Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


MrPhil last won the day on December 5 2017

MrPhil had the most liked content!

Profile Information

Recent Profile Visitors

102,495 profile views
  1. What things you can make use of depends on how your host has configured their servers. For example, some hosts don't permit Options, or restrict what can be done with it. So, you may not be able to use Options -Indexes to suppress listing of directories lacking an index file (images/, etc.). That's easy to get around -- just put an empty index.html file in those directories, or one with a snarky remark like "Move along, nothing to see here." or "You lookin' at me? I said, are you lookin' at ME?". I added it to my DirectoryIndex list (with absolute path) so I don't have to worry about explicitly placing a file in each unprotected directory. Consider adding "hotlink protection", so other sites can't display your images while you pay bandwidth charges to have them served from your site. I see a commented-out "Fail" rewrite, which is part of it, but you would need to add the whitelist RewriteCond statements. There's something available these days called "leech protection", which restricts access to sensitive areas of your site if someone manages to steal your ID and password. I presume that somewhere you have already implemented password protection for the admin section of your site (either manually by the files supplied with osC, or better, via your hosting control panel). You don't need so many deflate filters for an osC installation, but you might need some of them for other stuff you have on your site. Consider speeding up things by removing unneeded filters. The same goes for expiration dates. Consider how you're handling http requests AND/OR non-www domain names coming in (the "canonical" section). You need to handle both (rewrite to https and www), and there are several ways to do this, but make sure you don't end up sending two 301 redirects back to the requestor (one for https and one for www)... that will kill you in SEO. If you want SSL (https) on every page, don't forget to adjust your configure.php files to specify only https in the first place -- it's bad form to send out only http links, and then bounce them back with a 301 to https! I'm not familiar enough with the malware filters and header stuff to speak about them.
  2. language change

    If there is no up-to-date Dutch language file set, you can always look at the English version and add the missing bits to the Dutch version. Until you get that done, you might even just put in the English text (if necessary) so that the code will run. When you're done, if it's a good, clean translation that you can be proud of, please consider donating it back to the project for the benefit of others. After signing on, click on Activity > My Activity Streams and select the appropriate entry (such as all content you posted in, or just the ones you started), and they should be there. Unless, of course, you did something that angered The Powers That Be so much that they erased everything you did... This assumes that you're using the same user ID as you did before, and it wasn't destroyed and re-created (thus having a different ID number that won't match up with existing posts).
  3. Problems with MySql

    Where are you setting the "language"? Do you mean the character encoding (UTF-8)? Shouldn't you be able to go into phpMyAdmin and set it once (globally) to UTF-8? You may need to also go through all the tables and fields and reset them to UTF-8. Once that's done, you shouldn't have to reset the charset each time, although that really shouldn't be a tremendous burden if you still need to (but it's time to ask your host what's going on).
  4. That's what worries me. If someone sends me an email that's not associated with their account, or calls me up, and asks what personal data I'm keeping on Carine Bruyndoncx, how do I know it's really you? Should I only permit access via signon through their customer account? What if they claim they have forgotten their password and no longer have that email address? I don't want to give out personal data to random people who may well have malicious intent. If someone can sign on to their account, they can see their data, modify it if they wish, or ask for removal (in practice, taking it offline). That's all that seems reasonable to me. If they no longer can sign on to their account, they have no way to prove who they are, so T.S.
  5. Mixed Content Error after installing SSL on site

    Yes. You want to add $request_type, not replace another variable. It was unnecessary (but harmless) to change FILENAME_DEFAULT to 'index.php'. They should be equivalent. If you're running your entire site in SSL; 'NONSSL', 'SSL', and $request_type will be functionally equivalent, since both the 'SSL' and 'NONSSL' will be replaced by https://...domain name/catalog/. $request_type will be either 'SSL' or 'NONSSL' (probably 'SSL', if you're running under all-SSL pages). Depending on what you're scanning for, you can usually use grep (Linux) or findstr (Windows) to bulk scan all your files (or all *.php) at once. I hope you're not looking through each file one-by-one with an editor -- that would be a lot of unnecessary labor.
  6. reCAPTCHA V2 - Looks So Cool

    reCAPTCHA is probably better than nothing, but don't think it's foolproof. Any sort of visual puzzle cranked up enough to stop bots is usually too hard for most people! And let's be careful about shutting out people with visual problems or who can't use a mouse.
  7. Mixed Content Error after installing SSL on site

