Details

SEO osCommece Package XII

Loaded Features:
  • Spider Session Remover ( SID Killer )
  • Ultimate SEO URLs
  • Header Tags Controller
  • Google XML Sitemap
  • SEO Assistant
  • AJAX Attribute Manager
  • Product Extra Fields
  • X-Sell v2-MS2 - Cross Sell for MS2
  • Credit Class & Gift Voucher
  • TinyMCE WYSIWYG HTML EDITOR
  • Multi/extra images
  • Purchase Without Account
  • Newsletter & Subscribers

oscommerce register globals

 If your site is down with this error message showing
FATAL ERROR: register_globals is disabled in php.ini, please enable it!

This contribution consists of a patch that will remove the need to enable the ‘register_globals’ option in the php.ini file.

Having register globals enabled is a very serious security issue; it allows an attacker to inject variables into the running PHP code. Just in case you don’t realise, this is a VERY BAD THING.

It also imposes a minor performance overhead. Disabling register globals and using this patch will prevent the variable injection problem. It will also mostly remove the performance overhead.

In fact, if you use this patch, you MUST disable the ‘register_globals’ option. if you do not, things will go horribly wrong - The session management will probably not work correctly because of

the way the patch maps the session variables to the global variable space - I could be be wrong on this point, but I wouldn’t do it anyway. Besides, what’s the point of adding the patch if you are not going to disable register globals ?

Use this contribotion
http://www.oscommerce.com/community/contributions,2097

Posted by admin 14.Aug.08 Tips and Tricks, Uncategorized Read more Comments (0)

How to add a Master Password?

A master password can be created that, in the event a customer looses their password and the store owner has the customer’s email address the store owner can login to the customer’s account with a master password and have a new password sent to the customer.

In login.php find about line 35 is the code to change. Replace:

if (!tep_validate_password($_POST['password'], $Qcheck->value('customers_password'))) {
$error = true;
} else {

With:


$passwordgood = tep_validate_password($_POST['password'], $Qcheck->value('customers_password'));if ($password == "somepass" || $password == "somepass2") {
$passwordgood = 1;
} else {
$passwordgood = $passwordgood;
} if (!$passwordgood) {
$error = true;
} else {

Change "somepass" and "somepass2" to passwords you want to use. This will provide two different passwords that can be a Master Password.Now, the store owner is able to login to the customer's account using the Master Password.

Posted by admin 25.Dec.07 Tips and Tricks Read more Comments (0)