Jump to content

spooks

Members
  • Content count

    6,946
  • Joined

  • Last visited

  • Days Won

    18

Reputation Activity

  1. Downvote
    spooks reacted to morris7 in product_info.php merge   
    Hi people,
     
    My store needed multiple images so i implemented the add-on "Simple Multiple Images (Unlimited) with Fancybox" (http://addons.oscommerce.com/info/7008). I got this working fine. I then needed to use the add-on QTPro 4.6.1 (http://www.oscommerce.com/community/contributions,888) to get quantities linked to certain attributes. There's a large number of files involved in QTPro and i have successfully merged all but one of them! product_info.php is used with both QTPro and simple multiple images and similar sections have been altered. Has anyone out there successfully used both of these add-ons - i.e. you have merged product_info.php successfully between these two add-ons.
     
    Cheers,
    Morris
  2. Downvote
    spooks reacted to maffe in popup image not working after STS4.6_1   
    Yes i read it, i made a popup_image.php.html file in my template dir, but it does not work.
    What need i do more? Can you give me a hint please.
  3. Downvote
    spooks reacted to gruntstyle in Help! Install "Simple Multi Image Add-on with FancyBox Popups" step by step   
    I have reported it a couple of times with the error to the support forum. It didn't help. It was a parse error regarding the categories .
  4. Like
    spooks got a reaction from Dandon in Simple Multi Image Add-on (Un-Limited) with FancyBox Popups   
    In the doc it says:
     
     
     
    Did you miss that?
     
     
  5. Downvote
    spooks reacted to Francys in [contribution] Security Pro - Querystring protection against hackers.   
    is anyone ever answering? btw im newbie to this forums, what is the average response time?
    i posted 5 critical issues in different threads affecting my shop 2 days ago and so far noone has answered me with an attempt of solution... i'm not the type of hassling to much with questions, i don't like to bother people and i think these forums are built to try and help, i know people here is volunteer so i really try to only post important things and if i can help anyone i will of course.
     
    And to be honest with you i thought oscommerce community would be bigger... for instance i tried to find but these forums don't have brazilian or portuguese sections (only german i think)... correct me if im wrong please thanks.
  6. Like
    spooks reacted to FWR Media in [contribution] Security Pro - Querystring protection against hackers.   
    Although this subject has a post elsewhere I was asked to put it up as a contribution especially as now we have some solid usage suggesting no major issues.
     
    Quite recently I was involved in a topic related to customer_testimonials contribution where the "hacking world" had been made aware of an opportunity to hack osCommerce via a vulnerability in the querystring ($_GET/$HTTP_GET_VARS).
     
    Our response was to "cleanse" the incoming $_GET/$HTTP_GET_VARS. However this approach is a losing game as with security it never makes sense to run around trying to sure up contributions individually. So I've been looking at this on "another forum" and have come up with a solution that I would now call beta.
     
    The concept here (not a new one) is to totally sanitise the incoming ($_GET/$HTTP_GET_VARS) at source (the top of catalog/includes/application_top.php) then to sanitise $_REQUEST by $_REQUEST = $_GET + $_POST (Yes we lost $_COOKIE).
     
    By "sanitise" they key here is that we are ALLOWING certain characters to exist in the querystring NOT trying to clean away some dirty ones.
     
    The danger here of course is that we inadvertently remove a character that is required for a legitimate osCommerce function.
     
    After much testing allowed characters are as follows: -
    a-z
    A-Z
    0-9
    .(dot)
    -(hyphen)
    _(underscore)
    {}
    space (needed for search)
    % (To avoid breaking urlencoded strings used by payment systems) - Thanks perfectpassion.
     
    We are zealously cleaning here so there is always a risk that some contibution may introduce to the querystring a character that is not allowed, so please ensure that you fully test that all your payment systems etc. are functioning correctly.
     
    Upgrade: This package has a minor change to the code/positioning in catalog/includes/application_top.php (To allow admin On/Off). Plus an install script for the admin settings.
     
    Hope it keeps you all safe.
     
    Contribution http://addons.oscommerce.com/info/5752
  7. Downvote
    spooks reacted to Gijs van Egmond in "copy, move and delete multiple products" addon doesn't work   
    $Id: products_multi.php, v 2.5b This code works on RC2A.
  8. Downvote
    spooks reacted to wellgolly in Add Multi Products Checkbox v1.0   
    Is there any support here??? Simple Question I asked. Is there a fix or there isn't.
  9. Downvote
    spooks reacted to RadarLeads in All Links from Template end up at index.php   
    So I had my companies tech guy install oscommerce and get a template up and everything was working good last night. This morning though when I logged in, I can edit all the files in the admin side just fine. But on the site, whenever you click any of the links it brings the user right back to the index.php site. how can this be fixed? you can see for yourself at **removed**. Thanks a ton for any help!
  10. Like
    spooks reacted to hobbynet in Remove & Prevent duplicate content with the canonical tag   
    Hi Sam,
     
