Stephan Gebbers

i am already using notepad++ to edit the shop files, saving as UT8 (without BOM). So in theory such problems should not appear. very strange!

i gave up on adding the changes. something seems wrong with copy and pasting it from the forum. stuff like PHP Fatal error: Uncaught Error: Call to undefined function tep_db_q\xef\xbb\xbfuery()

I was looking for something like that on the main page. Just installed it now! Excellent!

check if the attached module works for you. just place all your generated faviconit files (images, xml etc) into the shops root. i took the standard code from faviconit.com and placed it into the header_tags module. so if you have no advanced faviconit.com options it should work. ht_favicon-module.zip

adding //test to my htaccess = instant error 500

try changing //Block bad bots to #Block bad bots

example, as found here (second best answer) https://stackoverflow.com/questions/28650327/responsive-images-srcset-not-working this one switches with the viewport / window size. don't know if that is ideal. what do you think? echo '<a href="' . tep_href_link('index.php') . '"><picture> <source srcset="' . $store_logo_big . '" media="(min-width: 1200px)" /> <source srcset="' . $store_logo_medium . '" media="(min-width: 800px)" /> <img src="' . $store_logo_small . '" title="' . STORE_NAME . '" alt="' . STORE_NAME . '" class="img-responsive no-watermark"/></picture></a>';[code]

so, resizing the browser window will not bring up the other logos i guess.

ok, i changed the tep_image in tpl_cm_header_logo_multi.php to tep_image_legacy still getting the 1280 version always. also deleted images from mobile chrome cache. still the 1280 only its no retina. its a oneplus 3 mobile phone.

Does this work together with KissIT ImageThumbnailer Pro? Regardless of using pc or phone, i get 1280 logo always. Regards, Stephan

i did not understand a word you said ;) i did a "beyond compare" on the phpass update and it seems the update is not that revolutionary. it should basicly work as the 0.3 or 0.4 version i think. the most significant change is my change of true to false in the passwordhash function call, as it will use the php crypt function and blowfish hash function $hasher = new PasswordHash(10, false); 10x iterations and $portable_hashes = false that will allow blowfish (from php crypt) and that is what i also asked. if that is a stronger/better encryption. i think so. function HashPassword($password) { $random = ''; if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) { $random = $this->get_random_bytes(16); $hash = crypt($password, $this->gensalt_blowfish($random)); if (strlen($hash) === 60) return $hash; } if (strlen($random) < 6) $random = $this->get_random_bytes(6); $hash = $this->crypt_private($password, $this->gensalt_private($random)); if (strlen($hash) === 34) return $hash; # Returning '*' on error is safe here, but would _not_ be safe # in a crypt(3)-like function used _both_ for generating new # hashes and for validating passwords against existing hashes. return '*'; }

as i wanted the best possible password encryption available. initialy i got into the password functions as someone asked about password length on oscommerce discord today and i had to look into it.

i just updated Phpass from 0.3 to 0.5 in /includes/classes/passwordhash.php http://www.openwall.com/phpass/ and changed in includes/functions/password_funcs.php in function tep_encrypt_password($plain) and in function tep_validate_password($plain, $encrypted) { this $hasher = new PasswordHash(10, true); to $hasher = new PasswordHash(10, false); i now have a 60 char blowfish hash output. before i had a 34 char hash in the database field. Is there a reason not to change it that way? i think the passwords are encrypted with a stronger hash function that way and it should be php5.3+ compatible. account creation, change password and reset password seems to work just fine. and as someone asked about max length of password in Oscommerce Discord Chat. Is there a password length limit? i dont think so. Should there be a limit? (see https://sunnysingh.io/blog/secure-passwords ) "Passwords should never be longer than 72 characters to prevent DoS attacks". Regards, Stephan

looks realy good! do you want to share what you did to make it look like that?

looks nice! but maybe the title space could line up with the other ones in a row?