I wrote a script to retrieve and convert the evertek csv to easy populate format. Now apparently I have to mod the core to allow curl to login. Anyone done this? This is the only thing holding it everything up. Thanks!
I wrote a script to retrieve and convert the evertek csv to easy populate format. Now apparently I have to mod the core to allow curl to login. Anyone done this? This is the only thing holding it everything up. Thanks!
You said your script converts a CSV to EasyPopulate format. If it's only converting data formats, why does it need to login to anything?
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
So it can auto update the database with new / updated values with out having to manually doing it your self. Auto shop updating :) I have already made a google page for it. So hopefully more people can make a use of it. I don't even run my own e-store this is for someone else.
I'm trying to avoid actually messing with the database. zen cart and easy populate are already really good at manipulating the data in the db, so I'd rather just let them do those tasks. The only problem I was having was getting easy populate to accept the csv file. That problem is past but now, when I try to login to curl I get the regular login page with the same token.
Iv managed to scrape the token. And post the admin_name admin_pass securityToken also submit=Login but its not working that way.
Have you considered the implications of PCI DSS with your application? If you're creating something which gains access to the store's backend administration tools, then you need to ensure your code is totally secure. Anyone using your application puts themselves at risk if they allow outsiders (ie your application) to login.
www.pcisecuritystandards.org
Just something to keep in mind and ensure you alert people about when you give people your code.
.
Zen Cart - putting the dream of business ownership within reach of anyone!
Donate to: DrByte directly or to the Zen Cart team as a whole
Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
I think you may be overthinking your problem. Why not move your code into the Zen Cart admin. I don't see why your conversion couldn't occur on a page inside the Admin...
The whole config file is encrypted with AES 256 bit encryption , the worst security issue would be dns poisoning w/ a man in the middle attack. I got it to work while keeping the security token feature working. The script doesn't access the admin page directly.
You can read about it here. http://jackiecraigsparks.wordpress.c...s-in-zen-cart/ Im going to post the code in the next day on google code. I'm working on putting ajax into it.
You can even trigger the script from your home/office pc, phone or tablet device to keep your login creds stored in the config private from preying eyes.
Now the whole security of the config is flawed when run from the same server on a cron job. Thanks for the link on PCI security standards. I will read that for sure.
BlindSide: does the admin allow me to run like a cron job?
The dns poisoning /w man in the middle would only allow a sql injection if the easy populate script didn't sanitize the csv.
The Zen Cart Admin is designed to serve webpages, and has no native recognition for cron jobs. However PHP code located in the Admin (or anywhere else for that matter) can be executed in a cronjob.
The concern DrByte and I have is that you're hacking around the login, which violates PCI.
Does the cronjob itself need to login, or are you logging in for a user so they can configure stuff?
Bookmarks