havenswift-hosting
-
Posts
2,753 -
Joined
-
Last visited
-
Days Won
84
Posts posted by havenswift-hosting
-
-
Why did you have to do a new install ? Do you still have the database for your old store and what version was it ? All the data will (should) still be in there and you should be able to simply upgrade that database to 6.1.7 (or 6.1.8 which is the latest version)
Ian
-
5 minutes ago, Dirty Butter said:
That's the tab bug that is fixed in one of the commits. I'll try to find it.
https://github.com/cubecart/v6/commit/0e6819b3656ad34185b03b7b18156ca170c76d6d
Thanks and did realise that and should have gone and looked myself and posted the link which you have done - was putting it up for info but much better to add the solution as well !
-
Just tried a test admin upgrade on one of our dev stores (always do manual upgrades normally) can getting the following error
/admin_XXXXXX/sources/maintenance/indexupgrade.inc.php - not found.
-
Our plugin allows you to do this https://www.cubecart.com/extensions/plugins/enhanced-sorting
Ian
-
Glad it went well !
-
You wouldnt "lose all" by doing a manual upgrade and if you do a full file and database backup (as you should do before each and every upgrade !) then even if a catastrophe happens, it is easy to roll back. I suppose it would be possible to do what you are asking but it is more work and doesnt achieve anything. A manual upgrade to 6.1.7 is easy to do by following the instructions although there are several patches that are needed which will be included in 6.1.8 which is due out very shortly so I would suggest waiting a day or so until it is released.
Ian
-
Yes, it would need a custom plugin to implement a connection to CubeCart using the Tukadoo API. Unless you can find a native Dutch speaker to do the development, you would also need translated copies of the API documentation
-
21 hours ago, djcaseanova said:
hosting company has me on a shared server, Is there a method I can use to force https in the htaccess? Is that the setting in the store settings to enable SSL?
HSTS is great but it does apply server wide but we enable it on all our shared hosting servers. You need to add directives to the .htaccess to force all pages to be https but what is needed will be specific to how your server is setup - this is why if you search online for this, you will find lots of different answers, all of which could be correct. You can try what Brian has suggested as that is one common way but if the syntax isnt correct for your server it will stop your whole site from working, so dont change and leave without testing !
-
Ensure that you force https in your .htaccess file or better still ask your hosting company to enable HSTS
Check to make sure you dont have any hard-coded urls that start http:// as that will cause the page to be insecure due to mixed content. Hard coding in skin template files and documents are the normal culprits
Ian
-
The other option is this plugin https://www.cubecart.com/extensions/plugins/category-product-options which shows and allows a product's options to be selected on the category listing page so that the add to basket does exactly that !
Ian
-
Get your current V5 store up and running first on your new hosting so that you are happy with it and only then do an upgrade (not a new install) when it will use the upgraded database and all images will be in place already
Ian
-
So Fasthosts are not doing the move for you then and are not willing (or know how) to help ?
The includes/global.inc.php file is the config file and the only things that might need changing would be the database fields - server may be IP address if not on localhost and the database name, username and password may have changed but if you created these on your new hosting then you should know these
There shouldnt be anything in the .htaccess file that would need changing and it probably wasnt copied across if your FTP program doesnt display . files CubeCart should recreate it for you or you can change your FTP client settings to display files starting with a period and then copy it across
Take the chance to upgrade to latest V6 though !
Ian
-
58 minutes ago, toast691 said:
I should also point out that I upgraded my skin the same afternoon to retail therapy 1.5.
If I change my skin to foundation then the logo appears again.. so perhaps it is a skin issue?
Downloaded and enable the free skin configuration plugin that works with the Retail Therapy skin
https://www.cubecart.com/extensions/skins/havenswift-hosting-skin-configuration
There is an option to display or not display the store logo.
Ian
-
13 hours ago, Kira said:
They were all done as hooks and they told me they would continue to work with newer versions of cubecart.. is that just not true?
My husband said someone installed a "backdoor" on my website and we think that is how it got messed up. Not sure who did it or what exactly it was.. but eventually my website just broke completely. I couldn't take any sales on it or access the admin panel.. so we are recovering from that. :/
Plugins do not get overwritten during upgrades but there is no guarantee that they wont need to be updated with updates to core CubeCart - quite often changes made to core affect plugins which causes a bug or stop them from working completely. That is why you should always get plugins (and skins which can also be affected) from active developers that update their products regularly.
Previous versions of CubeCart had a few serious security issues which if not patched (or upgraded) immediately could easily have allowed hackers access to your store - that sounds like what happened to you.
