Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Posts posted by toyicebear

  1. For the front page you can add as many as you like, for the rest they are dynamically created based on the page content and there are no manual entry for those.


    If you wish to add in meta tags manually for other places on your site then you should look at the Header Tags SEO Add-On instead.

  2. You should change the login info for your admin immediately , before someone "hacks" your shop.


    This is the instructions from the CCGV Mod:


    Creating a Gift Voucher.


    Creating a gift voucher for a customer to buy is the same as creating a new product with the exception that the gift vouchers model number must start with the word GIFT in upper case. It can be GIFT_25 or GIFT25 or whatever you would like to use. as the suffix to the word. But MUST START with the word GIFT You can create gift vouchers in any denomination. Gift certificate images have been provide in the catalog\images directory in denominations of 25$, 50$ and 100$ values.


    You can also create gift vouchers by sending them to your customers via the admin->Vouchers/Coupons->Mail Gift Voucher selection within the admin. To use this to send a voucher to a customer use the drop down customer list. To send to a single customer or future customer you can put their email in the Email To: text box. Do not use both the customer dropdown list and the Email To: text box or the customer will get 2 gift vouchers. To determine what values the gift voucher is used on please see the doc on modules->order total->gift vouchers.


    Gift vouchers are a virtual product. In this regard, in many shops, they do not require shipping charges to be added to them. To avert the shipping charge on gift vouchers set the weight of the gift voucher to 0 when creating the product and enable downloads by setting true the value admin->configuration->downloads->enable download .

  3. Its in the instructions for CCGV Credit Class Gift Voucher


    basically it is that you make a new category in the shop, called for instance: Gift Cards then you add a products to it. to make those products be a gift card you will need to give it a model number starting with GIFT. See the CCGV Credit Class Gift Voucher for more detailed instructions.

  4. If they have used STS then they have probably also used one of the older 2.2 oscommerce versions. STS is not compatible with 2.3+


    You can try to look around in the support tread for STS there are some tips and tricks there.


    Your best bet though is to make a new site with a similar design using the newest stable version, currently 2.3.2

  5. can anyone point me to the image plugins or add ons to replace the awful one that is given by default with oscommerce 2.3.1?


    the default one is resizing images on the fly with javascript, and this is unnacceptable.


    Use KissIT Image Thumbnailer for image resizing.


    yes, i found that one, but it says that multiple images do not have "alt" tags on them, and this cannot be fixed?

    im woried that this will affect search engine ranking and not be valid code html .


    That is not something to worry about, google will index your product pages just fine.


    If you are "concerned" about optimizing your pages to the MAX , then you can rip-out bxgallery and replace it with another image gallery solution as-well as modifying your shop to let you add in image alt tags for all product images in admin.

  6. now all the developers wil start winging that a complete cart will reduce their income.


    Its not about reduced income for developers, its about all the "bloat" which such "full" featured carts also have "included".


    A clean cart with the basic features included is often the best base to build a shop from, you will then be able to customize it to your particular business needs while still keeping it as lean and mean as possible.


    The problem with the current 2 series of oscommerce is that its not "modular" enough so installing add-ons usually include modifying core codes.


    And actually there is soooo much more money to be had for developers in carts like Magento, Prestashop and Magento. Firstly you make an add-on you can sell it through their marketplaces, then you get additional income from customization request on the same add-on, then you get even more income from those who sign-up for support and update packages for that add-on ++++


    Those carts are also way more complicated to modify, so most who DIY alot on their oscommerce cart would have to pay a developer to make close to any changes outside of standard functions, and due to the complexity of the code the number of qualified developers are smaller which in turn means that the prices are higher.

  7. Relationship between PCI DSS and PA-DSS

    Clarified that use of a PA-DSS compliant application alone does not make an entity PCI DSS compliant.


    When it comes to protecting yourself/your business from liabilities do not take the word of internet keyboard warriors at face value. (especially when they are interpreted to favor their own practices)


    Contact your own merchant account provider and get clarification on any issues/questions. (If you are "afraid" to mention your current practices to your merchant account provider then that itself should be a HUGE flashing warning sign that you are probably doing something incorrectly)


    If you fail to do your "due diligence" and just plod on as before, one day you might get a very nasty surprise when you find out that lamenting "BUT I DID NOT KNOW THAT" or "BUT I THOUGHT IT MEANT THAT" or "MY INTERPRETATION OF THAT WAS" does not hold much weight when i comes to payment data security.

  8. Put on your reading glasses and read 3.2.2 and take note that outside of other card authorization information that CVV2 (card verification code) is specifically mentioned and that it should not be stored under any circumstances.


    verify that the three-digit or four-digit card verification code or value printed on the front of the card or the signature panel (CVV2, CVC2, CID, CAV2 data) is not stored under any circumstance


    For anyone who are still unsure they should contact their merchant account provider and inquire about manually processing of orders where the payment information has been collected online.

  9. I'm not using the correct terminology, CVV, CVV2, CV2... Whatever the 3-digit "magic number" on the back is called. PCI 2, section 3.2 specifically says it can be saved long enough to process and get authorization, and then must be deleted. It further states that it can still be saved, in a safe and secure manner if there is a valid business case to be made for doing so.


    No, CVV2, CVC2, CID, CAV2 falls under 3.2.2 which you are not allowed to store under any circumstances.


    PCI DSS V2



    3.2.2 Do not store the card verification code or value (three-digit or four-digit number printed on the front or back of a payment card) used to verify card-not-present transactions.


    Testing Procedures:

    3.2.2 For a sample of system components, examine data sources, including but not limited to the following, and verify that the three-digit or four-digit card verification code or value printed on the front of the card or the signature panel (CVV2, CVC2, CID, CAV2 data) is not stored under any circumstance:

  10. 1. Check that your merchant account agreement allows you to manually process payments where info has been collected online. HINT: In most cases it will be against your TOS.


    2. If you wish to manually process payments with info collected online, do not use CVV2 you are not allowed to save it in any form. (even if you delete it after use)


    In regards to Manual processing CVV2 is only for real time use, when the customer are talking to you on the phone or standing in front of you and you key it directly into the MOTO terminal.


    Even if you follow 1 and 2 , if you are not PCi compliant you are even then liable for fines and sanctions from merchant account providers and credit card companies.


    And in some countries and states/areas it is even against the law to handle payment data in an insecure way. (And this is an area which is only getting more and more regulated)


    So the short version, if you are not PCI compliant use a 3 party payment provider instead.


    That a online payment gateway to process cc is 20 usd a month is not a valid argument , you can get a PayPal account for free and with no monthly fees. (there are several other alternatives too without monthly fees)