Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

cornishpirate

Members
  • Posts

    139
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by cornishpirate

  1. If you install the LORI add-on in Firefox, it will give you Time to First Byte and Time to Completion on any page that is loaded. Then you can easily see if server side is slow or page rendering is slow. Or both of course.
  2. In the UK, Streamline, now part of Worldpay, are pushing hard for PCI DSS compliance. They've teamed up with TrustWave and we've been encouraged to use their TrustKeeper IP Scanning system for vulnerabilities. The only item my site is failing on is XSS, despite the magnificent presence of Security Pro 2!! URL: ....../product_info.php?products_id=%3Cscript%3Ealert%28TK00000004%29%3C%2Fscript%3E Body matches: Vulnerability type: Reflected Cross-Site Scripting Vulnerable input type: URL Query Parameter Vulnerable input name: products_id This may be a very dubious failure, but many of us will have to deal with it. Any thoughts?
  3. I use a few ReWriteRule in my htaccess in the form RewriteRule ^(.*)-p-717.html$ product_info.php?products_id=616 When invoked, the USU5 404 page gets displayed, whereas with 'SEO URLs', it worked fine. Any thoughts on how I can get round this?
  4. In the interests of security, I have changed the names of almost all root PHP scripts. USU5 is working fine for me except for the fact that generated URLs stay in the original format (product_id etc) If I set everything to revert to 'product_info.php', then it behaves as I would expect. Since all references are to FILENAME_PRODUCT_INFO, this is a mystery. Any thoughts.
  5. Cache Location. My live server does not allow ANY write access within the document root, so I need to DEFINE a path outside of it. I do this with the standard osC backup directory. It would be nice to have this as an option, but in the meantime does anyone have any guidance on this before I hack things around too much! Alan
  6. Probably a PHP error. Check the server log.
  7. I'm returning to OPC after a few months break and have installed 1.093 on my RC2a. Much better than 6 months ago, but I'm getting 'There was an error setting payment method' using Protx Direct. Can someone point me in the right direction to code around this?
  8. Sitemap SEO V 1.5 Trying to validate sitemap.php with W3C. My sitemap includes products, but when a category only has subcategories and no products an 'empty' UL block is produced. W3C doesn't like this. The errors can be seen here Happy to try to fix the code, but would appreciate any pointers!!
  9. Are there any plans to incorporate QTPro with this?
  10. Stephen Thanks for helping me sort the Protx Direct problem. I am running RC2a, but fixed as above indicating MS2 !! Confusing? But what the hell, it works.
  11. I did, of course, try it. On going into checkout.php "There was an error setting payment method, please inform IT Web Experts about this error."
  12. Has anyone used payment module Protx Direct with this?
  13. if ($VARS['quantity']=intval($VARS['quantity'])) { tep_db_query("update " . TABLE_PRODUCTS_STOCK . " set products_stock_quantity=" . (int)$VARS['quantity'] . " where products_stock_id=$stock_id"); } else { tep_db_query("delete from " . TABLE_PRODUCTS_STOCK . " where products_stock_id=$stock_id"); } This is from stock.php. The first line should have '==' and not just '=' The effect for me was to delete the record if the stock quantity was set to zero. I didn't want this, because of an offline 'merge' operation I carry out when updating my live site. Making the change leaves a zero level record in products_stock. Does anyone know if there are likely to be any side effects?
  14. Stuck on just 1 issue: Navigating to a Category the first time, the URL is correctly generated as http://www.****************/candlelight-c-46.html After navigating below it, then returning, it get generated, incorrectly, as http://www.****************/candlelight-c-46_44_46.html Spent ages on this. Any ideas, anyone?
  15. I've just installed this. Very well structured and VERY straightforward to implement. Well done. Alan
  16. The standard Products Purchased report doesn't take account of QTPro/attributes. Does anyone have a fix for this?
  17. UPDATE: Use an HTML Validator to check all important pages. If I'd done that earlier, it would have saved me hours of grief! Alan
  18. Just move to live Protx Direct. CC Payment goes through successfully BUT error is returned to the shop. "The expiry date entered for the credit card is invalid. Please check the date and try again" Using 4.4 Protx Direct. Any Ideas?
  19. I would like to put individual ADD_TO_CART and DELETE buttons against items in a wishlist. The HTML is simple, but can someone offer guidance on the code to replace the existing 'selected' add & delete stuff? /****************** ADD PRODUCT TO SHOPPING CART ********************/ if (isset($HTTP_POST_VARS['add_wishprod'])) { if(isset($HTTP_POST_VARS['add_prod_x'])) { foreach ($HTTP_POST_VARS['add_wishprod'] as $value) { $product_id = tep_get_prid($value); $cart->add_cart($product_id, $cart->get_quantity(tep_get_uprid($product_id, $HTTP_POST_VARS['id'][$value]))+1, $HTTP_POST_VARS['id'][$value]); } } }
  20. The answer was simpler than I expected: onclick ="this.form.onsubmit = null; return true;" added to the ADD TO WISHLIST link did the trick.
  21. QTPro & Wishlist A challenge for the Script experts: The javascript CHKSEL function is invoked with form 'onsubmit'. CHKSEL checks stock quantities before adding to cart. However, this occurs both from the ADD TO CART button and the ADD TO WISHLIST button. I need to modify the code that CHKSEL only runs when ADD TO CART is clicked. Suggestions? Alan
  22. I don't understand why it needs to be 777. Surely everyone except Owner is only going to read it?
  23. I'm using Single Dropdown, but want to place a GIF (In Stock, Low Stock or Sold Out) next to the dropdown box. This, of course, needs to change according the the selection. If you know the internals of QTpro, this must be straightforward. But I don't! Yet. Any ideas?
×
×
  • Create New...