Ian
-
32 minutes ago, hathead1990 said:
Thankyou for clarifying that however what happens if the gateway isnt automatically changing the order status to pending.
You still have the same problem of having to manually check via paypal to see the response code. This is like my case. The status never changes from pending however checking the Paypal IPN history reports status as 200.
I might just have o resort to a different gateway then PayPal!
I assume you mean "if the gateway isn't automatically changing the order status to Processing" (not Pending) ?
If that is the case and you are running 6.1.7 then you need the fix shown in this issue https://github.com/cubecart/v6/issues/1601 which leads to this commit https://github.com/cubecart/v6/commit/fdac99ad1b868064694d42dd4ac5d52f4acd0aea Just ensure you remove the var_dump line. This issue isn't a PayPal issue and affects most gateways
If you are 100% certain that you have that patch then something on your end is blocking the IPN process and you will need to speak to your hosting company
Ian
-
16 hours ago, jbranscum said:
One more reply for anyone that is looking to secure their php installation in the future; add the following to your php.ini file:
disable_functions =exec, system, passthru, pcntl_exec, popen, proc_open, shell_exec;
If it is your own dedicated server then that is good advice (although the list of functions included is up for debate and we block a couple more and if you are drastic, you can block 40 plus) but if like most on here, you are on a shared server and your hosting company hasn't even added this simply precaution, then you should question their commitment to security of your website
15 hours ago, bsmither said:There are a few older versions of CubeCart that have a vulnerability. (I would hope that these versions are not available for download from CubeCart's download center, or if they are, the vulnerability has been patched in those packages.)
All previous versions are available and are as they were originally released (I don't know any software package that would back patch all previous versions and why would you ?) but maybe @Al Brookbanks should add a very large bold red warning on the downloads page to only ever download and run the latest version as that has the most up to date security patches but then again surely tat is common sense ?!
Ian
-
Was there an issue associated with this change as I cannot find one ? @Al Brookbanks would it not be better to offer a method to reorganize based on assigned main category rather than the first letter of the filename of image ? Would seem to make much more sense and be much more useful ?
Ian
-
As Brian has said, this is not a flaw and is a misunderstanding by you in what the order statuses mean ! Pending simply means that an order has been placed in the store but NOT paid yet. On successful payment most gateways will automatically change the order status to Processing (a few have to be manually changed by an admin such as the Print Order and Manual Card - for obvious reasons!) and that is the trigger for the store admin to send out the order (although good advice for any and all E-Commerce products has always been to double check directly with the gateway that a payment has been received). Nice you have shipped the order, you updated shipping details (date etc etc) and change status to Completed
-
You are welcome and if you cope with php then you will get at least the basics (and probably much more) of MySQL easily - good online documentation is available
You should really look at creating plugins rather than changing core code as well. At the moment it is only the odd field but it is a very slippery slope and soon you will end up with a store that is much more complex to upgrade
-
The only safe thing to do is to assume that your store is compromised and after completely removing the hooks (database and actual file which incidentally would give you an idea when they were uploaded) you will need to clean the store - a re-upload of all 6.1.7 files again is a good start and then a visual inspection of all files and directories is belt and braces
Ian
-
It is possible to run MySQL commands within CubeCart via the Query Database option under maintenance but if you are not an expert at MySQL then I would always suggest using phpMyAdmin which is easier and should be available from within your hosting control panel (cPanel and Plesk both have options)
Ian
-
14 minutes ago, violinman said:
could that be related to the data base not being aware of the new variable? If so how would I remedy the problem please.
Hi Brian
That would be exactly it - if the database isnt aware of the new field where is the data supposed to be saved ? You can add new fields via phpMyAdmin
Ian
-
They look extremely suspect to me and I would say 100% that your store has been compromised. Google Analytics doesnt need any hooks and the naming is to try and persuade you that they are legit. You need to remove them completely (delete from admin and remove the file itself) however what you could also do is base64_decode that code to see exactly what it was doing - chances are that other areas of the store / files are compromised (adding hooks like that is done for a reason)
Ian
-
1 hour ago, keat said:
The fault was indeed identified as a false positive on a modsec rule.
You are welcome ! It isn't necessarily a false positive - that can only be determined by looking at the rule and the data (description) being saved but while mod_sec is generally good, it does trip sometimes when it shouldn't.
Alternative
in General Discussion
Posted
Because CubeCart is a great product and most people that use it, love it !
The developer's release should help if enough people actually use it although I would suggest that a week will not be long enough for a functional release, especially for developers that would like to validate their plugins and skins against the new release. It would be great if the developers release could be available via the admin auto upgrade so the actual upgrade functionality can also be tested. This could be controlled by a setting that would show either developer or stable releases.