Post by GoldenTongs » Thu Jan 29, 2015 7:37 pm

i am curious,
as i have recently purchased an extension from oc.com
http://www.opencart.com/index.php?route ... n_id=19059
however the extension has quite a few bugs, which i am finding and pointing out to the dev
even though the dev refuses to ackowledge any of them
today i spotted a simple bug and fixed it
but
when i did
next time i went to the extension settings
i was prompted with
mod will expire in 29 days, activate for live site, extend trial, activation guide

now i am not complaining about mod being limited to one live install, i am all for devs earning, which in turn motivates them to develop better mods,
my problem is firstly the extension is not fully working, with many silly small bugs and the dev does not even acknowledge any of them of fix (even though he updates daily but makes no changes)
and the activate link takes me to 404 on their site http://www.opcartstore.com/active
the activation guide just says "hello"

and also my main concern, is if this extension is checking for valid license (just like PSN does with games)
what happens if the devs site is down ?
i assume the extension will then not work (like PSN and games)
also i run a private site, and do not want any connection to another site,
or anyone having my details linked to the domain.

is this dev violating GPL license ?
or is this allowed ?
what happens with extension when his site is offline ?

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by Dhaupin » Thu Jan 29, 2015 11:25 pm

If its not encrypted just remove the license check or spoof it. If it is encrypted, report it for violating GPL then request they send the full source (which they wont). I doubt they made the correct channels to be a proper "aggregate" under GPL if its encrypted. After that get a refund, go to decry.pt, email them a demo file and license, sign up if successful with refund cash, boom good to go. They will not have the cash to hire laywers to sue you, and if they do, they will lose (improper aggregate).

If they offload parts of the code to their own server for access via API, then you are out of luck without constructing the code that does actions. And yes, if their servers go down (or are not able to handle production load) then you are stuck with a broken mod. Unfortunately this type of "remote actions" mod is technically allowed under GPL aggregate clauses....as long as its not encrypted too.

We bought the vtiger sync mod recently and discovered full encryption with intentionally coded limits that were not mentioned anywhere. In your boat exactly -- decrypted, removed the bullshit limits, and it magically works brilliantly. Some devs just dont understand what GPL means....they are more concerned about scamming cash out of you than developing a good mod. Amateurs.
Last edited by Dhaupin on Thu Jan 29, 2015 11:32 pm, edited 1 time in total.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by Johnathan » Thu Jan 29, 2015 11:32 pm

I understand wanting to encrypt your own code, to protect your intectual property, but I don't believe this is allowed in the opencart.com extension store. If you find an extension that is encrypted, contact the the OpenCart team about it.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by Dhaupin » Thu Jan 29, 2015 11:38 pm

Johnathan wrote:I understand wanting to encrypt your own code, to protect your intectual property, but I don't believe this is allowed in the opencart.com extension store. If you find an extension that is encrypted, contact the the OpenCart team about it.
You mean all these mods? https://www.google.com/?gws_rd=ssl#q=si ... 22+ioncube

(not all of them use ioncube anymore)

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by GoldenTongs » Fri Jan 30, 2015 12:46 am

Dhaupin wrote:If its not encrypted just remove the license check or spoof it. If it is encrypted, report it for violating GPL then request they send the full source (which they wont). I doubt they made the correct channels to be a proper "aggregate" under GPL if its encrypted. After that get a refund, go to decry.pt, email them a demo file and license, sign up if successful with refund cash, boom good to go. They will not have the cash to hire laywers to sue you, and if they do, they will lose (improper aggregate).

If they offload parts of the code to their own server for access via API, then you are out of luck without constructing the code that does actions. And yes, if their servers go down (or are not able to handle production load) then you are stuck with a broken mod. Unfortunately this type of "remote actions" mod is technically allowed under GPL aggregate clauses....as long as its not encrypted too.

We bought the vtiger sync mod recently and discovered full encryption with intentionally coded limits that were not mentioned anywhere. In your boat exactly -- decrypted, removed the bullshit limits, and it magically works brilliantly. Some devs just dont understand what GPL means....they are more concerned about scamming cash out of you than developing a good mod. Amateurs.
the extension is not encrypted
but where do i find the code to remove, i am worried as i had this problem a couple years back using CC with 2 different devs, one devs site kept going offline and my customers reported issues to me, luckily his mods were not encrypted so i had someone remove the code that was calling to the devs site, but the 2nd dev just decided it was time to move onto other things and closed his site and i had a few mods all encrypted, it was a real headache sorting it all out. This is why i have recently switched to OC as it is open cource to avoid devs having call backs to their own sites and encrypted mods that you could not adjust to suit if needed.

as with this rewards pro mod, the dev is providing zero support(apart from read my wiki which has zero info) and it has many bugs and is not working on my live site, and took a bit of work getting it working on fresh install, but it still does not work correctly or as desired.

i can see the code that displays the notice which is repeated a few times in the one file, but is this what i need to remove or is/will there be more in other files ?

