Jump to content

brightlaunch's Content

There have been 27 items by brightlaunch (Search limited from 25-Jul 20)



Sort by                Order  

#185223 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 06 June 2014 - 12:04 PM in Security

Kinda looking like images/tmp.gif is the repository for the data. Have you had a look or decoded it? Appears to be a different signature so could be different attack, but still requires the admin url to have been compromised. So this is a much earlier event (like a month).


It's a snapshot of the /images/ directory permissions and files



#185198 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 06 June 2014 - 12:03 AM in Security

@tbirnseth - Will PM you with details. Here's the relevant section of the log:

202.153.65.76 - - [23/Apr/2014:11:42:18 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [23/Apr/2014:11:42:26 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [23/Apr/2014:11:42:33 -0500] "GET /images/tmp.gif HTTP/1.1" 404 1772 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:29:11 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:29:18 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:29:24 -0500] "GET /images/tmp.gif HTTP/1.1" 404 1772 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:34:21 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:34:27 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:34:34 -0500] "GET /images/tmp.gif HTTP/1.1" 404 1772 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:45:46 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:45:52 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [23/Apr/2014:12:45:59 -0500] "GET /images/tmp.gif HTTP/1.1" 404 1772 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:06:09 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:06:15 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:06:21 -0500] "GET /images/tmp.gif HTTP/1.1" 200 4454 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:31:59 -0500] "GET /admincp.php?version HTTP/1.1" 200 42 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:32:06 -0500] "POST /admincp.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 200 259 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:32:12 -0500] "GET /images/tmp.gif HTTP/1.1" 200 4454 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:32:19 -0500] "GET /images/default.thumb.php HTTP/1.1" 200 52663 "-" "-"
202.153.65.76 - - [24/Apr/2014:03:46:21 -0500] "GET /images/default.thumb.php HTTP/1.1" 200 52663 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Iron/28.0.1550.0 Chrome/28.0.1550.0 Safari/537.36"
202.153.65.76 - - [24/Apr/2014:03:46:24 -0500] "GET /favicon.ico HTTP/1.1" 404 1772 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Iron/28.0.1550.0 Chrome/28.0.1550.0 Safari/537.36"


83.150.87.81 - - [28/Apr/2014:09:01:35 -0500] "POST /images/default.thumb.php HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:36 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:37 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:38 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:40 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:41 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:42 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:43 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:44 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:45 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:46 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:47 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:48 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:49 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:50 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:51 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:52 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:54 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:55 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:56 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"
83.150.87.81 - - [28/Apr/2014:09:01:57 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"



#185192 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 05 June 2014 - 09:25 PM in Security

@tbirnseth: Searched log files from the last 6 months for /admincp.php?dispatch=payment_notification.results&payment=atos and then manually inspected each instance. Wasn't too difficult to spot.



#185169 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 05 June 2014 - 05:13 PM in Security

Update... we found a shell script on a client site in /images/default.thumb.php

It was placed there on April 23, 2014 from 202.153.65.76 using the ATOS vector of attack /admincp.php?dispatch=payment_notification.results&payment=atos

Then I see an attack from 83.150.87.81 on April 28:
83.150.87.81 - - [28/Apr/2014:09:01:36 -0500] "POST /mod_sec.html HTTP/1.1" 302 197 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1550.0 Safari/537.36"



#184676 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 30 May 2014 - 02:05 PM in Security

How do you reset passwords for all customers?



#184674 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 30 May 2014 - 02:01 PM in Security

Brightlaunch.
I am stuck on the database aspect myself. Unfortunately a new store just can't connect correctly
to the old database. I have started a thread in the Installation & Upgrade area of the forum.


As @tbirnseth pointed out in http://forum.cs-cart...ost__p__184609: 13. Copy your saved database (step 2) into the new name

Question is: the entire database, or only select tables?
And if my client wants to upgrade from 3.x to 4.1.5, can you install the new store/database, and then copy the customer data table (and which other tables?) into the new database?

The way I normally "move" databases is by importing the .sql file and overwriting the old database. Never had two databases at then migrating data from one into the other.



