Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by BrockleyJohn

  1. @burt good then we're on the same page () I'll get cracking on it...
  2. For the approach to index_products: I can't see why the standard modules wouldn't be analogous to nested, ie. cm_ip_title cm_ip_description cm_ip_product_listing A debate could be had around how much to put in the modules and how much to leave in index. My first thought was to leave the select-building in index and basically modularise the output but I've come around to more or less the opposite - title module gets the category/manufacturer and outputs title, description module outputs description listing module does all the list query building and sort stuff and inclusion of product listing module This leaves it open to a store-owner to add extra content modules anywhere below the header in the page without changing core code.
  3. 1c. on it... I think Rainer's modules cover the last 7 bullets but they need bringing up to date with Edge - they're fairly gold.
  4. A canonical link is used to give a single name to a page that may be accessed via different paths or with different parameters, eg. products can be in more than one category so there are different paths to the same product. The canonical link gives a single name for that page so it doesn't look like duplicate content to search engines. Categories can only be in one category, and the views of them don't have paging, so those aspects of index.php don't need a canonical link.
  5. @raiwa It lives on... https://github.com/BrockleyJohn/Responsive-osCommerce/tree/Modular-Product-Info
  6. I have a couple of clients live on variants of raiwa's modular product_info which you thought was too granular. Would you like that rolling up into something more suitable - or are you just thinking along the lines of an extra hook or two? On the subject of which, if they don't come under Everything Else: extra hooks aren't something needing a lot of testing; I'd really like to get index_products in there too if I can - I could do that alongside finishing things in index.php if you're amenable. There are probably other hooks it would be good to get in there before it's set in stone, shopping_cart springs to mind but there may be others.
  7. TLS1.2 again

    It's a bit of a strange one, this and I could do with some bright ideas to try out. As we know, everywhere including Paypal is updating their security protocols. For Paypal the sandbox endpoints have already been updated and the live ones will cut off support for TLS below 1.2 in a few months. The latest version of the app has a very handy button for testing against tlstest.paypal.com which will tell you if the server is running the necessary protocol versions. On the site I'm working with, the tests run fine (see image) and yet it fails to fetch the balance from PP sandbox with the error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure which indicates that the TLS version is below 1.2. The PP setting is to force TLS1.2 (even though the test indicates that the default setting should work) and I have checked that in the balance call the curl ssl version is getting set to 6 (force TLS1.2). Full debug of call: "rpcStatus":-1, "rpcResponse":{ "response":false, "ssl version":6, "error":"error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure", "info":{ "url":"https:\/\/api-3t.sandbox.paypal.com\/nvp", "content_type":null, "http_code":0, "header_size":0, "request_size":0, "filetime":-1, "ssl_verify_result":0, "redirect_count":0, "total_time":0.07172, "namelookup_time":0.014239, "connect_time":0.07175, "pretransfer_time":0, "size_upload":0, "size_download":0, "speed_download":0, "speed_upload":0, "download_content_length":-1, "upload_content_length":-1, "starttransfer_time":0, "redirect_time":0, "certinfo":[ ], "redirect_url":"" } } } So now ... ???
  8. TLS1.2 again

    @douglaswalker yes and no. I also think I missed something in your posts before. If you get a fail and a pass from the Paypal app, that means your server supports TLS1.2 but doesn't use it by default so it must be forced. There is now a setting in the app to force TLS1.2 which presumably you have set. Your independent code does not force TLS1.2 so fails. If you add the option curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, 'TLSv1'); before your independent test curl_exec it should succeed. What I have learnt further is: the urls in Paypal sandbox and tlstest are not identical despite what pp say. I ran them on https://www.ssllabs.com/ssltest/ and found that the cipher suites available are different and their priorities are different - with more secure ciphers available on tlstest and with higher priority than the insecure ones, while there are fewer secure on sandbox and there are insecure ones with higher priority. However, I think this is more likely to lead to successful calls against tlstest that fail against sandbox than the other way round. an empty call to tlstest.paypal.com only tests if TLS1.2 is available by default or on demand. It's not a sufficient test of the whole secure handshake. Specifically, it has no data so it only does the first bit of the handshake where they agree on what protocol they are speaking. It doesn't get as far as agreeing the encryption and understanding what each other are saying. I tried adding extra data to the call to tlstest but that alone doesn't make it fail (perhaps the other end needs to try and read it?). so the tests in the app go as far as possible with the tools that Paypal have offered to check whether the app can function in that environment but they don't prove it can - only the real calls can do that Hosting support for the site I've been working on eventually responded that the server does not have ciphers available for TLS1.2 so we're working to move it. This stuff is all to do with how the server is set up, what is available and in what order of priority so it's not at all surprising that your code gets different results on different servers.
  9. PayPal Standard not completing once returned to site

    Use the paypal app - you can still use express or standard in the app Go through the settings carefully in the documentation and make sure you get them right. Particularly (in standard) the setting of the return url and PDT on.
  10. [Addon} Modular Front Page