Code: Select all

$data['token'] = $this->session->data['token'];
        $day_remaining = $this->getExpireDays();
        if (isset($this->error['warning'])) {
            $data['error_warning'] = $this->error['warning'];
        } else {
            if($day_remaining <= 0){
                $data['error_warning'] = 'Notification: The <b style="color:green">Advance Reward Points Pro</b> has expired. <a href="http://www.opcartstore.com/active" target="_blank" style="color: #E8710C">Activate for Live site</a> |<a href="index.php?route=promotions/reward_points/extend&token='.$this->session->data['token'].'" style="color: #E8710C">Extend trial</a> in 7 days | <a target="_blank" href="http://wiki.opcartstore.com/w/index.php?title=Activation_Guide" style="color: #E8710C">Activation Guide</a>';
            }else{
                if($day_remaining <= 30)
                    $data['error_warning'] = 'Notification: The <b style="color:green">Advance Reward Points Pro</b> extension will expire in '.$day_remaining.' days. <a href="http://www.opcartstore.com/active" target="_blank" style="color: #E8710C">Activate for Live site</a> |<a href="index.php?route=promotions/reward_points/extend&token='.$this->session->data['token'].'" style="color: #E8710C">Extend trial</a> in 7 days | <a target="_blank" href="http://wiki.opcartstore.com/w/index.php?title=Activation_Guide" style="color: #E8710C">Activation Guide</a>';
            }
        } 
as i mentioned the activate link in the code directs to a 404, and the activation guide states nothing.

any help would be greatly appreciated
i have already nearly given up on this extension, even though it is needed.

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by Dhaupin » Fri Jan 30, 2015 1:12 am

Well thats good its not encrypted. You could try replacing this line:

Code: Select all

$day_remaining = $this->getExpireDays();
With this line:

Code: Select all

$day_remaining = '9999';
Or if that needs an integer, replace with:

Code: Select all

$day_remaining = 9999;

Alternatively, you can search the files for getExpireDays() function and comment out their site check, then just always make it return 9999 days no matter what. That would probably work better in case its used elsewhere...not sure where that function is though in your mod. Either way that should make it always see there is 27 years worth of days remaining.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by Johnathan » Fri Jan 30, 2015 5:45 am

Dhaupin wrote:
Johnathan wrote:I understand wanting to encrypt your own code, to protect your intectual property, but I don't believe this is allowed in the opencart.com extension store. If you find an extension that is encrypted, contact the the OpenCart team about it.
You mean all these mods? https://www.google.com/?gws_rd=ssl#q=si ... 22+ioncube

(not all of them use ioncube anymore)
Anyone that finds these should report them, as I believe that's not allowed. If I'm wrong, feel free to correct me, Daniel or James.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by Dhaupin » Fri Jan 30, 2015 6:02 am

Johnathan wrote:
Dhaupin wrote:
Johnathan wrote:I understand wanting to encrypt your own code, to protect your intectual property, but I don't believe this is allowed in the opencart.com extension store. If you find an extension that is encrypted, contact the the OpenCart team about it.
You mean all these mods? https://www.google.com/?gws_rd=ssl#q=si ... 22+ioncube

(not all of them use ioncube anymore)
Anyone that finds these should report them, as I believe that's not allowed. If I'm wrong, feel free to correct me, Daniel or James.
I sent an email into OC headquarters a few hours ago about one and how they scammed us because of it. Looking forward to hearing back (no hurry though) :)

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by GoldenTongs » Fri Jan 30, 2015 11:42 am

the mod also requires that you change permissions for vqmod/xml folder to chmod 777

is this wise or safe ?

and sorry i am going off topic to OP post

but dev knows his extension has bugs and refuses to fix them, stating he does not fix extension bugs on opencart but will only fix on customers site via FTP

10 days ago i reported bugs with fixes, only minor ones, but dev refuses to update his extension with fixes,
although he does update it daily to make it come top of search on opencart