    I have implement some line of code within you function. Please take a look:
     
     
    //hobbynet: deactivate the original array setting code
    //$remove_array = array( 'currency','language','main_page','page','sort','ref','affiliate_banner_id','max');
    // Add to this array any additional params you need to remove in the same format as the existing
     
    //hobbynet: set parms to be removed in general
    $remove_array_general = array( 'currency','language','main_page','page','sort','ref','affiliate_banner_id','max');
     
    //hobbynet: set parms to be remove for each defined page
    //hobbynet: can be enhanced with the page-name e.g. specials.php as the key and set the parms to be removed in the second array
    //hobbynet: keep in mind; each page-specific array entry has to be splitted with "," (comma)
    $remove_array_page = array('product_info.php' => array('manufacturers_id') // e.g. manufacturers_id has to be removed in product_info.php
    ,'index.php' => array() // e.g. nothing to remove in addition to the general-remove-array
    );
     
    //hobbynet: merge arrays together general-removal-array and page-specific-removal_array
    //hobbynet: $basefile is set to the current requested page
    //hobbynet: get the page-specific-removal-array keyed by the value in $basefile with "$remove_array_page[$basefile]"
    $remove_array_merged = array_merge($remove_array_general, $remove_array_page[$basefile]);
     
    //hobbynet: use the new $remove_array_merged in stead of the orig. $remove_array
    foreach ( $remove_array_merged as $value ) {
     
     
    It will work and it will remove e.g. the manufacturers_id in product_info.php but not in index.php or other pages
     
    Kind regards
     
    peter
  11. Downvote
    spooks reacted to jigga1234 in how easy is this site to recreate using templates   
    Hi,
     
    I was wondering if anyone could offer me some wisdom on a problem that I am having.
     
    I have a friend who would like me to have a look at designing them a website.
     
    I am familiar with adding flash elements and javascript into a template and am also resonably ok with the design aspect of sites.
     
    Is it possible to recreate a website alomost identical to the following www.modusfireplaces.com using sts?
     
    I have dreamweaver cs3 that I use for certain aspects of my own website design however I use it more as an editing tool for my tremplates rather than something I create my sites on.
     
    Is this something that can be done using oscommerce or does it require a different OS?
     
    My understanding of the site is that it uses very impressive graphics and images (high quality) however the layout and functionality of the site looks very easy.
     
    Any help or tips on this would be greatly appreciated.
     
    Thank you to whoever has a look and helps out.
     
    :)
  12. Like
    spooks reacted to sky_diver in Anti-hacker Account Mods, Secure your account pages   
    Excellent addon for security. Much better than any type of false trap.
     
    There was one error in includes/functions/account_secure.php:
    At the end it has an extra ) needs to be replaced with ;
     
    For those using Master Password v1.0 with MD5 hash, you will have a couple of querks getting it going. Just replace your includes/functions/password_funcs.php with the following:

    //// // This funstion validates a plain text password with an // encrpyted password function tep_validate_password($plain, $encrypted) { // anti-hacker account $old_exist = true; // if passwords exist in dbase that have not been hexed set to true // EOF anti-hacker account if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($plain) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $plain) == $stack[0]) { return true; // anti-hacker account } elseif ($old_exist) { for ($i=0; $i < strlen($plain)-1; $i+=2) { $password .= chr(hexdec($plain[$i].$plain[$i+1])); } // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($password) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $password) == $stack[0]) return true; // EOF anti-hacker account } } return false; } //// // This function makes a new password from a plaintext password. function tep_encrypt_password($plain) { $password = ''; for ($i=0; $i<10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; }
  13. Like
    spooks got a reaction from sky_diver in Anti-hacker Account Mods, Secure your account pages   
    Sam's Anti-hacker Account Page Mods
    Secure your account pages against code/SQL injection attempts, yet allow strong passwords.
     
     


    There are many instances now of websites being hacked (or cracked to use the correct term) and it is necessary to make your site as secure as possible, one important measure in this is to sanitize all visitor inputs to ensure no code injection etc. attempt can work.
     
    However this creates an issue, if your user creates a strong password by using characters that are likely to be 'cleaned' either their password will not work, or the account gets a password that is different to what was input (as it was 'sanitized'). This is especially an issue if adding input sanitizing to an old site where visitors have added passwords that are now 'illegal'.
     