#184666 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 30 May 2014 - 01:06 PM in Security

Yes, looks like you are safe. Hacker was unable to upload thumbs.php to you server.
But please make sure there are no other requests from this IP in 24-30May.


Just a note: one of my client sites got hacked May 23. And they have seen a significant amount of spam email being generated from their site, suggesting to people to log into their account.



#184663 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 30 May 2014 - 12:51 PM in Security

Thanks @tbirnseth

I understand how to restore the physical files now -- do I need to restore the database too, or can I just change the mysql password?

@brightlaunch

1] If you're going to restore your files from a backup, I would strongly suggest you create a fresh backup before you do.
Then you will need to delete everything in your site's document root (usually the root of your store) and then do the restore. Otherwise, any newly added files will continue to exist.




#184591 Re: Critical Security Vulnerability In Cs-Cart And Multi-Vendor 2.x.x To 4.1.2

Posted by brightlaunch on 29 May 2014 - 09:45 PM in Security

Ugh... three client sites got hacked. Couple questions that might be on a lot of folks minds... if anyone could answer them, that would be helpful.

[1] Can I restore my site's physical files with cpanel's CS-cart backup restore to the file versions from before the hack attack to ensure no modified files remain on the server?
One of my sites got attacked May 25, 19:50h.... and I checked the log files for the last 3 months before then, no other attack. I removed thumbs.php and test.gif on May 26 - but I am not sure if there are modified files on the server. Should I restore my site with the files from May 20, then change passwords for cpanel, CS-cart admins, mysql database, FTP etc

[2] For folks that aren't comfortable with command line prompts to check for modified files... is there a solution that lay persons can use?

[3] I am sure everyone sees something similar in their access logs... can somebody provide a line by line explanation of below's snippet (I removed my domain at the beginning of each line):

173.236.23.161 - - [25/May/2014:14:23:07 +0000] "GET /ad-min.php?version HTTP/1.1" 200 4762 "-" "Mozilla/5.5 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/24.2.483.1265 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:08 +0000] "GET /ad-min.php?version HTTP/1.1" 200 4762 "-" "Mozilla/6.4 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/28.0.61.1350 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:09 +0000] "POST /ad-min.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 5013 "-" "Mozilla/1.1 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/28.3.263.422 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:09 +0000] "GET /ad-min.php?dispatch=orders.details&order_id= HTTP/1.1" 302 693 "-" "Mozilla/1.1 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/28.3.263.422 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:10 +0000] "GET /ad-min.php?dispatch=auth.login_form&return_url=ad-min.php%3Fdispatch%3Dorders.details%26order_id%3D HTTP/1.1" 200 8202 "-" "Mozilla/1.1 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/28.3.263.422 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:11 +0000] "GET /images/test.gif HTTP/1.1" 200 4666 "-" "Mozilla/3.3 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/25.5.323.523 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:11 +0000] "POST /ad-min.php?dispatch=payment_notification.results&payment=atos HTTP/1.1" 302 5013 "-" "Mozilla/6.8 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/16.9.258.848 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:12 +0000] "GET /ad-min.php?dispatch=orders.details&order_id= HTTP/1.1" 302 693 "-" "Mozilla/6.8 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/16.9.258.848 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:12 +0000] "GET /ad-min.php?dispatch=auth.login_form&return_url=ad-min.php%3Fdispatch%3Dorders.details%26order_id%3D HTTP/1.1" 200 8202 "-" "Mozilla/6.8 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/16.9.258.848 Safari/537.11"
173.236.23.161 - - [25/May/2014:14:23:13 +0000] "POST /js/thumbs.php HTTP/1.1" 200 4634 "-" "Mozilla/7.8 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/12.1.66.1163 Safari/537.11"
173.236.23.161 - - [27/May/2014:18:08:41 +0000] "POST /js/thumbs.php HTTP/1.1" 404 22637 "-" "Mozilla/6.8 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/26.1.186.1439 Safari/537.11"


[4] If I have "remove CC info" checked for all order statuses, then what can an attacker do with a customers address and last four credit card digits?