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by GoldenTongs » Fri Jan 30, 2015 2:09 pm

is the code below partially encrypted ?
as this is in the mods setup file
i did notice base64 in few files but did not see any encrypted code
but have just looked at setup file and found the following

Code: Select all

						   (1, 'Reward for all products', 'Reward for all products in', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjE6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fX19', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 1, 0, 100, 0, 0, 0),
						   (2, 'For any products', 'For any products', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjE6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fX19', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 20, 5, 0, 0, 0);";
			$db->query($insert_sql);
			echo message_tbl("Created table <b>$table_catalog_rules</b> complete.");
		}
	}catch(Exception $e){
		echo message_tbl("Table <b>$table_catalog_rules</b> exist.", 'error');
	}
}

$table_shopping_cart_rules = DB_PREFIX . "shopping_cart_rules";
if(!isset($table_rows[$table_shopping_cart_rules])){
	$shopping_cart_rule_sql = "CREATE TABLE $table_shopping_cart_rules(
                    `rule_id` int(11) unsigned NOT NULL auto_increment,
                    `name` varchar(255) NOT NULL default '',
                    `description` text NOT NULL default '',
                    `conditions_serialized` mediumtext NOT NULL default '',
                    `store_view` varchar(255) NOT NULL default '0',
                    `customer_group_ids` varchar(255) NOT NULL default '',
                    `start_date` varchar(255) NOT NULL default '',
                    `end_date` varchar(255) NOT NULL default '',
                    `actions` int(2) NOT NULL default '0',
                    `reward_per_spent` int(11) NOT NULL default '0',
                    `reward_point` int(11) NOT NULL default '0',
                    `rule_position` int(11) NOT NULL default '0',
                    `stop_rules_processing` int(2) NOT NULL default '0',
                    `status` INT(2) NOT NULL default '0',
                    PRIMARY KEY (`rule_id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";
	try
	{
		if ($db->query($shopping_cart_rule_sql)) {
			$insert_sql = "INSERT INTO `$table_shopping_cart_rules` (`rule_id`, `name`, `description`, `conditions_serialized`, `store_view`, `customer_group_ids`, `start_date`, `end_date`, `actions`, `reward_per_spent`, `reward_point`, `rule_position`, `stop_rules_processing`, `status`) VALUES
				           (1, 'Whole Cart Rule', 'Buy $1000, get 300 points!', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo0OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6OToiYXR0cmlidXRlIjtzOjE2OiJhdHRyaWJ1dGVfc2V0X2lkIjtzOjg6Im9wZXJhdG9yIjtzOjU6IiZndDs9IjtzOjU6InZhbHVlIjtzOjM6IjUwMCI7fX19', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 300, 0, 0, 0),
				           (2, 'Bulk Purchase amount of $2000+', 'Bulk Purchase amount of $2000+', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6NDoidGV4dCI7czo4OiJTdWJ0b3RhbCI7czo5OiJhdHRyaWJ1dGUiO3M6MTY6ImF0dHJpYnV0ZV9zZXRfaWQiO3M6ODoib3BlcmF0b3IiO3M6NToiJmd0Oz0iO3M6NToidmFsdWUiO3M6NDoiMjAwMCI7fX19', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 2000, 0, 0, 0),
				           (3, 'Bulk Purchase amount of $3000+', 'Bulk Purchase amount of $3000+', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6NDoidGV4dCI7czo4OiJTdWJ0b3RhbCI7czo5OiJhdHRyaWJ1dGUiO3M6MTY6ImF0dHJpYnV0ZV9zZXRfaWQiO3M6ODoib3BlcmF0b3IiO3M6NToiJmd0Oz0iO3M6NToidmFsdWUiO3M6NDoiMzAwMCI7fX19', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 3000, 0, 0, 0),
				           (4, 'Bulk purchase of 5 products', 'Bulk purchase of 5 products', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHF1YW50aXR5LXRleHQiO3M6NDoidGV4dCI7czoyMDoiVG90YWwgaXRlbXMgcXVhbnRpdHkiO3M6OToiYXR0cmlidXRlIjtzOjE2OiJhdHRyaWJ1dGVfc2V0X2lkIjtzOjg6Im9wZXJhdG9yIjtzOjU6IiZndDs9IjtzOjU6InZhbHVlIjtzOjE6IjUiO319fQ==', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 500, 0, 0, 0);";
			$db->query($insert_sql);
			echo message_tbl("Created table <b>$table_shopping_cart_rules</b> complete.");
		}
	}catch(Exception $e){
		echo message_tbl("Issue when create table <b>$table_shopping_cart_rules</b>.", 'error');
	}
}

