What are the steps you did on your end to install this extension?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I uploaded via FTP to the following paths:
/system/helper - File csrf_helper.php
and then on
/vqmod/xml - File csrf.xml
Refreshed the cache and checked the page source. The admin works but not the front end .
No errors in the VQManager error log and no header.php in the catalog only vq2-admin_controller_common_header.php
Let me know if any other details are needed.
Regards,
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<modification>
<id>CSRF Form Protection</id>
<version>v2.x and v3.x</version>
<vqmver required="true">2.6.0</vqmver>
<author>Straightlight</author>
<file name="admin/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
<file name="catalog/controller/common/header.php" error="skip">
<operation error="skip">
<search position="before"><![CDATA[$data['scripts']]]></search>
<add><![CDATA[
$this->load->helper('csrf_helper');
csrf_start();
]]></add>
</operation>
</file>
</modification>
The XML looks fine. Ensure to look in your VQMod Manager for unusual lines that it's tracking.This is what I have in the XML. I'm I missing something?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
However in the source code in the front end after deleting the site cache, browser cache etc, I'm still unable to see the csrf
This is what is shows when trying the account register:
<p>If you already have an account with us, please login at the <a href="https://www.MYSITE.com/index.php?route= ... gin">login page</a>.</p>
<form action="https://www.MYSITE.com/index.php?route=account/register" method="post" enctype="multipart/form-data" class="form-horizontal">
<fieldset id="account">
Not sure what to look for as unusual. This is what my vqcache shows as files there:
/vqmod/vqcache/vq2-admin_controller_common_header.php
/vqmod/vqcache/vq2-admin_controller_common_menu.php
/vqmod/vqcache/vq2-admin_controller_extension_installer.php
/vqmod/vqcache/vq2-admin_controller_setting_setting.php
/vqmod/vqcache/vq2-admin_language_english_common_menu.php
/vqmod/vqcache/vq2-admin_model_catalog_product.php
/vqmod/vqcache/vq2-admin_model_sale_order.php
/vqmod/vqcache/vq2-catalog_controller_checkout_cart.php
/vqmod/vqcache/vq2-catalog_controller_checkout_confirm.php
/vqmod/vqcache/vq2-catalog_controller_checkout_success.php
/vqmod/vqcache/vq2-catalog_controller_common_header.php
/vqmod/vqcache/vq2-catalog_controller_information_contact.php
/vqmod/vqcache/vq2-catalog_controller_information_information.php
/vqmod/vqcache/vq2-catalog_controller_module_featured.php
/vqmod/vqcache/vq2-catalog_controller_product_category.php
/vqmod/vqcache/vq2-catalog_controller_product_search.php
/vqmod/vqcache/vq2-catalog_model_catalog_product.php
/vqmod/vqcache/vq2-system_engine_action.php
/vqmod/vqcache/vq2-system_engine_controller.php
/vqmod/vqcache/vq2-system_engine_loader.php
/vqmod/vqcache/vq2-system_library_cart.php
/vqmod/vqcache/vq2-system_library_config.php
/vqmod/vqcache/vq2-system_library_language.php
/vqmod/vqcache/vq2-system_modification_admin_controller_common_menu.php
/vqmod/vqcache/vq2-system_modification_admin_model_catalog_product.php
/vqmod/vqcache/vq2-system_modification_catalog_controller_common_header.php
/vqmod/vqcache/vq2-system_modification_catalog_controller_product_product.php
/vqmod/vqcache/vq2-system_modification_catalog_model_catalog_product.php
/vqmod/vqcache/vq2-system_modification_catalog_model_checkout_order.php
/vqmod/vqcache/vq2-system_modification_system_engine_action.php
/vqmod/vqcache/vq2-system_modification_system_engine_loader.php
/vqmod/vqcache/vq2-system_modification_system_library_config.php
/vqmod/vqcache/vq2-system_modification_system_library_language.php
/vqmod/vqcache/vq2-system_startup.php
/vqmod/vqcache/vq2-admin_view_template_common_header.tpl
/vqmod/vqcache/vq2-admin_view_template_common_menu.tpl
/vqmod/vqcache/vq2-admin_view_template_setting_setting.tpl
/vqmod/vqcache/vq2-catalog_view_theme_rpm_template_checkout_register.tpl
/vqmod/vqcache/vq2-catalog_view_theme_rpm_template_common_header.tpl
/vqmod/vqcache/vq2-catalog_view_theme_rpm_template_module_featured.tpl
/vqmod/vqcache/vq2-catalog_view_theme_rpm_template_product_category.tpl
/vqmod/vqcache/vq2-catalog_view_theme_rpm_template_product_search.tpl
/vqmod/vqcache/vq2-system_modification_admin_view_template_common_menu.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_rpm_template_account_register.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_rpm_template_common_header.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_rpm_template_product_product.tpl
Anything else I should try to see if I can get this resolved?
Thanks again for all your help!
