Show Posts

16

Security / Your website is Very Unsafe

« on: September 23, 2016, 01:30:21 PM »

After struggling with AbanteCart that would not update past 1.2.6, or would export/import, I built a brand new one by hand using the latest 1.2.8 build. I noticed a series of "bugs" or features as some may call them that made the rebuild all the more difficult.

I decided to run a web based security scanner from tinfoilsecurity.com. The scan just finished. The initial headers was Your website is Very Unsafe for both the new and the production site. The new site had 26 problems, the production site, 23.

Here are some of the details from the most severe of the twenty-six vulnerabilities listed on the new site. I do not know if I can caused some, but I haven't done a lot more than adding products/categories and so on. I suggest running your own free scan.


Vulnerability Name    URL    Variable    Rescan   Severity

Cross-Site Request Forgery   /index.php   loginFrm

Cross-Site Request Forgery   /index.php   SubscriberFrm

Unencrypted password form   /index.php   password

Clickjacking   /

Directory listing is enabled.   /storefront/view/default/javascript/

I also ran the scan on the production site using 1.2.6 that has fewer problems that 1.2.8, even though 1.2.6 has been in use for a long time!

Vulnerability Name    URL    Variable    Rescan   Severity

Cross-Site Scripting in event attribute of HTML element   /index.php   sort

Cross-Site Scripting in event attribute of HTML element   /index.php   manufacturer_id

Comments?

17

General Support / Is this a bug or a feature?

« on: September 19, 2016, 04:36:40 PM »

I am finishing a new 1.2.8 installation. When adding a product option to a product under options, and select text option, the system opens a text area box for insertion of content. The problem is that it doesn't save so the option is useless.

What am I doing wrong?

18

Installation and Configuration / Importing products

« on: September 12, 2016, 12:22:19 PM »

I haven't had any luck with importing products using an Excel spreadsheet.

I read this page - http://docs.abantecart.com/pages/tools/import.html and downloaded the sample "tab delimited" file for review.

When I created a simple spreadsheet in Excel and saved as tab delimited. I reopened the file, selected tax delimited and got this -
A B C A B C A B C
2 2 2 2 2 2 2 2 2
3 3 3 3 3 3 3 3 3

Very nice

Why does the sample not work the same way?

Excel imported the file, products-insert-example-tab. It looks like garbage.

"action products.model products.sku products.location products.quantity products.stock_status_id products.manufacturer_id products.shipping products.ship_individually products.free_shipping products.shipping_price products.price products.tax_class_id products.date_available products.weight products.weight_class_id products.length products.width products.height products.length_class_id products.status products.viewed products.sort_order products.subtract products.minimum products.cost product_descriptions[0].language_id product_descriptions[0].name product_descriptions[0].meta_keywords product_descriptions[0].meta_description product_descriptions[0].description product_descriptions[1].language_id product_descriptions[1].name product_descriptions[1].meta_keywords product_descriptions[1].meta_description product_descriptions[1].description products_related[0].related_id products_to_categories[0].category_id products_to_categories[1].category_id products_to_categories[2].category_id products_to_categories[3].category_id products_to_downloads[0].download_id products_to_stores[0].store_id product_options[0].product_option_id product_options[0].attribute_id product_options[0].group_id product_options[0].sort_order product_options[0].status product_options[0].element_type product_options[0].required product_option_descriptions[0][0].language_id product_option_descriptions[0][0].name product_option_descriptions[0][1].language_id product_option_descriptions[0][1].name product_option_values[0][0].product_option_value_id product_option_values[0][0].group_id product_option_values[0][0].sku product_option_values[0][0].quantity product_option_values[0][0].subtract product_option_values[0][0].price product_option_values[0][0].prefix product_option_values[0][0].weight product_option_values[0][0].weight_type product_option_values[0][0].attribute_value_id product_option_values[0][0].grouped_attribute_data product_option_values[0][0].sort_order product_option_value_descriptions[0][0][0].language_id product_option_value_descriptions[0][0][0].name product_option_value_descriptions[0][0][0].grouped_attribute_names product_option_value_descriptions[0][0][1].language_id product_option_value_descriptions[0][0][1].name product_option_value_descriptions[0][0][1].grouped_attribute_names product_option_values[0][1].product_option_value_id product_option_values[0][1].group_id product_option_values[0][1].sku product_option_values[0][1].quantity product_option_values[0][1].subtract product_option_values[0][1].price product_option_values[0][1].prefix product_option_values[0][1].weight product_option_values[0][1].weight_type product_option_values[0][1].attribute_value_id product_option_values[0][1].grouped_attribute_data product_option_values[0][1].sort_order product_option_value_descriptions[0][1][0].language_id product_option_value_descriptions[0][1][0].name product_option_value_descriptions[0][1][0].grouped_attribute_names product_option_value_descriptions[0][1][1].language_id product_option_value_descriptions[0][1][1].name product_option_value_descriptions[0][1][1].grouped_attribute_names product_specials[0].product_special_id product_specials[0].customer_group_id product_specials[0].priority product_specials[0].price product_specials[0].date_start product_specials[0].date_end product_tags[0].tag product_tags[0].language_id product_tags[1].tag product_tags[1].language_id product_tags[2].tag product_tags[2].language_id product_tags[3].tag product_tags[3].language_id resource_map[0].resource_id resource_map[0].object_name resource_map[0].object_id resource_map[0].default resource_map[0].sort_order resource_library[0][0].resource_id resource_library[0][0].type_id resource_descriptions[0][0][0].language_id resource_descriptions[0][0][0].name resource_descriptions[0][0][0].title resource_descriptions[0][0][0].description resource_descriptions[0][0][0].resource_path resource_descriptions[0][0][0].resource_code resource_descriptions[0][0][1].language_id resource_descriptions[0][0][1].name resource_descriptions[0][0][1].title resource_descriptions[0][0][1].description resource_descriptions[0][0][1].resource_path resource_descriptions[0][0][1].resource_code resource_map[1].resource_id resource_map[1].object_name resource_map[1].object_id resource_map[1].default resource_map[1].sort_order resource_library[1][0].resource_id resource_library[1][0].type_id resource_descriptions[1][0][0].language_id resource_descriptions[1][0][0].name resource_descriptions[1][0][0].title resource_descriptions[1][0][0].description resource_descriptions[1][0][0].resource_path resource_descriptions[1][0][0].resource_code resource_descriptions[1][0][1].language_id resource_descriptions[1][0][1].name resource_descriptions[1][0][1].title resource_descriptions[1][0][1].description resource_descriptions[1][0][1].resource_path resource_descriptions[1][0][1].resource_code resource_map[2].resource_id resource_map[2].object_name resource_map[2].object_id resource_map[2].default resource_map[2].sort_order resource_library[2][0].resource_id resource_library[2][0].type_id resource_descriptions[2][0][0].language_id resource_descriptions[2][0][0].name resource_descriptions[2][0][0].title resource_descriptions[2][0][0].description resource_descriptions[2][0][0].resource_path resource_descriptions[2][0][0].resource_code resource_descriptions[2][0][1].language_id resource_descriptions[2][0][1].name resource_descriptions[2][0][1].title resource_descriptions[2][0][1].description resource_descriptions[2][0][1].resource_path resource_descriptions[2][0][1].resource_code"
"insert 558003 testsku 99 1 0 0 0 0.0000 29.5000 1 2011-08-29 75.00 2 40.00 25.00 15.00 0 1 8 1 0 1 0.0000 1 Skinsheen Bronzer Stick """
" Bronzes"

