|
|
April 29th, 2011
April 29th, 2011
CLICK HERE FOR DEMO
|
Magento customized option for products to be sold by dimension.
e.g. Glass, Plywood sheet, Aluminum Panels etc.
Case :
- Want to sale 12 mm glass depending on length and breadth; say we have unit cost for glass as 2 USD per sq cm(sq unit).With this solution this will be achievable.
|
Embroidery work:
|
- Here we can get the number of letters to be embossed and calculate cost by multiplying Cost per letter and number of letters.
- Magneto does not have this feature by default; with some customization this can be achieved.
|
Tags: Magento, Magento customized option, Magento services
Posted in E commerce, Magento | No Comments »
March 26th, 2011
This post list contributions and small code snippets for osCommerce security enhancement. After doing some research on various forums, practical problem solving and referring few documents we have compiled this
|
|
1. Permissions :
> If site is not under development mode and very few edits are expected
then we recommend all .php and .js files to be set to 444 (hosting
company should allow execution with this permission).
> All folders to have 555 excluding images folder.
> If you have any logs created then that folder to be treated as image folder.
2. Contributions :
> Protect your site via htaccess
> Site Monitor
> Security pro
> Ip trap
> Anti XSS (ANTI Cross Site Scripting attacks)
> Admin access level
3. Configuration :
In admin under session you should set the following if settings allow:
> Force cookies TRUE
> Check for IP address
> Check for user agent
> Regenerate session TRUE
> Kill spider session TRUE
4. Tools :
> Google Webmaster
> http://www.acunetix.com/vulnerability-scanner/
5. Ways to get to security hole :
We will add code snippets in coming days.
6. Suggested changes to osCommerce :
> Rename admin folder.
> .htaccess protected admin.
> Change $current_page= //something like script path rather than php self.
> Apply patches that have been placed in osCommerce 2.3.1.
> Remove unwanted language folders and sample osCommerce data.
> Apply register global patches and set register global to OFF.
> Captcha for create account & reviews & contact us
7. Code snippets : We will add code snippets in coming days.
|
Tags: osCommerce security, osCommerce security enhancement
Posted in E commerce, Features, Security, osCommerce | No Comments »
March 26th, 2011
Secure Your osCommerce Site
>> 3 htaccess methods to protect your site
1. In the first method place a htaccess file with the following code in includes folder :
<Files *.php>
Order Deny,
Allow
Deny from all
</Files>
What this method does ?
- This method avoids direct execution of any of the .php files.Commonly what Hackers do,they place file/files inside includes folder and will execute a file and hack your osCommerce site using site URL/includes/page URL. The *.php deny in above code will restrict this execution to happen. |
2. In the second method use following htaccess codein images folder (catalog/images) :
<FilesMatch “\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$”>
Order Deny,
Allow Deny from all
</FilesMatch>
What this method does ?
- Hackers place file/files inside includes folder and will execute a file and hack your osCommerce site using site URL/includes/page URL.With the help of some hacking technique hackers can get a file in images folder which has 777 permission and then using URL may hack your site. Above method prevents such hacking. |
3. In the third method in base folder(catalog folder)use following htaccess to secure your site :
I hope the above methods will help you to secure your osCommerce site.
 Posted in E commerce, SecurityNo Comments »
|
Posted in E commerce, Security | No Comments »
January 28th, 2011
Use the following steps to move Magneto Multistore from one server to another server :
| Step 1: Collect all backup and database of Magento Multistore from old server.
Step 2: Create new data base for Magento Multistore on new server.
Step 3: Transfer Magento Multistore files to root path.
Step 4: Apply basic configuration through data base and xml in new server.
Step 5: Apply sub store wise configuration through data base in table i.e.[core_config_data].
Step 6: Delete cache folder
Step 7: If needed give permission to media folder 777 for new server. |
Tags: Magento, Magento Multistore, Magento Multistore transfer
Posted in Magento | No Comments »
December 25th, 2010
| API Credentials ( Application Programming Interface)
> API Certificate & API Signature
| -: API stands for Application Programming Interface. An API used to communicate between two programs.
