Jump to content

Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
  • osCommerce v4.x
    • General Support
    • Design and Templates
    • Apps / Add-ons
    • Translations
    • API and import/export
    • Marketplace integration
    • Manuals and How-to
  • osCommerce Online Merchant v2.x
    • General Support
    • osCommerce Online Merchant Community Bootstrap Edition
    • Add-Ons
  • Development
  • General
    • General Discussions
    • Live Shop Reviews
    • Security
    • Developer Feedback
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Real Name


Location


Interests


Website

Found 6 results

  1. raiwa

    reset password vulnerability

    I got the following reported: Matt @ecartz, provided the following script/hook to fix this: class hook_shop_siteWide_reset_all_sessions { public function listen_accountUpdateTables($parameters) { if (isset($parameters['db']['customers']['customers_password'])) { $sessions_query = tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$_SESSION['customer_id']); } } } I made the hook which should be placed in: Phoenix 1.0.7.2.+: templates/default/includes/hooks/shop/siteWide/ Phoenix 1.0.5.1. - 1.0.7.1: includes/hooks/shop/siteWide/ reset_all_sessions.php Lower Phoenix and OSCommerce versions need to add the query to account_password.php line 49-50. So it should look like this: if (tep_validate_password($password_current, $check_customer['customers_password'])) { tep_db_query("update customers set customers_password = '" . tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id . "'"); tep_db_query("update customers_info set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'"); // session destroy on password reset tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$customer_id ); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link('account.php', '', 'SSL')); Matt asked me to publish this here so other users can test it before adding it to core. It is already in use in one live store. Please test and report back.
  2. Hello all! I've been troubleshooting a site for a week now. The 'Security Checks' and 'Security Directory Permissions' tools are almost completely blank. Not exactly the 'white screen of death' because the header bar is displayed (Title,Module,Info). I have another site using osCommerce that is working, so I've diffed the relevant files, and nothing pops as different. The other modules are working as expected. Can anyone help? Thank you so much!
  3. Jack_mcs

    Login Monitor

    This addon is meant to inform the shop owner when someone who isn't marked as valid logs in to the admin. This can be used to catch hackers, past employees or just anyone that shouldn't be in the shops admin. This addon will work in any version of Phoenix. It may work in Frozen though the hook may need to be altered or added.
  4. Hello, wanting to install the module "Paypal App" link http://addons.oscommerce.com/info/9184 when copying the file into the shop, I discovered that there's 6 folders and 1 file named : "admin". These are the directories: : d1: paypal app-4_039/catalog/admin/ d2: paypal app-4_039/catalog/includes/hooks/admin/ d3: paypal app-4_039/catalog/includes/apps/paypal/admin/ d4: paypal app-4_039/catalog/includes/apps/paypal/hooks/admin/ d5: paypal app-4_039/catalog/includes/apps/paypal/languages​/English/admin/ d6: paypal app-4_039/catalog/includes/apps/paypal/languages​​/English/hooks/admin/ and this file: f1: paypal app-4_039/catalog/includes/apps/paypal/languages​​/English/admin.php - For the first file d1, no problem, I'll just copy its contents into the admin folder of my shop (I've already renamed). - For folders until d6 d2 and f1 file: That's my question. It must rename or not? (For security measures). Thank you in advance for your help.
  5. osC OpenSSL Encryption with jCryption - Support thread - Without a SSL certificate the data posted on your shop might be visible to third parties, e.g. your admin username and password. With this Add-On all form data will be encrypted using OpenSSL before it's posted to the server and then decrypted on your server, greatly enhancing the security for you and your customers. How does this work client requests RSA public key from server client encrypts a randomly generated key with the RSA public key server decrypts key with the RSA private key and stores it in the session server encrypts the decrypted key with AES and sends it back to the client client decrypts it with AES, if the key matches the client is in sync with the server and is ready to go everything else is encrypted using AES Source: http://www.jcryption.org/#howitworks Features for this Revision: Support for and tested on osCommerce 2.3.4 Should work for most osCommerce versions with minimum modification. Tested successfully on Google Chrome, Firefox and IE Encrypts all Form Data with OpenSSL Works on both catalog and admin side of shop Uses jCryption library. Screenshots included in package. Download Add-On here: http://addons.oscommerce.com/info/9333
  6. MySQLi Prepared Statement Automator This Add-On comes with the only guarantee of possibly causing you a lot of headaches. It looks like it's working quite well, but further testing is required ... - Support Thread - http://addons.oscommerce.com/info/9076
×