Jump to content
Latest News: (loading..)

ArtcoInc

Members
  • Content count

    1,468
  • Joined

  • Last visited

  • Days Won

    30

Reputation Activity

  1. Like
    ArtcoInc got a reaction from puggybelle in Hack attempt - is there a way to prevent this?   
    @puggybelle
    (while off topic ...)
    As I said, the Community Edition does not have an accurate version numbering system.
    When Burt started this project back in 2014, osC was at version 2.3.3.4. So, the Community Edition, all through its early development, was also v2.3.3.4. Every release during these early times was called v2.3.3.4.
    When osC upgraded to v2.3.4, Burt brought the Community Edition code base up to the v2.3.4 code base, and the Community Edition stayed at v2.3.4 while further development was happening. Somewhere during this time, Burt released the 'Gold' fixed release. Development still continued, with every release still being called v2.3.4.
    When osC had the v2.3.4.1 Hot Patch applied, Burt also applied the Hot Patch, and the Community Edition was bumped up to v2.3.4.1. Once again, development continued, with every new release still being called v2.3.4.1.
    Burt released the 'Frozen' fixed release in August, 2018. Development still continues (usually called 'Edge', although that is not a fixed release), and the version number is *still* v2.3.4.1.
    Some bugs have been identified in 'Frozen', and there is a thread here on the forum identifying them (and some fixes too). 'Edge' continues to be developed (still being called v2.3.4.1), and some significant changes have been made since 'Frozen', causing some compatibility issues with prior versions, and many (most?) add-ons out there.
    This all said ...
    You can download the 'Frozen' version (see the link in my signature below). *** IF *** you have made NO core changes, you *should* be able to drop the 'Frozen' version into your store. Otherwise, you will need to use a file compare application to see what changes have been made since your release.
    (now, to get back on topic ...)
    How this all relates to your initial problem, I don't know. Someone with a higher pay grade than myself will need to explore how the injection code made its way into your orders record.
    M
  2. Like
    ArtcoInc reacted to Jack_mcs in Hack attempt - is there a way to prevent this?   
    When the form is submitted, the commands are stripped from it. That is why you see the __script instead of <script. That renders the code useless as far as the hacker is concerned. At least it should. I never assume anything when they are involved.
    If you have an addon that records the IP, like View Counter or IP Blocker, then you should block the IP. That won't prevent others from using the same method but it might stop that guy.
  3. Like
    ArtcoInc reacted to raiwa in Hack attempt - is there a way to prevent this?   
    PWA uses exact the same coding which sanitizes customer input to store the customers data in the database like the core create account page. So it is as save as the  core create account in that sense.
  4. Like
    ArtcoInc got a reaction from valquiria23 in How to distinguish the sub categories in the category box?   
    @MyBookShop
    Do you have this installed on a live site? If so, can you post (or pm) your site URL?
    M
  5. Like
    ArtcoInc reacted to burt in 28d, 2019 - Pre Orders are now open   
    Hello all, pre-orders are now open for my next 28d package of mods.   Those who pre-order get the whole package of mods at a cut-down price compared to those who wait until February.  
    I have a demo site up and running, showcasing the mods that I have coded so far.  If anyone is interested in taking a look at Demo site (without obligation to pre-order, though I hope you will), please PM me.
    2019 will hopefully be a year of change for osCommerce, and as I am the only developer keeping osCommerce somewhat relevant ... I hope that everyone will take the opportunity to show their support.
    Thank You.
  6. Like
    ArtcoInc reacted to MrPhil in Additional Protection With htaccess/htpasswd secured through htaccess/htpasswd means.   
    Eh? You're talking about the same thing!
    Anyway, there are up to four layers of protection to keep bad guys out of your shop administration:
    Using SSL so they can't "snoop" on the admin traffic. The whole site should be under SSL (https) these days, so that's a moot point. Administrator ID and password -- not easily guessable, right? Unguessable admin directory name. The first thing every hacker tries is to get into your <domain>/admin area, so changing admin to something weird is good. Server "password protection" on admin and everything under it. This means having to "log in" a second time to get in. Of course, the ID and password you use is different from the Administrator ID and password, right? Number 4 is the issue at hand. You are much better off using your control panel's "password protect a directory" function than trying to install the files supplied with osCommerce. The former is guaranteed to work and is easy to install, while the latter is iffy and difficult to install. The only downside to using your control panel function is that osC's security check may not recognize that you did it, and report that there is no password protection, when there is. If you have to give two separate logins to get to your admin functions, it's working.