19

Support / Bulk transfer or editing of images

« on: September 07, 2016, 04:47:58 PM »

I am rebuilding our site by hand, as the export/import routine does not work properly. Some images were linked, some were not. I copied the images folder before the import with poor results.

Is there a way to bulk add images to a range of products to avoid the manual unlinking of non-existing images after the "restore" from each product. Then delete the non-images from the media manger and finally ... bulk edit from the product list to apply the same images to a number of product variations, each being a separate line item?

20

Support / Removing stock images

« on: September 02, 2016, 10:14:47 AM »

I setup a new 1.2.8 cart and although selecting not to import sample database, the website has lots of cosmetic images. How do I get rid of them? Nothing that I've tried works and they are not shown under Media Manager.

Is there a way to import just images, and if possible link them automatically with products? Perhaps a csv file. I've tried exporting and importing data but the import fails and nothing is imported.

21

Template Support / html2 template

« on: August 30, 2016, 11:39:05 AM »

I get the impression that template default_html5 does not work with the recent updates to AbanteCart?

If it does, it doesn't restore to a new site with the current version.

How do you manually move default_html5?

Thank you.

22

Support / Need for a step by step migration process.

« on: August 27, 2016, 08:01:52 AM »

I know that you can backup AbanteCart, install a newer version and restore the cart... but it isn't complete. Can a person who has done this, move and restore a complete system so that the new installation is exactly the same as the old write a step by step guide. I think that just the bullet points will work.

Everything I've found seems to end with ... then a miracle occurs, and then you're done.

Sadly, steps are missing and a miracle doesn't occur.

Help please. It's the missing link in this really excellent software.

23

General Support / Migration of working AbanteCart to newer version of AbanteCart on new host

« on: August 27, 2016, 07:57:37 AM »

I note that AbanteCart includes a conversion tool to move other shopping carts to AbanteCart. How about a similar tool to move a working AbanteCart v x.x.x to another host. In other words, install the latest AbanteCart on another host and run the setup. Then use the tool to move all of the files, data, images, templates, etc. to the new host so that the new cart is identical to the old, plus installed on the latest version of the software.

Is this difficult?

24

Upgrade / Detailed upgrade methods needed

« on: August 24, 2016, 11:52:52 AM »

Although AbanteCart is a really good e-commerce software, from my opinion it's weakness is the upgrade system.

Sometimes I can just click through the upgrade button and it upgrades in a few seconds. "Please click following link this link to start the upgrade." Then for newer upgrades, the system doesn't work as the popup just reappears that had the original upgrade information.