$table_spending_rules = DB_PREFIX . "spending_rules";
if(!isset($table_rows[$table_spending_rules])){
	$spending_rule_sql = "CREATE TABLE $table_spending_rules(
                `rule_id` int(11) unsigned NOT NULL auto_increment,
                `name` varchar(255) NOT NULL default '',
                `description` text NOT NULL default '',
                `conditions_serialized` mediumtext NOT NULL default '',
                `store_view` varchar(255) NOT NULL default '0',
                `customer_group_ids` varchar(255) NOT NULL default '',
                `start_date` varchar(255) NOT NULL default '',
                `end_date` varchar(255) NOT NULL default '',
                `actions` int(2) NOT NULL default '0',
                `reward_per_spent` int(11) NOT NULL default '0',
                `reward_point` int(11) NOT NULL default '0',
                `rule_position` int(11) NOT NULL default '0',
                `stop_rules_processing` int(2) NOT NULL default '0',
                `status` INT(2) NOT NULL default '0',
                PRIMARY KEY (`rule_id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;";

	try
	{
		if ($db->query($spending_rule_sql)) {
			$insert_sql = "INSERT INTO `$table_spending_rules` (`rule_id`, `name`, `description`, `conditions_serialized`, `store_view`, `customer_group_ids`, `start_date`, `end_date`, `actions`, `reward_per_spent`, `reward_point`, `rule_position`, `stop_rules_processing`, `status`) VALUES
						   (1, 'Spending Rule ', 'some particular products', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6NDoidGV4dCI7czo4OiJTdWJ0b3RhbCI7czo5OiJhdHRyaWJ1dGUiO3M6MTY6ImF0dHJpYnV0ZV9zZXRfaWQiO3M6ODoib3BlcmF0b3IiO3M6NToiJmd0Oz0iO3M6NToidmFsdWUiO3M6MzoiNTAwIjt9fX0=', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 0, 0, 0, 0);";
			$db->query($insert_sql);
			echo message_tbl("Created table <b>$table_spending_rules</b> complete.");

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by GoldenTongs » Fri Jan 30, 2015 2:33 pm

i have also found encoded data in database which is what has expiry key
(they even encoded the name of mod to try hide it)
when decoded it is:

Code: Select all

a:2:{s:5:"older";s:10:"2015-01-29";s:6:"expire";s:10:"2015-02-28";}
is the use of base64 to encode code in line with GPL license and opencart ?

the dev told me the expiry warning was a huge major bug i found that could only be fixed if he had ftp access
the more i look into this extension the less i trust the dev.

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by MarketInSG » Sat Jan 31, 2015 1:00 pm

base64 is okay, serialize is okay....please give those developers a break :)

As for ioncube, I cannot confirm that as it's vague, and the store does not seem to have terms on that. I think partial ioncube encoding might be okay with daniel


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by GoldenTongs » Sat Jan 31, 2015 1:18 pm

MarketInSG wrote:base64 is okay, serialize is okay....please give those developers a break :)

As for ioncube, I cannot confirm that as it's vague, and the store does not seem to have terms on that. I think partial ioncube encoding might be okay with daniel
thanks for reply mate, i am not being harsh, but i purchased a mod and dev refused to provide any support, except for telling me read his wiki which had no info
while trying to get his mod to work i found many minor bugs,
he only contacted me 10 days later when i mentioned his mod in forums
i cannot get his mod working on live site, and due to devs abusive messages i dont trust him on my live site,
now i simply do not even want his work i am tired of wasting my time with the dev and his mod

problem is i had all these issues using Cubecart with devs hiding things, many trying to add sneaky links etc.
and i stated above, when devs had call backs in their mods and then later close their own site.
i switched to opencart because it is open source to avoid any of these issues.