    Many sites choose not to do #4. It's less secure, but that's up to your comfort level.
  7. Like
    ArtcoInc reacted to raiwa in Purchase without account for 2.3.4 and BS2334   
    Hello Anne @Dj-Viper,
    I'm going back to the public forum. Others may have a similar problem and can profit by the information.
    Most payment modules use the standard checkout processing through checkout_process-php. Orders are created, stored and the order confirmation mails created in that file.
    But some payment modules bypass this file and do their own order processing including the order confirmation mail creation in the payment module. The coding is therefore included in the payment module.
    The only payment module included in a standard oscommerce store doing so is PayPal standard.
    Now in your case the "payment processor ideal" you are using does the same. You have to apply the modifications in this payment module which is located in: includes/modules/payment/.
    Please use the instructions for the PayPal standard module as a guide how to apply the PWA modifications to your payment module. Instructions may not fit literally the code of your payment module, you have to try to find the equivalent code.
    Also add your modifications to include the customer mail and phone there.
    You do not need to apply the modifications to all payment modules, only the ones which bypass the standard checkout_process.php like your "payment processor ideal" and therefore do not use the modifications done in checkout_process.php.
    Hope this clears up your questions and helps
    Best regards
    Rainer
  8. Thanks
    ArtcoInc reacted to BrockleyJohn in PHP 7   
    @ArtcoInc generally speaking, it shouldn't be a problem. There is syntax on 7-7.2 that isn't supported on 5.6 but you're probably not going to be using any of it in your new version... spaceships <=>, null coalescing ($action = $_GET['action'] ?? 'default'), anonymous classes, constant arrays and a bunch of other things that don't spring straight to mind.
    The only bit of code I can think of that doesn't work across versions is something to do with error-handling on evals but you probably haven't got any of that anyway. The evaluation order in statements is the other way round (eg. when working out what $$class->$method($param[$$key]) means but that should have been fixed by putting in curly braces to make it expllicit in the statement.
    The approach would be - get a set of code running without issue on 7 and then turn the version back down to 5.6 for a test.
    hth
  9. Like
    ArtcoInc got a reaction from Ken_Shea in Landing site elimination   
    @Ken_Shea
    This .htaccess file goes in the root of your shop (ontargetsportsonline.com). This is also where you can put the bits to force your htts status, and whether you have the www. in front of your domain, or not (as defined by how your SSL certificate was created).
    In your /catalog_ontarget directory, you can have another .htaccess file that just controls how your shop works.
    HTH
    M
  10. Like
    ArtcoInc got a reaction from Ken_Shea in apple-touch-icon.png   
    @Ken_Shea
    Ok, as best as I can figure out (it's above my pay grade too), you need to do two things ...
    1) Find a copy of the apple-touch-icon.png file, and put it in the root directory of your shop (probably in /catalog, but it depends on your shop layout)
    2) Add this to the <head> portion of your shop code:
    <link rel="apple-touch-icon" href="apple-touch-icon.png"> (if you place the icon file in anything other than the shop root, you'd probably have to add the full path to the href link above)
    The best way would be to make a header tag module. I would simply copy an existing header tag module, re-name it, change all references from the old name to the new name, and replace the old code in the module with the above code.
    Clear as mud?
    M
  11. Like
    ArtcoInc got a reaction from Ken_Shea in apple-touch-icon.png   
    https://icons8.com/icon/set/apple-touch/ios
    https://manytools.org/http-html-text/apple-touch-icon-generator/
    M
  12. Like
    ArtcoInc got a reaction from Ken_Shea in apple-touch-icon.png   
    Looks like it.
    I *think* that the purpose of the apple-touch-icon is for your customer to be able to add a 'shortcut' to your site to the screen of their apple device. In this case, you'd probably want the apple-touch-icon to be the same as your favicon, as you want your shop's icon to be the shortcut.
    I was just looking at @JcMagpie's module. In it, he does use the same icon(s) for both the favicon and apple-touch-icon, just in different sizes. He just puts all of the icons into a different directory. So, just make sure that the href link in the code above points to whatever icon you want to use, including the correct path.
    M
  13. Thanks
    ArtcoInc got a reaction from Ken_Shea in apple-touch-icon.png   
    @Ken_Shea
    Does this help?
    https://stackoverflow.com/questions/12480497/why-am-i-getting-error-for-apple-touch-icon-precomposed-png/18256077#18256077
    https://stackoverflow.com/questions/14986650/keep-getting-404s-for-apple-touch-icon-png
