Jump to content
Sign in to follow this  
spooks

Anti-hacker Account Mods, Secure your account pages

Recommended Posts

Hi Sam,

 

I need to allow the clients to pass a + (plus) sign through into their account details and I'm sure I simply need to add it in this code somewhere

 

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/i", "", urldecode($vars));

 

but I can't get it to accept the addition no matter where I place it. If you could help it would be appreciated

Share this post


Link to post
Share on other sites

Hello!!

 

Sorry for my poor english :-"

 

Maybe it could be interesting to this contribution...

 

Spanish postcode have 5 digits like France postcode, Spanish country code in oscommerce is 195.

 

The first two digits of the postcode indicates that province is.

 

For example Málaga postcode begins for 29, Valencia for 46, Barcelona for 08, etc, etc.. here are all provinces with two firts digits of postcode http://www.codigospostales.com/

 

I hope that this information may be useful :thumbsup:

 

Regards!!!

Share this post


Link to post
Share on other sites

Hello, im having a problem where when selecting a new country, the state/province list does not get refresh for the selected country, am I doing something wrong or is it suppose to be this way? The original osc refresh itself once I select a new country. Anyone run into this problem and manage to fix it? Please help. Thank you very much.

Share this post


Link to post
Share on other sites

I followed instructions but when I create an account, I am seeing this error:

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 18

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 19

 

Notice: Undefined index: confirmation in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 20

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/create_account.php on line 21

 

Any suggestions?

 

Carry

Share this post


Link to post
Share on other sites

Also, now I am seeing the same error on the create_account page when I select a country (say canada) the same messages posted above show State Province window.

 

Driving me crazy!!

Share this post


Link to post
Share on other sites

Hi Sam,

 

It's a great addon :) although I do not need all of the tweaks, just the security part.

 

I have two sites in which I have done some tweaking of, for example create account. I do not want to change what I have done.

Later on, when I have written install instructions it will become a contribution.

 

 

So, I wonder:

 

Which parts of your addon are for security only?

 

 

Keep up the good work!

 

Kindest

 

Sara

Share this post


Link to post
Share on other sites

Found the same error on the login page:

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/login.php on line 13

 

Notice: Undefined index: email_address in /var/www/vhosts/site.com/httpdocs/login.php on line 16

 

Anyone know what I could be doing wrong?

 

Php version: 5.2.13

MySQL 5.0.77

==========================

 

Looks like this mod is coded incorrectly???

 

 

PHP is case sensitive. The name attributes of your form elements are Name, Email, and Message. Consequently, you should be using $_POST['Name'], $_POST['Email'], and $_POST['Message'].

 

"Undefined index" means the variable you are trying to use doesn't exist. $_POST['Name'] and $_POST['name'] are completely different variables. They may look the same to you, but not to PHP.

Edited by carryG

Share this post


Link to post
Share on other sites

Common osC bug, nothing to do with this.

 

in application_top.php near line 312

 

find:

// navigation history
 if (tep_session_is_registered('navigation')) {
if (PHP_VERSION < 4) {
 	$broken_navigation = $navigation;
 	$navigation = new navigationHistory;
 	$navigation->unserialize($broken_navigation);
}
 } else {
tep_session_register('navigation');
$navigation = new navigationHistory;
 }
 $navigation->add_current_page();

 

replace with:

 

// navigation history
 if (tep_session_is_registered('navigation') && is_object($navigation)) {
if (PHP_VERSION < 4) {
 	$broken_navigation = $navigation;
 	$navigation = new navigationHistory;
 	$navigation->unserialize($broken_navigation);
} elseif ( false === is_object($navigation) ) {
 	$navigation = new navigationHistory;
}
 } else {
tep_session_register('navigation');
$navigation = new navigationHistory;
 }
 $navigation->add_current_page();

 

 

Hi Sam I do not have neither of the above instead I have:

 

// navigation history

if (!tep_session_is_registered('navigation') || !is_object($navigation)) {

tep_session_register('navigation');

$navigation = new navigationHistory;

}

$navigation->add_current_page();

--------------------------------------

 

Should I change to yours?

