Jump to content

 

harmsmitsdev

Member Since 22 Feb 2020
Offline Last Active Yesterday, 09:01 PM
-----

Posts I've Made

In Topic: Csrf On Post Failure

04 May 2021 - 06:56 PM

Hmm, I see what you mean.  Seems like the proper place to put the opening form tag would be above the first capture.  I'll give it a try both ways and see what happens.

 

Always good to have new eyes!  Thanks.

Reason this causes an issue is that the input for the security_hash will get shifted. Because the browser assumes the element is corrupted, it will force close the 'form' before the location of this input, meaning that the input will not be contained in the form. Therefore, its not sent in the request and you get this error ;)

 

You can verify this by checking if the form contains the 'security_hash' input using 'inspect element'.


In Topic: Csrf On Post Failure

04 May 2021 - 07:35 AM

The form closing tag is not in the correct place. It should be in the tabsbox capture.


In Topic: Csrf On Post Failure

03 May 2021 - 07:16 AM

I'm sure I'm doing/not_doing something but for the life of me, can't find it.

I have an addon  where vendor_multivendor.post.php permissions are true for the controller.

When I try to post the form, it's generating the csrf error message and redirecting to the vendor.php page.

 

In inspecting with the browser, it is not passing a security_hash in the request data.  I'm not sure what JS triggers adding the security_hash to the POSTed data.  I've double checked and I'm doing things the same way I have in countless other addons.

 

The form has a total of about 20 variables.  The max_post_data is set to 150M and the max_input_vars is set to 10000.

 

I think I need a new set of eyes or suggestions on what to check.  Getting brain-fuzzy at this point.

There are only a few things I can think of:

 

1. Make sure the form close is *exactly* as follows. Any spacing will cause it to behave incorrectly.

</form>

2. Check if the schema is actually included and if it returns itself.

 

It's hard to help blindly as it is working perfectly fine for me, so sharing a few more details as to what you are doing would be of great help.
 


In Topic: Sing In Pop-Up

02 May 2021 - 07:47 PM

I'm migrating my existing customers to CS-Cart from Zen Cart.  I didn't know how to import their passwords so I want to add a message to the Sign In pop up screen that tells them they'll need to reset their password to log in.  This store has a required log in to shop so they will have to perform this step.

 

What file creates the content for this screen?

You can allow them to login with their old password. You will need to extract the hashing algorithm from zencart, and check if a password matches when that hash is used. Then you rehash the password according to CS-Cart standards, update it in the database, and all is good.


In Topic: We Must Be Visible For Shipping Platforms Companies! +Community

02 May 2021 - 10:32 AM

Yeah, it will be perfect for european users, let us if you decide make it open source,  it is the right thing to support these services and not have to implement them separately :D

Well, we have had quite a fair share of issues with sendcloud so far. Most boils down to unreliable package statuses, but that is just DPD iirc. Furthermore, you should also beware of these services since they will vendor lock you. If you create a SendCloud account, and register your business, you will *NOT* be able to get a separate quote from the direct partners. So if I have a SendCloud contract, I can not get a contract (after I close it) with DPD. So you might be missing out on some really good prices.