    https://mathiasbynens.be/notes/touch-icons
    M
  14. Like
    ArtcoInc got a reaction from burt in Consolidated site on "Theme's"   
    http://www.oscommerce-templates.co.uk/
  15. Like
    ArtcoInc reacted to MrPhil in Who in the EU has heard of GDPR and will it affect you   
    Seen on the 'net. Sing along!
    He's making a list,
    He's checking it twice,
    He's gonna find out who's naughty or nice,
    Santa Claus is -- in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679.
  16. Like
    ArtcoInc reacted to stratula in Entscheidungsfindung   
    @Chrisso
    here is a good working german language pack
    German language pack for BS_CE
  17. Like
    ArtcoInc got a reaction from valquiria23 in Bootstrap 4 in 2.3.4.1   
    The domain BuyBurtABeer.com is available
  18. Like
    ArtcoInc got a reaction from valquiria23 in Bootstrap 4 in 2.3.4.1   
    The domain BuyBurtABeer.com is available
  19. Like
    ArtcoInc got a reaction from burt in Frozen bug list   
    All the more reason to keep good notes of what files you change, and why!
    M
  20. Like
    ArtcoInc got a reaction from Dan Cole in Frozen bug list   
    @valquiria23
    As @burt pointed out, Edge is in ongoing development. Frozen is just that, a single point in time in the development of Edge, "frozen" at that time.
    As @Dan Cole mentioned, you have a link to Frozen in your signature, and Gary has a link to Edge in his post. Edge is constantly changing. Edge does not have a version number. The only way to determine which 'version' of Edge you have is the date of the package.
    We "may assume" that Gary is fixing the bugs in Edge as he continues to work on it. He is also making other changes ... For example, he is migrating from Bootstrap v3 to Bootstrap v4. This is a significant change, so be aware that this most likely will break existing add-ons that currently work with Frozen. Also, moving from one version of Edge to another is not a simple in-place, one button upgrade. You'll either have to do a clean install and migrate, or do a file by file compare, and determine for yourself what has changed.
    And yes, Github is another learning curve in and of itself.
    M
  21. Like
    ArtcoInc reacted to burt in Frozen bug list   
    Not wrong at all
    At all;
    Edge is what I'm playing with at the moment, but all potential users of this software should be 127% aware that this Edge is my playground, so code may be changed - broken - reverted and so on. 
    Put simply
    if you are a shopowner who is not technical...use Frozen. if you are a developer...develop for Frozen.
  22. Like
    ArtcoInc got a reaction from Dan Cole in Frozen bug list   
    @valquiria23
    As @burt pointed out, Edge is in ongoing development. Frozen is just that, a single point in time in the development of Edge, "frozen" at that time.
    As @Dan Cole mentioned, you have a link to Frozen in your signature, and Gary has a link to Edge in his post. Edge is constantly changing. Edge does not have a version number. The only way to determine which 'version' of Edge you have is the date of the package.
    We "may assume" that Gary is fixing the bugs in Edge as he continues to work on it. He is also making other changes ... For example, he is migrating from Bootstrap v3 to Bootstrap v4. This is a significant change, so be aware that this most likely will break existing add-ons that currently work with Frozen. Also, moving from one version of Edge to another is not a simple in-place, one button upgrade. You'll either have to do a clean install and migrate, or do a file by file compare, and determine for yourself what has changed.
    And yes, Github is another learning curve in and of itself.
    M
  23. Like
    ArtcoInc got a reaction from burt in Frozen bug list   
    All the more reason to keep good notes of what files you change, and why!
    M
  24. Like
    ArtcoInc reacted to burt in Frozen bug list   
    It should be fairly straightforward if (and I do realise that is a big "IF") user has not changed core code. 
    If no core code is changed;
    upload new files to overwrite old  check any installed modules for new database entries
  25. Like
    ArtcoInc got a reaction from Dan Cole in Frozen bug list   
    @valquiria23
    As @burt pointed out, Edge is in ongoing development. Frozen is just that, a single point in time in the development of Edge, "frozen" at that time.
    As @Dan Cole mentioned, you have a link to Frozen in your signature, and Gary has a link to Edge in his post. Edge is constantly changing. Edge does not have a version number. The only way to determine which 'version' of Edge you have is the date of the package.
    We "may assume" that Gary is fixing the bugs in Edge as he continues to work on it. He is also making other changes ... For example, he is migrating from Bootstrap v3 to Bootstrap v4. This is a significant change, so be aware that this most likely will break existing add-ons that currently work with Frozen. Also, moving from one version of Edge to another is not a simple in-place, one button upgrade. You'll either have to do a clean install and migrate, or do a file by file compare, and determine for yourself what has changed.
    And yes, Github is another learning curve in and of itself.
    M
×