny from all </FilesMatch> # disable access to the osCommerce config.php <Files ~ "includes/configure.php$"> deny from all </Files> # disable access to the osCommercce admin config.php <Files ~ "admin/includes/configure.php$"> deny from all </Files> <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / # server request method RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD|OPTIONS) [OR] # osCommerce 2.2x RewriteCond %{THE_REQUEST} ^.*\.php/login\.php.*$ [NC,OR] RewriteCond %{THE_REQUEST} ^.*login.php\?action\=backupnow.*$ [NC,OR] # _REQUEST RewriteCond %{THE_REQUEST} \?\ HTTP/1. [NC,OR] RewriteCond %{THE_REQUEST} \/\*\ HTTP/1. [NC,OR] RewriteCond %{THE_REQUEST} %20HTTP/1. [NC,OR] RewriteCond %{THE_REQUEST} cgi-bin [NC,OR] RewriteCond %{THE_REQUEST} (showimg=|cookies=|passwd) [NC,OR] RewriteCond %{QUERY_STRING} (file_get_contents\(|setcookie\() [NC,OR] RewriteCond %{QUERY_STRING} (\,0x3a\,|unescape\(|fromcharcode|pwtoken_get|php_uname|passthru\() [NC,OR] RewriteCond %{QUERY_STRING} (eval\%28|eval\%2528|eval\(|base64_(en|de)code[^(]*\([^)]*\)|base64_encode.*\(.*\)) [NC,OR] RewriteCond %{QUERY_STRING} (JHs\=|replace\(|return\%20clk|boot\.ini|php\/password_for|announce\?info_hash) [NC,OR] RewriteCond %{QUERY_STRING} (\_START\_|\=alert\(|mysql\_query|\.\.\/cmd|rush\=|EXTRACTVALUE\(|phpinfo\() [NC,OR] RewriteCond %{QUERY_STRING} (\/frameset|\$\_SESSION|\$\_REQUEST|\$HTTP\_|mosConfig\_|inurl\:|\/iframe|onload\=) [NC,OR] RewriteCond %{THE_REQUEST} (allow_url_fopen|\%23include\+\<|get_defined_vars\(|\%22\'\%2f|error_reporting\(0\)) [NC,OR] RewriteCond %{THE_REQUEST} (fwrite\(|waitfor\%20delay|shell_exec|gzinflate\(|prompt\(|php_value\%20auto) [NC,OR] RewriteCond %{THE_REQUEST} (onmouseover|onmousedown|ct\(this) [NC,OR] RewriteCond %{THE_REQUEST} (ftp\:\/\/|1\=1\-\-|current\_user\(\)|\%3Cform|sha1\(|self\/environ) [NC,OR] RewriteCond %{THE_REQUEST} (\<\%3Fphp|\%\%|1\+and\+1|\/iframe|\$\_GET|document\.cookie|onload\%3d|onunload\%3d) [NC,OR] RewriteCond %{THE_REQUEST} (\%00|hex\_ent|ob\_starting|PHP\_SELF|etc\/passwd|shell\_exec|data\:\/\/|\$\_SERVER|\$\_POST) [NC,OR] RewriteCond %{THE_REQUEST} (\%bf\%5c\%27|\%bf\%27|\%ef\%bb\%bf|\%8c\%5c|\%a3\%27) [NC,OR] RewriteCond %{THE_REQUEST} (\=0\^\() [NC,OR] RewriteCond %{THE_REQUEST} (\@\@datadir|\@\@version|version\(\)|localhost|\}\)\%3B|Set\-Cookie|\%253C\%2Fscript\%253E) [NC,OR] RewriteCond %{THE_REQUEST} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # http referer RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%00) [NC,OR] # mysql related RewriteCond %{QUERY_STRING} (null\,null|outfile|load_file) [NC,OR] RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{QUERY_STRING} (order).*(by).*(\%[0-9A-Z]{0,2}) [NC,OR] RewriteCond %{QUERY_STRING} (waitfor|delay|shutdown).