Post by imager » Mon Jan 18, 2021 6:10 am

I apologize in advance - as this may be a very simple question.

On our 3.0.2.0 system, I went through the install of VQmod and crsf30 with no apparent errors.

Our install of 3.0.2.0 is very much standard, so I did NOT perform any edits of the csrf.xml; rather, I used it as supplied.

I am not sure it is "working" and unsure how to check. I have reviewed the first message of this forum and am not sure what type of result I should be looking for/at.

Could someone confirm a quick way for us to confirm if the install is working?

Thanks..

New member

Posts

Joined
Fri Nov 09, 2012 7:05 pm

Post by imager » Mon Jan 18, 2021 8:51 am

I had a better look, and I see on my login to the Admin page, there is the necessary:

Code: Select all

<input type="hidden" name="__csrf" value="***">
Should I also be protecting pages such as Change Password and Edit Account pages? I believe I should be, and confirmed that the hidden field is not showing up on those pages. What is involved in adding it to those pages (I am not even sure of OC 3.0.2.0 TWIG file names for those pages to have VQMod do the changes on).

Assistance would be appreciated.

New member

Posts

Joined
Fri Nov 09, 2012 7:05 pm

Post by straightlight » Mon Jan 18, 2021 1:32 pm

imager wrote:
Mon Jan 18, 2021 8:51 am
I had a better look, and I see on my login to the Admin page, there is the necessary:

Code: Select all

<input type="hidden" name="__csrf" value="***">
Should I also be protecting pages such as Change Password and Edit Account pages? I believe I should be, and confirmed that the hidden field is not showing up on those pages. What is involved in adding it to those pages (I am not even sure of OC 3.0.2.0 TWIG file names for those pages to have VQMod do the changes on).

Assistance would be appreciated.
The only requirement is to edit your XML file by targeting the right path and file of each TWIG files until you notice the __csrf key input. :)

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Mon Jan 18, 2021 11:00 pm

straightlight wrote:
Mon Jan 18, 2021 1:32 pm

The only requirement is to edit your XML file by targeting the right path and file of each TWIG files until you notice the __csrf key input. :)
This question has been asked for many times,
I think its time to put the default theme twig path in xml file to let people understand that what and which is need to be added.

Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by straightlight » Tue Jan 19, 2021 12:38 am

khnaz35 wrote:
Mon Jan 18, 2021 11:00 pm
straightlight wrote:
Mon Jan 18, 2021 1:32 pm

The only requirement is to edit your XML file by targeting the right path and file of each TWIG files until you notice the __csrf key input. :)
This question has been asked for many times,
I think its time to put the default theme twig path in xml file to let people understand that what and which is need to be added.
By doing that, it would mislead the people downloading extension themes where the default theme folder is being overwritten and taking the lead to the original default theme folder even though we're informing the users on an everyday basis not to do that. In results, non-knowledgeable users would then believe that the extension might be the problem while the default folder could be replaced. In addition, using custom themes, as opposed to the default theme is of course the right course of action but, yet, to know how to deal with custom theme paths while using the default theme.

Based on these observations, I think time would need to be set to another time.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Wed Jan 20, 2021 9:04 am

May be I should release Events version of this extension.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Wed Jan 20, 2021 9:07 am

straightlight wrote:
Wed Jan 20, 2021 9:04 am
May be I should release Events version of this extension.
That's a good idea, since OC 4 is also on its way and OCMOD is remove from it.

Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by straightlight » Wed Jan 20, 2021 1:23 pm

Alright folks here it is: https://www.opencart.com/index.php?rout ... on_id=4773 . I have deprecated the previous releases. From now on, it's the Events version. Full instructions posted on the Marketplace starting from today's date (and from this post's date). :)

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Wed Jan 20, 2021 1:27 pm

straightlight wrote:
Wed Jan 20, 2021 1:23 pm
Alright folks here it is: https://www.opencart.com/index.php?rout ... on_id=4773 . I have deprecated the previous releases. From now on, it's the Events version. Full instructions posted on the Marketplace starting from today's date (and from this post's date). :)
Thanks Straightlight for your time and effort and trying to keep this OC safe as much as possible. :-*

Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by nightwing » Wed Jan 20, 2021 3:37 pm

Thank you Straightlight!