PayPal API credentials uses API username and API password which is different from PayPal account’s
username and password.
-: Apart from API username and API password we need either signature or certificate.
- A certificate is a file having cryptographic information with which system communicates with PayPal.
- A signature is a piece of text that our script uses to communicate with request to PayPal with the
username and password. |
> How to create an PayPal API Certificate?
- Follow below given steps to generate PayPal API certificates:
Sandbox Test certificate:
-With your PayPal Business account email address, log in to https://developer.paypal.com/.
Note: You must have a PayPal business account. |
| 1. Log in to your PayPal Sandbox account.
2. Click on Test Account Link.
3. Click the Profile tab in the My Account sub-menu.
4. From the Profile page, click API Access under the Account Information
5. Click Set up PayPal API credentials and permissions under Option 2 (Request API Credentials)
6. Click Agree and Submit.
7. Displayed Download API Certificate page and download your API certificate.
8. Click the Download Certificate button. You are prompted to download a file called cert_key_pem.txt.
This file is your sandbox API Certificate.
9. Click “Done” button.
10. After that, click on API Credential link on main PayPal account.
11. Shows on API Username, API Password and API Certificate to download in all times. |
> Live API Certificate:
With your PayPal Business account email address, log in to https://paypal.com/.
| 1. Log in to your PayPal Live account.
2. Click the Profile tab in the My Account sub-menu.
3. From the Profile page, click API Access under the Account Information.
4. Click Set up PayPal API credentials and permissions under Option 2 (Request API Credentials)
5. Click Agree and Submit.
6. Displayed Download API Certificate page and download your API certificate.
7. Click the Download Certificate button. You are prompted to download a file called cert_key_pem.txt.
This file is your live API Certificate.
8. Click “Done” button.
9. After that, click on API Credential link on main PayPal account.
10. Shows on API Username, API Password and API Certificate to download in all times. |
> How to create PayPal API Signature?
- Follow these steps to generate PayPal API signature>
Sandbox Test signature :
With your PayPal Business account email address, log in to https://developer.paypal.com/.
| 1. Log in to your PayPal Sandbox account.
2. Click on Test Account Link.
3. Click the Profile tab in the My Account sub-menu.
4. From the Profile page, click API Access under the Account Information.
5. Click Set up PayPal API signature and permissions under Option 1 (Request API Credentials)
6. Click Agree and Submit.
7. Create API Signature.
8. After that, click on API Credential link on main PayPal account.
9. Shows on API Username, API Password and API Signature. |
>Live API Signature :
With your PayPal Business account email address, log in to https://paypal.com/
| 1. Log in to your PayPal Live account.
2. Click the Profile tab in the My Account sub-menu.
3. From the Profile page, click API Access under the Account Information.
4. Click Set up PayPal API signature and permissions under Option 1 (Request API Credentials)
5. Click Agree and Submit.
6. Create API Signature.
7. After that, click on API Credential link on main PayPal account.
8. Shows on API Username, API Password and API Certificate to download in all times. |
> How to remove API Signature and create API Certificate on PayPal account?
Sandbox Test certificate:
| 1. Log in to your PayPal Sandbox account.
2. Click on Test Account Link.
3. Click the Profile tab in the My Account sub-menu.
4. From the Profile page, click API Access under the Account Information
5. Click on View API Signature under Option 2
6. Click Remove button.
7. Create new API certificates, click on Request API Credentials.
8. Click Agree and Submit button.
9. Displayed Download API Certificate page and download your API certificate.
10. Click the Download Certificate button. You are prompted to download a file called cert_key_pem.txt. This file is your live API Certificate.
11. Click Done button.
12. After that, click on API Credential link on main PayPal account.
13. Shows on API Username, API Password and API Certificate to download in all times. |
> Live API Certificate:
| 1. Log in to your PayPal Live account.