    Uh, no, in general you want to add $request_type to the list, not replace $HTTP_GET_VARS. If $HTTP_GET_VARS is actually not used, that would be harmless, but if you don't know for sure, leave it. It might be used by a function at a deeper level (called from this function). Unless you can show that FILENAME_DEFAULT is not defined, you should leave it as-is. I don't know quite why you were told to change 'NONSSL' to $request_type, when it would have been easier to change it to 'SSL', but no real harm done. Perhaps it was done that way to make any future return to a not-all-SSL site easier? Yes. I hope you're not looking at every file individually in an editor, but are using an appropriate bulk file scanner (grep for Linux, findstr for Windows). You should have all your files on your PC anyway, as a backup, so you can run the scan there if it's inconvenient to do it on the server.
  8. Mixed Content Error after installing SSL on site

    You apparently want the whole site (all pages) to be under SSL, so you have only "https://" in your two configure.php files. Correct? If you're still getting "http://", it means the http is hard coded somewhere, rather than using one of the HTTP_* variables from the configure.php files. Have you scanned all your .php files (using grep on Linux or findstr on Windows), looking for "http:"? You might also scan for form name="manufacturers" and see how the action= phrase is coded (what variable or constant it's using). From there you can trace where the action URL is coming from (also see why the name and action are run-together like that, while you're at it, unless it was just a miscopy). It's possible that "manufacturers" is not hard coded into the form statement, but is a variable argument (you would then have to scan for manufacturers instead). By the way, you have a slogan "Your Finest Choise" in your header. I think you mean "Your Finest Choice".
  9. Terms replacements in search

    If it's only searching the title, that's a pretty poor setup. It should search the product description, too, where you can make sure CPU is in the text.
  10. What exactly do you mean by "cannot see it now"? Are you getting any error messages on your site log? 404? 500? A White Screen of Death? Your domain registration was fubarred? Have you gone into your hosting control panel to check that all the files are still there? Did you do something dumb with permissions, such as chmodding everything to 777? Have you tried accessing your site from a different computer, in case there's something strange cached on your current one? Did you make any change to anything before you lost contact with the site? If you installed from a "one click installer" such as Softaculous, you probably have an obsolete version (2.3.4, or maybe, regardless of whether it's properly installed. You would be far better off installing the responsive version 2.3.4BS Edge, available on GitHub (instructions are on this forum). It is up to date on PHP versions supported, has many security patches, has many new features, and best of all, is responsive (so your mobile customers will be much happier). The only downside is that it's not a "one click" install process.
  11. You may be seeing two different problems here. The 500 error must be due to something in the php5.ini file that your server doesn't like (it disappears when the php5.ini file disappears, so...). You may need to go over it line by line with your host's tech support. osC doesn't need register globals, so that line should be gone, but there may be others that are causing trouble. Once you're past the 500 error (i.e., it's fixed), the SQLite problem is probably a separate issue, unless it's being triggered by something in the php5.ini file. Anyway, I would fix the 500 error problem first, and with a fair amount of luck, that might fix the SQLite problem too.
  12. AI is starting to make inroads, but it's still rather overhyped. For something requiring real human creativity and originality, it needs to improve in capability by several orders of magnitude. However, it already is being useful where you need help crunching lots of Big Data, in picking out trends and correlations that might swamp mere wetware. The point is that (to date) computers cannot exhibit real creativity, but can only do what they're programmed to do. Anything beyond that would require a degree of randomness (see subject of Free Will), which properly working computers don't do very well. Resistance is futile. You will be assimilated. All your base are belong to us.
  13. Have you actually tested these conditions, especially the XSS stuff and http/non-www combinations? Apparently you want your site to be all SSL, but are you checking anywhere for non-SSL with www? Are there any request methods besides GET and POST? If not, you can get rid of that RewriteCond in the XSS filter section. If there are, I don't think AND (default) and OR act like in programming languages (no precedence)... it just goes through beginning to end, so the request method is ANDed only with the next check. How some of these settings will act, or interact with each other, may depend exactly on your server (Apache) level and local configuration, so you should try testing as many combinations as you can. Don't blindly copy suggested .htaccess files from websites. You need to understand what each part is supposed to be doing, and you need to actually test it on your own real (production) server.
  14. Yes, that is a constant problem -- if a site with inferior products has great SEO and has been around for a while and has some authoritative links to them, they can have an advantage over a young site with better products. People should look at product reviews and the like (do in-depth research), but tend to be lazy and just look at the first page of Google results. All I can suggest is that you make sure your SEO efforts are top-notch, including getting some links (good reviews) from respected review sites, and maybe you can level the playing field a bit.
  15. Finding sp0ecific .php page

    The osC 2.3.4 upgrade package has an SQL script (to "Import" in phpMyAdmin) to go from to 2.3.4, and the 2.3.4BS Edge has a script to go fro 2.3.4 to Edge. Note that if you have any additional stuff in your database, either add-ons or custom mods, it's possible these scripts won't work right. In that case, you can look at the schema for your current store (print out an export/backup of the DB) and compare it to Edge's schema, and then either manually edit the .sql backup to bring it in line with Edge, or use phpMyAdmin's editing capability to change table definitions against the old database (copy).