Jack_mcs

You should be checking the results of the querys. The code assumes the variable is set but it may not be. Also "sl.stocklabel_id" doesn't exist.

I seem to recall an addon that add a number of options to the contact us page, though I can't recall its name. Maybe Super Contact, or something like that. My old Links Manager addon has the code to upload an image. If you download it and look at the links submit file, you can see how it is done. But it wouldn't be a big change to do that. Use the file command so the customer can browser their computer for the image and then change the form to store it. But be careful, hackers will really enjoy being able to upload things. You should, in the least, limit the files to image types.

@radhavallabhSince it works in other shops but not yours, it must be something unique to yours. If you turn the addon off in admin do all of the urls work correctly? If it does, try using the Uninstall setting and then reload the shop side. Does that fix it? If not, try turning off all cache options in the settings and try again. If it still fails then the only thing I can think to do is to install it into a new, basic, shop. That should work since it works here. Then you can try it with your database and if it fails, then it is something there that is causing the problem.

@bnguruPlease see the PM I sent.

This is not clear to me. Are you using the file from the addon package or from the Phoenix package? I just compared a .87 shop I have it installed in with the files from the Phoenix package and they are the same, except for what this addon changes, and the urls are working fine in it so I can't think of any reason why it is failing for you.

Then that makes more sense to me. The 480 would prevent a second account from being created for 480 minutes. Some customers like to have an account for home and one for business so such a large number could cause a failure for them. Which is the correct value depends on your customers and how badly the site is being hit by hackers.

If you mean the "Create Account Period" setting, that is in minutes, though I never tested with fractions of a minute. But either way, the lower the setting means the more chances the hackers have to create accounts so your results seem wrong. It might be that the code is seeing the low setting as invalid and is using a higher value? As you probably know, hackers use scripts to create accounts so they retry immediately on failure. real people can't go that fast. So a low setting allows retries more often. A high setting, like 20, would mean the person, or script, would have to wait 20 minutes before creating a new account. That may block real customers in some cases.

@radhavallabhIt is working here for that version and others has it working in their shops so it must be something in your installation. Maybe you overwrote the href_link.php file with the upgrade? If that isn't it, are you getting any errors? Do the settings show up in admin?

That option was added quite a few versions ago so you really should update since there are other, more important, changes and fixes in the newer versions.

Have you installed the latest version and applied the fix mentioned in this thread?

admin->Modules->Header Tags There is a capatcha option in Honey Pot. But it, and googles, is controlled by javascript which hackers can get around.Plus, in my opinion, it is a bother to your customers. Adding to my earlier way to catch these, if you don't sell to the countries that don't have zones then delete that country from the list in admin->Locations/Taxes. The hackers will just use a different country but if that country has zones, Honey Pot should catch them. You can also install my View Counter and use the country blocking option to stop them from being able to use the site at all.

Enter google into the bad words setting of Honey Pot and it will stop them. Ukraine is one of the countries without zones in the database so that prevents Honey Pot from checking other things, like the post code. But if you never sell to that country, you can also add it to the bad word list.

I've sent requests twice to see it - once recently and once when it was first announced. Never was approved for some reason. I'm curious why the secrecy? It seems to me that the more people having access to it, the better the testing would be. Is it a marketing ploy, or something like that? It just doesn't seem to make any sense.

It depends on what details are in the account. Honey Pot can only check for invalid entries so an account can be created as long as it doesn't violate one of the rules, like numbers in the name. I ran across a recent problem where fake accounts were being created. All of the data in the account was valid except for the post code. However, the countries used didn't have zones (states or provinces) in the database so Honey Pot couldn't check the post code since there is nothing defined for those countries. If that isn't the problem then please post the details of one of the fake accounts so I can see if there is any way to stop them.

@johnwebsterqThe databases of the two shops are not compatible so there's no simple way to migrate. You can pay to get the database converted, like with cart2cart, but the cost can be high depending upon how many things are to be converted. So short of the database, you can do it yourself. Just install a version of oscommerce, and set it up as you want. Doing this is not difficult but if you've never worked with oscommerce it could take a while for you to work through it. In that case it might be best to hire someone to install and set it up for you. The main advantages of switching is that you don't have to pay to have an oscommerce shop and you can make whatever changes you want without approval, both of which are required by Shopify. For what it's worth, I have had some of our hosting members that switched to Shopify only to switch back within a year. Each said they were not happy with the costs and restrictions of that shop.