Jump to content

peterbuzzin

Members
  • Content count

    139
  • Joined

  • Last visited

  • Days Won

    9

peterbuzzin last won the day on June 26

peterbuzzin had the most liked content!

1 Follower

Profile Information

Recent Profile Visitors

10,103 profile views
  1. peterbuzzin

    Issue with Recreate Session = true

    PM the address to your site and I'll register with a test account. It would help throw more light on it and as I've never been to your site before there's no danger of stale session cache conflicts.
  2. peterbuzzin

    Quick way to create a maintenance page?

    @JcMagpie on second thoughts you're right, 302 is correct, at first glance I thought it was just doing a rewrite of the URL but it's redirecting so 503.php would be seen in the address bar so a 302 temporary redirect status code is absolutely correct. It's been a long day, ignore me! lol
  3. peterbuzzin

    Quick way to create a maintenance page?

    I like your solution but shouldn't that be [R=503,L] and then not have it in the 503.php page? Setting 302 before 503 could cause some issues and the search engines may only accept the first.
  4. peterbuzzin

    Issue with Recreate Session = true

    This can happen when either the osCsid has been indexed in a search engine, you have hardcoded a URL somewhere that contains the osCsid and you haven't enabled other options in admin that will check to see if the session being recreated belongs to the user that has stumbled across one of those bad links. It might shed some more light on it if you said which payment module you're using too but for now try below. Make sure Prevent Spider Sessions is set to True You can also set the Check User Agent to True Try setting Check IP Address to true, I've found this can sometimes have unpredictable results for payment gateway callback URL's so test this one fully before committing. Try setting Force Cookie Use (again sometimes unpredictable in my experience so test fully)
  5. peterbuzzin

    Quick way to create a maintenance page?

    Ok, so I wouldn't go for the index.html route. This will only work if visitors arrive directly to your domain name i.e. not a category, not a product page etc. Most visitors to your site will be arriving from Google or similar so the chances of them being taken to your homepage are slim as the search engine will take them to the most relevant page based on their search. This is my quick and dirty fix. It works based on IP address and allows you to enter your IP so that you can continue to view the site whilst it's in maintenance. Everything I do has keeping the Search Engines happy as a priority, never put your site into maintenance without setting 503 status code. This will tell the Search Engines that the page/site is temporarily under maintenance and to NOT reindex your site overwriting the previous correct page content with the temporary maintenance content (otherwise you'll end up with 1000's of entries in Google saying "We're under maintenance". There's also a setting to inform the search engines when to revisit i.e. when you will be finished performing maintenance. This is only a suggestion and the search engines don't have to honour your suggestion. There is one caveat, if your site is behind a service such as Cloudflare then the $_SERVER['REMOTE_ADDR'] will not be able to get your IP address so you wont be able to see the front-end of the store either. Paste this in the very top of your includes/application_top.php file just after the <?php tag <?php $showMaintenancePage = false; $showStoreToVIP = 'ENTER YOUR IP HERE'; // Enter your IP here $tellSearchEnginesToRevistAfter = '3600'; //This tells the search engines the amount of seconds to wait (or you can enter a date in this format: Wed, 21 Oct 2015 07:28:00 GMT) before revisiting if they crawl your pages during maintenance function set_503_header() { global $tellSearchEnginesToRevistAfter; $protocol = 'HTTP/1.0'; if ( $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1' ) { $protocol = 'HTTP/1.1'; } header( $protocol . ' 503 Service Unavailable', true, 503 ); header( 'Retry-After: 3600' ); } if($_SERVER['REMOTE_ADDR'] != $showStoreToVIP && $showMaintenancePage){ set_503_header(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Your Company/Site Name</title> <style type="text/css"> body,td,th { color: #81B600; font-family: Gotham, "Helvetica Neue", Helvetica, Arial, sans-serif; font-style: normal; font-size: 14px;} body { background-color: #FFFFFF; margin-left: 0px; margin-top: 0px; margin-right: 0px; margin-bottom: 0px;} h1 { font-size: 30px; color: #81B600;} h2 { font-size: 18px; color: #81B600;} div{ margin-top:50px; text-align:center;} </style> </head> <body> <div> <h1>Your Site Name</h1> <h2>Tel: 01234 123456</h2> <p>We are currently performing maintenance on our site.</p> <p>Please accept our apologies for any inconvenience caused and check back soon.</p> </div> </body> </html> <?php exit(); } It's just a basic HTML page, Change the style/contents to suit your needs. To activate the code change $showMaintenancePage to true, $showStoreToVIP to your IP address and enter the amount of seconds you think you'll be likely performing maintenance or a date when you'll be finished.
  6. peterbuzzin

