Jump to content

cliffr

Members
  • Content count

    8
  • Joined

  • Last visited

Profile Information

  • Real Name
    Cliff Rose
  1. cliffr

    Payment Modules will not Update

    Hi Bill, yes it was one as you suggested for the reset(ar) after do_magic_quotes function. All the servers I have run the setup on have been identical setup (custom linux kickstart) running on Centos 4.4, then fully patched. The process is then, a lot of customisations made to the core O/S which are mostly security/lockdown and install/configure/lockdown of any base apps (eg: mailserver/webserver/daemon configs and startup,mysql/php/SSL etc...) Then only after all above passes a full audit and penetration test, other internet facing apps like shopping carts, forums, blogs are added and faced with some rigorous tests. (and debugged and fixed !) So when I said "I don't have time to waste to try and find out", I certainly didn't mean it's a waste of time to find out ... :) What I really mean is just that I don't have time, otherwise I probably would really try to nail it down. A quick check on versions gives me: php 4.3.9, mysql 4.1.20 php is running as an apache module, I guess that would probably be the same for most installations these days. Let me know if there's anything I may be able to help with ? Thanks to all the good people like yourself for helping over here, cut my work in half to get this going. Cheers - Cliff
  2. cliffr

    Credit Card Security Code

    I would be very careful, have you had a professional security audit done ?. The probelm is that the credit card module is storing all the customers credit card details "Unencrypted" in your database. On top of that, the default installation of oSCommerce is very very insecure. There is a lot of mis-information on the internet and in these (and other) support forums, which is downright dangerous to anyone doing online e-commerce. The instructions I see from people saying thing like "Just change all your directory and file settings to 777" make me cringe. Doing this one thing totally opens up your installation to be hacked, and yet it is a commonly given instruction to "fix" things. (It'll fix things allright, but not the way you would want if you only knew !.) Anyway ... my point is, if you don't need peoples credit card details, then you don't want them, the risk is totally unnecessary, and with the oSc credit card module and the standard install, the risk would be considered very high. If you are on any kind of shared hosting, you shouldn't be doing any e-commerce that involves storing of personal details, and **Especially** credit card details.
  3. cliffr

    Credit Card Security Code

  4. cliffr

    Payment Modules will not Update

    Sorry but this is definitely not a php 5 issue. I have installed this on 4 servers now, ALL using php 4.3 and ALL of them exhibited this problem. I suspect it could be affected by some php setting, but I don't have time to waste to try and find out. Maybe register globals, since the first requirement in the environment I instaled in is Register Globals to be turned off, so installed the register globals patch first (and then you have to debug/convert many modules as you install them). Cheers - Cliff
  5. cliffr

    Multi_Vendor_Shipping new thread

    Hi there, the problem with module updates not saving the settings are a bug in OsC 060817. I you have the 060817 version of OsC, you really need to apply this fix, it is an absolute must so if you haven't yet, please do this before trying anything else. It is a simple one line fix to two files, catalog/admin/includes/functions/compatibility.php catalog/includes/functions/compatibility.php Here it is again exactly as posted previously by Bill Kellum: 1. Open the catalog/admin/includes/functions/compatibility.php. 2. At the end of the “do_magic_quotes_gpc” routine, add the following code: reset($ar); It will end up looking like this: function do_magic_quotes_gpc(&$ar) { if (!is_array($ar)) return false; while (list($key, $value) = each($ar)) { if (is_array($ar[$key])) { do_magic_quotes_gpc($ar[$key]); } else { $ar[$key] = addslashes($value); } } reset($ar); } Good luck !.
  6. cliffr

    Official PayPal IPN Support Thread

    Hi again, I checked back through this thread, and if I understand your problem correctly (correct me if I've misunderstood) the issue you have is: 1) You can "Install" the paypal IPN module under Admin->Modules->Payment, so you then see the "Credit/Debit card (via Paypal)" with the options now being "Remove" and "Edit" 2) Then you strike the problem when you try to "Edit" the module, and do things like set: "Enable Paypal IPN Module" to True. ... and ofcourse other settings like the "E-Mail Address" etc... If this is what's happening, I strongly suspect that your problem is because of the bug in OsC 060817 which I mentioned above. AlexStudio a few posts back pointed someone to http://forums.oscommerce.com/index.php?showtopic=251673 The same fix in that thread is also in a STS module fix: http://www.oscommerce.com/community/contributions,1524 I you have the 060817 version of OsC, you really need to apply this fix, it is an absolute must so if you haven't yet, please do this before trying anything else. It is a simple one line fix to two files, catalog/admin/includes/functions/compatibility.php catalog/includes/functions/compatibility.php Here it is again exactly as posted previously by Bill Kellum: 1. Open the catalog/admin/includes/functions/compatibility.php. 2. At the end of the “do_magic_quotes_gpc” routine, add the following code: reset($ar); It will end up looking like this: function do_magic_quotes_gpc(&$ar) { if (!is_array($ar)) return false; while (list($key, $value) = each($ar)) { if (is_array($ar[$key])) { do_magic_quotes_gpc($ar[$key]); } else { $ar[$key] = addslashes($value); } } reset($ar); } Please let us know how you go. Good luck !.
  7. cliffr

    Official PayPal IPN Support Thread

    Hi there, Have you installed the MS2 060817 ?. Are your other Admin settings updating ?. Hopefully this may help. There is an issue with the 060817 update, where Admin settings are not updated (I had the same) and I found this patch. Although it's been posted in the STS modules, it applies even if you don't have STS installed. Go to : http://www.oscommerce.com/community/contributions,1524 Look for : osC MS2 060817 Module Patch for STSv4.2 & 4.3 It is a simple change to the compatibility.php files (both in the catalog and admin includes/functions dirs) Please let us know, and good luck !.
  8. cliffr

    Multi_Vendor_Shipping new thread

    Hi there, I'm struggling to integrate MVS with the IPN module. Would it be possible for you to post your changes here ?. Looks like there are a few people interested in this. Thanks - Cliff
×