Sadly, the only manual upgrade information is not complete and assumes that the upgrader has done a manual upgrade before and skips details such as "... then a miracle occurs and it all works." The manual installation appears to be just copying the new files over the old, but keeping the original config file and then running a command. How to run the command remains a mystery. Any ideas?

I also installed a 1.2.x (current version) on my Bluehost server and after the install, restored the manual backup of everything (or so I thought) from the files/folders. Although it "worked" the images weren't transferred nor the templates and other details. It became so confusing that I gave up for lack of time.

Does anyone have a long version of how to upgrade AbanteCart?

As I wrote above, it would be nice to make a manual backup, install the current version, restore to it and the new site is identical to the old. It would be nice.

25

General Support / Broken default Abantecart 1.21

« on: October 26, 2015, 03:10:08 PM »

I have been working to upgrade version 1.21 to 1.22, 1.23 and so on without any success. I decided to find if the default AbanteCart was defective or if I was making a mistake. I found that AbanteCart is broken!

I installed a fresh version of 1.21 using a new MySql database and the default sample data. I immediately attempted an upgrade only to get the same message as with my production system attempts.

There has been a critical error processing your request

So my data had nothing to do with the upgrade errors. Does AbanteCart have a solution other than to start again on 1.24 hoping that they have figured out how to do a simple upgrade from 1.24 to 1.25 and on toward v2.0?

26

General Support / Cannot import data exported from 1.2.1. to 1.2.4

« on: October 08, 2015, 02:20:36 PM »

I have been trying to update my site from 1.2.1 to later versions and cannot do it. I get this message when I looked at the log, referencing lines 74 and 114 in the mysql.php file.

I installed a test 1.2.4 version with an empty data base, exported the entire database from 1.2.1 and tried to import. It failed. I then download each individual data type and tried to import those. Some worked, some failed. In other words it doesn't work.

Any ideas specific to the line 74 and 114 problems, or how to make the data export/import work?

public function query($sql, $noexcept = false) {
//echo $this->database_name;
$time_start = microtime(true);
LINE 74 -> $resource = mysql_query($sql, $this->connection);
$time_exec = microtime(true) - $time_start;

if($noexcept){
$this->error = 'AbanteCart Error: ' . mysql_error($this->connection) . ' Error No: ' . mysql_errno($this->connection) . ' ' . $sql;
return FALSE;
}else{
LINE 114 -> throw new AException(AC_ERR_MYSQL, 'Error: ' . mysql_error($this->connection) . ' Error No: ' . mysql_errno($this->connection) . ' ' . $sql);
}
}
}
Modify message

27

General Support / update from 1.2.1

« on: September 23, 2015, 03:36:06 PM »

I've been using version 1.2.1 for a while and used a custom table prefix having replaced abc_xxx. I have been unable to upgrade to 1.2.2, 1.2.3 and now 1.2.4 as I always got a critical error. I believed that the non-standard table names were the problem.

I copied the entire folder set to another web folder, changed the tables prefixes to abc_ and changed it in the config.php file. It worked fine as I now have an identical "backup" of the original website as if I migrated it to another ISP.

The problem is that I have the same problem. I cannot update the system so abc_ may have been just one of the problems.

Suggestions?

AbanteCart core upgrade to v1.2.2 is now available

Message status:
notice

Date:
09/23/2015 01:26:01 PM

Number of repetitions:
7

You can upgrade AbanteCart core now. Upgrade is for version 1.2.1 and will change your AbanteCart application to version 1.2.2 Please click following link this link to start the upgrade.

followed by -

There has been a critical error processing your request
Please check AbanteCart and webserver error logs for more details. You can check error log in the control panel if it is functional. Otherwise, refer to error log located on your web server

28

Built-in Features / Too low to show price button

« on: January 03, 2015, 04:23:21 PM »

I've looked at v1.2 that is a big improvement, but don't see a Call for Price button to avoid listing the price. It's sometimes called a Too low to show, Call for Price or similar.

If you list the price on the Internet, someone else is almost always selling the same product for less so it's a race to the bottom.

The Call for Price, Too low to show gets the prospect to call for the price and engage. That sells products, not click here to order.

Any chance for a paid add-in that provides a variety of ways to do this?

29

General Discussion / Call for price feature

« on: December 22, 2014, 02:17:01 PM »

I've looked at v1.2 and don't see a Call for Price button to avoid listing the price. It's sometimes called a Too low to show, Call for Price and sometimes... Price will show in the shopping cart.

All of these help sales and avoid the manufacturers' requests not to sell their products too cheaply.

Does it have anything like those features?

30

General Support / Sorting Specials and Featured products

« on: September 17, 2014, 10:29:39 AM »

The image display of Specials, Newly Listed and Featured products is really nice, but I don't know how to either sort them away from an alphabetized list or a granular way of only showing the desired products, or having them display randomly.

Why? Because either some products in the Specials will never show, just the first alphabetized items that fits in the space allocated, and there doesn't appear to be a way to change the newly listed date so you can manually force certain products to appear.

Ideas?

News:

Topics - alevene