2. Click the Profile tab in the My Account sub-menu.
3. From the Profile page, click API Access under the Account Information.
4. Click on View API Signature under Option 2
5. Click Remove button.
6. Create new API certificates, click on Request API Credentials.
7. Click Agree and Submit.
8. Displayed Download API Certificate page and download your API certificate.
9. Click the Download Certificate button. You are prompted to download a file called cert_key_pem.txt.
This file is your live API Certificate.
10. Click “Done” button.
11. After that, click on API Credential link on main PayPal account.
12. Shows on API Username, API Password and API Certificate to download in all times. |
|
API credentials (Application programming interface):
-
  
-
  
-
  
-
  
-
  
-
  
-
  
-
  
-
  
-
  
Posted in Paypal | No Comments »
November 15th, 2010
List of Payment Gateway of osCommerce :
- PayPal Website Payments Pro (UK) Direct Payments v2.2; Payment Modules
- PayPal Website Payments Pro (US) Direct Payments v2.2; Payment Modules
- PayPal Express Checkout v2.2; Payment Modules
- PayPal Website Payments Pro (UK) Express Checkout v2.2; Payment Modules
- PayPal Website Payments Standard v2.2; Payment Modules
- Credit Class & Gift Voucher v2.2; Credit Modules
- PayPal / PayMate – A solution to customer not returning to site that they can’t miss! v2.2; Payment Modules
- QTpro v1.0 – Quantity Tracking Professional v2.2; Features
- osCommerce PayPal IPN Module v1.0 For 2.2MS2 v2.2; Payment Modules
- customer Must Accept Terms and Conditions (MATC) v2.2; Features
- MoneyBookers IPN v2.2; Payment Modules
- One Page Checkout v2.2; Payment Modules
- PayPal Pro Direct Payments & Express Checkout v2.2; Payment Modules
- Paypal Express Checkout 1.0 – few changes v2.2; Payment Modules
- ## POINTS AND REWARDS MODULE V1.00 ## v2.2; Credit Modules
- OrderCheck v2.2; Features
- PayPal Website Payments Pro – 3D Secure Module (Official) v2.2; Credit Modules
- PayPal Fee v2.2; Order Total Modules
- Discount Coupon Codes v2.2; Order Total Modules
- PayPal Express Checkout IPN v2.2; Payment Modules
- Shipping Insurance 1.0 v2.2; Order Total Modules
- PayPal Express Checkout and Website Payments Pro (Official Payment Module) v2.2; Payment Modules
- osC Affiliate v2.2; Features
- PayPal Express Checkout Module v2.2; Credit Modules
- Individual Product Shipping Prices – v1.0 v2.2; Shipping Modules
- PayPal in Australian (AUD) Currency v2.2; Payment Modules
- ULTIMATE Seo Urls 5 – by FWR Media v2.2; Other
- Quantity for Product Attributes Mod v2.2; Features
- PayPal Accepted InfoBox v2.2; InfoBoxes
- NAB Transact (Hosted Payment Page) Payment Module v2.2; Payment Modules
- Paypal Itemized Description v2.1; Payment Modules
- Unique Order Number v2.2; Features
- Checkout Redux v2.2; Other
- File Upload .7 (for PA – Option Type Feature) v2.2; Features
- Advisepay-No more free advise,samples and call outs v2.2; Payment Modules
- Westpac/StGeorge PayWay v2.2; Credit Modules
- Choice of Free Gifts Module v2.2; Features
- Paypal Recurring Billing Module v2.2; Payment Modules
- 2Checkout INS / IPN (Instant Notification System) for MS2.2 v2.2; Payment Modules
- PayPal Fee, with Several Extra Options v2.2; Order Total Modules
- PayPal auto compilazione form – Auto fill paypal form (no ipn) v2.2; Payment Modules
- paypal direct payment v2.2; Payment Modules
- Product Attributes – Option Type Feature v2.2; Features
