Jump to content
Sign in to follow this  
bmcewan

Purchase Without Account Updated & Admin Functionality

Recommended Posts

This is a major security problem and this mod should either be removed until it is fixed or just thrown out completely. Whenever you get to the option during checkout of "changing the shipping address" after clicking this you suddenly get to see every single persons full name and address that ordered using the purchase without account mod

 

Several people are having the same problem, THIS MOD SHOULD NOT BE USED until this problem is fixed, how pissed off are your customers going to get once they realize their full name and address are public information thanks to this security problem

I am currently using the PWA and have not experienced this problem, the problem that my client just informed me of is that the users are going through the checkout process and than hit a blank screen. When I ran through it (4 times) I did not see any one elses information, nor did i experience this problem my client mentioned....weird...I'm going to do my best to come up with a working package because I think this contribution is one of the best ideas. I'm not a well knowledged PHP programmer though, so any help is welcome.

Share this post


Link to post
Share on other sites
I have used a template and have the STS contribution installed plus a few others and I have the system working except for the fact that it does not pass along the attributes on the first attempt. If this is not a problem for you, than give it a try. Just use a compare program (I used winmerge) and find the differences between the original file and the contribution file.

 

Hi jgarite,

 

I have a few more quick questions for you. What is the STS contribution? I quick search in the contribution pages yielded nothing but a "power pack" whatever that is. And yes, we should maybe work together through maybe pm or whatever to solve this issue. I know I have tried very hard for PWA and its not good for templates it seems. Maybe you and I cuould go through some trounleshooting steps.

 

Unless theres more suggestions? or someone who has made this thing work with a template?

 

Thanks,

Tim

Share this post


Link to post
Share on other sites

I'm about to get PWA going on my newly installed 2.2 RC1 OSC. Before things start breaking, can anyone answer the following questions?

 

1) Will pwa_1_2_5b and the latest pwa0910 fixes work with OSC 2.2 RC1 ? In other words, does anyone actually have this demonstrably working?

 

2) Where does one get the latest pwa distribution or contribution (or whatever you want to call it)?

 

3) Where does one get the latest patch changes for the latest PWA distribution?

 

4) Why the heck isn't PWA and integral feature of OSC? Looks like users have been pinning about PWA for a few years at least. just curious on this least one.

 

-- Larry H

Share this post


Link to post
Share on other sites

Hi there, I have been looking at this modification and it seems like an extensive one, and I need to decide if it is worth installing ?

 

The thing I am struggling to understand is exactly what is cut out, currently I have just changed the text so that users think they are entering billing information rather than "account" information. My store is live at the moment and it would be a lot of work to do this change I think.

 

Has anyone got an example store with this mod working that wouldn't mind me pretending to be a customer to see the difference ?

 

Thanks

Share this post


Link to post
Share on other sites

hello all, this is quite urgent...

 

I have this contrib on my website and this is what happens:

 

A customer will use this option, go through the checkout process without an account, checkout with WorldPay, then a customer clicked on the My Account option once they had finished and paid just to make sure none of their details were recorded but, once they clicked on "My Account" they see the order that everyone else has placed using the Purchase Without an Account feature... I'm assuming because i think this contrib assigns everyone who doesnt create an account a username of: Guest, so now all the orders can be viewed which contain names and addresses.

 

Please can anyone immediatly help me here with a fix?

 

So basically, looking for a fix that will generate a unique ID for everyone who chooses to not create an account and checkout that way, as you can tell - this is a massive security breach and would like swift assistance please!

 

Thanks in advance,

 

Andy

Share this post


Link to post
Share on other sites
I've just done a contrib for this problem,

 

you can grab it here: http://addons.oscommerce.com/info/355

 

There is probably a much sleeker way to implement it without using the extra file but for me, this will do :)

 

Untill someone pro comes along and re-does it, this has solved my problem.

Andy

Sounds good, did you test it for RC1?

I am happy with my much older version, but would like to hear feedback on your contrib for when I do update my osc.


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites
Sounds good, did you test it for RC1?

I am happy with my much older version, but would like to hear feedback on your contrib for when I do update my osc.