*(nowait) [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR] RewriteCond %{QUERY_STRING} (union|and|position).*(select).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR] # cookies RewriteCond %{HTTP_COOKIE} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] RewriteCond %{HTTP_COOKIE} (eval\%28|eval\%2528|eval\(|information_schema) [NC,OR] RewriteCond %{HTTP_COOKIE} (null\,null|outfile) [NC,OR] RewriteCond %{HTTP_COOKIE} union([^a]*a)+ll([^s]*s)+elect [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(ascii\(|bin\(|benchmark\(|cast\(|char\(|charset\(|collation\(|concat\(|concat_ws\(|table_schema) [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(conv\(|convert\(|count\(|database\(|decode\(|diff\(|distinct\(|elt\(}encode\(|encrypt\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(extract\(|field\(|floor\(|format\(|hex\(|if\(|in\(|information_schema|insert\(|instr\(|interval\(|lcase\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(left\(|length\(|load_file\(|locate\(|lock\(|log\(|lower\(|lpad\(|ltrim\(|max\(|md5\(|mid\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(mod\(|now\(|null\(|ord\(|password\(|position\(|quote\(|rand\(|repeat\(|replace\(|reverse\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(right\(|rlike\(|row_count\(|rpad\(|rtrim\(|_set\(|schema\(|sha1\(|sha2\(|sleep\(|soundex\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(space\(|strcmp\(|substr\(|substr_index\(|substring\(|sum\(|time\(|trim\(|truncate\(|ucase\() [NC,OR] RewriteCond %{HTTP_COOKIE} (union|and|position).*(select).*(unhex\(|upper\(|_user\(|user\(|values\(|varchar\(|version\(|xor\() [NC,OR] # LFI and session hijacking RewriteCond %{QUERY_STRING} \=(\.\./\.\.//?)+ [OR] RewriteCond %{QUERY_STRING} \=(\.\.//\./?)+ [OR] RewriteCond %{QUERY_STRING} \=(\.\.\\\.\./?)+ [OR] RewriteCond %{QUERY_STRING} \=(\.\.\\\\\./?)+ [OR] RewriteCond %{QUERY_STRING} \/tmp\/sess_ [NC,OR] RewriteCond %{QUERY_STRING} php:\/\/filter\/read=convert\.base64-(en|de)code\/ [NC,OR] # if expose_php is set to on RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC] RewriteRule ^(.*)$ - [F,L] </IfModule> # ~~~~ END OF FILTERING ~~~~~ # # OPTIONAL EXTRAS # Uncomment and use. # If Error 500 encountered then comment out # disable directory browsing, if error 500 encountered then comment out # Options All -Indexes # prevent folder listing, if error 500 encountered then comment out # IndexIgnore * # php_value session.use_trans_sid 0 # auto keep the config file read only # chmod configure.php files 444 # turn off magic_quotes_gpc # <ifmodule mod_php4.c> # php_flag magic_quotes_gpc off # </ifmodule> ########## End of Hardcore Security for osCommerce HTACCESS v1.0.1 #################
     