 

Sara

Edited by Juto

Share this post


Link to post
Share on other sites

replace with:

 

// navigation history
 if (tep_session_is_registered('navigation') && is_object($navigation)) {
if (PHP_VERSION < 4) {
 	$broken_navigation = $navigation;
 	$navigation = new navigationHistory;
 	$navigation->unserialize($broken_navigation);
} elseif ( false === is_object($navigation) ) {
 	$navigation = new navigationHistory;
}
 } else {
tep_session_register('navigation');
$navigation = new navigationHistory;
 }
 $navigation->add_current_page();

 

Thank you Sara - I had originally thought that was the case and had updated the site to that early on, cleared cache/cookies to be sure and it still persists.

 

Its a strange one that it continues...

Share this post


Link to post
Share on other sites

Hi there,

 

does this contribution do the same as Security Pro, I mean do I need them both?

will it work on non-english sites?

 

Thanks

Share this post


Link to post
Share on other sites

Hello

 

Security Pro protects you against any attempt made in the url , this contribution covers all the forms you can fill in ( contact us, tell a friend, search....)

Share this post


Link to post
Share on other sites

Hi Sam first of all I'd like to say a great big thank you for creating this add on! I really appreciate that you to made it in the first place since you are not getting paid to do it or giving the support you have in this forum. It's contributors like you that make it possible for us to get shops on line where we might not have been able to otherwise. So thank you!!! :* :thumbsup: :)

 

Can you, or anyone else, tell me if I would need to install Anti XSS add on if I've already got your's? I'm not sure about everything it covers.

 

Thanks

Share this post


Link to post
Share on other sites

Thanks for such a great contribution. I've got it running on my development site, and am nearly ready to port it over.

Is there a way to allow a + sign? I could see this as important in the comments sections and sort. When I add it, it doesn't seem to work for me, yet when i add other symbols, they work perfectly fine.

 

$vars = preg_replace("/[\*]/i", "\*.", urldecode($vars));

$vars = preg_replace("/[%]/i", "%.", urldecode($vars));

$vars = preg_replace("/[&]/i", "&.", urldecode($vars));

$vars = preg_replace("/[\$]/i", "\$.", urldecode($vars));

$vars = preg_replace("/\+/i", "\+.", urldecode($vars));

return preg_replace("/[^\p{L}\p{M}\w\r\/@ :{}!%&\+\*\$\,#_.-]/i", "", urldecode($vars));

 

I realize the more i add, the more I leave myself open. I did a couple preg_replace's to add a dot before some of the symbols that could be riskier - i know the code isn't clean, but i'm a novice at preg_replace. Of course, it doesn't seem to make a difference without the first lines, in regards to the + sign.

 

Thanks for your help.

Share this post


Link to post
Share on other sites

I have discovered my own answer about the plus sign. the answer is to use rawurldecode in place of urldecode. It allows for the plus sign, but has no other obvious issues.

Now, my question is, we're still disallowing the most dangerous symbols as ' " ; \ - Yet, there has to be some way of allowing these with little danger, otherwise forums like this one wouldn't allow them. My answer of using the dots is not a good one. what happens when Mr. O'Neil puts in his name to order a product? Maybe he'll think he just mistyped his own name.. haha.

Although, I'm not sure how to do it, couldn't the user input be done similar to the password field, using hex characters? I'm still leery about installing this mod on my main site, because of its harsh filtering. Also, I'll need to make it work with oscAffiliate, which has its own signup page and password fields (I'll need to re-create the wheel on that one, I'm sure.)

Edited by Kagonesti

Share this post


Link to post
Share on other sites

Hi

and first thank you for lovely contribution :rolleyes:

 

and just one question

don't know why is missing * from

ENTRY_TELEPHONE_NUMBER but code look ok

                <td class="main"><?php echo ENTRY_TELEPHONE_NUMBER; ?></td>
               <td class="main"><?php echo tep_draw_input_field('telephone') . ' ' . (tep_not_null(ENTRY_TELEPHONE_NUMBER_TEXT) ? '<span class="inputRequirement">' . ENTRY_TELEPHONE_NUMBER_TEXT . '</span>': ''); ?></td>

but in live website don't show and when customer put data and see no * next to phone just try go without and have warring to put telephone number

 

Thankx

Share this post


Link to post
Share on other sites

Found the same error on the login page:

 

Notice: Undefined index: password in /var/www/vhosts/site.com/httpdocs/login.php on line 13

 

Notice: Undefined index: email_address in /var/www/vhosts/site.com/httpdocs/login.php on line 16

 

Anyone know what I could be doing wrong?