- Official PayPal Released Pro/Express Checkout – UK v2.2; Payment Modules
- AJAX Single Page Checkout v2.2; Other
- PayPal – Solution to Customer Not Returning to Site v2.2; Payment Modules
|
-
Order lgging before payment processing v2.2; Features
-
USPS Shipping Insurance v2.2; Order Total Modules
-
Recover missing order info from DBn v2.2; Other
-
PayPal Payflow Pro [New Version] v2.2; Payment Modules
-
skip payment options depending on the selected currency v2.2; Payment Modules
-
Paypal Express Checkout v2.2; Credit Modules
-
Ship 2 Pay v1.0 (MS1) v2.2; Payment Modules
-
Payment Information PopUp v2.2; Features
-
PayPal Gebühren anzeigen lassen v2.2; Other
-
Paypal no order in admin FIX 1.0 v2.1; Payment Modules
-
Remove Address Book For Fraud Protection v2.2;Features
-
Nochex APC Payment Module v2.2; Payment Modules
-
PayPal IPN for Easy Export v2.2; Payment Modules
-
Paypal IPN Icon at checkout v2.2; Payment Modules
-
Pending Order Email v2.2; Features
-
OneBip Payment System v2.2; Payment Modules
-
Amazon Flexible Payments v2.2; Payment Modules
-
PayPal Verified Seal with Credit Card images v2.2; Images
-
Problème retour Paypal v2.2; Payment Modules
-
Paypal payment after admin approval v2.2; Payment Modules
-
ipayDNA v2.2; Payment Modules
-
Free Downloads FX v2.2; Payment Modules
-
BidPay Direct Payments v2.2; Payment Modules
-
PayTreck.com Payment Module – Accept e-Gold and PayPal v2.2; Payment Modules
-
Alert Customers if Payment Method is PayPal v2.2; Payment Modules
-
Paypal Logo w/ Admin…Info Box v2.2; InfoBoxes
-
Official PayPal Released Pro/Express Checkout – US v2.2; Payment Modules
-
Google Checkout IPN v2.2; Payment Modules
-
Paypal Verfied and Information Footer v2.2; Other
-
Paypal Continue Reminder v2.2; Payment Modules
-
PayPal Payflow Pro v2.2; Payment Modules
-
PayPal Fee Charge v2.2; Order Total Modules
-
Paymate Express 2.0 v2.2; Payment Modules
-
PayPal Website Payments Pro v2.2; Payment Modules
-
PayPal Payment Module incl. fee charge v2.2; Payment Modules
-
PPPay.com Payment / Credit Module v1.0 beta v2.2; Payment Modules
-
Must agree to Terms v2.2; Features
-
PayPal payment every time 01A v2.2; Payment Modules
-
PayPal Payment Page Automatic Language Selection v2.2; Credit Modules
-
Quickbooks Import QBI v2.2; Features
-
Canadian Tax Display v2.2; Features
-
Individual Product Payment Methods v2.2; Payment Modules
-
No login with Paypal Standard v2.2; Features
-
Updated PayPal Payment Screen v2.2; Payment Modules
-
Sendep Brasil v1.0 v2.2; Payment Modules
-
eGoldX Payment Module (e-Gold, Paypal andMoneyBookers) v2.2; Payment Modules
-
multicards modules for oscom 2.2 v2.2; Payment Modules
-
Fasthosts_v1.0 v2.2; Payment Modules
-
About Paypal Box v2.2; InfoBoxes
|
|
-
optpay.zip v2.2; Payment Modules
-
Making PayPal Return Order Data v2.2; Payment Modules
-
PayPal IPN with fee v2.2; Payment Modules
-
Payment method fee v2.2; Order Total Modules
-
PayPal_Shopping_Cart_IPN v2.2; Payment Modules
-
pm2checkout v2.2; Credit Modules
-
We Accept Paypal Box v2.2; InfoBoxes
-
cvv2 for entire order v2.2; Payment Modules
-
Paypal Countries SQL v2.2; Payment Modules
-
Email Subject with Order Number and Status v2.2; Credit Modules
-
Paypal Zone v2.2; Zones
-
Custom Paypal Description v2.2; Payment Modules
-
PPPay.com Payment / Credit Module v1.0 beta v2.2; Credit Modules
-
PPPay.com Payment / Credit Module v1.1 v2.2; Payment Modules
-
Fix Order Status v2.2; Credit Modules
-
lanote.com – payment v2.2; Payment Modules