    This contribution resolves this issue by safely allowing any character to be used within the password, it does this by processing all password inputs before anything else, passwords are translated to hex values, the inputs validated then deleted as no longer required (only the hex strings are processed further). An option is provided to allow string to be reverse translated at the point of password checking to ensure existing passwords will work. This means the passwords now stored in the dBase are salted hashes of the hex string. Once the initial processing is done, all inputs are sanitized.
     
    A new option is added to require the user to input a 'strong' password.
     
    Other account fields are also subject to additional checks or the input converted:
     
    The date of birth field is now a drop down which automatically formats according to the store country, this ensures the format is correct, slashes (/) can still be sanitized and the visitor cannot transpose days & months. The telephone field is checked its numeric (if entered) and contains only limited allowed chars. The post code field is checked for the correct format, but only for UK & USA sites. If strong password is enabled, password forgotten will generate strong passwords. The State/Province/County: field is pre-filled with the zones for the store country, rather than a blank field that gets populated on submit! The Country drop down is pre-selected to the store country. All input fields are sanitized.

    Contribution will be found at: http://addons.oscommerce.com/info/7202
     
     
    Keep your site & user data safe.
  14. Downvote
    spooks reacted to satish in how i can add my paypal acount ?   
    Once You install paypal module.
    Recommended is PayPal Website Payments Standard then You need to configure thru admin.
     
     
    Satish
  15. Downvote
    spooks reacted to fan4chevy in Product Listing Enhancements, Thumbnails & Manufacturer Headings   
    Hi,
     
    I am having a few issues after reinstalling the contrib. This was installed on a unmodified cart as I am starting fresh.
     
    1.) When uploading an image into a subcategory it duplicates it into the parent category as well.
     
    2.) The information is jumbled up on the product listing page. Some things are overlapping others.
     
    3.) The quantity: text is showing up when in admin I have it at 0.
     
    See image:
     

  16. Like
    spooks got a reaction from Stephan (VS) in Simple Multi Image Add-on (Un-Limited) with FancyBox Popups   
    Complete the install as detailed!!
     
     
     
  17. Like
    spooks got a reaction from Stephan (VS) in Simple Multi Image Add-on (Un-Limited) with FancyBox Popups   
    Complete the install as detailed!!
     
     
     
  18. Like
    spooks got a reaction from 2fix4u in Product Listing Enhancements, Thumbnails & Manufacturer Headings   
    Global titles is refered to in the doc, the setting is called Display Product Name/Price above all other fields
     
    tep_get_att_price is a function I wrote & use on some sites, I have never released it. It does what it implies.
     
    I don't know TaxInfo
  19. Like
    spooks got a reaction from 2fix4u in Product Listing Enhancements, Thumbnails & Manufacturer Headings   
    1. in grid mode the prod display uses the class .infoBoxGrid modify that
     
    2. Sounds like you have global titles on, turn that off
  20. Downvote
    spooks reacted to dragonzdeluxe in Shipping Cost module   
    im Looking for a specific module. What Im needing is the cost of shipping depends on what the value is of the merchandise being purchased.
     
    AKA: Someone gets something under $100 the Shipping is a fixed $10. But If The Same person gets something $101 or Higher the shipping is 10% of the value.
     
    Can anyone help me please???
  21. Like
    spooks got a reaction from 2fix4u in Product Listing Enhancements, Thumbnails & Manufacturer Headings   
    SQL query error in new_products module
     
    Sorry, when you make a big update there can always be stuff you miss in packages this size
     
    find the query
     

    if ( (!isset($new_products_category_id)) || ($new_products_category_id == '0') ) { $new_products_query = "select " . $select_column_list . "p.products_id, p.products_image, p.products_tax_class_id, p.products_price, p.products_quantity from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_date_added > '".$date."' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' order by p.products_date_added desc"; } else { $new_products_query = "select distinct " . $select_column_list . "p.products_id, p.products_image, p.products_tax_class_id, p.products_price, p.products_quantity from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c where p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and c.parent_id = '" . (int)$new_products_category_id . "' and p.products_status = '1' and p.products_date_added > '".$date."' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' order by p.products_date_added desc"; }
     
    replace with:
     

    if ( (!isset($new_products_category_id)) || ($new_products_category_id == '0') ) { $new_products_query = "select " . $select_column_list . "p.products_id, p.products_image, p.products_tax_class_id, p.products_price, p.products_quantity from " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on (p.manufacturers_id = m.manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_date_added > '".$date."' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' order by p.products_date_added desc"; } else { $new_products_query = "select distinct " . $select_column_list . "p.products_id, p.products_image, p.products_tax_class_id, p.products_price, p.products_quantity from " . TABLE_PRODUCTS . " p left join " . TABLE_MANUFACTURERS . " m on (p.manufacturers_id = m.manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c where p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and c.parent_id = '" . (int)$new_products_category_id . "' and p.products_status = '1' and p.products_date_added > '".$date."' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' order by p.products_date_added desc"; }
     
    Surprised no-ones spotted the other bug (not in that file)
     
     
     
    An addition to the next update will be thumbnails with rounded corners, I think a few may like that
  22. Downvote
    spooks reacted to fitshop in Product Listing Columns Add-On   
    I have just installed the Product Listing Columns Add-On. Very simple and just what i wanted. However, does anyone know how i can add borders around the products displayed (to seperate them a little better)?
     