    @ce7 Hi Lyn, I think that's your admin index.php not your catalog one.
  11. That used to work. Enforcement may differ depending on your country but in in several countries google will reject products that don't have a valid GTIN and not show shopping ads for them. This is being rolled out worldwide. The only exceptions I'm aware of are things you make yourself, where you can get a global exemption. Spare parts are quoted as an example in adwords help of products where a valid gtin may not exist but in practice they get disapproved despite this. Anyway, you can change the new code in the execute function of the header_tags module to pull different data and put it into the gtin array and see if it goes. I doubt very much if product reviews will work on anything other than a real GTIN - think about it - how could they? These are global reviews on Google shopping not reviews on your site.
  12. Google customer reviews and seller ratings used to be just for Certified Stores. Now they are being rolled out to all Google merchants. This addon presents customers with an opt-in form on checkout_success. Google follows up after delivery to ask for a review of the transaction. Once you have collected enough reviews, you can show a badge with your seller rating. Most of the addon is in a header_tags module suitable for use in several osCommerce versions. This supports the opt-in and showing the seller rating badge as an overlay. You can choose on which pages the badge is displayed. A content module for osc 2.3.4BS in other positions on the page is also provided. The addon is also provided in a branch of Edge on github: https://github.com/BrockleyJohn/Responsive-osCommerce/tree/google_customer_reviews Download link to follow
  13. OK folks - version 1.1 is now in the apps area. I've added an option to send products for review and a check on whether your database has the products_gtin field in it. One changed file, which is now self-updating once you've copied it in so no messing about un/re-installing.
  14. so many addons, so little time...
  15. @Roaddoctor I'll put in an option to add the products for review. I'm not sure it's such a great idea using them, though. It might distract people from writing the merchant review which is what you really want.
  16. [Addon] Product Sort Within Category

    I've just uploaded Version 1.1 to the Apps area. This version incorporates the Dutch language files prepared by Domé. It adds (by request) the option to view the list of products in a category one page at a time instead of all at once. This option is available on the page itself.
  17. This addon has three simple unavoidable changes to core code and an optional simple change to admin categories. Amended code and instructions are provided for 2.3.4BS Edge but with comparable edits it would work on any 2.3+ store. It provides the means to change the default order of products with a category on index.php and supports the same product having different values in different categories. A separate admin page allows you to set all the sort orders within a category at once, and also lets you change the sort order of categories. Upload link coming when available.
  18. Stripe Upgrade to TLS 1.2

    Good news. It's nearly always the hosting.
  19. [Addon] Product Sort Within Category

    Thanks for the Dutch language files - they'll be incorporated into the next release which is in line with the Edge changes for 7.2 compatibility. I'm looking at an enhancement for the manager page too.
  20. Built-in Fraud Detection Feature in osCommerce

    That's because the addon was built by Fraudlabs - I have done it with no core changes. That sort of thing is unlikely ever to be core however. Incidentally a proper Fraudlabs pro integration should have stuff built into your payment module not just checkout process like they have done.
  21. PayPal Pro - going in circles

    Ermm... at the risk of sounding flippant you click on Credentials in the menu and put them in there.
  22. PayPal App for osCommerce Online Merchant

    More recent updates than 5.010 are applied automatically from within your store admin. It's the beginning of a brave new world where store owners don't have to do it all themselves - actually the brave new world started at an earlier version but 5.010 is so important (for TLSv1.2) that it's in the osc apps at that level. Yes the app is supposed to support the hosted solution - for Dan's benefit it's Paypal appearing in a frame over your page. IIRC you need a particular Paypal subscription to use it.
  23. Stripe Upgrade to TLS 1.2

    If your server is rated OK then it may be that it is not set to use TLSv1.2 by default and it must be specified. From a quick scan of the stripe module there are a couple of ways it communicates. It uses javascript but that's all pulled from the Stripe site so it's out of your control and probably ok. As well as that there are curl calls made by the module so you can try forcing them to TLSv1.2 To do this find the function sendTransactionToGateway which sets a lot of curl options before the call. Add among them somewhere: curl_setopt($curl, CURLOPT_SSLVERSION, 6); If this doesn't do it, then the most likely explanation is that your server apparently supports TLS1.2 but it's not been done properly and the right ciphers aren't available. I had this with a customer this week (trying to get paypal going on TLS1.2).
  24. Stripe Upgrade to TLS 1.2

    It looks like your UPS issue was support for a particular XML version and I don't see what that has to do with TLS version (although there may be some coincidental correlation with particular platform versions). The topic of TLS version availability is common across all payment methods as the PCI compliance date looms in June. It is common for payment processors to have already updated their test environments to accept only TLS1.2 connections - it is definitely true of Paypal and Sagepay but I don't know about Stripe. It's typically an issue that must be resolved by making sure your hosting environment is up to the right standards, and only occasionally needs application changes. If the integration is a form-based one where the customer is transferred over to make payment separately then it may be that all that is necessary is for your Security Certificate and platform to be up to scratch. If there's a more complex api then it may need changes to the calls on some servers to specify that it's done over TLS1.2. First step is to check your server by putting it into https://www.ssllabs.com/ssltest/
  25. 1. There are no code modifications in the FB pixel addon 2. It offers greater granularity of information with purchase events in the currently released version and more in customer specialisations.