-
Class cc_show() v1.0 – Show Credit Cards, Gateways v2.2; Payment Modules
-
AnyPay v2.2; Payment Modules
-
EMOcorp v2.2; Payment Modules
-
PayPal IPN v0.981 for Milestone 2 v2.2; Payment Modules
-
HTTP_REFERER Referral 1.0 v2.2; Reports
-
Add Paypal logo in your website footer v2.2; Features
-
Paysytems Module for MS2 v2.2; Payment Modules
-
PayPal IPN Gateway for osCommerce v2.2; Payment Modules
-
Membership / Subscription Only v2.2; Features
-
eway payment module – shared payment ver(No SSL) v2.2; Payment Modules
-
PayPal IPN v0.98 for Milestone 2 v2.2; Payment Modules
-
Payit@POST (Australia) 1.0 v2.2; Payment Modules
-
invoice-v0.1 v2.2; Payment Modules
-
Module for CitiBank’s c2it v2.2; Payment Modules
-
Moneybookers (Sept 2002 OSC Snapshot) v2.2; Payment Modules
-
PayPal IPN v2.2; Payment Modules
-
Manual Order Entry v2.2; Features
-
Moneybookers.com Payment Module v2.2; Payment Modules
-
Paymate Express 1.0 old code
-
Commonwealth Bank Australia (CommWeb) v2.2; Payment Modules
-
WorldPay Payment Module v2.2; Payment Modules
-
Shipping, Order Processing module v2.2; Features
-
Paypal Payment Module (Currency Selection) v2.2; Payment Modules
|
Posted in Uncategorized | 1 Comment »
November 15th, 2010
Posted in E commerce | No Comments »
October 14th, 2010
What virus /Malware do?
In an osCommerce site a virus malware do the following:
- Create a form ask unnecessary to fill confidential data like order
detail or paypal detail. Once someone fills these details, those details
will be emailed to third party for misused.
- Creating link of website for creating traffic for those link.
- Using redirector for redirecting the customer to other site.
- Using iframe to display some unauthorized detail with a link to wesite.
So basically there are two objectives
- Steal data.
- Divert traffic to another website.
Different ways in which hackings are achieved.
1) SQL injection
2) Modify .htaccess and writing the error 404 rules or rewrite rules.
3) Place some javascript.
4) Placing .php or other files to execute and modify other files.
How to make out what is wrong?
Downloade all the code and check for,
- External links.
- javascript code having eval in it.
- check your .htaccess file.
- checking image folder and other folder.
- check permission is 777 or writing permission.
- use some scanning references to check for valueval pass and
analyze code.
- check your error log.
- check your access log.
Preventions:
Prevention basically includes three things.
• Your site itself
• Password of software used to upload content on site.
• And your Computer from where content is being upload.
How does one protect its site?
- Ensuring that all third party scripts or tools used on site should have
latest security updates or should be asked to hosting company to do
so.
- Delete unwanted folders, files, scripts and services those are no
more in use.
- Occasionally change the password of the software used to upload
content to the site.
Use strong password.
- Appropriate file permissions to be given.
- Disable file manager from admin.
- Site admin should be password (.htaccess) protected.
- Keep the computer used for site’s upload and download activities
should be up-to-date with all necessary operating system updates
and a strong antivirus with all latest updates.
Recommendations:
- It is always recommended, not to keep a soft copy of site
access details on computer.
- A regular code and database backup should be taken.
