Jump to content
Latest News: (loading..)

sinopia

Members
  • Content count

    104
  • Joined

  • Last visited

1 Follower

Recent Profile Visitors

981 profile views
  1. Yes I've check them. But even creating a account should be only name and email. Then (I suppose) making the checkout should be when more personal details should be added (payment/shipping/delivery/vat) but that isn't how osCommerce works. But correct me if I'm wrong.. I'm still reading all of this.
  2. Also cookies can't be stored into visitor until he agree with the cookie consent. So that's a bit issue in osCommerce as it creates cookie_test and osCid. If you use Google/Facebook will create for those also.
  3. I think it's also needed a page where you detail the information you log about customers and give them the right to view all (which can be done at the account page) but also remove everything you have about customers. Also detail what third parties get the information and what kind of information for example PayPal or the shipping company. Also Google Analytics and Facebook Pixel. You've to protect your website more specific your database against attacks which can lead your database to be stolen. You've 72 hours to report any attack. Also in that page you've to specific all the cookies you have and what they function. Of course website should have SSL and use updated version for TLS and strong encryption for ciphers. The right also to remove the newsletters at the account page and also in the mail they're sent. (I think SMS/Mail sent normally at the orders doesn't matter as the client want to make a order.) Backups should be encrypted and secure. Some recommendations is use 2FA or private keys to access sensitive information for example database. Access to admin should have .htaccess extra protection for example password and limit access by a VPN only. Password for customers should have +9 and admins +13 (both a-z, A-Z, 0-9 and symbols). Encryption by default in osCommerce is MD5+salt but should SHA-256 (minimum required). Also running Firewall, IDS (Intrusion Detection System), more stuff to avoid and detect attacks. Some of those are recommendation others are obligatory. If I missed something or I said anything wrong please also let me know.
  4. I've changed now seems to work fine. Thanks @raiwa
  5. Also some classes/function are using old PHP code.. For example: reset($this->modules); while (list(, $value) = each($this->modules)) { which should become the following: foreach($this->modules as $value) { Can this cause some kind of errors?
  6. Hello @raiwa should I use this one -> https://raw.githubusercontent.com/BrockleyJohn/Responsive-osCommerce/master/includes/classes/currencies.php ? Should I just add those functions into mine class? Here are mine: <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2008 osCommerce Released under the GNU General Public License */ //// // Class to handle currencies // TABLES: currencies class currencies { var $currencies; // class constructor function __construct() { $this->currencies = array(); $currencies_query = tep_db_query("select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from " . TABLE_CURRENCIES); while ($currencies = tep_db_fetch_array($currencies_query)) { $this->currencies[$currencies['code']] = array('title' => $currencies['title'], 'symbol_left' => $currencies['symbol_left'], 'symbol_right' => $currencies['symbol_right'], 'decimal_point' => $currencies['decimal_point'], 'thousands_point' => $currencies['thousands_point'], 'decimal_places' => (int)$currencies['decimal_places'], 'value' => $currencies['value']); } } // class methods function format($number, $calculate_currency_value = true, $currency_type = '', $currency_value = '') { global $currency; if (empty($currency_type)) $currency_type = $currency; if ($calculate_currency_value == true) { $rate = (tep_not_null($currency_value)) ? $currency_value : $this->currencies[$currency_type]['value']; $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number * $rate, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; } else { $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; } return $format_string; } function calculate_price($products_price, $products_tax, $quantity = 1) { global $currency; return tep_round(tep_add_tax($products_price, $products_tax), $this->currencies[$currency]['decimal_places']) * $quantity; } function is_set($code) { if (isset($this->currencies[$code]) && tep_not_null($this->currencies[$code])) { return true; } else { return false; } } function get_symbol() { global $currency; $currency_type = $currency; if (trim($this->currencies[$currency_type]['symbol_left'])!='') { return $this->currencies[$currency_type]['symbol_left']; } else return $this->currencies[$currency_type]['symbol_right']; } function get_value($code) { return $this->currencies[$code]['value']; } function get_decimal_places($code) { return $this->currencies[$code]['decimal_places']; } function display_price($products_price, $products_tax, $quantity = 1) { return $this->format($this->calculate_price($products_price, $products_tax, $quantity)); } function display_sale_percent($products_price, $products_tax, $special_price) { if ($this->calculate_price($special_price, $products_tax, 1) != 100) { if ($products_price != 0) { $sale_percent = 100 - $this->calculate_price($special_price, $products_tax, 1)/$products_price*100; } } return tep_round($sale_percent, 1); } function format_short($number) { if ($calculate_currency_value) { $rate = ($currency_value) ? $currency_value : $this->currencies[$currency_type]['value']; $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format($number * $rate, $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; // if the selected currency is in the european euro-conversion and the default currency is euro, // the currency will displayed in the national currency and euro currency if ( (DEFAULT_CURRENCY == 'EUR') && ($currency_type == 'DEM' || $currency_type == 'BEF' || $currency_type == 'LUF' || $currency_type == 'ESP' || $currency_type == 'FRF' || $currency_type == 'IEP' || $currency_type == 'ITL' || $currency_type == 'NLG' || $currency_type == 'ATS' || $currency_type == 'PTE' || $currency_type == 'FIM' || $currency_type == 'GRD') ) { $format_string .= ' <small>[' . $this->format($number, true, 'EUR') . ']</small>'; } } else { $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format($number, $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; } $format_string = number_format($number, $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']); $format_string = str_replace(',','',$format_string); return $format_string; } } echo $special_price; ?>
  7. The error probably is that I'm missing that functions at classes/currencies.php. But does this version fix the issue about shipping costs?
  8. Hello @Tsimi I'm using a old version of this addon, but the discount code is applying to shipping costs also, I was trying to look just to apply to subtotal. I've update the addon to the last version but at checkout I get this error: Fatal error: Uncaught Error: Call to undefined method currencies::format_raw() in /home/xxx/public_html/includes/modules/order_total/ot_discount.php:160 Stack trace: #0 /home/xxx/public_html/includes/classes/order_total.php(42): ot_discount->process() #1 /home/xxx/public_html/checkout_confirmation.php(85): order_total->process() #2 /home/xxx/public_html/index.php(37): include('/home/xxx...') #3 {main} thrown in /home/xxx/public_html/includes/modules/order_total/ot_discount.php on line 160 At lest the version I found is "Discount Code 2.6", it's possible to apply the discount only to the subtotal of products?
  9. TLS1.2 again

