Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

dynamoeffects

Pioneers
  • Posts

    1,635
  • Joined

  • Last visited

Everything posted by dynamoeffects

  1. Version 1.0.2 has just been released: http://addons.oscommerce.com/info/3647 The upgrade from a previous 1.0.0 version should be fairly simple. Just overwrite your existing /includes/paypal_wpp and /admin/includes/paypal_wpp directories with the ones in this version.
  2. Either: 1) Your /includes/languages/english/modules/payment directory was deleted or is empty 2) Your DIR_FS_CATALOG define in one or both of your configure.php files is wonky
  3. That's basically what that contribution does. The visible payment option is the one selected. If you look at the readme file, an example of how it works is on the first page.
  4. @realhotstuff & prafulkr: GoDaddy users? If so, check out the configuration section of the readme about entering a proxy address. If not, the problem is caused by curl either not being installed or being blocked. You'll need to contact your web hosts and ask. @Olly: If you can wait a little bit longer, I'll have this new version of the module available that has AMEX removed for UK merchants. As for the payment selection issue, I created this contribution to help with that: http://addons.oscommerce.com/info/5285
  5. To exploit your server, the first thing an attacker would attempt is a SQL injection attack (many of the most popular contributions are vulnerable to this type of attack). A SQL injection attack would allow them access to your database and give them the ability to read, modify, and delete whatever they would like. Using the same method, the store owner's email address could be updated to an attacker's throwaway email account. How many days of no order notifications would it take before you'd look in your Configuration settings to see that the email address has been changed? This is what happened to a lady who contacted me about a year ago asking why none of the order emails were getting sent to her email account. The problem was exactly what I described above.
  6. Read your merchant agreement. You signed a contract agreeing that you would follow the PCI's card handling security procedures or you will gladly accept large monetary fines. $500,000 is the maximum fine per-incident (per stolen card) fine that they will levy against the merchant. Maybe you'll get off light and only have to pay $5,000 a month until you are compliant. And example of a $500,000 fine: http://www.security.ithub.com/article/VISA...h/218242_1.aspx osCommerce with a heavy load of unmodified contributions installed is not a secure application to be storing or emailing credit card information. Don't think it would ever happen to you? If you're using the latest version of the Header Tags controller and you're storing credit card numbers in your database, anyone can output a list of your customers' data by adding a SQL query to a specific URL parameter. Use Fast Easy Checkout? In less than 2 minutes you could be compromised. I know this because I do a security check on all contributions that I install in my clients' stores. Even if you don't store the credit card numbers, the store owner's email address can be altered so that all card numbers are funneled to an attacker's email box. As soon as the stolen cards are traced back to your store, which is just a matter of finding the merchant where all cards were used, guess what happens. There are times when as a small business owner that you should cut corners to save money, but this is not one of them. I make this point not to be the PCI's guard dog, but instead to convince merchants to stop being irresponsible with their clients' private financial data. You wouldn't accept stores where you shop being irresponsible with yours.
  7. PayPal doesn't send error dumps. Turn off Debug Mode in your PayPal module. It's not expected to be turned on all the time. Also upgrade to the latest version of the PayPal module as that information gets masked out.
  8. Your store is located at http://www.example.com/mystore/catalog/ ? I'm surprised you don't experience session issues with your configure.php scripts like that. For instance, your includes/configure.php file should look like this: define('HTTP_SERVER', 'http://www.domainname.org'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://secureserver.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', '.domainname.org'); define('HTTPS_COOKIE_DOMAIN', '.secureserver.com'); define('HTTP_COOKIE_PATH', '/mystore/catalog/'); define('HTTPS_COOKIE_PATH', '/domainname/mystore/catalog/'); define('DIR_WS_HTTP_CATALOG', '/mystore/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/domainname/mystore/catalog/'); Your admin configure should look similar. The one define I needed to see is the DIR_FS_CATALOG define in your /includes/configure.php file. That misconfigured would be what's causing your problem.