 

Php version: 5.2.13

MySQL 5.0.77

==========================

 

Looks like this mod is coded incorrectly???

 

 

PHP is case sensitive. The name attributes of your form elements are Name, Email, and Message. Consequently, you should be using $_POST['Name'], $_POST['Email'], and $_POST['Message'].

 

"Undefined index" means the variable you are trying to use doesn't exist. $_POST['Name'] and $_POST['name'] are completely different variables. They may look the same to you, but not to PHP.

 

Hello Carry,

 

Did you ever find a solution to this problem? I am having the same issue and don't see where the wrong variable is.

 

Thanks in advance for your help.

Edited by kps93

Share this post


Link to post
Share on other sites

Hi Sam

 

I added your Anti-hacker Account Mods today and everything works fine but Activation Code Mod is not sending Activation Code out within the first welcome email.

 

Activation Code v1.6

 

Before Adding your mod, my welcome email looks like this:

Dear Mr. xxx,

 

We welcome you to mydomain.com.

 

You can now take part in the various services we have to offer you. Some of these services include:

 

# Permanent Cart - Any products added to your online cart remain there until you remove them, or check them out.

# Address Book - We can now deliver your products to another address other than yours! This is perfect to send birthday gifts direct to the birthday-person themselves.

# Order History - View your history of purchases that you have made with us.

# Products Reviews - Share your opinions on products with our other customers.

 

Your activation code is: 9g4z82scvkw5

 

Please click the following link to activate your account

 

http://www.mydomain.com/catalog/account_activate.php?activation_id=b86439b8170c69cf576dc72762aefc1a&submit=true&activation_code=9g4z82scvkw5

 

For help with any of our online services, please email the store-owner: webmaster@mydomain.com.

 

Note: This email address was given to us by one of our customers. If you did not signup to be a member, please send an email to webmaster@mydomain.com.

 

 

Email reverted back to original format after adding your mod:

Dear Ms. YYY,

 

We welcome you to www.mydomain.com.

 

You can now take part in the various services we have to offer you. Some of these services include:

 

# Permanent Cart - Any products added to your online cart remain there until you remove them, or check them out.

# Address Book - We can now deliver your products to another address other than yours! This is perfect to send birthday gifts direct to the birthday-person themselves.

# Order History - View your history of purchases that you have made with us.

# Products Reviews - Share your opinions on products with our other customers.

 

For help with any of our online services, please email the store-owner: webmaster@mydomain.com.

 

Note: This email address was given to us by one of our customers. If you did not signup to be a member, please send an email to webmaster@mydomain.com.

 

 

 

I checked Activation COde install, usd file compare tool to compare everything file that Activation Code modified but no difference at all.

 

I checked my database, the activation code has been created, customer status as inactivated.

 

The problem as you see above emails, the activation link and the code is not included in the email anymore :(

 

Could you please let me know whats wrong??? I think something to do with those changes in your mod:

customer_email_xxx to $email_xxx ???

$email_address to $email ???

 

Im still new, please help.

 

 

Thanks

Share this post


Link to post
Share on other sites

Hi Sam/everyone/anyone

 

 

Ive just installed this contribution. Thanks very much Sam its a very important mod and seems to be working prefictly.

 

 

Im moving my site to this new secure one on a new domain. Ive sorted all transfers out but When I try to tranfer my customers nothing happens.

 

Could this be because my old site does not have your contrib. Meaning the DOB is in the american style and has no county dropdown.

 

If so would installing it on my old site and then transfering the data make a difference.

 

Thanks for any assistance on this. Im very new to all this and its a steep learning curve.