#183899 Homepage Not Loading Securely (Hot Deals Thumbnails)

Posted by brightlaunch on 20 May 2014 - 04:37 PM in Security

Hi,
when we load our site in secure mode (https://www.shapeandslim.com), the thumbnails in the HOT DEALS segment are loaded in non-secure http mode. This leads to an error message that not all resources are loaded over a secure connection.

I have previously emptied the thumbnail cache... but the code keeps switching back to use http.

What am I missing here?



#182183 How To Define Meta Descriptions/keywords For Pages, Products And Homepage?

Posted by brightlaunch on 23 April 2014 - 12:12 PM in Configuration

Ahhh, I see. I was used to version 3.x where the SEO META data was entered through an add-on tab.... simply overlooked that the SEO is now defined on the main product page.

Thanks!



#181907 How To Define Meta Descriptions/keywords For Pages, Products And Homepage?

Posted by brightlaunch on 17 April 2014 - 08:19 PM in Configuration

Hi,
I am running CS-Cart 4.1.2 and was wondering how I can edit/update the META keywords and META descriptions. I am aware that I can set META keywords sitewide through the layout template, but I am wondering if I can have more fine-grained control over META keywords on individual pages, or individual products. This used to be easy on CS-Cart 3.x, but I don't see that functionality any more in v 4.1.x.


[1] If I update the keywords for PAGES, the same keywords appear on each PAGE.
How do I define keywords for PAGE A (i.e. About Us), and other keywords on PAGE B (i.e. FAQ)?

[2] If I update the keywords for PRODUCTS, the same keywords appear on each PRODUCT page.
How do I define keywords for PRODUCT A and other keywords on PRODUCT B?

[3] How do I update the META description on PRODUCT pages? I only see that the text of the FULL DESCRIPTION is used for that purpose.

[4] How do I update the META description on individual PAGES? I only see that the text from the main content is used for that purpose.



#181647 "no Products With The Selected Options In Stock"

Posted by brightlaunch on 13 April 2014 - 05:35 PM in Configuration

Never mind. Had color option enabled without creating the option combination.



#181646 "no Products With The Selected Options In Stock"

Posted by brightlaunch on 13 April 2014 - 05:14 PM in Configuration

Using CS-Cart 4.1.2

Hi,
I have set up global product option combinations, and ensured that TRACK WITH OPTIONS is enabled. Each option combination has sufficient inventory, yet when you look at the catalog, it says "No products with the selected options in stock" - if I change the product options (i.e. color or size of garment), the SKU doesn't update either.

It's as if "Track with options" is disabled (even though the checkbox is checked.

Any thoughts?



#180345 Apply Tax Rate Based On Location + Order Subtotal ?

Posted by brightlaunch on 28 March 2014 - 03:30 PM in Configuration

Need to collect NYC sales tax from NYC customers. Sales tax is 8.875% for subtotal above $110, sales tax is 0% for subtotals equal to/less than $110.
  • Applying a promotion to offset the NYC tax below $110 doesn't work, because the promotion reduces the subtotal, and then the 8.875% is calculated on the reduced subtotal... which will never match the original sales tax amount.
  • The right solution should be applying a different tax rate (of 0%) altogether when subtotal is equal to/less then $110.
Any thoughts?



#179335 Changes in scheme.less not effect to the site

Posted by brightlaunch on 15 March 2014 - 01:10 PM in General Questions

I had the same issue, and it drove me nuts. But in the end, the solution was logical. Depending on what theme you're using, there's further customizations that overwrite scheme.less CSS settings. Check the /presets/data/ folder (for example /design/themes/classyshop/presets/data/satori.less) and find the theme preset .less file.

To find out which .less file you have to edit:
1. Change CSS in satori.less, upload file
2. delete /var/cache/
3. Reload website to trigger recompiled .css
4. check css file to see if your change shows up



#179334 Css in V4

Posted by brightlaunch on 15 March 2014 - 01:09 PM in Store Design & Templates

I had the same issue, and it drove me nuts. But in the end, the solution was logical. Depending on what theme you're using, there's further customizations that overwrite scheme.less CSS settings. Check the /presets/data/ folder (for example /design/themes/classyshop/presets/data/satori.less) and find the theme preset .less file.

