Post by rempong » Thu Dec 28, 2017 7:45 pm

straightlight wrote:
Thu Dec 28, 2017 12:07 am
As explained here: viewtopic.php?f=190&t=165170#p628394
OC 2X session creation isnt random enough. Use 3.X code you'll be fine

OPENCART MODULE :
Opencart Compare Link VQMOD, Link your compared product to forum/email

Copy and DIRECTLY Edit Product, the easy way.

Custom Product Sort, Full control to product sorting options

Already Sold Product Module, shows total product sold

Opencart Shortcode (Wordpress Clone)


Active Member

Posts

Joined
Fri Sep 14, 2012 2:38 pm
Location - Indonesia

Post by straightlight » Thu Dec 28, 2017 9:42 pm

rempong wrote:
Thu Dec 28, 2017 7:45 pm
straightlight wrote:
Thu Dec 28, 2017 12:07 am
As explained here: viewtopic.php?f=190&t=165170#p628394
OC 2X session creation isnt random enough. Use 3.X code you'll be fine
Correct, which is why I recommend using v3.x releases of Opencart rather than remaining on the v2.x releases since the beginning.

Or - to use the CSRF protection form extension library as it can also be used within the APIs when posting variables via AJAX despite if it's for v2.x or with the v3.x releases.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by kevtheirish » Tue Feb 13, 2018 12:34 pm

straightlight wrote:
Tue Jul 12, 2016 9:14 pm

In your catalog/view/theme/<your_theme>/template/account/login.html file,

find:

Code: Select all

<form
add on the very next line:

Code: Select all

<?php echo $csrf_form_input; ?>
This will protect and tokenize each individual customers by logging into their account safely without session overrides.

As to address the complaint to the customers, inform them to change their account password on a regular basis to ensure their account privacy safety.
i dont have a login.html, mine is login.tpl v2.0.2.0
the first "<form" I have is actually

Code: Select all

            <form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
so I added it here

Code: Select all

<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
              <div class="form-group">
                <label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
                <input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
              </div>

is that correct?

Active Member

Posts

Joined
Mon Jan 16, 2012 2:58 am

Post by straightlight » Wed Feb 14, 2018 6:47 am

The CSRF input line needs to be added right below this line:

Code: Select all

<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
For further questions about the CSRF extensions, please post in the official CSRF support topic on the forum. The link is provided from the marketplace on the extension's page.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 36 guests