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by MarketInSG » Sat Jan 31, 2015 1:20 pm

try leaving a comment on the extension to test their response time. Most would respond within a reasonable 1 day to 2 days. Those would be much more trust worthy ;)


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by OSWorX » Sat Jan 31, 2015 5:23 pm

MarketInSG wrote:base64 is okay, serialize is okay....please give those developers a break :)

As for ioncube, I cannot confirm that as it's vague, and the store does not seem to have terms on that. I think partial ioncube encoding might be okay with daniel
Maybe it is okay with Daniel, but not with GPL.
Clearly states that the code has to be readable > 'source code'

From the GPL (v.2):
For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
Source: http://www.gnu.org/licenses/gpl-2.0.html

But wether a program/module/etc. is encoded with another program like ioncube, it states the the developer is a poor man/company and should change the business.
Or find a better way to distribute his knowledge with another business model.

Encoded programs will mean always you will never know what the developer is doing and collecting in the background!
Maybe he is stealing your data?

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by plugables » Sat Jan 31, 2015 6:10 pm

What about an approach similar to prestashop. Modules downloaded from official prestashop site are shown as authenticated. A warning message is shown for the ones that are not downloaded from prestashop site.

OpenCart Add-ons by Plugables

Image


New member

Posts

Joined
Thu Jan 01, 2015 8:07 pm

Post by OSWorX » Sat Jan 31, 2015 6:18 pm

plugables wrote:What about an approach similar to prestashop. Modules downloaded from official prestashop site are shown as authenticated. A warning message is shown for the ones that are not downloaded from prestashop site.
Do not forget that many modules are not available only over the OpenCart Store, instead from the devs site only.
Finally every module which is encoded is suspect.

Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by plugables » Sat Jan 31, 2015 11:41 pm

OSWorX wrote: Do not forget that many modules are not available only over the OpenCart Store, instead from the devs site only.
Finally every module which is encoded is suspect.
It will not prevent add-ons from third party sites.

I understand that the modules downloaded via other sites may become less attractive because of the warning message. But it occurs to me that if modules downloaded can be authenticated via a unique key generated for each module, isn't it also possible to authenticate approved developers by generating a unique authentication key for them as well?

OpenCart Add-ons by Plugables

Image


New member

Posts

Joined
Thu Jan 01, 2015 8:07 pm

Post by GoldenTongs » Sun Feb 01, 2015 10:27 am

MarketInSG wrote:try leaving a comment on the extension to test their response time. Most would respond within a reasonable 1 day to 2 days. Those would be much more trust worthy ;)
i left comments, and reply i got was read my wiki, which had no info,
i then commented about dev not helping and dev not fixing found bugs,
he just deleted my comments,
(really unfair to customers that devs can do this and give a false impression about customer feedback)

as i said when trying to get mod to work i found many minor bugs
(typos, in vqmod xml searchstrings etc.)

the devs knows about the bugs, but he refuses to fix them on the extension on OC.com
even though he updates the extension daily just to help come top of search
but does not change any code (his words)

i really do not trust the dev in question, and why on earth not fix any found bugs ?
why would a dev want to fix these manually for every customer ?

makes no sense to me

http://Lilphones.com
Image


Active Member

Posts

Joined
Sun Jul 29, 2012 5:26 pm

Post by anhto » Mon Feb 02, 2015 7:54 pm

Hi @all and Daniel,
Im ANH To, im owner of extension Advanced Reward Points. Im sorry because i dont know this topic as soon as possible.
Let me explain some points before you can make some assessment of me:
( The first then im sorry about my english as not well but i just want try to explain about me and about my module)
1. About encrypted code as GoldenTong wrote.
2. About bugs in my modules.
3. About my support for GoldenTong

