It seems that even Paypal didn't know if the 'Immediate Attention' email so many of us received today was legitimate or not, and therefore gave conflicting advice.
But their twitter feed pointed to this thread on the community forum
https://www.paypal-community.com/t5/Abo ... 55#U997455
Im using openCart 2.0.3.1 and paypal standard payments module ....
As of now - when a customer pays , they are redirected to paypal site to make payment and
then get redirect back to openCart.
As of right now this is still working , so Im not sure if this will be effected in future ? The only padlock
I see is when after checkout it redirects to paypal payment page which is https .....
I emailed paypal asking them if this will be effected by their changes ... no answer yet.
Im thinking it shouldn't be as Paypal standard does not use API's
OSG
Was told by webhost the issue is if the SSL cert on installed on your server will be valid.
My SSL cert provider and the notes from Pay Pal say it only affects Verisign SSL certs.
If your Certificate is Verisign G2 certificate and it is not suitable you need to install a new SSL cert on your server.
You do not need to do anything with opencart.
I checked my certificate with this site https://www.digicert.com/help/ which seem to give all the details ( mine is a G2 certificate BUT it is NOT a Verisign G2 certificate so is ok.)
I used Godaddy certificate and they say theirs are suitable.
If you use any protection service like cloudflare or something similar you would see the SSL cert of the protection service which covers the traffic between your website and the clients. But this is not what is used between your server and PayPal.
So better take my command on page 1 to check your cert.
In my case the customer uses paypal standard as the payment method. I do believe however that there are other considerations coming into play which aren't related to opencart
https://www.sha2sslchecker.com/
What if you do not have ssl on your site?Qphoria wrote:You can use this tool to test if your server/site is compatible with SHA-256:
https://www.sha2sslchecker.com/
Norman in 't Veldt
Moderator OpenCart Forums
_________________ READ and Search BEFORE POSTING _________________
Our FREE search: Find your answer FAST!.
[How to] BTW + Verzend + betaal setup.
If they roll these changes out on Sept 30th and they do break sites that don't have SSL or SHA256... I imagine their support lines are going to explode.
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6
Bling.
StitchnBe wrote:Can someone tell me how that happened and what I can do about it! This is the message that popped up starting today:
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6
Bling.
Your webhost updated their php version. Do a search on the forum and you'll see many post on how to fix it but basically you need to do as the error says... use mysqli bu updating your config.php files.
Mike
cue4cheap not cheap quality
Thank you so very much Mike. I am now back up and running and this fix was very easy once I saw where it was to be done.Cue4cheap wrote:StitchnBe wrote:Can someone tell me how that happened and what I can do about it! This is the message that popped up starting today:
Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/stitchnb/public_html/ocart/system/database/mysql.php on line 6
Bling.
Your webhost updated their php version. Do a search on the forum and you'll see many post on how to fix it but basically you need to do as the error says... use mysqli bu updating your config.php files.
Mike
I have been told that I must upgrade my site to a current version to take advantage of security enhancements and to avoid other problems like this in future. My opencart version is 1.5.6.4. Since there is no upgrade between my current version and 2.0. How do I get from to a newer one without having to start over or spending a fortune on support. No offence to the support folks, we just need to economize. Can I do a clean install of 2.2 and migrate the files from my current site? Which files need to be migrated? Is there a good link on here with some detailed instructions on how to do this? Much thanks in advance for the guidance.
Bling
StitchnBe wrote: My opencart version is 1.5.6.4. Since there is no upgrade between my current version and 2.0. How do I get from to a newer one without having to start over or spending a fortune on support.
2 Options
1. Hire me to do it professionally
or
2. Upgrade yourself using my improved upgrade script. So far there have been no reported issues with the script itself and it should be very straight forward.
I'm guessing since our customers are redirected to PayPal to complete the payment upgrade doesn't have anything to do with us right?
Someone please answer this if they can. Thank you very much.
.
.
.
~ OC 3.0.3.2 and OCmods only ~
Hi Supak111,supak111 wrote:So can anyone answer this question, will this affect people using OpenCart without SSL and just using PayPal Standard for payments?
I'm guessing since our customers are redirected to PayPal to complete the payment upgrade doesn't have anything to do with us right?
Someone please answer this if they can. Thank you very much.
.
.
.
followed are recent details regarding your enquiry: http://stackoverflow.com/questions/3796 ... quirements
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
It would be incorrect as well as 0.9.85 than 1.0.1 release of the OpenSSL server extension. Followed describes the minimum OpenSSL version of v1.2 from Stackoverflow: http://stackoverflow.com/questions/3531 ... pal-api-phsupak111 wrote:I just talk to my hosting and they said they are using OpenSSL 0.9.85. So it will not work unless I have OpenSSL 1.0.1? Or is there a chance everything will work ever with OpenSSL 0.9.85?
.
However, cURL might also be limited on knowing the schema version over SSL which would also be ideal to invoke the mentioned parameter through cURL in order to successfully complete the transaction.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Irrelevant. This isn't an SSL tester, its a server tester. There is nothing that needs to change in the code. This is purely a test to see if your server supports the newer protocol which by now most servers should. If your site fails, you need to ask your server to update or find a new server. You don't need an ssl certificate to test this.i2Paq wrote:What if you do not have ssl on your site?Qphoria wrote:You can use this tool to test if your server/site is compatible with SHA-256:
https://www.sha2sslchecker.com/
My shared server uses OpenSSL 0.9.85, and TSL v1.0
Would I and people in similar situations need to look for different hosting? Or is there something we can do to not have to move?
~ OC 3.0.3.2 and OCmods only ~
I think your answer is right here:supak111 wrote:So what do we all need to do if running NO SSL on shared server hosting and Paypal Standard payment? What will need to be done so that our checkout keeps working after PayPal upgrade? I assume: NO SSL on a shared server hosting is the most common use of OpenCart so a LOT of people are in panic right now.
My shared server uses OpenSSL 0.9.85, and TSL v1.0
Would I and people in similar situations need to look for different hosting? Or is there something we can do to not have to move?
http://forum.opencart.com/viewtopic.php ... 20#p632349
All hosting companies should be staying up to date on security protocols. Otherwise, they shouldn't be hosting your site. I wish there was more transparency so that clients could see which companies aren't keeping up to date on matters like this.
2 Week FREE Trial of our Shared Hosting plans (DIrectAdmin or cPanel) for new customers
2 Week FREE Trial of Astra Firewall and Malware Scanner
Visit our website for full details and to start your trial today - www.evolvewebhost.com
If anyone could explain where & how we update our code to use 'HTTPS when sending postback messages to paypal', & 'always use the POST HTTP request method when making classic NVP/SOAP API requests.' that would be much appreciated.
Host confirmation
-------------------
SSL Certificate Upgrade to SHA-256 - Yes
I'm not seeing any SSL certificate installed for the domain cricketcap.co.uk or if you are using our shared ssl certificate then it is already upgraded to SHA-256
G5 root certs
For the discontinuation of the VeriSign G2 root certificate, we can confirm that all servers within our network meet the requirements by PayPal. VeriSign G2 is not in use on our servers, and VeriSign G5 root certificate is present in the root store of all our servers.
TLS 1.2 and HTTP/1.1 Upgrade - Yes
Our shared servers support TLS 1.2
IPN Verification Postback to HTTPS
Please update your code to use HTTPS when sending postback messages to paypal.
Discontinue Use of GET Method for Classic APIs
Please update your code to always use the POST HTTP request method when making classic NVP/SOAP API requests.
-------------------
Users browsing this forum: No registered users and 114 guests