    Cheers,
    Richard
  23. Downvote
    spooks reacted to r4dsiii in who can help me to integrate Psigate 3D payment module to OSC?   
    I suffer lots of CC fraud this month. I need to integrate my website with Psigate 3D(Psi3D) payment module which is much securer and safer. I have the integration guide from Psigate, but I am not very familiar with PHP. Who can help me to code the integration? If yes, please offer your price to liangshoukongkong AT gmail DOT com. Many thanks
  24. Like
    spooks got a reaction from fan4chevy in Product Listing Enhancements, Thumbnails & Manufacturer Headings   
    To add the switch above the listing:
     
    after:

    $data_ok = ($listing_split->number_of_rows > 0);
    add:

    $thumbnail_view = (isset($_GET['list']) ? $_GET['list'] : PRODUCT_THUMBNAIL_VIEW); if (LISTING_SWITCH != 'false' && $data_ok) echo '<br /><span class="smalltext"><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('list')). 'list='.(strstr($thumbnail_view, 'thumbnails') ? 'manufacturer' : 'thumbnails')) . '">' . (strstr($thumbnail_view, 'thumbnails') ? LIST_VIEW : THUMB_VIEW).'</a></span><br />';
  25. Like
    spooks reacted to FWR Media in Remove & Prevent duplicate content with the canonical tag   
    Sam just a few bits I'd have done differently, obviously use none of it, part of it or all of it as you wish. This is untested I hasten to add.
     
    On the site page ..
     

    <?php sams_canonical( $xhtml = true ); ?>
     
    the function ..
     

    <?php function sams_canonical( $xhtml = false ) { global $request_type; $close_tag = ' />'; if ( false === $xhtml ) { $close_tag = '>'; } $domain = ( $request_type == 'SSL' ? HTTPS_SERVER : HTTP_SERVER ); // Find the file basename safely = PHP_SELF is unreliable - SCRIPT_NAME can show path to phpcgi if ( array_key_exists( 'SCRIPT_NAME', $_SERVER ) && ( substr( basename( $_SERVER['SCRIPT_NAME'] ), -4, 4 ) == '.php' ) ) { $basefile = basename( $_SERVER['SCRIPT_NAME'] ); } elseif ( array_key_exists( 'PHP_SELF', $_SERVER ) && ( substr( basename( $_SERVER['PHP_SELF'] ), -4, 4 ) == '.php' ) ) { $basefile = basename( $_SERVER['PHP_SELF'] ); } else { // No base file so we have to return nothing return false; } // Don't produce canonicals for SSL pages that bots shouldn't see $ignore_array = array( 'account', 'address', 'checkout', 'login', 'password', 'logoff' ); if ( in_array( str_replace( '.php', '', $basefile ) , $ignore_array ) ) { // Bots shouldn't be here so show no canonical return false; } // REQUEST_URI usually doesn't exist on Windows servers ( sometimes ORIG_PATH_INFO doesn't either ) if ( array_key_exists( 'REQUEST_URI', $_SERVER ) ) { $request_uri = str_replace( strrchr( $_SERVER['REQUEST_URI'], '?' ), '', $_SERVER['REQUEST_URI'] ); } elseif( array_key_exists( 'ORIG_PATH_INFO', $_SERVER ) ) { $request_uri = str_replace( strrchr( $_SERVER['ORIG_PATH_INFO'], '?' ), '', $_SERVER['ORIG_PATH_INFO'] ); } else { // we need to fail here as we have no REQUEST_URI and return no canonical link html return false; } // We want these _GET keys removed from the canonical link $ignore_get_keys = array( 'currency', 'language', 'page', 'sort', 'ref', 'affiliate_banner_id', 'osCsid' ); if ( !empty( $_GET ) ) { $get = $_GET; $newget = array(); foreach ( $get as $key => $value ) { if ( in_array( $key, $ignore_get_keys ) ) { unset( $get[$key] ); } } } else { $get = ''; } if ( !empty( $get ) ) { $get = '?' . http_build_query( $get ); } $canonical = $domain . $request_uri . $get; echo '<link rel="canonical" href="' . $canonical . '"' . $close_tag . PHP_EOL; } // function ?>
     
    Hope it helps or gives some ideas ( http_build_query is PHP5 but has a wrapper in RC2a not sure about MS2.2)
×