Jump to content


  • Content count

  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. spacebiscuit75

    Contact Form Abuse

    Of late I have noticed in my action recorder that someone is posting messages with nonsense messages. I have Captcha setup and I have also added some custom sanitisation to kill the process when certain criteria is met. All of these posts are coming from he same region (Russia) so it is clearly the same person(s) carry this out. I have asked my host for a security scan which has passed, what are they trying/hoping or what might they have achieved. I can see at least 6 months of this type of activity so I can't imagine they must have had some sort of gain or success to date. Any ideas? Thanks.
  2. My error, my form input for the checkbox had a ttpo which meant the isarray() check that catches the save was not caught. Working now thanks.
  3. There is Product Notifications module for the checkout success page. When enabled it displays the custom radio which can be toggled. I noticed that when the radio is selected and them saved - a record is not saved in 'products_notifications'. The form action post back to: checkout_success.php?action=update But all the checkout success page does is redirect to the home page: if ( isset($_GET['action']) && ($_GET['action'] == 'update') ) { tep_redirect(tep_href_link('index.php')); } Looks like this is a bug, I know this is a much maligned feature but just wanted to check that I am not missing something?
  4. Further to the above findings - the product notification ignores the customers newsletter subscription setting on the customers table. So despite the notifications being sent under the newsletter feature this field is not used to filter customers to be included. It is only used if the module/type option when creating the newsletter is set as "customers_newsletter" flag is used.
  5. Ok so I think that I figured it out. Product Notifications are a type of newsletter that can be sent from the admin: Tools -> Newsletter Manager. When sending this type of newsletter you must select at least one product. - if 3 customers have opted in for Global Product Notifications all 3 they will be notified - if 2 customers are not opted into Global Product Notifications but they have selected to be notified of this particular product these 2 will also be notified Therefore a total of 5 recipients will be notified, the intersection of the two groups. I think that this is a valid feature just that it is not very clear and obvious. In my case I have updated the forms and labels to make it clearer to the customers, I've renamed it as "Product Follows" to give it more of a social media feel. Many thanks!
  6. So am I correct in stating that the global product notifications is an opt-in to receive a newsletter if one is sent va the admin. Only those customer who have this value set to true will receive the communication? If this is the case, what if as a customer I want to opt-into this group AND also subscribe to individual products. I have noticed that if you choose to set global product notifications to be true then any enteries in the product_notifications which you may have set up are removed - this doesn't make much sense to me. It would appear that the global_product_notifications field is not just an on/off toggle but is in fact a toggle between two distinct features, something that is not obvious or clear. In my opinion there should be two fields on the customer table, providing the ability to toggle between two distinct features.
  7. Thanks - I understand the notifications can be of all products or those selected by the customer, but what is in the notification itself - what is it notifying?
  8. I understand that this feature is a notification preference. What is the difference between the two toggle states. Is this an on/off toggle or else is it a toggle between two different types of notificaitons? I ask because in the account settings the products that a customer has notifications setup for are only shown with checkboxes to unset the association if the global_product_notifications is not 'true' in the customers_info table: if ($global['global_product_notifications'] != '1') { $products_check_query = tep_db_query("select count(*) as total from products_notifications where customers_id = '" . (int)$customer_id . "'"); $products_check = tep_db_fetch_array($products_check_query); ... This suggests to me there is feature enables by turning off Global Product Notifications, more than just disabling a feature? Any ideas?
  9. spacebiscuit75

    SSL duplicate domain

    I'm an idiot - I was missing the : after https: define('HTTPS_SERVER', 'https//' . $_SERVER['SERVER_NAME']); The 'solution' to set the https version of the site as http is a hack in my opinion, regardless if many here on the forum have used this to fix the issue. If you're using this approach then I would fix the real cause of the issue instead of that work-around - just my two cents worth though!
  10. spacebiscuit75

    SSL duplicate domain

    Are you sure about that? Why would the http url be https? That seems like a hack to make it work, it doesn't make any difference here. The example configure.php: define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
  11. spacebiscuit75

    SSL duplicate domain

    A quick update: upon further inspection I discovered that the images look as if they have the correct url: <img src="images/foobar.jpg ...../> However the console shows the url with the double domain as pointed out in my original post. If I inspect the DOM and add the leading slash the image appear. When I debug the code I can see that the url of the image is set by concatenating the params which the tep_image function requires: tep_image('images/', ..... Therefore out of the box the url of the image is correct. If I switch to the http version the url is the same and it works. This is very weird!
  12. I have enabled SSL on my site and now all images are broken, when I view the console of the browser the urls are of the format: https://mydomain.com/https://mydomain.com/image.jpg The domain is duplicated. My configure.php is as follows: define('HTTP_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTPS_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_FS_CATALOG', dirname($_SERVER['SCRIPT_FILENAME']) . '/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DIR_FS_ADMIN', $_SERVER['DOCUMENT_ROOT'] . '/******/'); /* db congig here */ define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('FONT_PATH', DIR_FS_ADMIN); define('DIR_WS_ICONS', 'images/icons/'); Similarly for the admin config define('HTTP_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_SERVER', 'https://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTPS_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('HTTP_CATALOG_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_CATALOG_SERVER', 'https://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', $_SERVER['DOCUMENT_ROOT']); define('DIR_WS_ADMIN', '/****/'); define('DIR_FS_ADMIN', $_SERVER['DOCUMENT_ROOT'] . '/****/'); define('DIR_WS_HTTPS_ADMIN', '/1eiow3j4rj4ioj3iodjewghjfq1/'); define('DIR_WS_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_FS_CATALOG', $_SERVER['DOCUMENT_ROOT'] . '/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', $_SERVER['DOCUMENT_ROOT'] . '/includes/languages/'); define('DIR_FS_CATALOG_IMAGES', $_SERVER['DOCUMENT_ROOT'] . '/images/'); define('DIR_FS_CATALOG_MODULES', $_SERVER['DOCUMENT_ROOT'] . '/includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); I had a similar problem for a js includes which had the issue until I put a trailing slash in front, so I guess the clue is in this? Any ideas?
  13. spacebiscuit75

    Forgotten Password

    Thanks I didn't have it install
  14. Is the link missing from the sign-in page? I don't seem to be able to see it but I can access it manually.
  15. spacebiscuit75

    SMTP Authentication and OSCommerce

    In he example above should the edits be done to the email.php in the classes directory? Above it says to changes the classes.php file.