    Login with PayPal saying return url is wrong

    Hey @MrPhil it's separate as although it needs to be done in order for Login with PayPal to work it would also need to be done in order to use any other "Login with *" module. For simplicity, I'd recommend Option 1 "Relocating the code back to login.php" and then you don't have to remember to always have all "Login with *" set with a lower sort value than "Login Form", it could be any sort value once reverted back to login.php. The code isn't specific to cm_login_form.php and was intended to be available to all login modules, it should not have been moved.
  7. peterbuzzin

    Module import/export

    Personally I think it's a nice idea. If you're just looking after one store, probably your own then you wouldn't have much need for it. My employer has nearly a 800 clients and nearly 2000 hosted sites. We try to save time by reusing as much previous work/code as possible to make us more efficient. We also have live/production and staging/development areas where we may duplicate sites and place them for additional development without affecting the service of the live site/store. At the moment after testing, I'd either have to copy rows using Navicat from the DB and paste in the live DB or install the module and manually enter the details again into the live store/site. This would be a nice feature. I might add it to my to-do list Smoky!
  8. I want to make this absolutely clear as well that I'm not trying to pass any judgement on Burt. I've said on enough previous posts that I think he has done an absolutely outstanding job on keeping the project moving, I don't envy the task that he volunteered for. I have a huge amount of respect and admiration for what he's taken on. In my professional opinion it was a bad call and should be reverted. I'm happy to do this if Burt's willing to merge/commit it.
  9. if it is intentional as you say then that is a real shame. Text search/replace across multiple files has been available before the existence of osCommerce, it's a staple of most IDE's where you can define a project folder. Unfortunately we'll have to disagree on the "little, if any, benefit", table prefix functionality is common/standard with pretty much every script (WordPress for example). Unless you're happy to have a separate database for every script you install, table naming conflicts are common and the chances of it happening increase with the amount of tables installed per script, that's where prefixes come into play. Ripping functionality out for the sake of convenience is regression, not progression. I'd hope the table and filename definitions are still loaded at least even if not utilised. I'm starting to understand why HPDL hasn't recognised it when it's pulled away from basic coding standards. Even HPDL's OSC V3 based on MVC architecture uses definitions, albeit in a more modern way. Most modern frameworks use definitions for this purpose in some shape or form. osC has to compete with other carts that are available, make itself as flexible as possible from the ground up and not become a niche hardcoded personal project. I'm sorry to say it but there's not much future in that.
  10. Hi, I've had an opportunity today to start having a look around the code (I wanted to start contributing to it at some point) and noticed that there are a lot (if not all) hardcoded table and filenames. Is this intentional or something on the to-do list to change back to defined constants? If it's intentional it seems like a step backwards/devolution to me. This question may have come up before but does anyone know the thinking/reason behind this? I'm trying to get my head around it. It will make table prefixes and changing filenames so difficult in the future, changing something that gave it flexibility to something inflexible.
  11. peterbuzzin