Regards,
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
I tried what you suggested but to no avail. I cleared all the cache's and set in the admin as default template but now I'm not even getting in the VQcache the catalog header. This is what I have now in the VQcache. Still no errors in VQManager or admin error log
/vqmod/vqcache/vq2-admin_controller_common_header.php
/vqmod/vqcache/vq2-admin_controller_common_menu.php
/vqmod/vqcache/vq2-admin_controller_setting_setting.php
/vqmod/vqcache/vq2-admin_language_english_common_menu.php
/vqmod/vqcache/vq2-admin_model_catalog_product.php
/vqmod/vqcache/vq2-admin_model_sale_order.php
/vqmod/vqcache/vq2-catalog_controller_information_contact.php
/vqmod/vqcache/vq2-catalog_controller_module_featured.php
/vqmod/vqcache/vq2-catalog_controller_product_category.php
/vqmod/vqcache/vq2-system_engine_action.php
/vqmod/vqcache/vq2-system_engine_controller.php
/vqmod/vqcache/vq2-system_engine_loader.php
/vqmod/vqcache/vq2-system_library_cart.php
/vqmod/vqcache/vq2-system_library_config.php
/vqmod/vqcache/vq2-system_library_language.php
/vqmod/vqcache/vq2-system_modification_admin_controller_common_menu.php
/vqmod/vqcache/vq2-system_modification_admin_model_catalog_product.php
/vqmod/vqcache/vq2-system_modification_catalog_controller_common_header.php
/vqmod/vqcache/vq2-system_modification_catalog_controller_product_product.php
/vqmod/vqcache/vq2-system_modification_catalog_model_catalog_product.php
/vqmod/vqcache/vq2-system_modification_system_engine_action.php
/vqmod/vqcache/vq2-system_modification_system_engine_loader.php
/vqmod/vqcache/vq2-system_modification_system_library_config.php
/vqmod/vqcache/vq2-system_modification_system_library_language.php
/vqmod/vqcache/vq2-system_startup.php
/vqmod/vqcache/vq2-admin_view_template_common_header.tpl
/vqmod/vqcache/vq2-admin_view_template_common_menu.tpl
/vqmod/vqcache/vq2-admin_view_template_setting_setting.tpl
/vqmod/vqcache/vq2-catalog_view_theme_default_template_module_featured.tpl
/vqmod/vqcache/vq2-catalog_view_theme_default_template_product_category.tpl
/vqmod/vqcache/vq2-system_modification_admin_view_template_common_menu.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_default_template_account_register.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_default_template_common_header.tpl
/vqmod/vqcache/vq2-system_modification_catalog_view_theme_default_template_product_product.tpl
Anything else I should try?
Regards,
@pair: Send me a PM and I will take a look at the issue.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
In your catalog/controller/api/login.php file,
find:
Code: Select all
if ($api_info) {
Code: Select all
if ($api_info && !empty($this->session->data['__csrf'])) {
Code: Select all
} else {
$json['error']['key'] = $this->language->get('error_key');
}
}
Code: Select all
} else {
$json['error']['key'] = $this->language->get('error_key');
}
} else {
$json['error']['key'] = $this->language->get('error_login_csrf');
}
Code: Select all
$_['error_login_csrf'] = 'Either the API login or the CSRF key are invalid!';
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
In your admin/controller/sale/order.php file,
find all instances of:
Code: Select all
if ($api_info && $this->user->hasPermission('modify', 'sale/order')) {
Code: Select all
if ($api_info && $this->user->hasPermission('modify', 'sale/order') && !empty($this->session->data['__csrf'])) {
In your admin/controller/marketplace/openbay.php file,
find all instances of:
Code: Select all
if (isset($api_info['error']) || isset($api_login['error'])) {
Code: Select all
if ((isset($api_info['error']) || isset($api_login['error'])) || (empty($this->session->data['__csrf']))) {
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Code: Select all
Upload the files.
Deleted all vqmodcache files.
Deleted checked.cache and mods.cache
Than go to a page in your catalog, than there will be the file vq2-catalog_controller_common_header.php
with this code in it
Code: Select all
$data['styles'] = $this->document->getStyles();
$this->load->helper('csrf_helper');
csrf_start();
$data['scripts'] = $this->document->getScripts();
Thanks for providing your steps. However, do not forget to download the latest release of the system/helper/csrf_helper.php file, as of today's release, if you don't already have it.k2tec wrote: ↑Sun Feb 25, 2018 9:18 pmPair, this what I did.Code: Select all
Upload the files.
Deleted all vqmodcache files.
Deleted checked.cache and mods.cache
Than go to a page in your catalog, than there will be the file vq2-catalog_controller_common_header.php
with this code in itCode: Select all
$data['styles'] = $this->document->getStyles(); $this->load->helper('csrf_helper'); csrf_start(); $data['scripts'] = $this->document->getScripts();
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
For me at least the code in vq2-catalog_controller_common_header.php shows up as well. But unfortunately that's the only change I see. Page source in frontend pages does not show any csrf-related changes. I seem to have exactly the same issue Pair is having. We are using different themes though.k2tec wrote: ↑Sun Feb 25, 2018 9:18 pmPair, this what I did.Code: Select all
Upload the files.
Deleted all vqmodcache files.
Deleted checked.cache and mods.cache
Than go to a page in your catalog, than there will be the file vq2-catalog_controller_common_header.php
with this code in itCode: Select all
$data['styles'] = $this->document->getStyles(); $this->load->helper('csrf_helper'); csrf_start(); $data['scripts'] = $this->document->getScripts();
I've installed all the updated releases of the extension, cleared the cache more times I can count and each time checked the vqmanager and error log. So far no luck on the frontend and nothing in logs. In admin it works flawlessly since day 1.
OC 2.1.0.2.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
By posting your XML file with the changes you made.Where else can I look why the code can't track my code?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: No registered users and 36 guests