Post by straightlight » Tue Mar 20, 2018 6:20 am

v1.5x releases are not delivered out of the box. The XML file must be edited, accordingly

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:08 pm

For those using the social login extension: https://www.opencart.com/index.php?rout ... n_id=18171 ,

in catalog/controller/extension/d_social_login/callback.php file,

find:

Code: Select all

if (isset($_REQUEST['hauth_start']) || isset($_REQUEST['hauth_done']))
replace with:

Code: Select all

if (isset($_REQUEST['hauth_start']) || isset($_REQUEST['hauth_done']) && !empty($_SESSION['__csrf']))
In catalog/controller/extension/d_social_login/callback_live.php file,

find:

Code: Select all

public function index (){
		$_REQUEST['hauth_done'] = 'Live';

		require_once("system/library/hybrid/auth.php");
		require_once("system/library/hybrid/endpoint.php");
		Hybrid_Endpoint::process();
	}
replace with:

Code: Select all

public function index () {
if (!empty($_SESSION['__csrf'])) {
		$_REQUEST['hauth_done'] = 'Live';

		require_once("system/library/hybrid/auth.php");
		require_once("system/library/hybrid/endpoint.php");
		Hybrid_Endpoint::process();
	}
}
In catalog/controller/extension/module/d_social_login.php file,

find:

Code: Select all

if (isset($this->request->get['provider'])) {
replace with:

Code: Select all

if (isset($this->request->get['provider']) && !empty($this->session->data['__csrf'])) {
Find:

Code: Select all

$this->log->write('Missing application provider.');
replace with:

Code: Select all

$this->log->write('Missing application provider or missing CSRF token.');

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:15 pm

For those using this extension: https://www.opencart.com/index.php?rout ... n_id=24825 ,

In catalog/controller/extension/module/oneall.php file,

find:

Code: Select all

if (isset($this->request->post) && !empty($this->request->post['connection_token']))
replace with:

Code: Select all

if (isset($this->request->post) && !empty($this->request->post['connection_token']) && !empty($this->session->data['__csrf']))

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:23 pm

For those using this extension: https://www.opencart.com/index.php?rout ... n_id=21672 , starting from v2.x releases,

In catalog/controller/account/socl_login.php file,

find:

Code: Select all

if (isset($soclall_id) && !empty($soclall_id) && isset($this->request->get['network'])) {
replace with:

Code: Select all

if (isset($soclall_id) && !empty($soclall_id) && isset($this->request->get['network']) && !empty($this->session->data['__csrf'])) {
Then, find:

Code: Select all

if ($login_info && ($login_info['total'] > $this->config->get('config_login_attempts')) && strtotime('-1 hour') < strtotime($login_info['date_modified'])) {
replace with:

Code: Select all

if (($login_info && ($login_info['total'] > $this->config->get('config_login_attempts')) && strtotime('-1 hour') < strtotime($login_info['date_modified'])) || (empty($this->session->data['__csrf']))) {

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:32 pm

For those using this extension: https://www.opencart.com/index.php?rout ... n_id=27180 , version 3.0.0,

In catalog/controller/module/gluu_sso.php (or catalog/controller/extension/module/gluu_sso.php) file,

find:

Code: Select all

if(!$this->customer->isLogged () and $this->gluu_is_port_working() and !empty($this->request->get['route']) and $this->request->get['route'] == 'account/login'){
replace with:

Code: Select all

if((!$this->customer->isLogged () and $this->gluu_is_port_working() and !empty($this->request->get['route']) and $this->request->get['route'] == 'account/login') (empty($this->session->data['__csrf']))) {
Then, find:

Code: Select all

if( isset( $_REQUEST['session_state'] ) ) {
replace with:

Code: Select all

if (isset($_REQUEST['session_state']) && !empty($_SESSION['__csrf'])) {
Then, find:

Code: Select all

if (is_array ($result) && ! empty ($result['email']))
replace with:

Code: Select all

if (is_array($result) && !empty($result['email']) && !empty($this->session->data['__csrf']))
Then, in the:

Code: Select all

public function admin_login($username) {
method, find:

Code: Select all

if ($user_query->num_rows) {
replace with:

Code: Select all

if ($user_query->num_rows && !empty($this->session->data['__csrf'])) {

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:53 pm

For those using this extension: https://www.opencart.com/index.php?rout ... n_id=32842 ,

In vqmod/xml/fb_login_one_page.xml file,

find:

Code: Select all

if(isset($this->request->post['email_address']) && $this->request->post['email_address'] != 'undefined'){
replace with:

Code: Select all

if(isset($this->request->post['email_address']) && $this->request->post['email_address'] != 'undefined' && !empty($this->session->data['__csrf'])){

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Tue Mar 20, 2018 8:57 pm

The last few posts about the extensions are about the use of remote APIs for login / register accounts with social logins. These few provided instructions will increase protection to your store.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 8:10 am

I downloaded the CSRF Protection Form plugin and there were only two files. I have installed them in the corresponding folders but the registration form is still accepting spam registration. What else do I need to do? My store is Version 3.0.2.0.

Thank you.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 8:19 am

Do you use any social logins extensions / remote APIs for logins on your store?

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 8:29 pm

No social login. Sorry to not know, but what would be an example of a remote API? We have a payment gateway.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 9:02 pm

A gateway that requires a remote login to your site.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 9:21 pm

Authorize.net is the only thing I can think of we're connecting to.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 9:31 pm

Which Authorize.net? There are three of them (if not more).

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 9:37 pm

AIM.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 9:40 pm

Which OC version are you using? More information is needed.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 9:41 pm

Version 3.0.2.0

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 9:54 pm

Does Authorize.net AIM requires a user to enter his user profile during checkout? The last time I checked their API, that wasn't required ...

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 9:57 pm

No, it does not. So I am pretty there are any other remote API's that require a user to login. It isn't that complicated a site.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am

Post by straightlight » Thu Mar 22, 2018 10:07 pm

Then, the issue is not with Authorize.net AIM but with something else on your site. Check your extensions.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by imagineds » Thu Mar 22, 2018 10:28 pm

I will private message you the extensions enabled.

Newbie

Posts

Joined
Fri Oct 05, 2012 5:57 am
Who is online

Users browsing this forum: No registered users and 3 guests