 

Cheers for all the support.

Share this post


Link to post
Share on other sites

Hi everyone,

 

I'm installing the anti hacker account mod. But at step "Open product_reviews_write.php AND tell_a_friend.php AND any other files you have accepting post vars not included here" I got stuck with a question: Do I just have to open all the files in the catalog and search for $HTTP_POST_VARS? And if this string is in the document, add the lines

 

// anti-hacker account	
  require('includes/functions/account_secure.php');
  clean_post ();
// EOF anti-hacker account

 

Or am I just misunderstanding this.

 

Thanks in advance

Share this post


Link to post
Share on other sites

Hi everyone,

 

I'm installing the anti hacker account mod. But at step "Open product_reviews_write.php AND tell_a_friend.php AND any other files you have accepting post vars not included here" I got stuck with a question: Do I just have to open all the files in the catalog and search for $HTTP_POST_VARS? And if this string is in the document, add the lines

 

// anti-hacker account	
  require('includes/functions/account_secure.php');
  clean_post ();
// EOF anti-hacker account

 

Or am I just misunderstanding this.

 

Thanks in advance

 

Yes that is correct (I use WINgrep on a downloaded copy of my site to find the files and then edit them)

Share this post


Link to post
Share on other sites

Hello, I need adapt this for recaptcha

 

(original code)

 

// start modification for reCaptcha

// the response from reCAPTCHA

$resp = null;

 

// was there a reCAPTCHA response?

$resp = recaptcha_check_answer (RECAPTCHA_PRIVATE_KEY,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

 

if (tep_validate_email($email_address) & ($resp->is_valid)) {

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $enquiry, $name, $email_address);

 

tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));

} else {

if (!tep_validate_email($email_address)) {

$error = true;

$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (!$resp->is_valid) {

$error = true;

$messageStack->add('contact', ENTRY_SECURITY_CHECK_ERROR . " (reCAPTCHA output: " . $resp->error . ")");

}

}

}

// end modification for reCaptcha

 

(SAM´s code)

 

<?php

/*

$Id: contact_us.php,v 1.5 2010/02/02 Spooks Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2010 osCommerce

 

Released under the GNU General Public License

*/

// anti-hacker account

require('includes/functions/account_secure.php');

clean_post ();

// EOF anti-hacker account

require('includes/application_top.php');

 

// start modification for reCaptcha

require_once('includes/classes/recaptchalib.php');

// end modification for reCaptcha

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 

$error = false;

if (isset($_GET['action']) && ($_GET['action'] == 'send')) {

$name = tep_db_prepare_input($_POST['name']);

$email = tep_db_prepare_input($_POST['email']);

$enquiry = tep_db_prepare_input($_POST['enquiry']);

$subject = tep_db_prepare_input($_POST['subject']);

$phone = tep_db_prepare_input($_POST['phone']);

$date = 'Date Sent: ' . date("d M Y H:i:s");

$orders_id = tep_not_null($_POST['orders_id']) ? $_POST['orders_id'] : false;

$xipaddress = $_SERVER["REMOTE_ADDR"];

$subject = $subject ? $subject : EMAIL_SUBJECT;

 

 

//$enquiry = preg_replace('/\r/','\', \'',$enquiry);

//$enquiry = preg_replace('/\(|\)/','\'',$enquiry);

//$_POST['enquiry'] = $result;

 

if (strlen($name) < ENTRY_LAST_NAME_MIN_LENGTH) {

$error = true;

 

$messageStack->add('contact', ENTRY_LAST_NAME_ERROR);

}

if (strlen($enquiry) < 8) {

$error = true;

 

$messageStack->add('contact', ENTRY_ERROR_ENQUIRY);

}

if (!tep_validate_email($email)) {

$error = true;

 

$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

if (!$error) {

$enquiry = MESSAGE_FROM . $name . "\n" . $date . "\n" . ($phone ? ENTRY_TELEPHONE_NUMBER . $phone . "\n" : '' ) . ($customer_id ? MAIL_CLIENT_ID . $customer_id . "\n" : '') . ($orders_id ? MAIL_ORDER_ID . $orders_id . "\n" : '') . "\n" . MAIL_IP . $xipaddress . '.' . "\n\n" . ENTRY_ENQUIRY . "\n" . $enquiry;

