Jump to content


  • Content count

  • Joined

  • Last visited

1 Follower

Profile Information

  • Real Name
  • Gender

Recent Profile Visitors

2,811 profile views
  1. I applied the following updates to the code... 1. I moved the AJAX login stuff to a new file. This eliminates the need for code editing. 2. I updated the AJAX login to update the footer. I also commented in which sections additional update code should be added. 3. I added code so that you can select on which pages the regular redirect/reload is used and on which pages AJAX login is used. As discussed above, if you don't truly have the need for page update without reload then this code is unnecessary (and might just cause confusion) and you should just use the code in post 72 login_modal_module_v2_1_withAJAXandPageSelection.zip
  2. @@auzStar I hadn't appreciated the general uselessness of AJAX for a page that requires redirect but what you said makes perfect sense. Thank you for saying it (and for saying it nicely :) ). I have a unique situation where on a particular page in my store a customer can get lose data if they are not logged in before opening the page and requiring login to access the page doesn't make sense. Login without reload is critically important to me for this page. The AJAX addition to your Login Modal solves this problem for me. Taking into consideration what you said, I think I'm going to tweak the code to make it more appropriate for general use (no need for AJAX login on most pages) while still enabling AJAX login for certain pages and fix at least the footer update. It would probably make sense to move the code added to cm_login_form.php to a new page in the catalog directory so additional code could be more easily added to update other areas as required. Now that I think about it, there probably aren't a lot of folks that *actually* benefit from AJAX login and for them it might cause more problems than solutions :wacko: I'll post the code here just in case anyone really needs it... But as you alluded they might as well use your version and avoid unnecessary problems.
  3. @@ArtcoInc Take this with a grain of salt but I've done a little digging and pretty much everyone says there is no secure way of embedding https stuff within a http page or securely capturing data in a http page to be transmitted to a https page, Apparently, header("Access-Control-Allow-Origin: http://$_SERVER[HTTP_HOST]"); and jsonp *can* be used for cross domain AJAX but its not secure. I think the answer here is if you're concerned enough about security to have some https on your site then just go to a full https site. IDK :D
  4. @@ArtcoInc LOL... No worries. If this is the worst thing to happen to me today then today is the best day all month :-) I think http to https has to do with AJAX seeing the two pages as different domains. Apparently, there are ways of performing cross domain AJAX requests. Take a look here... https://www.matraex.com/php-solution-to-http-to-https-ajax-call-no-access-control-allow-origin-header-is-present-on-the-requested-resource/
  5. @ArtcoInc Firefox tagged the password field as "not secure" when using the 'default' SSL settings. And here's a new development... http to http and https to https work fine but when using the 'default' settings of http to https the AJAX fails. I'm going to see if I can figure out what's going on. But I don't know much about AJAX... Are there any AJAX gurus out there with any insight into http to https requests?
  6. @@ArtcoInc I'm working on a development subdomain to set up our new store before moving it over to our live site. The development store has an SSL cert and the configure.php file is set up for https for both SSL and nonSSL pages. I have not yet done anything with the .htaccess file to redirect http to https. If you like, I can change the configure.php file so that http pages are http and test it for you. Please just let me know what page(s) to test, what browser, what to look for, etc. To be honest, I know enough about this stuff to hack around a little and am generally proficient with PHP but I'm certainty not a pro like a lot of the guys on here. I know nothing about AJAX either.
  7. I've had more time to test this code and found that removing above mentioned code seems to give the desired functionality. So, if you're on a random page and just login that random page will not be reloaded (this is important to me). However, if you click a link that goes to a different page that requires login then the AJAX login is performed and the nonAJAX code kicks in to go to the redirect page. The attached code also fixed one typo that is inconsequential. The only caveat I saw so far contrary to the above described functionality is on shopping_cart.php. If you're not logged in and have something in your shopping cart and then you login it does a page reload. This isn't important to me but I thought I'd mention it. I'd love to know if any of the osC gurus here have any thoughts on improvements. It may be hair brained but perhaps the code added to cm_login_form.php for the AJAX login should be moved to a new file to retain the drop on top module beauty even though the code would be slightly redundant. What are your guys thoughts? login_modal_module_v2_1_withAJAX_RedirectFix.zip
  8. I just found that there's a problem with this code if you want to redirect after login... I'm not using it in that way so, I didn't see it at first. Any thoughts on the best way to utilize the AJAX functionality if the php_self and redirect are the same but not if they are different? Just removing all the if (ajaxLogin != 'True') looks like it would do it.
  9. @@frankl Here it is... I made a few minor mods to it to make it compatible with the modular front page and nav bar addons while still working with as installed osCommerce Bootstrap Edge. login_modal_module_v2_1_withAJAX.zip
  10. I hired a freelancer to AJAX/JQuery functionality to this module. It's done and works really well. Although I couldn't have created the code I could follow it along and as nearly as I can tell everything looks really well written and commented. Would you guys like me to upload it to this thread? Just wanted to check as I don't want to offend anyone. Thanks.
  11. Thank you very much for all of your hard work on creating this login modal. It's beautiful. I have a need for an AJAX login for my store... I'm alright with PHP but worthless when it comes to AJAX. Is anyone interested in adding an option with this login modal for AJAX login? Please PM me with a cost if so. Thank you!
  12. ndiggity