To find out which .less file you have to edit:
1. Change CSS in satori.less, upload file
2. delete /var/cache/
3. Reload website to trigger recompiled .css
4. check css file to see if your change shows up



#179333 v4 scheme.less not recompiling

Posted by brightlaunch on 15 March 2014 - 01:09 PM in General Questions

I had the same issue, and it drove me nuts. But in the end, the solution was logical. Depending on what theme you're using, there's further customizations that overwrite scheme.less CSS settings. Check the /presets/data/ folder (for example /design/themes/classyshop/presets/data/satori.less) and find the theme preset .less files.

To find out which .less file you have to edit:
1. Change CSS in satori.less, upload file
2. delete /var/cache/
3. Reload website to trigger recompiled .css
4. check css file to see if your change shows up



#179197 v4 scheme.less not recompiling

Posted by brightlaunch on 12 March 2014 - 08:51 PM in General Questions

I have exactly the same problem on v4.0.3 -

1. update scheme.less
2. empty cache
3. reload page = still original CSS



#178140 How To Apply Sales Tax Based On Order Subtotal?

Posted by brightlaunch on 24 February 2014 - 11:42 PM in Configuration

New York City has a sales tax exemption for clothes if the order subtotal is less than $110. Same is true for jewelry if the order subtotal is less than $55.

What's the best way to implement such an exemption in cs-cart?

Thanks,
Uli



#177830 Figuring Out Sales Tax

Posted by brightlaunch on 19 February 2014 - 06:19 PM in General Questions

All... two other questions:

[1] I believe sales taxes are calculated based on the customer's shipping address. If you are shipping from NYC to any NYC ZIP code, you should pay NYS+NYC sales tax. Correct?
[2] If you ship from NYC to anywhere else in NYS (New York State), you should only pay the NYS sales tax (but not municipal or county sales taxes of the customer's municipality). Example: shipping from NYC to Albany should only trigger NYS sales tax. Correct?
[3] NYC has an exemption for clothing items under $110. So if a customer's order subtotal is $220, I have to charge sales tax on the full order subtotal. Correct?

Regarding #3: how do I set up exceptions in CS Cart that apply taxes based on order subtotal?



#166625 Zoho CRM

Posted by brightlaunch on 10 August 2013 - 08:59 PM in General Questions

With the release of CS-Cart 4.0.1 and the API, what's the timetable to get integration with Zoho CRM? I am asking specifically about Zoho CRM because this is one of the free CRMs for small businesses, unlike other (low-cost) solutions like Brightpearl.

Are there any other free CRMs out there that work with CS Cart 4?

Thanks for any suggestions,
Uli



#166623 Cost + Item Dependencies for Shipping

Posted by brightlaunch on 10 August 2013 - 08:52 PM in Configuration

cscartrocks,
thanks for the suggestion, we managed to get it integrated. I didn't realize that the promotions have such solid boolean logic conditions attached to it, that made integration for different promotions in the US and Canada so easy.

Uli



#166451 Cost + Item Dependencies for Shipping

Posted by brightlaunch on 07 August 2013 - 11:09 PM in Configuration

Hi,
still running version 3.x... I am trying to set up a manual shipping method (for US Priority Mail Flat Rate) based on item count (1-2 items = $5.80, >2 items = $12.30). But I also want to give customers free shipping over $100 subtotal.

From looking at http://kb.cs-cart.co...in-order-weight it looks like shipping dependencies are additive, that is the final shipping charge is a composite of all underlying shipping dependencies. Correct?

Any suggestions would be greatly appreciated.

Uli



#163654 Creating development Ultimate site

Posted by brightlaunch on 15 June 2013 - 02:04 PM in Developers' Corner

Check the table cscart_companies and fix the URL's in the rows in there. There is no admin interface for adjusting those URL's.
Used to be that you could simply copy a DB and reference it. Not anymore.


In version 3.0.6, the table is called csc_companies. I updated it (example.com), but the problem persists.... every time I try to access http://nazelie.net/admincp.php, I get redirected to https://nazelie.com/...url=admincp.php

Weird thing, there's NOTHING in the mysql database with nazelie.com....(did a global search & replace) so how the F%&C would it reroute to the nazelie.com domain???