spacebiscuit75

Of late I have noticed in my action recorder that someone is posting messages with nonsense messages. I have Captcha setup and I have also added some custom sanitisation to kill the process when certain criteria is met. All of these posts are coming from he same region (Russia) so it is clearly the same person(s) carry this out. I have asked my host for a security scan which has passed, what are they trying/hoping or what might they have achieved. I can see at least 6 months of this type of activity so I can't imagine they must have had some sort of gain or success to date. Any ideas? Thanks.

There is Product Notifications module for the checkout success page. When enabled it displays the custom radio which can be toggled. I noticed that when the radio is selected and them saved - a record is not saved in 'products_notifications'. The form action post back to: checkout_success.php?action=update But all the checkout success page does is redirect to the home page: if ( isset($_GET['action']) && ($_GET['action'] == 'update') ) { tep_redirect(tep_href_link('index.php')); } Looks like this is a bug, I know this is a much maligned feature but just wanted to check that I am not missing something?

My error, my form input for the checkbox had a ttpo which meant the isarray() check that catches the save was not caught. Working now thanks.

I understand that this feature is a notification preference. What is the difference between the two toggle states. Is this an on/off toggle or else is it a toggle between two different types of notificaitons? I ask because in the account settings the products that a customer has notifications setup for are only shown with checkboxes to unset the association if the global_product_notifications is not 'true' in the customers_info table: if ($global['global_product_notifications'] != '1') { $products_check_query = tep_db_query("select count(*) as total from products_notifications where customers_id = '" . (int)$customer_id . "'"); $products_check = tep_db_fetch_array($products_check_query); ... This suggests to me there is feature enables by turning off Global Product Notifications, more than just disabling a feature? Any ideas?

Further to the above findings - the product notification ignores the customers newsletter subscription setting on the customers table. So despite the notifications being sent under the newsletter feature this field is not used to filter customers to be included. It is only used if the module/type option when creating the newsletter is set as "customers_newsletter" flag is used.

Ok so I think that I figured it out. Product Notifications are a type of newsletter that can be sent from the admin: Tools -> Newsletter Manager. When sending this type of newsletter you must select at least one product. - if 3 customers have opted in for Global Product Notifications all 3 they will be notified - if 2 customers are not opted into Global Product Notifications but they have selected to be notified of this particular product these 2 will also be notified Therefore a total of 5 recipients will be notified, the intersection of the two groups. I think that this is a valid feature just that it is not very clear and obvious. In my case I have updated the forms and labels to make it clearer to the customers, I've renamed it as "Product Follows" to give it more of a social media feel. Many thanks!

So am I correct in stating that the global product notifications is an opt-in to receive a newsletter if one is sent va the admin. Only those customer who have this value set to true will receive the communication? If this is the case, what if as a customer I want to opt-into this group AND also subscribe to individual products. I have noticed that if you choose to set global product notifications to be true then any enteries in the product_notifications which you may have set up are removed - this doesn't make much sense to me. It would appear that the global_product_notifications field is not just an on/off toggle but is in fact a toggle between two distinct features, something that is not obvious or clear. In my opinion there should be two fields on the customer table, providing the ability to toggle between two distinct features.

Thanks - I understand the notifications can be of all products or those selected by the customer, but what is in the notification itself - what is it notifying?

I have enabled SSL on my site and now all images are broken, when I view the console of the browser the urls are of the format: https://mydomain.com/https://mydomain.com/image.jpg The domain is duplicated. My configure.php is as follows: define('HTTP_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTPS_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_FS_CATALOG', dirname($_SERVER['SCRIPT_FILENAME']) . '/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DIR_FS_ADMIN', $_SERVER['DOCUMENT_ROOT'] . '/******/'); /* db congig here */ define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('FONT_PATH', DIR_FS_ADMIN); define('DIR_WS_ICONS', 'images/icons/'); Similarly for the admin config define('HTTP_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_SERVER', 'https://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTPS_COOKIE_DOMAIN', $_SERVER['SERVER_NAME']); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('HTTP_CATALOG_SERVER', 'http://' . $_SERVER['SERVER_NAME']); define('HTTPS_CATALOG_SERVER', 'https://' . $_SERVER['SERVER_NAME']); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', $_SERVER['DOCUMENT_ROOT']); define('DIR_WS_ADMIN', '/****/'); define('DIR_FS_ADMIN', $_SERVER['DOCUMENT_ROOT'] . '/****/'); define('DIR_WS_HTTPS_ADMIN', '/1eiow3j4rj4ioj3iodjewghjfq1/'); define('DIR_WS_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_FS_CATALOG', $_SERVER['DOCUMENT_ROOT'] . '/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', $_SERVER['DOCUMENT_ROOT'] . '/includes/languages/'); define('DIR_FS_CATALOG_IMAGES', $_SERVER['DOCUMENT_ROOT'] . '/images/'); define('DIR_FS_CATALOG_MODULES', $_SERVER['DOCUMENT_ROOT'] . '/includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); I had a similar problem for a js includes which had the issue until I put a trailing slash in front, so I guess the clue is in this? Any ideas?