    Login with PayPal saying return url is wrong

    Update Behind the scenes I've been working on this for supercheaphobb to find out what the cause is. After a lot of investigation today we have found the issue and been able to introduce a solution without much change to the code. This issue is present in every install of the Frozen 2.3.4.1 Fork (straight out of the box) and stores will need to make this change in order to use Login with PayPal (now called Connect with PayPal) or any other similar oAuth/token authorisation service such as Login with Google or Facebook. A some point a decision was made to move script from top of login.php and place it amongst the code of includes/modules/content/login/cm_login_form.php. This would have been fine if that code was only intended for the login form but it's intended to be shared amongst and used by any other modules/content/login/***.php modules that need to (i.e. Login with PayPal). This code was originally designed to execute if $login_customer_id was set and more than zero (that was all it needed), but in cm_login_form.php it's been buried within other conditional statements so it will only execute if the traditional login form has been completed and a user/pass match has been found another reason why this code will always fail when using other authentication methods. Full thanks and credit go to supercheaphobb for his sponsorship of this solution. The original script previously located in login.php is //from login.php (originally) if ( is_int($login_customer_id) && ($login_customer_id > 0) ) { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $customer_info_query = tep_db_query("select c.customers_firstname, c.customers_default_address_id, ab.entry_country_id, ab.entry_zone_id from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " ab on (c.customers_id = ab.customers_id and c.customers_default_address_id = ab.address_book_id) where c.customers_id = '" . (int)$login_customer_id . "'"); $customer_info = tep_db_fetch_array($customer_info_query); $customer_id = $login_customer_id; tep_session_register('customer_id'); $customer_default_address_id = $customer_info['customers_default_address_id']; tep_session_register('customer_default_address_id'); $customer_first_name = $customer_info['customers_firstname']; tep_session_register('customer_first_name'); $customer_country_id = $customer_info['entry_country_id']; tep_session_register('customer_country_id'); $customer_zone_id = $customer_info['entry_zone_id']; tep_session_register('customer_zone_id'); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int)$customer_id . "'"); // reset session token $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); // restore cart contents $cart->restore_contents(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href); } tep_redirect(tep_href_link('index.php')); } And has now been moved to includes/modules/content/login/cm_login_form.php at approximately line 61. There are two possible fixes for this and you can choose whichever will best suit your current/future needs. 1: Relocate/move the code back to login.php (but make sure you remove it from cm_login_form.php) or 2: Move the code outside of the conditionals (if statements) that surround it in cm_login_form.php If you choose option 2, you'll need to ensure that you give Login with PayPal a lower sort value in Admin > Modules > Content than the sort value of Login Form as the Login with PayPal code needs to execute before Login Form (as it would have originally before Frozen). So if Login Form has a sort value of 100, give Login with PayPal a sort value of 50. Option 2 Fix below Select the following code on line 61 //from login.php if ( is_int($login_customer_id) && ($login_customer_id > 0) ) { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $customer_info_query = tep_db_query("select c.customers_firstname, c.customers_default_address_id, ab.entry_country_id, ab.entry_zone_id from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " ab on (c.customers_id = ab.customers_id and c.customers_default_address_id = ab.address_book_id) where c.customers_id = '" . (int)$login_customer_id . "'"); $customer_info = tep_db_fetch_array($customer_info_query); $customer_id = $login_customer_id; tep_session_register('customer_id'); $customer_default_address_id = $customer_info['customers_default_address_id']; tep_session_register('customer_default_address_id'); $customer_first_name = $customer_info['customers_firstname']; tep_session_register('customer_first_name'); $customer_country_id = $customer_info['entry_country_id']; tep_session_register('customer_country_id'); $customer_zone_id = $customer_info['entry_zone_id']; tep_session_register('customer_zone_id'); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int)$customer_id . "'"); // reset session token $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); // restore cart contents $cart->restore_contents(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href); } tep_redirect(tep_href_link('index.php')); } Cut and paste it on what will then be approx line 65, the line immediately after the closing/right curly brace/bracket and above the line of code starting with if($error == true){ } //PASTE THE CODE HERE if ($error == true) { $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR); } @burt you might want to patch/fix this, if not in frozen then in the Edge version.
  12. peterbuzzin

    Transactional email service

    It's coming, just trying to find the time to finish it
  13. peterbuzzin

    Login with PayPal saying return url is wrong

    1 down, 1 to go, cool. So I can see you already have the redirect fix added to your code, so unlikely to be that as a next step. Can you confirm the account belonging to the registered paypal address you used to login with has been added to your customers list? If it hasn't then a process elsewhere is failing. If the account has been added, delete it. Then clear your cookies and session data, close the browser, reopen and try again. Osc may be storing navigation history and attempting to redirect you elsewhere or may have partially saved user account information and is missing others which is causing a logged in check to be incomplete.
  14. peterbuzzin

    Login with PayPal saying return url is wrong

    Ok, So there is an issue that your login with PayPal is 3 years out of date, the newest version is 2017 but I've ran a comparison and the differences are largely the replacement of HTTP_GET_VARS for $_GET and hardcoded db table names . So all indicators at the moment look good, we'll see how it goes. On approx line 123 find: if ( isset($response['email']) ) { $paypal_login_access_token = $response_token['access_token']; tep_session_register('paypal_login_access_token'); $force_login = false; Replace with: if ( isset($response['email']) ) { $paypal_login_access_token = $response_token['access_token']; tep_session_register('paypal_login_access_token'); $force_login = false; if (!isset($response['given_name']) && !isset($response['family_name'])) { //code to extract firstname and lastname from name $name = explode(' ', $response['name']); $response['given_name'] = tep_db_prepare_input($name[0]); $response['family_name'] = tep_db_prepare_input((isset($name[count($name)-1]) ? $name[count($name)-1] : '')); } Try that and we'll see how far we get and what might need doing after
  15. peterbuzzin

    Login with PayPal saying return url is wrong

    Hi Phil, I suspect this is similar but different. I asked OP to create a separate topic for this instead of posting on my original topic about deprecation. It's all good.
×