    @BrockleyJohn @Harald Ponce de Leon The issue is at ext/modules/payment/paypal/paypal.com.crt it's out of date and should be updated. You will need to ensure that your environment supports the use of the SHA-256 signing algorithm and discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate. To fix the issue of TLS v1.2 get a updated version here http://curl.haxx.se/ca/cacert.pem or use this from PayPal https://raw.githubusercontent.com/paypal/TLS-update/master/php/cacert.pem The addon should be updated also with PHP 7 compatibility (it's just warnings but anyways..) it uses old deprecated constructors instead __construct() Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_LOGIN has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/LOGIN/LOGIN.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_HS has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/HS/HS.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_EC has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/EC/EC.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_DP has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/DP/DP.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_PS has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/PS/PS.php on line 13
  10. PayPal App v5.000

    Well it's for sure certificate ext/modules/payment/paypal/paypal.com.crt should be updated. You will need to ensure that your environment supports the use of the SHA-256 signing algorithm and discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate. And also to avoid those warnings __construct() should be used a lot of files for example: Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_LOGIN has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/LOGIN/LOGIN.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_HS has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/HS/HS.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_EC has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/EC/EC.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_DP has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/DP/DP.php on line 13 Deprecated: Methods with the same name as their class will not be constructors in a future version of PHP; OSCOM_PayPal_PS has a deprecated constructor in /home/website/public_html/includes/apps/paypal/modules/PS/PS.php on line 13 And much more of this type of warnings. I think that's the only thing that should be updated.
  11. PayPal App v5.000

    About the certificate paypal.com.crt is has to be updated because PayPal discontinued use of the VeriSign G2 Root Certificate
  12. PayPal App v5.000

    About the mails I've also fixed it. I've edited those files: includes/modules/payment/paypal_standard.php ext/modules/payment/paypal/standard_ipn.php For those who use mail manager or something like that I commented the tep_mail and done this: //tep_mail($order->customer['name'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); if (file_exists(DIR_WS_MODULES.'mail_manager/order_confirm.php')){ include(DIR_WS_MODULES.'mail_manager/order_confirm.php'); } else { tep_mail($order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address'], EMAIL_TEXT_SUBJECT, $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } and at includes/modules/mail_manager/order_confirm.php added this to be sure that variables from paypal files: // Fix for PayPal if (strpos($order->info['payment_method'], 'PayPal') !== false) { $insert_id = $order_id; } Now it's sending as it should.
  13. PayPal App v5.000

    Yes now for me it's fixed. The file ext/modules/payment/paypal/paypal.com.crt was the issue. I've replaced with a updated and now works. If someone could check and if indeed that's the problem that should be replaced with a updated one. Now for me I can set "Verify SSL" to true and both connection returns success.
  14. PayPal App v5.000

    I think I might found the issue. At OSCOM_PayPal.php if "Verify SSL" option is true it does this: if ( (substr($server['host'], -10) == 'paypal.com') && file_exists(DIR_FS_CATALOG . 'ext/modules/payment/paypal/paypal.com.crt') ) { curl_setopt($curl, CURLOPT_CAINFO, DIR_FS_CATALOG . 'ext/modules/payment/paypal/paypal.com.crt'); } elseif ( file_exists(DIR_FS_CATALOG . 'includes/cacert.pem') ) { curl_setopt($curl, CURLOPT_CAINFO, DIR_FS_CATALOG . 'includes/cacert.pem'); } The problem resides at ext/modules/payment/paypal/paypal.com.crt and copied from mine cacert.pem (which is a updated version). Make sure you get from here http://curl.haxx.se/ca/cacert.pem or this one from paypal -> https://raw.githubusercontent.com/paypal/TLS-update/master/php/cacert.pem
  15. PayPal App v5.000

    But if paypal payment method is choice and payment is complete it redirects to checkout_process.php so that would send the mail. I think it isn't sent correctly as paypal_standard.php uses $order_id and checkout_process.php uses $insert_id About the "Verifiy SSL" In OSCOM_PayPal.php if I set curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true); to false it works but for security question I think that isn't the correct solution. CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate -> https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html I'm still trying to check what is going on. Also I'm running PHP 7 and this files uses old constructors (stills works) but are just been deprecated and will trigger warnings.
×