havenswift-hosting

It isnt possible to use a plugin from another cart system as they use totally different code and it also isnt practical or cost effective to take another shipping module and convert it and it isnt an easy task for a newbie to create their own unless you know the CubeCart environment and are a reasonable programmer. The suggestion of contacting their own support is definitely worthwhile as some commission (or develop themselves) gateways for different shipping carts but if they dont do this, then you will need to obtain their API documentation so that a developer can create this for you. Ian

If the main issue is that CubeCart defaults to the lowest shipping price, then our Enhanced Sorting plugin (https://www.cubecart.com/extensions/plugins/enhanced-sorting) gives you the ability to say to default to the most expensive option (as well as a lot of other enhanced functionality). The ability to choose whether shipping options are shown in a dropdown or as radio buttons is something our plugin doesnt do right now but is an interesting enhancement and I am looking at including that straight away. This would then fix the outstanding issues that you have and also get away from the requirement to change core code ! Incidentally, it should already only show the shipping options that are applicable for the customer based on their address and the store's location. If they arent logged in then the store doesnt know their address, so doesnt know if they are local or not

In an ideal world, the plugin developer should tell you on the description so you know before you buy - not all developers do and not all hosting servers have ionCube installed by default. If you are not sure whether a plugin contains one or more encoded files, take a look at the various .php files using an editor and it will be very obvious and also the first line of the code will start with something similar to if(!extension_loaded('ionCube Loader')) Ian

Be aware that ionCube is still at beta release for PHP 7 and has some known problems and shouldnt be used in a live environment. So if you are running any third party plugin that includes ionCube encoded functions, you should not yet upgrade to PHP 7 Ian

Not all mods show up in the third party admin menu option so the only sure way is to do a file comparison. V4 is almost a distant memory, but I think that the Shop by Brand is probably from a third party mod although we have an Enhanced Manufacturer Plugin ourselves which covers some of that functionality. FTP access is no good for a PHP upgrade - you often need to have root / admin access to the server itself although some hosting control panels allow you to change which version of PHP you are using. There is no reference material for doing that type of upgrade but it is pretty straight forward - take a copy of all files and copy the database not forgetting to change the settings in the global.inc.php file so that the new test installation points to your new copied database - dont want to be updating / upgrading your live database ! The follow the standard V4 to V6 upgrade which is documented in the readme file in the V6 distribution

Very surprised to hear you have never got that working - with the correct settings entered, this always works for us perfectly well. In fact for security reasons we disable the use of PHP mail() as it is unauthenticated and every single one of our clients across multiple servers are using SMTP to send emails. This is safer and also ensures a much greater chance of deliverability than PHP mail() If external email services are not working, you need to check (probably with your hosting company) that external SMTP connections are allowed for email - these can be restricted

You only sure way of knowing if you have any mods is to do a full file comparison to a stock 4.1.1 version of CubeCart. If you have anything listed under the Third Party option in your admin menu that may give you a clue but is far from certain. This is something we have done for other people in the same situation but can be done using a variety of tools available Artwork and logos would not be "lost" as all images and all data is preserved during an upgrade, however, the logo would probably have to be added again into the V6 store and then how it displays depends on your logo size and which skin you chose - it isnt a big issue. It would certainly be possible to do a test upgrade in a sub-directory and in fact that is what we almost always do with clients as there is generally some sort of gotcha that people forget about. In your case as you are taking orders (or presumably having customers sign up ?) the process is considerably simpler. If you are able to upgrade the PHP yourself then yes you probably should although you standard a greater security risk from running an unpatched version of CubeCart 4.1.1 so both should really be done but I dont think the risk or cost to you of upgrading is that great and the potential benefits are great. Ian

A seven day FREE trial is now available from the CubeCart Marketplace. This allows full functionality using a seven day demo licence licence and if you wish to continue using the product after this time then a copy must be purchased, a licence code will be provided and the plugin will continue uninterrupted.

Hi The short answer is that there are several areas that you should upgrade but the longer answer is.... CC Ver 4.1.1 - this is extremely old even for the obsolete V4 product and unless you manually patched quite a few times includes quite a few security issues within the code. There are still people running V4 sites out there but they are either sites they dont care about or are so heavily customised that "upgrading" isnt an easy option PHP ver 5.2.1.7 - this is an extremely old version of PHP and is insecure, has many known security issues and was moved to unsupported status 5 1/2 years ago https://secure.php.net/eol.php CubeCart V4 runs perfectly well in PHP 5.6 (with one minor change) MYSql ver 5.5.47 - this is reasonably up to date (5.5.52 is the latest) although the 5.6.X branch and also the 5.7.X branches are more up to date. This isnt really that critical. image upload size - 15920 bytes This is set by your server owner and restricts the maximum size of files that can be uploaded Server software Apache/2.4.18 (unix) - This is up to date ! >>We only use the products side of it and we dont sell online (after we had a few try dodgy cards etc we shut it off, long time ago though) Online stores will always have people trying to buy with dodgy cards - that isnt anything (really) to do with the software itself but is more down to choosing a good payment gateway that screens and filters out as many of these as possible. Requiring CVV and then also insisting on 3D secure password as well limits your exposure to chargebacks to almost zero. I dont believe that this was really a valid reason to stop taking sales and certainly wouldnt be now. >>Now the question is should we upgrade? Does upgrading have any benefits better support for devices or added functionality /better payment options etc that may benefit us? If you want to use the store to sell products and have a modern, responsive (mobile friendly) website then the answer is almost certainly yes, you should upgrade. The latest V6 CubeCart is considerably better than very early versions of V4 and has many advantages. >>And is it going to mess up our site? Yes and no ! If you have any custom mods or work done, then these will be lost but if you are running standard V4 code then no problems. However, the skin you are using is not compatible with V6 (no V4 skins are) and would need replacing. V6 comes with a standard skin called Foundation but there are many off the shelf skins based on this that you can choose for a small payment (one or two are free but beware that most of these havent been updated since their release). You can see demos of the standard Foundation and three skins we have written at our demo site https://www.cubecart-demo.co.uk plus you can see other skins and many plugins that are available to add / change functionality at the CubeCart Extension Marketplace https://www.cubecart.com/extensions Ian