    Like I said, it needs work.
  4. Like
    Biancoblu got a reaction from cruda55 in ULTIMATE Seo Urls 5 - by FWR Media   
    Haha, of course, I'm the bad ungrateful dummy that quarrels with the experts, sure, a classic.
     
    The fact that I had to explain to you the difference between a browser's cache and the google cached pages says it all on your knowledge.
     
    Lastly, please stop copying what is being said on other threads, will you. For your information, I have always seen, and still see, a broken cached page both on FF and IE, here today in Switzerland.
  5. Downvote
    Biancoblu got a reaction from germ in IP trap Version 3 released   
    Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea.
  6. Downvote
    Biancoblu got a reaction from Equalizer in IP trap Version 3 released   
    Nic, I have uploaded the package you mentioned to your IP Trap.
     
    This is a way of blocking the listing of folders by uploading a fake index to the folder in question.
    When you call the folder in a browser the fake index will load so you won't be able to see the list of files contained in the folder.
    The page will show the date and time of visit, the visitor's IP number, the folder they tried to view, and browser info. Infos will be emailed to you.
    ***WARNING: do not use in folders that already contain an index.php file!***
     
    Nic, again thanks for your IP trap and all your other great contributions.
     
    Isabella
  7. Like
    Biancoblu got a reaction from cruda55 in IP trap Version 3 released   
    Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea.
  8. Like
    Biancoblu got a reaction from cruda55 in IP trap Version 3 released   
    Nic, I have uploaded the package you mentioned to your IP Trap.
     
    This is a way of blocking the listing of folders by uploading a fake index to the folder in question.
    When you call the folder in a browser the fake index will load so you won't be able to see the list of files contained in the folder.
    The page will show the date and time of visit, the visitor's IP number, the folder they tried to view, and browser info. Infos will be emailed to you.
    ***WARNING: do not use in folders that already contain an index.php file!***
     
    Nic, again thanks for your IP trap and all your other great contributions.
     
    Isabella
  9. Downvote
    Biancoblu got a reaction from Equalizer in IP trap Version 3 released   
    Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea.
  10. Downvote
    Biancoblu reacted to sky_diver in IP trap Version 3 released   
    WHy would you want to flood V3 with incomplete downloads? I think we have all seen enough of that with the current Milestones.
  11. Downvote
    Biancoblu reacted to sky_diver in Need a custom category menu   
    I showed you one that would do it. Open your eyes. Its bad enough you cried for help only an hour after your initial post, and now you ignore your answer. Shame for shame!
  12. Like
    Biancoblu reacted to dynamoeffects in PayPal Payflow Pro [New Version]   
    Development has been moved to github. Please add all issues or requested code fixes under the issues tab at the following website:
    http://github.com/Dy...-for-oscommerce

    @FlyingKites: The whole error handling portion has been updated and pushed to GitHub (you'll need to download it from the link above). It now handles all error responses correctly. Please test it and let me know if there are any problems with it. If it's fine I'll update the contribution.
     
    @jrcreasy: I honestly have no idea. Try disabling sending emails in your admin configuration settings and see if that fixes the problem. Also try using a different payment module like COD. More than likely the problem is further down in your checkout flow.
     
    @AM/PM-Girl: Yes, that bug fix I showed you needs to be applied whether you use this module or not.
  13. Like
    Biancoblu reacted to Jack_mcs in Automatically send data feed to Froogle   
    Most hosting companies will say they don't support third-party scripts but it won't hurt to ask. There's no need to ask google since the problem is before they are involved.
  14. Like
    Biancoblu reacted to Jack_mcs in Automatically send data feed to Froogle   
    A new version has been uploaded with these changes:
     
    - Added code to include for tep_not_null, which is a failure for some installations
    - Changed deprecated label column heading to product_type
    - Changed installation instructions to include setting up a feed creation link in admin
     
    This update doesn't contain anything new for shops with working installations. It is just meant to make it easier for future installations. The only exception is if you want to have the option of manually creating a feed in admin by clicking on a link.
  15. Like
    Biancoblu got a reaction from FIMBLE in IP trap Version 3 released   
    Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea.
  16. Like
    Biancoblu reacted to Guest in IP trap Version 3 released   
    I got to your site so I am not banned (thank you), then I went to "the" folder and was redirected to the home page. So, for me it worked as expected.
     
    PS I tried IE6 and FF.
     