=============== EXPLAIN =============
1. For about encrypted:
(1, 'Spending Rule ', 'some particular products', 'YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6NDoidGV4dCI7czo4OiJTdWJ0b3RhbCI7czo5OiJhdHRyaWJ1dGUiO3M6MTY6ImF0dHJpYnV0ZV9zZXRfaWQiO3M6ODoib3BlcmF0b3IiO3M6NToiJmd0Oz0iO3M6NToidmFsdWUiO3M6MzoiNTAwIjt9fX0=', '0', 'a:2:{i:0;s:2:\"99\";i:1;s:1:\"1\";}', '', '', 2, 0, 0, 0, 0, 0);";
$db->query($insert_sql);
As you see, this sql string i will inserted to database. But why i need use base64_encode to encrypted it?
Let me step by step decrypt it:
1. Im using base64_decode to decode string:
YToxOntzOjEwOiJjb25kaXRpb25zIjthOjI6e2k6MTthOjM6e3M6MTA6ImFnZ3JlZ2F0b3IiO3M6MzoiYWxsIjtzOjU6InZhbHVlIjtzOjE6IjEiO3M6OToibmV3X2NoaWxkIjtzOjA6IiI7fXM6NDoiMS0tMSI7YTo1OntzOjQ6InR5cGUiO3M6Mzc6InNhbGUvcmV3YXJkX3BvaW50cy9ydWxlfHN1YnRvdGFsLXRleHQiO3M6NDoidGV4dCI7czo4OiJTdWJ0b3RhbCI7czo5OiJhdHRyaWJ1dGUiO3M6MTY6ImF0dHJpYnV0ZV9zZXRfaWQiO3M6ODoib3BlcmF0b3IiO3M6NToiJmd0Oz0iO3M6NToidmFsdWUiO3M6MzoiNTAwIjt9fX0
ANd this result after use base64_decode:
a:1:{s:10:"conditions";a:2:{i:1;a:3:{s:10:"aggregator";s:3:"all";s:5:"value";s:1:"1";s:9:"new_child";s:0:"";}s:4:"1--1";a:5:{s:4:"type";s:37:"sale/reward_points/rule|subtotal-text";s:4:"text";s:8:"Subtotal";s:9:"attribute";s:16:"attribute_set_id";s:8:"operator";s:5:">=";s:5:"value";s:3:"500";}}}
And this string encoded by serialize, so i will unserialize it and get result:
Array
(
[conditions] => Array
(
[1] => Array
(
[aggregator] => all
[value] => 1
[new_child] =>
)

[1--1] => Array
(
[type] => sale/reward_points/rule|subtotal-text
[text] => Subtotal
[attribute] => attribute_set_id
[operator] => >=
[value] => 500
)
)
)
So for those code, did i injected any dirty code? I have tried explain for him but he dont want listen me, Why? because he being blame me everything (module not work, have bugs something like this but do not provide for me any prove).
Why did i need encode that string? Because i got one error from MYSQL system, for serialize it too long if my Rule ( this rule of my module ) has string too long -> So MYSQL cant save and store it. ( Im sorry if this noob solution )

2. About my bugs have found from GoldenTong. Yes i got bugs from him, but just a few small bugs, i will up plan and upgrade it in future because i need to get all bugs from customers and fix in one time to release new version. ( You can check tab document in market, i always update and fix bugs, week by week, month by month )
No module or extension is perfect.

3. About support for GoldenTong.
He complain on forum and system ticket as i do not support him or something like: developer do not reply mail for him or do not fix bug for him, right?
BUT i think @all should listen from me and i can provide on prove is wrong, why? HERE:
- . After he purchased my module or any one purchased i always sent one email for customer and for him, about email: If he need anything from me then pls contact.
- . Yes he did, he contacted me, but i asked him about LINK, WEBSITE of him to check, to solve those issues of him, then he do not give me any LINK, any FTP, nothing. THEN how to i can solve for him.
Because when running on the client's site, it may conflict with certain modules, each site is a structure and set of different modules, are you agree me about this?

===================================== END EXPLAINED ===============================

Thanks for read all my comment, i hope you can understand about histories of him and me.

I have refunded for 2 customers, with same reasons:
-. Some code cant work on hosting of them.

If my module cant work on site of them, or i cant fix those bugs then i will refund for them.
BUT about GoldenTong, he dont give me any access or allow me touch on site of him, or even have see site of him to check issues.
SO i dont want refund for him.

I have over 30-40 customers bought this module, i can provide and send inbox for anyone need to ask them about my support.

=========================

He bought my module from: 20/1/2015
From 20 to To 23/1/2015, i always reply mail and support for him
On 23/1 (night - my time) to 24/1 is Sat and Sun, he sent me a few emails, but i cant reply him because i dont work on weekend and cant check email.
26/1 i have replied mail for him and asked him about issues and any help me, then he start blame me like:
Module encrypted, im not support him, module have bugs not fixed ( What's up? i have fixed and sent for him, even i have installed new version| to him check on my hosting)
And he being request to refund. AND i do not accept, because he was not provide or prove to me that the module does not work, but only a few words in one email, while I know there are a few minor errors, he simply provides information site, I will check and resolve for him but nothing.
About email between him and me, if anyone need to see, i can capture by image it and send via inbox to see, bcz i wanna all should to know about histories of him and me to clear more.

I just creating modules to Increase Your Sales.

Image Image


Newbie

Posts

Joined
Tue Jun 11, 2013 11:53 pm
Who is online

Users browsing this forum: imdevlper18 and 40 guests