    KissIT Image Thumnailer

    Thank you very much for this addon and supporting it! I have to say, that was about the easiest install ever! Everything seems to be working well except transparency. I see that there is code for it in image.php but for some reason the transparent space in my PNGs are being filled with the RGB value in 'thumb_background_rgb'. Is there something I need to do differently than the stock install to maintain transparency? Does the original image need to be of a certain specification? My PNGs were generated from BMPs in GIMP2.8 by setting the background color (white) to transparent via Layer->Transparency->Color to Alpha. My store was originally a 2.3.1 and has been upgraded to 2.3.4. I'm running PHP 5.2.17. I installed the version found here... version R11 (http://addons.oscommerce.com/info/9206) using instructions found in osc_standard_installation.docx. BTW, the legacy tep_image() maintained the transparency. Any help would be appreciated. Thank you :-)
  13. ndiggity

    paypal advanced paypal payflow

    I saw this bug too. I changed the following code in order to send the state abbreviations instead of letting Paypal truncate the full state name to two letters (i.e "Georgia" becomes "Ge"). There may be a better way but this seems to work perfectly... in catalog/includes/modules/payment/paypal_payflow_link.php near line 100 change the following . "&BILLTOSTATE=" . $order->customer['state'] to //MODIFIED TO SEND STATE ABBREVIATION TO PAYPAL //. "&BILLTOSTATE=" . $order->customer['state'] ORIGINAL CODE . "&BILLTOSTATE=" . tep_get_zone_code($order->customer['country']['id'], $order->customer['zone_id'], $order->customer['zone_name']) //MODIFIED TO SEND STATE ABBREVIATION TO PAYPAL And . "&SHIPTOSTATE=" . $order->delivery['state'] to //MODIFIED TO SEND STATE ABBREVIATION TO PAYPAL //. "&SHIPTOSTATE=" . $order->delivery['state'] ORIGINAL CODE . "&SHIPTOSTATE=" . tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], $order->delivery['zone_name']) //MODIFIED TO SEND STATE ABBREVIATION TO PAYPAL Also, I installed the DHTML State Selection for 2.3.1 to make sure customers pick/spell States correctly. You can find it here http://addons.oscommerce.com/info/8028
  14. ndiggity

    Security issue with KCFinder

    Hello Joli, Thank you for following up. I truly appreciate it! I've been tweaking autoload.php a bit and using the various error logs to understand where things are failing. It's been a bit of a learning experience! I'd like to run something past you... 1. As far as I can tell the set_include_path('../'); is useful for when autoload.php includes application_top.php in the next line of code include('../includes/application_top.php'); . I'm guessing this because If I comment out set_include_path('../'); then I get errors having to do with application_top.php and various files application_top.php calls. 2. After application_top.php has done it's thing with regard to sessions and such we need to set the include path back so that we don't have to change a bunch of other paths in autoload.php. I'm guessing that is the purpose of set_include_path(dirname(__FILE__)); For some reason I couldn't get KCFinder to work without commenting out these two lines (which screwed up the admin session stuff) or without modifying the paths of the other includes in autoload.php. Assuming 1 & 2 above is correct, I replaced set_include_path(dirname(__FILE__)); with restore_include_path(); such that this code block now looks like... // BOF: Added to work with session handling of osCommerce: set_include_path('../'); include('../includes/application_top.php'); restore_include_path(); // EOF: Added to work with session handling of osCommerce: KCFinder seems to be working fine now and I don't see any errors in the error logs. Also, I checked http://www.MYSITE.com/catalog/admin/kcfinder/core/browser.php as you mentioned above and it returns Forbidden (presumably because of the .htaccess file). I also checked http://www.MYSITE.com/catalog/admin/kcfinder (there is no .htaccess file here) and it required a login. Does all that sound correct as in that's the way its supposed to work? Thank you very much for the help! I really appreciate it!
  15. ndiggity

    Security issue with KCFinder

    Thank you very much for supporting this contribution! I use the CKEditor all the time and just installed the updated version with the KCFinder. I have a question about the security update. Specifically, what is the purpose of set_include_path('../'); and set_include_path(dirname(__FILE__));? I looked them up and understand what they do but I don't quite understand why they are used in /kcfinder/core/autoload.php (below). Are the relevant to the security update or just used depending on your file structure? // BOF: Added to work with session handling of osCommerce: set_include_path('../'); include('../includes/application_top.php'); set_include_path(dirname(__FILE__)); // EOF: Added to work with session handling of osCommerce: Both are causing errors lower in the file for me (i.e. line 64 require "core/uploader.php";). The location of autoload.php on my site is catalog/admin/kcfinder/core/autoload.php. If I comment them out then everything seems to work fine. If either are active then the KCFinder doesn't work. I'm a bit of a novice when it comes to PHP... Are these lines required for the security update at all or are they just useful depending on your file structure? Thank you in advance!