I'm an idiot - I was missing the : after https: define('HTTPS_SERVER', 'https//' . $_SERVER['SERVER_NAME']); The 'solution' to set the https version of the site as http is a hack in my opinion, regardless if many here on the forum have used this to fix the issue. If you're using this approach then I would fix the real cause of the issue instead of that work-around - just my two cents worth though!

Are you sure about that? Why would the http url be https? That seems like a hack to make it work, it doesn't make any difference here. The example configure.php: define('HTTP_SERVER', ''); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

A quick update: upon further inspection I discovered that the images look as if they have the correct url: <img src="images/foobar.jpg ...../> However the console shows the url with the double domain as pointed out in my original post. If I inspect the DOM and add the leading slash the image appear. When I debug the code I can see that the url of the image is set by concatenating the params which the tep_image function requires: tep_image('images/', ..... Therefore out of the box the url of the image is correct. If I switch to the http version the url is the same and it works. This is very weird!

Is the link missing from the sign-in page? I don't seem to be able to see it but I can access it manually.

Thanks I didn't have it install

I have just installed the Phoenix edition of OS. All looks good, an amazing job by the team. Thank you - I aim to donate some beer tokens in due course. My challenge now is to try and modify the bootsrap to replicate the previous responsive template which I was using. I have two questions: 1. Where do I over-ride bootstrap styling - I see that there is a user.css in the root of the project. Is it intended for this purpose 2. My second question is perhaps more of a Bootsrap question. For the large desktop breakpoint I want to use container width of 85%. Within the admin I have switched the class from 'container-fluid' => 'container'. I have then added the following inthe aforementioned user.css @media (min-width: 1200px) { .container { max-width: 85%; } } Is this good practice? Thanks, Bob.

In he example above should the edits be done to the email.php in the classes directory? Above it says to changes the classes.php file.

Is there a currency selector in the BS edition? I have searched around in the admin and I can't find one. My previous theme had a drop down on the header, I can implement myself but didn't want to re-invent the wheel if possible. Thanks,. Bob.

Ok so I see the update has to be manually configured. I have implemented my own implementation that reads current rates into a file. When the home page is hit if the file is more than a few hours old I update the rates.

Perfect thanks, I had missed it since it was not an installed module. I only saw it when I clicked the link to see uninstalled modules. On a related topic, I have instaled the ECB currency update module, how is the update triggered? Thanks.

Thanks just wanted to confirm that i wasn't doing anything that might be considered a hack. I appreciate the feedback and inpit above...

I am not sure that setting a % on container-fluid is the way to go, the bootstrap docs say: "Use .container-fluid for a full width container, spanning the entire width of your viewport." So by definition the container should fill whichever viewpoint the user is on. I think adding the width % to the container class is a cleaner approach? I understand that using "!important" is bad practise since it forces styles to be inherited and these cannot be over-ridden, at least that was the thinking some time in the recent past I believe.

I am in the process of migrating my shop over to the frozen edition so that it is PHP compatible. However I ave a custom front end theme so the process is not straightforward but is progressing well. I am experiencing erros of this type: Warning: Use of undefined constant TEXT_EDIT_CATEGORIES_SEO_TITLE - assumed 'TEXT_EDIT_CATEGORIES_SEO_TITLE' (this will throw an Error in a future version of PHP) in D:\.......\categories.php on line 1041 My question is what are these uppercase variables? 'style="width: 300px;" placeholder="' . PLACEHOLDER_COMMA_SEPARATION . '"'); I don't see how or where these are set. I can surround them in quotes which supresses the error but I don't think this is correct as the html which is rendered is literal. Thanks in advance, Bob

Ok so I have decided to do a clean install of the Phoenix edition and now I i will attempt to add the custom theme. So far so good, I have imported my customers, orders and products and I have no PHP errors even running PHP v.7.3.5 Thanks for the direction, much appreciated.

Ok thanks this makes sense now. I think I originally looked into php upgrade options earlier this year. I downloaded the Frozen (or Edge I don't remember exactly) and it sat on my Dev machine for 6 months. Since then it seems the Phoenix has risen from the ashes! I will give it a try!