    PPS on my site I copied the contents of "the" directory to a new folder called admin.
  17. Downvote
    Biancoblu reacted to FIMBLE in IP trap Version 3 released   
    OK i had enough of you now,
    I found out who it was and PM'd him to ask if it was OK to publish he said yes, this was after i had done so but could have had it taken down, (you can of course PM him and ask him if i did or not) if you are so hot then sort it yourself and release it, some people seem to only want to complain and you seem to be one of them, rather than be constructive you choose to attack.
    If i'm so bad then why has HPDL been asking me to help him with some work?
    People like YOU make people like me wonder why the hell i bother at all
    I have helped thousands of people here and release a LOT of contributions. If you do not like them then do not use them.
    Taking an idea and releasing it as a contribution when no-one else seems to want to for the benefit of all is not a new thing it happens a fair amount.
  18. Like
    Biancoblu reacted to Jack_mcs in Auto Update Currencies   
    If your shop offers more than one currency, you need this contribution. With excahnge rates changing daily, at times, it is important to keep them up-to-date. Many, if not most, shop owners are not aware that this needs to be done. This contribution can be ran as a cron job or semi-automatically and will handle the updates for you. The existing Update Currencies contribution uses an external site that has changed their policy which means the updates may not always work. It also uses code that will prevent cron jobs from working on all servers. This contribution uses changed code and the same sites that oscommerce has always used so those problems should not occur.
     
    Jack
  19. Like
    Biancoblu reacted to Jack_mcs in Links Manager II   
    This is a replacment for the Links Manager contribution. However, due to the many changes made, the code is no longer compatible with that version so I'm starting this new thread to make support easier. This version addresses many of the short-comings the other contribution has. Here is list of the major changes:
     
    - Added code to includes/modules/links_listing.php and missing classes for sort heading problem with the standard listing box.
    - Added code based on code submitted by rabbitseffort that presents the link exchange information in the links submit page is an easy-to-copy format.
    - Added option to check for blacklisted words. The words are defined in a new setting in admin->configuration->Links.
    - Added option to disable reciprocal link checking for individual links.
    - Added a count option to admin->Configuration->Links that will allow links to be checked by the Check links script a number of times before the link is disabled. This was needed since some sites may not be working when the check is performed.
    - Added checkboxes to Links Status page to easily change status to Approved.
    - Added option of having nested categories.
    - Added option of having no categories (for display - one in admin still needs to exist).
    - Added code to check for the existence of at least one category in admin->Links Manger->Links. If not found, the code redirects to the admin->Links Manger->Link Categories page.
    - Added option to display link count, or not.
    - Added option to create a new category from within the links edit page.
    - Added link category name to the links page.
    - Added login option to allow link partners to edit their own links.
    - Added option to Featured Links so that a featured link will be displayed on all link pages or just on the one it is listed for.
    - Changed code so that the breadcrumb link has the session ID attached.
    - Changed code in admin/links.pgp so search function works as expected.
    - Changed code in admin/links.php to generate a normal link instead of an SEO one, which was causing some sites problems. If you want that ability, you should install Ultimate SEO with the update for Links Manager.
    - Changed links_db_update.php script so that it will update the admin->configuration->Links options while keeping the current settings in place.
    - Changed code so that the categories description is displayed as a true categories description on the page under the page heading.
    - Fixed search code so it finds the links from any page.
    - Included fixes from partial updates and items mentioned in the support thread.
    - Removed extra code from links_check.php file to speed up checking.
    - Removed the code for the Rating option since it was never implemented.
    - Renamed to Links Manager II since the large amount of changes would cause support problems.
    - Made many small fixes and changes that are too numerous to mention.
     
    I didn't convert the language files since I don't know the languages. The format of at least one changed so I couldn't just do a copy/paste without changing the original. So, either way, something would be wrong with those files. Converting them will not be difficult if you know the language though.
     
    The code has been installed into several shops and no problems have been reported. But there is a lot of new code here so it is still possible that could happen. In other words - backup first.
     