Regards,
Nightwing
Access to my Free Extensions: https://www.opencart.com/index.php?rout ... =nightwing


Active Member

Posts

Joined
Tue Nov 05, 2019 11:08 pm


Post by straightlight » Wed Jan 20, 2021 8:41 pm

Glad to hear everything's working great now. Please rate my extension on the Marketplace page if you like it. In the mean time, there's a post or two about using the exit and an additional header line on this topic or the Marketplace page to block CSRF attempts in the CSRF helper. I'll run some tests on it and see if I can pull it in for the next update.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Wed Jan 20, 2021 8:49 pm

As for previous OC releases, it should work as well as long as it supports recent OCMod installers from the core.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Thu Jan 21, 2021 4:35 am

Updated the extension. Added X-CSRF header lookup as per StackOverFlow.com : https://www.opencart.com/index.php?rout ... on_id=4773 . Simply uninstall the extension from the OC Admin installer and re-upload the updated ZIP file and follow the same instructions as per yesterday on the Marketplace page (20-01-2021).

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by micke6559 » Fri Jan 22, 2021 3:48 am

I have had some troubles with a bot that is creating new customers.
I found this module, but I have Opencart 1.5.6 running at the moment (yes, it will be updated soon).

Does this work for OC 1.5.6 or do you have an old fix that you can send me?

Regards, Micke

Newbie

Posts

Joined
Fri Jan 22, 2021 3:45 am

Post by straightlight » Fri Jan 22, 2021 8:39 pm

micke6559 wrote:
Fri Jan 22, 2021 3:48 am
I have had some troubles with a bot that is creating new customers.
I found this module, but I have Opencart 1.5.6 running at the moment (yes, it will be updated soon).

Does this work for OC 1.5.6 or do you have an old fix that you can send me?

Regards, Micke
The v4.x releases supports OC v3.x releases only now with the exception of the Template Switcher extension which could probably be used with lower OC versions but above and equal to 2.2.0.0 release of OC. However, I do recommend to upgrade to OC v3.x releases still.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by straightlight » Fri Jan 22, 2021 8:48 pm

* Note to all users: Now that the extension works with Events, I highly recommend store owners to put their stores under maintenance whenever they need to install a 3rd party extension prior to uninstall, re-pack and re-install the CSRF Protection Form. This way, the transition between those times where the extension will be uninstalled and re-uploaded will less likely impact customers during authentication process as well as other pages where POST method is required. *

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Sat Jan 23, 2021 10:26 pm

@straightlight
OC 3.0.3.5 with default theme.

I have downloaded and install the latest csrf extension and upon installing i have run into the error. When click to install button and it just says "error".

Checking the developer console it shows 500 error code and these are errors codes in php error log.

Code: Select all

[23-Jan-2021 14:02:54 UTC] PHP Parse error:  syntax error, unexpected '$this' (T_VARIABLE), expecting ')' in /home/asdfghbjk/public_html/xxx/test/admin/controller/extension/module/sl_csrf.php on line 2210
[23-Jan-2021 14:03:11 UTC] PHP Parse error:  syntax error, unexpected '$this' (T_VARIABLE), expecting ')' in /home/asdfghbjk/public_html/xxx/test/admin/controller/extension/module/sl_csrf.php on line 2210
[23-Jan-2021 14:03:27 UTC] PHP Parse error:  syntax error, unexpected '$this' (T_VARIABLE), expecting ')' in /home/asdfghbjk/public_html/xxx/test/admin/controller/extension/module/sl_csrf.php on line 2210
[23-Jan-2021 14:09:07 UTC] PHP Parse error:  syntax error, unexpected '$this' (T_VARIABLE), expecting ')' in /home/asdfghbjk/public_html/xxx/test/admin/controller/extension/module/sl_csrf.php on line 2210

Attachments

Screenshot at Jan 23 22-12-12.png

Screenshot at Jan 23 22-12-12.png (189.62 KiB) Viewed 5747 times

Screenshot at Jan 23.png

Screenshot at Jan 23.png (267.04 KiB) Viewed 5747 times


Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by straightlight » Sat Jan 23, 2021 11:29 pm

What is the code on that line that you have?

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by khnaz35 » Sun Jan 24, 2021 12:00 am

straightlight wrote:
Sat Jan 23, 2021 11:29 pm
What is the code on that line that you have?

Code: Select all

$this->model_setting_event->deleteEventByCode('admin_sl_csrf_payment_payza');

Urgent Questions shoot here: khnaz35@gmail.com
Enjoy nature ;) :) :-*


User avatar
Active Member

Posts

Joined
Mon Aug 27, 2018 11:30 pm
Location - Malaysia

Post by straightlight » Sun Jan 24, 2021 12:21 am

khnaz35 wrote:
Sun Jan 24, 2021 12:00 am
straightlight wrote:
Sat Jan 23, 2021 11:29 pm
What is the code on that line that you have?

Code: Select all

$this->model_setting_event->deleteEventByCode('admin_sl_csrf_payment_payza');
By looking at that code, there doesn't seem to be anything wrong with it. See if any whitespace characters above or underneath it at the end of the lines.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: No registered users and 22 guests