- There is few security add-ons are available in osCommerce that
should be installed on the site.
Tags: oscommerce, osCommerce security
Posted in E commerce | 5 Comments »
October 6th, 2010
Introduction to IPN :
|
- With PayPal‘s Instant Payment Notification (IPN) you can integrate PayPal payments with your website back-end operations.
- It should point to the location of the script that will process your transactions. while using the PayPal IPN Payment Module, it should point to the location of the PayPal_notify.php file.
|
Procedure to set up IPN :
|
1. Log in to your Business or Premier PayPal account.
2. Click the Profile sub tab.
3. Click the Instant Payment Notification Preferences link in the selling Preferences column.
4. Click Edit.
5. Click the checkbox and enter the URL at which you would like to receive your IPN Notification
6. Click Save.
|
osCommerce Paypal IPN need to do following setting for working properly :
|
>>>
A) Profile Auto Return :
- What is the need for Auto Return?
> The need for Auto Return is that it avoids to click on extra button as “Return To Click Merchant”
for returning website.….
> Auto Return for Website Payments avoids click an extra button before returning to your website after they complete their payments. Auto Return supports all Website Payments, including following :
e.g. Buy Now, Shopping Cart, Subscription, Gift Certificate, and Donation buttons.
B) PDT (Payment Data Transfer)
> Payment Data Transfer allows you to receive notification of successful payments as they are made. The use of Payment Data Transfer depends on your system configuration and your Return URL. Please note that you must turn on Auto Return in order to use Payment Data Transfer.
- Follow the given below steps to Turn On Auto Return (Auto return is Turn off by default) :
1. Log in to your PayPal account at https://www.paypal.com.The My Account Overview page
appears.
2. Click the Profile sub tab. The Profile Summary page appears.
3. Click the Website payment Preferences link Under selling preferences column.
4. Click the On radio button under Auto Return for website payments to enable Auto Return
5. Enter the URL in the Return URL field, to which you want your payers
redirected after they complete their payments.
Note: If you enter an invalid Return URL, PayPal displays the standard payment confirmation page after people complete heir payments.
6. click the On radio button Under Auto Return Setting: Under the heading: Payment Data Transfer: to enable Payment Data Transfer.
7. Scroll to the bottom of the page, and click the Save button.
|
|
C) Now check the file present or not in the folder ext/modules/payment/paypal/standard_ipn.php .
D) Check the admin configuration setting like seller email_address,repairing status as
pending ,acknowledgement status as process.
E) Complete the order and check the IPN comment in admin order. If IPN verification
completed properly then you will get the message in IPN comment box i.e. IPN verification
successfully.
|
|
Tags: oscommerce, osCommerce payment, oscommerce PayPal, oscommerce paypal IPN
Posted in E commerce, Payment, Paypal, osCommerce | 6 Comments »
October 4th, 2010
osCommerce Weight Base Shipping
|
- In default osCommerce zone based shipping module supports only weight base shipping. If weight is zero then free shipping.
- If someone want the shipping should be applied on the products attribute then he should go with osCommerce contribution.The osCommerce weight-based shipping module uses the simple formula to calculate the shipping which is
1:2.5 == shipping cost is $2.50 per kilogram.
- In weight based shipping, shipping applied as per the product weight if product weight is zero then shipping is also zero i.e. free shipping. If product has no weight and attribute have weight then no charges will be applied on that attribute weight.
|
osCommerce contribution :
|
- The contribution will alter not only the product price but it will also alter the product weight.This contribution gives the facility to assign weight to the product attribute which is added to the product actual weight to calculate total shipping cost. It uses the following formula.
Product weight = Product actual weight + Product attribute weight.
- It will then apply the shipping charges on that recalculated weight.
- Recommended osCommerce contribution: http://addons.oscommerce.com/info/1622
|
Tags: oscommerce shipping, oscommerce weight based shipping
Posted in E commerce, Shipping, osCommerce | 4 Comments »
|
|
|
|
|