    Jack
  20. Like
    Biancoblu reacted to Jack_mcs in Google XML Sitemap SEO   
    This isn't a new contribution and I don't claim the code in it. This is an update to the excellent work Chemo did on the Google XML Sitemap Feed located here: http://addons.oscommerce.com/info/3233 - version 1.3. It was added as a new contribution do prevent the corruption that exists in so many contributions lately.
     
    This version includes the following changes:
    - Manufacturers site map
    - Specials site map
    - Human readable output
     
    The feeds automatically adjust to match the urls if Ultimate SEO is installed, thus preventing some blocked url's by the search engines.
     
    If you have version 1.3 of the above contribution installed, you can just upload all of the files to update to this version. Be sure to run the sitemap afterwards though.
     
    Jack
  21. Like
    Biancoblu reacted to Jack_mcs in Header Tags SEO   
    This is the support thread for the new Header Tags SEO contribution. It is based on the Header Tags Controller but is not compatible.
     
    Why the new name?
    There are a couple of reasons for this. First, so much has changed in the code that it is mostly a different package and maintaining it would be difficult if it were considered just an update. But beyond that, a lot of people mistakenly confuse the Header Tags Controller as just a meta tags handler. It is that but has gone beyond that basic function for some time now. So to compare it to the other meta tags contributions is just wrong. And I should say here that if all you are looking for is a way to handle the meta tags of your shop, you should not install this contribution since it is definitely overkill. But when you consider that the keywords meta tag is rarely used by google at all nowadays, I can't imagine why someone would want to install a package that relied on that tag so much. And that is the real reason for the new name. This contribution is the only one of its kind to tie together so many Search Engine Optimization (SEO) tricks, that the new namejust made sense.
     
    What's the difference?
    The following are the major changes (or the ones I could remember) in this new
    contribution:
     
    -> The code is 100% langage compliant.
    -> Removed the english/header_tags.php file in favor of database entries.
    -> Fixed a bug introduced in a previous version. A spelling mistake would make Page Control fail in some cases. I only mention this here because it was a nasty little bug I could never locate. So anyone having that problem should consider upgrading.
    -> Added control options to admin->Configuration.
    -> Added additional meta tag options. It is doubtful these will be used that much but a number of requests were received for this option so it was added.
    -> Added an option to view the title and meta tags on the actual web page from admin.
    -> Added Social Bookmark code.
    -> Added code to apply mouseover text to the sites logo - unique for each page.
    -> Added code to have the breadcrumb use the header tags titles.
    -> Added an exclude list in admin/includes/functions/header_tags.php that prevents header tags code from being added to certain files (like checkout pages). This is because those pages don't need tags and excluding them will simplify matters.
    -> Added option to Page Control and Fill Tags so that the keywords can be dynamically generated from the pages on the site. Currently, the code only supports single keywords but I plan on changing that. There is an option in admin to only pick keywords that fall within the keyword density settings.
    -> Added an automatic page add feature. You still have to edit the actual file in the root but that's all.
    -> Added easy install instruction for STS shops. There is just one change to make and the two contribution work together.
    -> Added code to have the new features work with BTS based shops. There may be a few cases where an option doesn't work due to how BTS handles the files, but they should be minimal and not anything to cause a great stir.
    -> Changed how title, description and keywords are built. This should provide more flexibility for those that want that option. Each item has a sort order and is displayed in the string of text based on that sort order. So, for example, the title of a page can contain some entered text, the default title and the category and manufacturers names (if applicable), in any order.
    -> Added an Un-Install file to completely remove Header Tags from the database. This should make testing and troubleshooting easier.
    -> Added code to use curl instead of standard php file calls. The code will try curl first and then switch to a file command if it is not present.
    -> Tested in MS2, RC2, STS and BTS shops.
     
     
    Special thanks to the following for their suggestions:
     
    bkellum
    java roasters
    surfalot
     
    A lot of time went into creating this contribuiton. I hope it proves useful.
     
    Jack
×
×
  • Create New...