Jump to content


  • Content count

  • Joined

  • Last visited

Posts posted by Chadduck

  1. ecartz


    I am ALWAYS amazed by those that can find an error induced by a module other than the one that is failing.  Incorporating your change above solved the unescaped apostrophe.

    I, myself, would have never looked outside of the module that I had just installed.

    Thanks again.


  2. Jack,


    The insertion of the "Manual IP" text during the install works fine - However when an individual tries to update the IP they are greeted with this error

    1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's with a comma.- Manual mode only')' at line 1
    insert into configuration_changes (change_date,previous_setting,new_setting,change_title,change_description) values (now(),'','XXX.XXX.XXX.XX','Manual IP','Enter the IP that you want to cause the manual run to happen. Separate muliple IP's with a comma.- Manual mode only')
    [TEP STOP]

    It is caused by this portion of the configuration text

    " Separate muliple IP's with a comma."

    removing the apostrophe removes the error.  As long as you are correcting it - there is also a "t" missing from the word multiple


  3. 43 minutes ago, Jack_mcs said:

    Please give it a try and let me know if it doesn't work.

    It seems to have worked BUT I didn't try any hacker things except for http://www.google.com as the email on the page where it asks for the email address.

    The code sent a password reset email - and I was able to reset the password.

    Thanks.  I just din't know IF it was necessary to do anything besides adding the include(s).  It looked like it may be necessary.

    Thanks again.


  4. On 11/4/2019 at 6:03 PM, Jack_mcs said:

    The only pages that matter are the ones with forms on them. You need to add the two include statements to the ones you want to protect. See the install instructions for the contact us page and make those same changes for the password_reset page. The others have coded examples already. Each page with a form will have error checking for the form near the top. The verify statement goes there. The display statement goes above the submit button code for the page.


    I finally got back to this for doing the password_reset.php.

    As I was preparing to do it I was looking at the install instructions for the contact_us.php and then I stopped to send these questions.

    I examined password_reset.php for the OSC 2.3.4  - it does not contain this line
        $actionRecorder = new actionRecorder('ar_contact_us', (tep_session_is_registered('customer_id') ? $customer_id : null), $name);

    I also noticed that the include statement to be included reads as follows
        /*** BEGIN HONEYPOT ***/
        /*** END HONEYPOT ***/  


    Since the $actionRecorder statement does NOT exist - can the include statement be inserted just after the require statement?  The file would then read as follows


      require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_RESET);
        /*** BEGIN HONEYPOT ***/
        /*** END HONEYPOT ***/  

    $error = false;

      if ( !isset($HTTP_GET_VARS['account']) || !isset($HTTP_GET_VARS['key']) ) {
        $error = true;


    The include statement says to use the module file "honeypot_verify_contact_us.php

    Does this remain "as is" or it necessary to create a "honeypot_verify_password_reset.php" file and correct it internally for the password_reset.php information?

    Sorry if those are dumb questions BUT Honeypot has been working so well and has made my life so much easier that I am hesitant to change anything without verifying so that I do not BREAK anything.


  5. On 4/19/2017 at 7:57 AM, Tsimi said:

    and use this following manual to install it into the osC BS Edge version.


    I did not improve the addon at all I just simply updated the install manual and that's it.


    FIRST and foremost THANK YOU for the installation instructions for OSC Bootstrap.  They were RIGHT ON.  Have used this particular mod for years in an OSC 2.3.4 store and really did NOT want to change.  The old saying "IF it ain't broke  DON'T fix it" applies.

    HOWEVER, there is one spot that does not exist in the BS Frozen version (All the rest matched up perfectly)

    That instruction set is this code

    catalog/product_info.php  NOT AVAIL 
    <div class="page-header">
      <div class="row">  
        <h1 class="col-sm-8"><?php echo $products_name; ?></h1>
        <h2 class="col-sm-4 text-right-not-xs" itemprop="offers" itemscope itemtype="http://schema.org/Offer"><?php echo $products_price; ?></h2>
    Replace with:
    	      $freeship_str .= '<br /><span class="smallText">(' . TEXT_PRODUCT_SHIPS_FREE . ')</span>';	
    <div class="page-header">
      <div class="row">  
        <h1 class="col-sm-8"><?php echo $products_name; ?></h1>
        <h2 class="col-sm-4 text-right-not-xs" itemprop="offers" itemscope itemtype="http://schema.org/Offer"><?php echo $products_price . $freeship_str; ?></h2>