  9. It's purposefully pulling in the configure.php from your customer side because Harald still hasn't fixed the missing defines in /admin/includes/configure.php Post your /includes/configure.php and /admin/includes/configure.php here. I'm 100% sure this is a misconfiguration issue.
  10. Well the £240 a year you'd spend on a payment gateway is much less than the up to $500,000 per incident fine that Visa and Mastercard would fine you if they discover that you're processing cards in breach of your merchant agreement, especially if it's related to card theft stemming from emailing yourself credit card numbers. Also by adding in the potential additional cost of being permanently barred from ever processing Visa or MasterCard again should also be added in. Right about now £240 a year doesn't sound so bad. Visa/MC have removed any incentive of manually processing credit card numbers from online orders.
  11. @spcalia: Sounds like you're actually using Harald's version as mine never dumps the raw response to screen. @robear: If you want to use Paypal Pro, then use, you need this module. If you simply want to do something with customer credits, that should be modified outside of this module. @stickypod: Please try to keep the questions relevant to PayPal Pro. If you change the radio buttons to checkbox buttons, your checkout is going to break. @MJP: One or both of your configure.php files are misconfigured.
  12. This PayPal Pro module works for GoDaddy users: http://addons.oscommerce.com/info/3647 There's a field in the module's settings for the proxy address.
  13. @robear: It would be smarter to add that code near the end of the order in checkout_process.php, around after_process.php. You shouldn't need to modify this module unless you need to send something extra to PayPal. @spcalia: You're trying to use a sandbox API certificate on the live server or vice versa. They're not interchangeable.
  14. Are you a GoDaddy customer? If so, refer to the configuration page in the readme.
  15. There's a duplicate require(DIR_WS_CLASSES . 'currencies.php'); line in /admin/orders.php. Delete the second one. It was a mistake in the installation instructions.
  16. @cookiebob: Turn "Debug Mode" on in the module's settings. It will email you with all of the information necessary. However, the problem is most likely with your store, not with PayPal. @markpdoyle: Delete the ".htaccess" file in the /includes/paypal_wpp/ directory.
  17. The installation instructions were updated for the latest version of osCommerce. In earlier versions, the equivalent line to look for is: <?php } else { ?> <tr> <td align="center" class="main"><?php new infoBox(array(array('text' => TEXT_CART_EMPTY))); ?></td> </tr>
  18. @IndevaWeb: Turn off SEF URLs in your configuration and see if that makes a difference.
  19. Selling counterfeit products is illegal in most countries and I doubt you'll find any merchant account will accept you.
  20. As they say, security isn't a product, it's a process. It will cost you far more to become PCI compliant than it would be to sign up with a payment gateway.
  21. @natasha21: That would make sense as to why it happens so infrequently, since that contribution isn't installed in every store. @graysonhobby: Not anymore because it was a bad idea in terms of security and liability in the first place. It was meant as a stopgap measure until I could figure out what was going on. @Neilyuk: Just search for "HEADING_TITLE" and you'll find it. Your code is different because you removed the clipart image next to the page title. @MichaelThePilot: You messed up nearly every change point required by the module. Follow the instructions a little closer for that page.
  22. Have your client sign up with a payment gateway and using their associated payment module, they will verify and charge the card. If the payment completes successfully, the customer will be able to download immediately.
  23. The simplest method would be to price a product at $1 and allow the customer to enter in a quantity of dollars. The more complicated method would require some custom programming where you'd have to activate a product as that type in the admin, then modify the store to know that the person can enter their own price for that product.
  24. It's a PayPal problem. You can try opening a support ticket with them.
  25. @fillthemup: It's a difficult uninstall and reinstall and takes a little time to complete correctly. Try using file comparison software to help simplify the uninstall and reinstall of the module. If that doesn't work, I've been known to do installs for store owners.
×
×
  • Create New...