Jump to content

Steel

Members
  • Content count

    127
  • Joined

  • Last visited

Profile Information

  1. Hello Simone, It looks like your problem is coming from your stylesheet.css file and not the wholesale contrib. I checked out your site and you are having the same problem with your contact us page as well. Because its something that affects your entire site and not just one page, it leads me to the conclusion of the stylesheet file. If you make the adjustment there, then it should fix your issue. Good Luck Steel
  2. Steel

    Mail_Validation

    I have checked it out on the customers side and am not able to click the link to vaildate, but I am however able to vaildate manually. by using this link: http://the-exterminator.dk/webshop/pw.php/...pass/TEA0fuEAHQ This link however does not work: http://the-exterminator.dk/webshop/pw.php/...TEA0fuEAHQ/id/9 I am not sure where your problem is, but it looks like an install issue. Somewhere there is a bad link typed into your code. Steel
  3. Steel

    Mail_Validation

    Sure no problem :D what you will need to do is first find the "MySQL" icon in your control panel, click on it, then in the next window that opens click on "phpMyAdmin", then in th next window select the corresponding data base to your OSC install, next select the tab that says SQL and then paste in the desired text and hit the "GO" button. That's all. If you have anymore questions just let me know. Thanks Steel
  4. Do a simple search (it's the little box at the top of the screen that says "Search") and you will find this can and does happen. I own mulitple stores and in 2 of the stores out of a few thousand orders it has happen at least 3 or 4 times. But, even 1 time is too many when it comes to a situation like this! Read OR Re-Read Post 17 and 18 in this thread.
  5. After making this small change, it's now working just fine! :D Thanks Again Steel
  6. Yup I already had this done and...nothing. :huh:
  7. I just installed the contrib and nothing changed. I even looked at the files included and did notice a difference on the navigation_history.php file that was different from the instructions: 2.1 Locate the following code: function unserialize($broken) { Add above it the following: //-MS- Add session regeneration function update_session() { $name = tep_session_name(); $session_id = tep_session_id(); for ($i=0, $n=sizeof($this->path); $i<$n; $i++) { if(isset($this->path[$i]['get'][$name]) && tep_not_null($this->path[$i]['get'][$name]) ) { $this->path[$i]['get'][$name] = $session_id; } if(isset($this->path[$i]['post'][$name]) && tep_not_null($this->path[$i]['post'][$name]) ) { $this->path[$i]['post'][$name] = $session_id; } } } //-MS- Add session regeneration EOM But in the included file, instead of being above it, it is below it. So I tried that instead...still nothing. It did not change the ID at all. I tired re-logging in and refreshing the screen too and still nothing. Any Thoughts? Also, in case this helps, I do not have the Register Globals Contrib installed as it is still turned on by my Host. Thanks Again Steel
  8. The Problem with Hijacked Sessions and accounts getting combined. How it?s happening: Google (or any other search engine) starts a session, indexes it, and then displays it on their search engine site just as the example above showed. It also lists the Session ID in the link that it started, even if it was hours, days, or even weeks ago! Customer ?A? (we?ll call him JOHN) goes to Google and does a search for a ?BLUE CAR?. A link for ?examplewebstore.com? comes up. Now look at the URL for the link http:// examplewebstore.com /catalog/product_info.php?products_id=345&osCsid=b7f635beafc3f8bfdd538815cd4d514 Pay Attention to the Session ID: osCsid=b7f635beafc3f8bfdd538815cd4d514 And Pay Attention to the Product ID: products_id=345 NOW, Customer ?B? (we?ll call him FRED) goes to Google and does a search for a ?RED CAR?. A link for ?examplewebstore.com? again comes up. Now look at this link. http:// examplewebstore.com /catalog/product_info.php?products_id=789&osCsid=b7f635beafc3f8bfdd538815cd4d514 Notice the Same Session ID: osCsid=b7f635beafc3f8bfdd538815cd4d514 And Notice the Product ID: products_id=789 If you notice the URL for the link for the ?RED CAR? it?s almost identical to the link for the ?BLUE CAR?. The only difference is that that although the Product?s ID portion is not the same, the Session ID is a perfect match! If seems as if the way a session ID works is that the last person to actually SIGN IN using a particular Session ID Now becomes the default person who is assigned that ID. This is so the next time that they come back and log in, their account will pop up and the same Session ID will be restored. (Note: This can and will also happen if the 2 customers click on the same link for the same item as well. It doesn?t have to be different products.) The Problems that it can cause: Situation 1. Customer ?A? John comes along, does his search, sees the Google link, clicks on it and then ends up resuming the session that Google had started. Once he signs in, while using this session ID, it now becomes associated to his account. Now let?s say he checks out, completes the transaction and then logs off. Then customer ?B? Fred comes along and clicks on a Different Google link (OR EVEN THE SAME LINK) with the same Session ID, and at this point, if he were to SIGN IN, Fred would now have that exact same Session ID now assigned to his account instead of Johns. This might not seem like that big of a deal and some people might think Ahhhhhh what?s the matter with that happening?it?s not causing any harm? Well in situation 2, I will show you. Situation 2. Customer ?A? John comes along, does his search, sees the Google link, clicks on it and then ends up resuming the session that Google had started. Once he signs in, while using this session ID, it now becomes associated to his account. Now let?s say, this time he adds a few things to his cart and leaves. When customer ?B? Fred comes along and clicks on another Google link with the same Session ID, not only does he resume John?s cart, but if he were to SIGN IN, the Session ID, that was first assigned to Google and then to John, would be now once again be reassigned to Fred?s account. Fred would unknowingly take over John?s cart completely. Now in the worst case situation? Situation 3. Customer ?A? John comes along, does his search, sees the Google link, clicks on it and then ends up resuming the session that Google had started. Once he signs in, while using this session ID, it now becomes associated to his account. This time however he sign?s in, adds a few things to his cart, and is browsing around when customer ?B? Fred comes along and clicks on another Google link with the same Session ID. If Fred does this while John is still logged in under this Session ID, Fred is now ALSO signed in under John?s account at the exact same time as John and Fred doesn?t even have to SIGN IN himself at all! He has total control over John?s account. The Result: This is one way that accounts are getting mixed up. Fred places his order under John?s account, changes the billing and Ship to info and completes the transaction. Meanwhile John contacts the store wanting to know why some ?Fred guy? has an order under his account. Or, Fred emails asking about his order, but it?s no where to be found, because the order was placed under Johns account and not his own.
  9. This can and does happen, just look here: http://forums.oscommerce.com/index.php?showtopic=23532&hl= or here: http://forums.oscommerce.com/index.php?showtopic=200311&hl= or here: http://forums.oscommerce.com/index.php?sho...s+bleeding+over There are a bunch of post like this, As a matter of fact I am trying to fix this issue myself right now, because the customers HAVE checked out under these conditions. Thankfully this isn't a big problem, but out of 3000 orders in 2 different store it's happened about 3 times so far.
  10. Steel