    The FROZEN version of the file reads like this

      osCommerce, Open Source E-Commerce Solutions
      Copyright (c) 2010 osCommerce
      Released under the GNU General Public License
      if (!isset($_GET['products_id'])) {
      require('includes/languages/' . $language . '/product_info.php');
      $product_check_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_id = '" . (int)$_GET['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'");
      $product_check = tep_db_fetch_array($product_check_query);
      if ($product_check['total'] < 1) {
    <div class="contentContainer">
      <div class="row">
        <?php echo $oscTemplate->getContent('product_info_not_found'); ?>
      } else {
        $product_info_query = tep_db_query("select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_date_available, p.manufacturers_id, p.products_gtin from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_id = '" . (int)$_GET['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'");
        $product_info = tep_db_fetch_array($product_info_query);
        tep_db_query("update " . TABLE_PRODUCTS_DESCRIPTION . " set products_viewed = products_viewed+1 where products_id = '" . (int)$_GET['products_id'] . "' and language_id = '" . (int)$languages_id . "'");
    <?php echo tep_draw_form('cart_quantity', tep_href_link('product_info.php', tep_get_all_get_params(array('action')). 'action=add_product', 'NONSSL'), 'post', 'class="form-horizontal" role="form"'); ?>
      if ($messageStack->size('product_action') > 0) {
        echo $messageStack->output('product_action');
    <div class="contentContainer">
      <div class="row is-product">
        <?php echo $oscTemplate->getContent('product_info'); ?>

    Not wanting to "crash" the rest of MY TEST STORE (am upgrading)  I must ask

    Where does the required coding go?

    Thank you in advance


  6. 14 hours ago, Jack_mcs said:

    I don't think that would be any different from the hidden field already in the code but maybe I'm missing the point.


    I apologize.  I was thinking I had read in the beginning of this topic that YOU  had discussed the AI bots.  It was not you but another user.  I was just trying to think outside of the box as to another verification check for those type of bots.

    Again, apologies.  And thank you for not treating my comments /suggestions like  they were  unwanted  or silly.


  7. 3 hours ago, Jack_mcs said:

    It may be possible to block them If there is something else the code can check for.

    My initial thought was elimination by country but since the account is created by data presented to the bot.  So that is out.

    My next thought was abnormally long last name BUT in today's world with hyphenated names (e.g. Drake-Hollingsworth, Browskowski-Loveday, Rodriguez-Hernandez)

    This is maybe a little outside the box but perhaps a hidden dropdown with three choices empty as the default, then bot and lastly spider.  Since it is an abnormal hidden field anything but the default selected would result in a denial.  

  8. 1 minute ago, Jack_mcs said:

    If I understand your question, those examples are all for the date of birth field.

    I am sorry if that was confusing...  That was a cut and paste from the administration page dashboard.  

    The date was the date created since the dashboard only shows the First Name - Last Name and creation date.  

    I probably should have indicated that and I do apologize.  BUT it seems that the bot is simply inserting the same first and last name with an additional alpha character or two.  The added characters are generally in upper case.

    Again - THANK YOU my life has gotten much easier thanks to this mod.

  9. Jack

    First before I forget - THANK YOU!!! 
    I often forget to say that as I move onto the next module.

    The Honeypot is stopping registrations like this one

    First Name
    What's the most convenient method to gain $79862 a month: 

    Last Name
    What's the most convenient method to gain $79862 a month: 

    Those type registrations were being done 10 -15 times a day.

    I do have a question though - Can anything be done regarding the registrations like these?
    Customers    Date
    Bobbiemof BobbiemofYV    11/05/2019 
    Marina85waymn Marina85waymnMT    11/05/2019 
    CarolPhove CarolPhoveIA    11/05/2019 
    NovostroykiVolgogradDIx NovostroykiVolgogradDIxBN 11/05/2019 
    Smocnat KaocnatLC 11/05/2019 
    RandalJub RandalJubMD 11/05/2019 

    Did I miss a setting? Do I need to set something?


  10. Jack

    My live store is OSC and I just installed the HoneyPot Captcha and it appears to be working.

    BUT a Quick question - at present I have it enabled for these pages


    SHOULD it also be enabled for any others?

