Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Thank you! We just switched from a CPanel account to DirectAdmin I am betting there are settings I need to change that I still haven't learned about. I'll get my tech, and if needed the webhost techs involved now that I know where to make them start fixing things.
  3. Today
  4. Also, in the Homepage document's image, the URL is using a full non-secure (http) format, while the page is being sent securely (https). This may trip up some browsers as having mixed content - which could deny the request. To fix this, in the Homepage document editor, the image properties dialog box, either start the URL with // or just a single slash (or just the filename if the file is in the root directory). I also see that the request for this image is 301 bounced to use a secure (https) URL. So, there is a specific directive in the .htaccess file or a general directive in the Cpanel configuration for the site.
  5. Please be sure that: * the .htaccess file has the proper URL rewrite directives * the hosting environment's web server has URL rewriting enabled * the hosting environment's web server has .htaccess overrides allowed Looking at the page's source in the browser, the canonical link in the <head> section looks weird: <link href="https://whitewillowstitching.com/index.php?url=majestic-bald-eagle-cross-stitch-pdf-chart.html" rel="canonical"> Please check if there may be some extra directives in the .htaccess file that would affect any rewrite rules.
  6. So after a web host change I decided to start over with a fresh install. I set up all my categories, image and download folders set up and loaded and finally get to add products. The problem is that when I try to test them in the live store clicking on a category or popular product, even searching for the item does no good because when you click on the item the URL shows it correctly but all I get is a picture of the home page. It does not bring up the item. What did I do wrong? EDIT Every link I click on shows the URL changing but never leaves the home page. The site is whitewillowstitching.com
  7. Yesterday
  8. I made changes to the code I posted earlier. It seems my testing of the use of preg_match gave false positive results.
  9. I added that code but now nobody can sign up for our site - it will give everyone the white out... message me direct and I will send you the credentials for our website so you can check it out yourself bsmither.
  10. Looking for it myself, I can't find it either.
  11. I couldn't find that, but since I've already changed it back I don't think it will help.
  12. FYI: I have seen comments regarding phpMyAdmin that if clicking in the cell with the encoded data you want to see, the cell will show a drop-down that allows the user to select base64_decode.
  13. Last week
  14. The obsolete emails were showing in the Contact Us admin settings but I have already changed them to [email protected] I see the Contact form in phpMyAdmin but I don't know how to decode the array.
  15. Are the obsolete email addresses in the Contact Us admin settings form still showing as the obsolete ones? If so, use phpMyAdmin (or similar) to examine the database table CubeCart_config. Find the row for Contact_Form. Have phpMyAdmin decode the 'array' value. Are the emails shown here the same obsolete ones?
  16. " You said you did not change the skin setting? But was the setting actually changed? " Yes the skin was actually changed in admin. No databases were restored.
  17. The trap looks for (in addition to the registration form being used) the LAST letter being uppercase (not giving any consideration to the other letters) and the same letter for both first and last names. The admin cannot disable a skin. If the name of an installed skin is known, a URL can be constructed to have that session (based on cookies) switch to it. This can happen even if the admin, in Store Settings, Layout tab, 'Allow skin to be changed', has been set to "Yes, Logged-in admin only". However, this is session-based. I cannot conceive of how a drive-by visitor can change the skin across all sessions. You said you did not change the skin setting? But was the setting actually changed? And, you also say Contact Us settings have reverted to what they were at some point in time in the past? I would ask if your hosting provider restored some of your database from a backup.
  18. I just posted this to another topic but thought I should start a new one. I just got a registered customer with the same three letter first and last name in all caps from singapore. What is your trap Brian? I know this won't make sense and I've been told in the past this is not possible but it has happened again. I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments: General Inquiry - International Shipping Quote - Questions about a product. I have long ago deleted those email accounts and moved all emails sent from the contact form to [email protected] blah. In looking at the store settings these old email addresses are showing which I had changed all of them to [email protected] I still have the departments. I don't know if the two are connected but I'd like to figure out what is going on.
  19. There are some (non-specific non-legal advice) articles found from a shallow search. Basically, if the card/voucher is 'single-purpose', meaning that what it can only be redeemed for is a specific single product or service, VAT is collected with the sale of the card. Consuming the service then depletes the balance on the card. This is because the tax rate is known at all times. The tricky part is to not tax that single-purpose consumption of the card's balance. A 'multi-purpose' card can be redeemed for anything, and if some things are VAT taxed at different rates (books versus jewelry), VAT is not known at all times, cannot be collected with the sale of the card, and so must be collected when the card is redeemed. (Again, consult with your local/federal taxing authorities.)
  20. I just got a registered customer with the same three letter first and last name in all caps from singapore. What is your trap Brian? I know this won't make sense and I've been told in the past this is not possible but it has happened again. I went to look at my webstore this morning and it was showing and old skin that I still have uploaded. I DID NOT CHANGE THE SETTINGS IN ADMIN. Also, in checking my email log the above customer had used the contact form and sent it to the following departments: General Inquiry - International Shipping Quote - Questions about a product. I have long ago deleted those email accounts and moved all emails sent from the contact form to [email protected] blah. In looking at the store settings these old email addresses are showing which I had changed all of them to [email protected] I still have the departments. I don't know if the two are connected but I'd like to figure out what is going on.
  21. (Looking at CC628) In admin, Gift Cards, the admin can choose the Tax Type. Please experiment with setting this to Tax Exempt. (Depends on your local tax laws.)
  22. I raised this maybe 2 years ago. There is something not quite right with gift cards. I don't recall exactly what, but something along the lines that the person buying the gift card is charged VAT, and then the customer spending the gift card is also charged VAT. Or maybe the customer buys a gift card, is charged VAT, and the spending value is now reduced. eg: £20 gift voucher bought, but the spending value is reduced to £16.00 due to the vat portion. The recipient, comes to spend his £16.00 and is charged VAT on top. Like I say, I don't recall exactly what the problem was, but it was enough for me to not bother implimenting it. It needs some experimentation and looking at.
  23. keat

    PHP functions

    As far as I'm aware, this has to be done at server level using php ini editor, and adding the line ' disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open ' Whether or not one can do this at a user level, I'm not sure. ?? As for creating dangerous functions. I guess when PHP was being developed, these functions were not considered dangerous, but over the years, as software develops, and hackers learn of work arounds and vulnerabilities, software becomes less safe. Windows 7 a prime example. Incidentally, these functions are not CubeCart functions, these are PHP server software functions. I disabled these in my PHP. ini, and up to press I've seen no problems with functionality.
  24. Some are more dangerous than others in that list and all have some legitimate use. Much depends on whether the server is dedicated or shared with multiple users and how good the rest of the server security is
  25. I'm sure you don't have the answer but why did you create a dangerous function? Better not do it right?
  26. PHP documentation warns of the eval() function being dangerous. Actually, I have found statements in the Smarty template system that use PHP's eval().
  27. Anywhere in the PHP.INI file, add the directive. Then restart PHP (or the web server, whatever). https://www.php.net/manual/en/ini.core.php#ini.disable-functions If you do not have access to the main PHP.INI file, then please consult your hosting provider.
  28. hello, silly question but how do we do it?
  29. There is no CubeCart function or third party module that use these functions - they should all be disabled as they are a MAJOR security risk
  1. Load more activity


  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...