OC 2X session creation isnt random enough. Use 3.X code you'll be finestraightlight wrote: ↑Thu Dec 28, 2017 12:07 amAs explained here: viewtopic.php?f=190&t=165170#p628394
OPENCART MODULE :
Opencart Compare Link Link your compared product to forum/email
Frontend Link From Admin Dashboard Get link to product , category, manufacturer, information from admin backend.
Copy and DIRECTLY Edit Product the easy way.
Custom Product Sort Full control to product sorting options
Already Sold Product Module, shows total product sold
Correct, which is why I recommend using v3.x releases of Opencart rather than remaining on the v2.x releases since the beginning.rempong wrote: ↑Thu Dec 28, 2017 7:45 pmOC 2X session creation isnt random enough. Use 3.X code you'll be finestraightlight wrote: ↑Thu Dec 28, 2017 12:07 amAs explained here: viewtopic.php?f=190&t=165170#p628394
Or - to use the CSRF protection form extension library as it can also be used within the APIs when posting variables via AJAX despite if it's for v2.x or with the v3.x releases.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
i dont have a login.html, mine is login.tpl v2.0.2.0straightlight wrote: ↑Tue Jul 12, 2016 9:14 pm
In your catalog/view/theme/<your_theme>/template/account/login.html file,
find:
add on the very next line:Code: Select all
<form
This will protect and tokenize each individual customers by logging into their account safely without session overrides.Code: Select all
<?php echo $csrf_form_input; ?>
As to address the complaint to the customers, inform them to change their account password on a regular basis to ensure their account privacy safety.
the first "<form" I have is actually
Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
<div class="form-group">
<label class="control-label" for="input-email"><?php echo $entry_email; ?></label>
<input type="text" name="email" value="<?php echo $email; ?>" placeholder="<?php echo $entry_email; ?>" id="input-email" class="form-control" />
</div>
is that correct?
The CSRF input line needs to be added right below this line:
For further questions about the CSRF extensions, please post in the official CSRF support topic on the forum. The link is provided from the marketplace on the extension's page.
Code: Select all
<form action="<?php echo $action; ?>" method="post" enctype="multipart/form-data">
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Who is online
Users browsing this forum: No registered users and 9 guests