 

 

I don't see why it wouldn't work for later versions really, but i'm not certain.

 

My shop is currently: osCommerce 2.2-MS2 .. Well, that's what it says in Server Info but i've done so much work to it.. it's not really that version anymore hehe

Edited by Tr1d3nt

Share this post


Link to post
Share on other sites

I'm sorry to say that I was not able to do any work on this contribution as mentioned earlier. I hope to get some of it done aftr the holidays. Hopefully someone else will come along before than becasue it will take me a while as I am not a professional at php just yet...still learning alot.

Share this post


Link to post
Share on other sites

Has anyone been able to get PWA working with the 'How did you find us' contribution, or something similar?

 

D.

Share this post


Link to post
Share on other sites
Has anyone been able to get PWA working with the 'How did you find us' contribution, or something similar?

 

D.

Unfortunately, a lot of people have had problems just getting the PWA to work with a basic install. Good luck and if you figure it out, please let others know how.

Share this post


Link to post
Share on other sites
Unfortunately, a lot of people have had problems just getting the PWA to work with a basic install. Good luck and if you figure it out, please let others know how.

 

 

 

What is the current status of the PWA contrib is it working? I looked at the contrib itself it is a lot of work i would like to know before i get started whether or not it is working. Using analytics i can see people are leaving my store at the checkout because they don't want to create an account..... Is there a way i can just send the cart contents to paypal and have them checkout there.... this is pretty ridiculous that oscommerce has been around for this many years and we can't get a product that doesn't force a customer through extra crap.

Share this post


Link to post
Share on other sites
What is the current status of the PWA contrib is it working? I looked at the contrib itself it is a lot of work i would like to know before i get started whether or not it is working. Using analytics i can see people are leaving my store at the checkout because they don't want to create an account..... Is there a way i can just send the cart contents to paypal and have them checkout there.... this is pretty ridiculous that oscommerce has been around for this many years and we can't get a product that doesn't force a customer through extra crap.

To use paypal would be just the same I would think. Some people absolutely despise PayPal, so there is a chance that this may not help. I personally don't know of the Paypal Pro contribution or PayPal Standard contribution that takes them off the site, However I do know what your referring to. Try researching on Paypal's website for more information as you are more likely to find it there. As far as the PWA, There have been few that got it to work properly. It would be nice if those who did get it to work could tell us how, but it seems they like to keep secrets :angry:

Share this post


Link to post
Share on other sites
What is the current status of the PWA contrib is it working? I looked at the contrib itself it is a lot of work i would like to know before i get started whether or not it is working. Using analytics i can see people are leaving my store at the checkout because they don't want to create an account..... Is there a way i can just send the cart contents to paypal and have them checkout there.... this is pretty ridiculous that oscommerce has been around for this many years and we can't get a product that doesn't force a customer through extra crap.

 

 

PWA is working, i have it installed on my shop and has been working a treat for 2 months now.

 

It may need some minor tweaking to have it fully working and apart from the little security fault which ive posted a small quick tip on how to repair that, not the pro way as i'm not at that stage and don't have enough time to in-depth study OsCommerce but all in all, PWA works and has processed just over 360 orders on my website where customers haven't wanted to register.

Share this post


Link to post
Share on other sites

Hi all,

 

Just wanted to say thanks for the contrib - mine's working great after a little modifying.

 

I noticed a few people were having problems and just wanted to mention that i used the pwa from 19th of October 2006. I used the security fix as well and it was essentially good to go.

 

I modded it to work with Account agreement and also to fix the irritating issue where someone who wanted to write a review ended up confused since the pwa login screen mislead them into thinking they could write a review without signing up.

 

If anyone is interested in looking at the files to fix the 2 above - let me know and I will post the files.

 

EDIT: I forgot to mention - got it working with loginbox properly as well.

Edited by slvhwke

Share this post


Link to post
Share on other sites

I know I was the one who promoised this, but scheduling has been horrible on my end, can someone who has a working version make a new contribution and post it for the rest of us with clear instructions please? its great that you got it to work and tell us, but how about sharing?

