keat

If all your items have a single price, then everything you need is in the inventory table. Product Code, Product Name, Description, Price etc etc. If you have price breaks ie £1.00 for 1 item, £9 for 10 items and £75.00 for 100 items, then it gets complicated, and you're probably better off doing it through Cubecart.

I didn't, I gave up on it. The issue I find is that Express has the ability to update the customers delivery details without him or us being fully aware. eg: Customer ordered something for work to be delievered to his work address, but paid for it using his personal PayPal account, which incidentally is registered to his home address. Upon completion of payment, Paypal sends information back to the cart, whereby the delivery address is updated and changed to the customers home address. On more than one occasion, we ended up sending the goods to his home address, but guess what, there was no one in to accept delivery, as he was at work.

I've raised a support ticket.

I found something on GitHub, I've no idea what it all means, but it talks about the phase 'ON' causing such an error. https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/663 Could https://www.mystore.com/index.php?cart_order_id=170624-101707-1054&valid=true&trans_id=170624-101707-1054&code=A&auth_code=005605&amount=274.92&ip=95.xxx.xxx.247&cv2avs=SECURITY CODE MATCH ONLY Have anything to do with this ?? I also note embedded within that string is the phase 'CV2 AVS', considering we don't collect card details on our site, then I can only assume that the phrase was passed back by PayPoint. ?

I seem to have quite a number of Modsec 941100 being triggered. Worryingly, these are related to some sort of cart activity, so are unlikely to be actual hacking attempts. I can't rule out ModSec being over zelous as usual, but thought I ought to raise the concern. [Sat Jun 24 10:20:11.024651 2017] [:error] [pid 17879] [client 95.xxx.xxx.247] ModSecurity: Access denied with code 403 (phase 2). detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "29"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: cookie found within REQUEST_HEADERS:Referer: https://www.mystore.com/index.php?cart_order_id=170624-101707-1054&valid=true&trans_id=170624-101707-1054&code=A&auth_code=005605&amount=274.92&ip=95.xxx.xxx.247&cv2avs=SECURITY CODE MATCH ONLY&mpi_status_code=237&mpi_message=Authenticated&hash=153dafd66a63922a70b3e53915ff30a7&_a=complete"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.mystore.com"] [uri "/js/common.js"] [unique_id "WU4uywInQ3jJ7B-0tHxOiwAAAAU"]

Data shouldn't be lost provided you copy the database table first. Any changes I make in the database, I always ensure that i have a copy of the live data. Exporting the inventory table as a CSV is pretty painless, and usually takes only seconds. I could spend days working on a CSV copy, and when I'm happy with my edits, I'll copy the original table (so I have a backup) and then import the one I've been working on back in. If anything went wrong, it's easy to roll back, again in seconds.

For editing products, you could bulk edit via PHP MyAdmin using an SQL query if you wanted to modify a number of products en mass. For instance, lets assume you sell shoe laces, but someone forgot to add the word 'cotton' to them, you could run a query along the lines. UPDATE `CubeCart_inventory` SET `description` = replace(description, 'shoe laces', 'cotton show laces') Alternatively, you could export the database inventory table as a CSV, perform your cut and paste edits etc, then import it back in to the database. making a backup copy beforehand though. Images is a different story though. In previous versions, the image file name was part of the inventory table, so would have been easy enough, however, each image is now allocated a number, and that number is part of another table. All quite complex to fudge.

after applying 1.0.7 payments are now processing, so I guess so.

I don't know the professional way to do this, but I take a screen grab, import this in the photoshop. The using the colour picker tool, obtain the hex code for the colour I wish to change, then start searching the css files for that hex code. That pink for instance is probably ffc0cb It's crude and cumbersome but works.

I updated the PayPal module to 1.0.6 a few days ago. Yesterday we had a number of orders stuck on Pending, but i thought nothing of it, just thought it was PayPal acting up. Today, every order is stuck on pending and we have an email from Paypal saying that IPN's are failing. I've spotted the PayPal module is now at v1.0.7, is this to fix this issue ???

I agree that Pay360 support is pretty dire of late. I used to deal with an Irish chap when it was PayPoint, raise a support call and you'd get a response within an hour. Raise one now and you get someone in India a day or two later, who's no idea, gives you the run around for 24 hours before passing it to some one who knows,... (probably the Irish guy)

I've been using SecPay (Pay360) for 10 years or more. Bsmither made some changes to the module for V6 about 18 months ago, I've had no issues with it since. The only information I have populated are our Vendor ID along with Remote and Digest keys. Are you sure the keys are correct, if you copied and pasted, maybe you copied a white space ?? You could try contacting Pay360, however, since it became Capita, I feel the level of support knowledge has diminished.