This has been updated a short while ago and it appears that there has been a problem - issue opened https://github.com/cubecart/v6/issues/1166

It depends why the automatic upgrade is failing ? It could be that your hosting server is slow and the process is exceeding the PHP process limit setting (which itself may be set too low), or it could be running out of PHP process memory (again a common issue on some cheaper hosting platforms) but it could also be other reasons Ian

If you are not running one of the limited number of hosting control panels that allows you to change the PHP version yourself (Cloudlinux for example does but standard cPanel doesn't) then it is unlikely your hosting company will do this for you, at least not quickly as it could potentially affect every website on that server. 5.2.17 is extremely old though and has a large number of serious security issues in addition to the problems you are already having and you should look to change ASAP. Even 5.3.X, 5.4.X would be better but both of these release versions were moved to unsupported many years ago and even 5.5.X moves to unsupported in a matter of days - go to 5.6.X or even 7.X if possible Ian

For the memcache issue you have two solutions : either ask your hosting company to install memcache (or give you the details of their memcache server) or change the caching method to use local file based - this isnt as good or as fast but many hosting companies dont provide memcache (we do ) Al's post shows how to tell your store to use file based caching ie Open your includes/global.inc.php file and add one line before the closing PHP tag "?>" like; $glob['cache'] = 'file';

The plugin is completed as far as the required functionality at the time, which was to provide an interface using WP-CLI to provide data extracted from the WordPress database via Smarty variables so it can be displayed within CubeCart. Examples of this include extracting WP blog posts and also testimonials and displaying these on the homepage or other CubeCart pages. It is not a simple install, enable and go plugin as it needs some knowledge of coding to utilize it although we can do this work for you. It doesn't currently do anything around logins but that can always be added depending on your exact requirements. I assume that you are looking for single sign on for both a WP registered user and also for a CubeCart customer. The best way would be to use CubeCart to register customers and then use that to sign on automatically as a WP user - would that suit or would you need something else ? Ian

This is our plugin which you can see working on our demo site https://www.cubecart-demo.co.uk - it is a true plugin and therefore requires no changes to core CubeCart files which the other mentioned mod does require. Currently it does only add product options to the category listing pages though

It does depend on how old is old - standard upgrade routines will work from V3 upwards. I haven't seen a V2 store out there for a while now but did upgrade one for a customer a few years back ! The built in upgrade procedure works very well and can be done yourself, by other developers offering the service or under a CubeCart support contract Ian

777 permissions on any directory or file is wrong or at least is an issue ! 777 means that it is world write able, 755 means it is only write able by your user and nobody else. The only time that 777 is "required" on any file or directory is if the hosting company is not running suPHP, or better still suExec, when there are bigger security issues. DB, the server your site is running on uses suExec and so all directories should be 755 and all files should be 644 Ian

It isnt a bad idea at all and can certainly pick up files changed or added to most stock directories - it is a method often used alongside other methods

It will certainly show stock files that are different or altered and will also help to highlight files in stock directories that are not in the standard distribution but it is certainly not foolproof once hacked. His site had a large number of files uploaded all over the directory structure, many hidden in obscure directories that you wouldnt compare this way - such as in the image sub-directories and cache etc Ian

The IP and actions are 100% suspect ! The IP address is a TOR exit node - a well known way of hiding the actual IP address of the hacker and all three snippets are suspect. I haven't decoded the "Google" snippet but my guess would be that it facilitates further access. All three snippets need to be deleted from within CubeCart and the includes/extra directory but I believe that due to the extra time that has passed, they were able to add extra back doors into your site and you will need to look very closely at your whole site structure. Ian

When you couldn't login, what else did you check / find out ?

It would be helpful to have a store url ? I assume that when you say you pasted detail in, then you mean content into the site documents ? Did you change the url within the document settings ? Ian

Depending on server firewall settings, you may also need to speak to your hosting company, as connections to external SMTP mail accounts can be blocked. If it still doesn't work after updating the settings in your gmail account, then speak to your hosting company Ian

Make sure you check snippets, admin login details, payment gateway details and anything else sensitive - if you weren't hacked then you need to think about an explanation for why your admin login password wouldn't work. Upgrades are relatively simple if you ensure you take file and database backups before and then either do the upgrade through CubeCart or do a manual upgrade.

Also check to make sure the snippet is no longer in the includes/extra directory. If you are interested in knowing what the snippet does, then it can be decoded using various websites - I haven't seen this specific snippet so it seems like there are a variety of different exploits using this security hole