    There are 57 in the setup - should it be enabled for ALL of them?

    BTW I am updating to FROZEN and will be installing this in it also.


  11. Mr Petet

    Please forgive my constant posts - I pulled the file from the place you identified "Separate Shipping Per Product v2.5 [SSPP]" and grabbed the one identified as Bug 2.52.  
    I also pulled the file that is identified SSPP v2.51 Full package. 
    I extracted and examined the files... 

    Having said that - one of the first things I do is examine any included sql file to see what changes will be done to the database.  The included sql refers to altering three tables


    I checked my OSC Frozen db and my live store db which is OSC

    Those tables DO NOT exist in either version.

    The included sql file is titled "update25.sql" in both files.  This would indicate that the file expects those tables to already exist BUT since this is the FIRST time install for me which version contains the install table creation sql scripts.

    I do not mind pulling it from a previous version BUT on the "Separate Shipping Per Product v1.0" version page there are 19 different versions.  On the "Separate Shipping Per Product v2.5 [SSPP]" version page there are four versions.  

    Thank you for any insight.


  12. On 10/1/2019 at 4:21 PM, rpdesign said:

    Bug 2.52

    I found out the zip file was missing the php7.0 fixes and had files in the wrong places as well as duplicate files. Please download the new version as it is correct. 

    Mr Petet

    Good Morning sir.  Up front I, like Mikepo above, am working with the OSC FROZEN vsn and under php 7.2.

    Having said that I went to your module in the contributions section - the latest that is there is SSPP v1.852  which identifies "Bugfix: 1.852 This fixes the installation of the seperate_mode table from not being installed." and was uploaded 11th August 2014.

    This makes me believe that I am in the WRONG area -OR- the version quoted from your post is not yet available.

    Could you please confirm my suspicions -AND / OR- direct me to where the newest version resides?

    Thank you in advance

    BJ Chadduck


  13. Trying to install this module on a CLEAN Frozen install

    Operating System
    I included a crop of the installation screen 

    The OSC is CE-Phoenix-2341-Frozen
    The module is UPSXML version 1.7


    I do not understand exactly what is happening.  

    When I place the upsxml.php in the includes/modules/shipping directory the shipping modules installation screen fails to load completely.

    NO there is no other UPS module there, as shown on the BEFORE placing portion of the graphic.

    After placing the module shows the screen after the upsxml.php is placed.

    Solutions?  Recommendations?


    BEFORE - AFTER.jpg

  14. Hello All;

    At this point, in my migration to OSC Phoenix,  I am slowly adding shipping and payment methods.

    I currently have these modules installed and working

    Master_Password_v3.1 - INSTALLED
    USPS Rate V4 Intl Rate V2 r1.8 - INSTALLED (thank you @Kymation)

    I am now needing to install an UPS Shipping method.  On my LIVE store I currently use UPS CHOICE

    While I understand that XML is the wave of the future and I have the needed keys etc for install I would truly prefer simple rather than complex.  Also from what I have read in the forums the module UPSXML version 1.7 does not like php 7.2 or php 7.3.  I am currently running under php 7.3.

    WHICH UPS module WORKS with Phoenix?  

    I have reviewed the forum and there does not seem to be an identified module (old or new) that is recommended.  

    Suggestions?  and do you have it operational?


  15. 1 hour ago, kymation said:

    I haven't tested this module with Phoenix, so there may be other changes needed.


    I was so excited that the array issue was resolved I was NOT paying attention on the Front End.

    In the module  includes/modules/shipping/usps.php on line 32 is this

      $this->icon = DIR_WS_ICONS . 'shipping_usps.gif';

    First there is NO icon in the package and secondly when Phoenix installs there is not a directory created.  Additionally there is no define set up in the configure.php for them.  As it appears there is a broken graphic that appears.  simply commenting that line out removes the broken graphic.


  16. 49 minutes ago, kymation said:

    I haven't tested this module with Phoenix, so there may be other changes needed.

    Thank you Jim.

    I added the line where indicated and it SOLVED the problem.  Beyond that little change - everything went as advertised.  Comparing the LIVE store vs the Local store - the rates were pulled correctly.  The array now works.

    Attached is a text file containing your code for addition in the download file.

    THANKS again - onward and upward.  Any suggestions for the UPS shipping method?