Using PHP MyAdmin, make a backup copy of CubeCart_geo_zone, and then truncate all entries in the original table. If I remember correctly, this will at least make the county field free text. if this doesn't work for you, maybe you could populate the table with a single entry along the lines "N/A"

what version did you upgrade from ?

I had to do this on one of my sites. I think it's in skins/yourskin/ccpower.php

If i try to open yoursite/index.php, I see a Hostgator 404 error. Have you done anything with the root files ?

I think the 'SEO Path' message is irrelevent to your issue. For starters, take a look in PHP MyAdmin, and see if you can locate the category. Take a note of it's category_id and cat_parent_id the root category, will be cat_parent_id = 0

Could you supply a mockup image, we might have a clearer understanding of what it is your'e trying to achieve .

I've looked a few times and connot see that you are using https If I try to connect via https, i see the following. directhomeware.com uses an invalid security certificate. The certificate is only valid for the following names: s422.sureserver.com, www.s422.sureserver.com Error code: SSL_ERROR_BAD_CERT_DOMAIN do you have https configured in store settings, but don't have a certificate ??

In store settings/advanced, enable debugging. Place a dummy order and check the debug log in the bottom of your browser to see if there are any errors being displayed. In the file root of your store create a file named ini-custom.inc.php and paste the following code inside. <?php # Custom initialization commands # Filename: ini-custom.inc.php # File location: main CubeCart folder ini_set('memory_limit', '256M'); ini_set('max_execution_time', '60'); ini_set('error_log', 'error_log'); ini_set('log_errors', 'on'); ?> try to place another dummy order, and then check error.log in the file root of your store.

Google chrome has started to penailise sites which uses logins if thay are not utilising HTTPS. Although i've not experineced this, I have seen messages in webmaster tools informing of such. I see that you don't use https, so maybe this is your problem ?? https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn

I never thought of that.

I don't think that i'll ever understand PHP, it probably takes years of hard work and dedication. I thought that i'd stumbled upon the issue, but sadly not. Change {if $customer_membership.group_id == '2'} to if {$customer_membership.group_id == '2'} I'll keep digging though. Does this need someing to compare the two database tables. ie something along the lines .. if $customer_customer_id == $customer_membership.customer_id and $customer_membership.group_id ==2 then echo my string ??

Hoping that this was the answer, i made the edit, but I can't get the message to display. <div> <h2>{$LANG.account.your_account}</h2> {if $customer_membership.group_id == '2'} <h1>Your email address is no longer valid, Please update your details.</h1> {/if} <div id="myaccount"> <ul> <li><a href="{$STORE_URL}/index.php?_a=profile" title="{$LANG.account.your_details}">{$LANG.account.your_details}</a></li> <li><a href="{$STORE_URL}/index.php?_a=addressbook" title="{$LANG.account.your_addressbook}">{$LANG.account.your_addressbook}</a></li> <li><a href="{$STORE_URL}/index.php?_a=vieworder" title="{$LANG.account.your_orders}">{$LANG.account.your_orders}</a></li> <li><a href="{$STORE_URL}/index.php?_a=downloads" title="{$LANG.account.your_downloads}">{$LANG.account.your_downloads}</a></li> <li><a href="{$STORE_URL}/index.php?_a=newsletter" title="{$LANG.account.your_subscription}">{$LANG.account.your_subscription}</a></li> {foreach from=$ACCOUNT_LIST_HOOKS item=list_item} <li><a href="{$list_item.href}" title="{$list_item.title}">{$list_item.title}</a></li> {/foreach} </ul> </div> </div>

I'm struggling a little. I added all the affected email addresses to a group, but then realised that I ought to really test it, so I added myself as well. Now when I log in, I see the warning message, but after taking myself out of the group, I still see the message. I tried a number of things, cleared the cache, cleared my browser cache, but still I see the message. Not until I restored the original file, did the message subsbide, so at the moment, it looks as if the file edit is displaying the message to every login. are you sure '$pricing_group.product_id =' is the correct string to use ?? should it not be $customer_membership.group_id ah, I tried that, and the same thing happens.