Share this post


Link to post
Share on other sites

Well I didn't know whether or not to post the files since its rather specific setup with my addons and really didn't want to clutter up the contrib page. But I'll tidy it up and write some instructions and post it. :)

Share this post


Link to post
Share on other sites

Hi! I have had PWA for over 1year now and I am pretty happy with it with... however, there is one little thing that has been bugging me for the last 2-3 months.

 

Situation: a customer adds a product to the cart and proceeds to checkout, chooses PWA, clicks continue and reaches the /create_account.php?guest=guest. , fills in the name & address. The only drop-down is for country only. Now, customer clicks CONTINUE and is taken again to the create_account.php?guest=guest with an error:

"Please select a state from the States pull down menu."

 

Now the customer has to fill in the form again and choose the STATE & COUNTRY from 2 drop down menus. How can I avoid this error? I have version 1.1.1 by Ingo and I do not have any other errors... that I know of. Any help is very appreciated.

 

Simone

Edited by magicsenses

Share this post


Link to post
Share on other sites

I'm setting up my osCommerce and in the final step I have run in to a problem regarding SPPC combined with PWA.

 

In my settings for SPPC i have two Customer groups:

"Not trusted" and "Trusted" (Where "Not trusted" is default group '0')

 

Where the group "Trusted" are able to pay after delivery

While the Group "Not Trusted" are only able to pay by Credit Card or in advance

 

This works just fine setting the payment modules for the different group.

 

 

But NOW to my problem.

The customers going the PWA way are not effected by this and these customers are able to chose any payment method they like... I would like this customers to be treated like the registered customers of default group "Not trusted"

I have been trying to understand the SPPC part of the file "payment.php" as i think this is where the problem is...

It semes PWA stores the information for the order different?

 

PLEASE are someone able to help me. I have been reading like 100 different messages regarding SPPC and PWA but none with information regarding this.

 

I WOULD REALLY APPRECIATE SOME HELP HERE!

Share this post


Link to post
Share on other sites
Well I didn't know whether or not to post the files since its rather specific setup with my addons and really didn't want to clutter up the contrib page. But I'll tidy it up and write some instructions and post it. :)

Thanks! That's what Open Source is all about :-)

Share this post


Link to post
Share on other sites

Hi! Is there anyone who has integrated Active Countries with PWA? I need some help... :(

 

I get the "Invalid country to ship." error on the checkout_shipping_address.php.

 

Thanks!

Simone

Share this post


Link to post
Share on other sites
instead why dont you use country-state selector? it works

Not only works, but is still supported by its creator.


The Coopco Underwear Shop

 

If you live to be 100 years of age, that means you have lived for 36,525 days. Don't waste another, there aren't many left.

Share this post


Link to post
Share on other sites
I've just done a contrib for this problem,

 

you can grab it here: http://addons.oscommerce.com/info/355

 

There is probably a much sleeker way to implement it without using the extra file but for me, this will do :)

 

Untill someone pro comes along and re-does it, this has solved my problem.

Andy

 

Just installed this fix. For some reason when I tested it out I got this on the completion, after the transaction was done

 

Warning: Cannot modify header information - headers already sent by (output started at /home/*******/public_html/shop/includes/orderciddbupdate.php:5) in /home/*******/public_html/shop/includes/functions/general.php on line 34

 

I have had the PWA installed and working for over a year now with no problems until I installed this. I know nothing about coding really so not sure what is wrong. It still works as it's intended as far as the admin side is concerned.


Currently running 76 contibutions.

Share this post


Link to post
Share on other sites
Hi there, I have been looking at this modification and it seems like an extensive one, and I need to decide if it is worth installing ?

 

The thing I am struggling to understand is exactly what is cut out, currently I have just changed the text so that users think they are entering billing information rather than "account" information. My store is live at the moment and it would be a lot of work to do this change I think.

 

Has anyone got an example store with this mod working that wouldn't mind me pretending to be a customer to see the difference ?

 

Thanks

 

I have it installed and running on my site here http://www.pinetreecandles.com/shop/ Feel free to test it out. Just don't complete an order unless you really watn some thing :) My store has 76+ contributions installed and works fine so PWA does work with may contribs.


Currently running 76 contibutions.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×