    Mail_Validation

    I would like to apologize for not responding to anyone here lately. I haven't gotten a notice from the board that someone posted a question to this forum since December. For some reason it just notified me today about a post though. If anyone needs help, and I don't respond to the board here in a couple of days please feel free to PM me through the board anytime. Alex, No..... Thank You, for this great contribution! :D Steel
  11. OK.... 1st thing, its looks like you are using an old version of Wholesale Inquires, go here http://www.oscommerce.com/community/contributions,3338 and get the newest version. 2nd thing, This coding: should be this: third thing, this makes since because it also looks as if the information box that is showing on your main page is not the one that you are modifing. You are actually going to need to modify info_pages.php instead because the information box that you are seeing is from "Extra Pages - Info Box" contribution and not the regular one. Take a look at my site http://rebelstyle.com you will notice that I have 2 different information boxes. The one in the left column is from the default OSC and the one in the right column is from the "Extra Pages - Info Box" contrib. On your site it looks as if you are only using "Extra Pages - Info Box" information box, (info_pages.php) and not using the default information box, (information.php) at all. That is also way the other links that you have, like: Don't show up in the information.php page. They are from another file. :D Let me know how it goes. SteelShadow
  12. I checked your site and it looks as if you did not follow this step: ======================== STEP 2 (information.php) ======================== In catalog/includes/boxes/information.php, change the this: '<a href="' . tep_href_link(FILENAME_CONTACT_US) . '">' . BOX_INFORMATION_CONTACT . '</a>'); to this: '<a href="' . tep_href_link(FILENAME_CONTACT_US) . '">' . BOX_INFORMATION_CONTACT . '</a><br>' . '<a href="' . tep_href_link(FILENAME_WHOLESALE) . '">' . BOX_WHOLESALE_INQUIRY . '</a>'); Check that and let me know how it goes. SteelShadow
  13. Steel

    Mail_Validation

    Mookie-Jam It sounds like you are clicking the link and then also trying to manulay input to code. This would be a resson for the error code because you have already vaildated by clicking the link. You can only do one or the other not both. cpdarvas They will still be able to enter the shop but just can not log in or purchase/checkout without validting the account first, this stops fake accounts(well slows it down at least). Steel
  14. Yes it is possible. What you would have to do is modify the Wholesale.php and the lang/wholesale.php files included with this contrib. What you can do is go through the files and look for one of the forms input places, like the tax id number or the store address and copy that line, then paste it where you want it to show up at. Next replace, for example, the "tax id portion" of the line of text that you just pasted with "your item here" or whatever you intended it to be. Thats an easy way to do it. If you want to add mods and mod the mods then this is what you should be doing to get your feet wet. But, the most important thing I want you to remember........ I can lead you to the water, but if you want me to drink it for you I take Credit Cards, Cash, or PayPal. :D Good Luck Steel
×