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $subject, $enquiry, $name, $email);

 

tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));

}

}

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));

$account = array();$orders = array();$name = '';$email = '';$phone = '';

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_telephone, customers_id, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

$name = $account['customers_firstname'].' '.$account['customers_lastname'] ;

$email = $account['customers_email_address'] ;

$phone = $account['customers_telephone'] ;

$history_query = tep_db_query("select orders_id, date_purchased from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by orders_id DESC");

$orders[0] = array('id' => '0', 'text' => ENTRY_ORDER_ID);

while ($history = tep_db_fetch_array($history_query)) {

$orders[] = array('id' => $history['orders_id'], 'text' => $history['orders_id'] . ENTRY_ORDERED . tep_date_short($history['date_purchased']));

 

}

}

 

 

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body>

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

 

<!-- body //-->

<table width="995" border="0" align="center" cellpadding="3" cellspacing="3" summary="" bgcolor="#FFFFFF">

<tr>

<!-- body_text //-->

<td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('contact') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('contact'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

 

if (isset($_GET['action']) && ($_GET['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_SUCCESS; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

} else {

echo tep_draw_hidden_field('phone',$phone);

?>

<tr>

<td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td valign="top" width="40%">

<table>

<tr>

<td class="main" >

<b><?php echo nl2br(STORE_NAME_ADDRESS); ?></b><br><br>

<?php echo (OPENING_HOURS); ?>

</td>

</tr>

</table>

</td><td valign="top" width="60%"><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main"><?php echo ENTRY_NAME; ?></td>

</tr>

<tr>

<td class="main"><?php echo (isset($account['customers_lastname']) ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', $name, 'size="28"')); ?></td>

</tr>

<tr>

<td class="main"><?php echo ENTRY_EMAIL; ?></td>

</tr>

<tr>

<td class="main"><?php echo tep_draw_input_field('email', $email, 'size="28"'); ?></td>

</tr>

<tr>

<td class="main"><?php echo BOX_HEADING_SUBJECT; ?></td>

</tr>

<tr>

<td class="main"><?php echo tep_draw_input_field('subject', '', 'size="28"');

if (sizeof($orders) > 1) {

echo '    ' . tep_draw_pull_down_menu('orders_id', $orders);

}

 

?></td>

</tr>

<tr>

<td class="main"><?php echo ENTRY_ENQUIRY; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<?php

}

?>

</table></form></td>

<!-- body_text_eof //-->

<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" summary="" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">

<!-- right_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>

<!-- right_navigation_eof //-->

</table></td>

</tr>

</table>

<!-- body_eof //-->

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

----------

Thanks

Share this post


Link to post
Share on other sites

Hello,

 

I completely installed the mod, but I get this little error... when I want to register, I directly go to create_account_succes.php with the congratulations message. Please HELP!!!

 

Edit: I'm checking the admin, and everytime someone is redirected to the create_account_succes.php, an empty account is created...

Edited by Martijn89

Share this post


Link to post
Share on other sites

THank you for this awesome mod, now that I have installed it to most of my pages, I feel alot more safe.

 

I have one question though: Does it work for the search box + advanced_search.php ?

Share this post


Link to post
Share on other sites

Hello,

 

When my customers are creating accounts, I keep getting complaints that the page will not allow them to input their birthday. When they try to register, they get an error message that says the birthdate format is wrong. when the page reloads their birthdate is changed to what seems like some default birthdate and they can only continue on with that specific birthdate provided in the fields. Can I fix this somehow?

Also, how do I change the hours of my store in contact_us.php to what my hours are? Can I change the hours to american format?

Thank you for the contribution and the help!

Share this post


Link to post
Share on other sites

Hello I would like to know if this addon is compatible with Onepage Checkout or if they crash used together. Can I do not use some fields not required by my site (birth date) or I have to complete them always?

 

Thanks.

 

Mariano.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×