Fast and Easy Checkout

Printable View

Show 100 post(s) from this thread on one page

24 Jan 2010, 04:24 AM
greenhat

Re: Security Issue w/Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by rwoody

I'm still trying to figure this out. Has anyone ever seen this issue before and if not, can someone give me a clue other than the tpl_login_default.php file that would be the issue? I've replaced that file with a fresh one from the install. There were no edits to that file. We do have super orders installed and I used the appropriate replacement files from the package there. I am just at a loss on this to figure out what is causing the issue.

Any suggestions would be greatly appreciated and desperately needed. :cry:

you mentioned that you disabled the FEC module.. I would try to completely uninstall it at this point.
24 Jan 2010, 04:37 AM
rwoody

Re: Security Issue w/Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by greenhat

you mentioned that you disabled the FEC module.. I would try to completely uninstall it at this point.

Exactly. What I've done is made a duplicate of my site, so as not to disturb the production site. I've used Beyond Compare and been going through files looking for anything out of the ordinary and found nothing. I've grabbed the latest release and I'm going to try to do an upgrade.

Can you tell me if there from 1.5.1 to 1.6.2 which is what I'm about to install, if there are any db changes? I was going to do a compare on the sql install files, as I didn't see an upgrade file. There maybe no changes there, but wanted to make sure before I proceed.

This is just the absolute strangest thing I've ever seen. If you put in a bad password it will error out as it should...leave it blank and zoom you're in the customer's account, as long as you know the email address they used to create their account with.

Go figure...leave it to me when I have a thousand other tasks at hand to have something so strange to deal with...LOL Guess it's the luck of the draw.
24 Jan 2010, 04:51 AM
greenhat

Re: Security Issue w/Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by rwoody

Exactly. What I've done is made a duplicate of my site, so as not to disturb the production site. I've used Beyond Compare and been going through files looking for anything out of the ordinary and found nothing. I've grabbed the latest release and I'm going to try to do an upgrade.

hmm.. but, did you try to completely uninstall the plugin? i mean.. just go through and delete each file one by one as well as undo all the SQL insertions and changes.

Quote:

Originally Posted by rwoody

Can you tell me if there from 1.5.1 to 1.6.2 which is what I'm about to install, if there are any db changes? I was going to do a compare on the sql install files, as I didn't see an upgrade file. There maybe no changes there, but wanted to make sure before I proceed.

no idea.. try to compare the sql install files as you suggested.

Quote:

Originally Posted by rwoody

This is just the absolute strangest thing I've ever seen. If you put in a bad password it will error out as it should...leave it blank and zoom you're in the customer's account, as long as you know the email address they used to create their account with.

Go figure...leave it to me when I have a thousand other tasks at hand to have something so strange to deal with...LOL Guess it's the luck of the draw.

i have a sneaky suspicious that this may have something to do with the "Master Password" feature.. Admin -> Config -> FEC Config -> Master Password..
This feature is a bit unclear because it can either be true or false.. but there is no field where to set this password. check if you have it turned on ("true").. maybe it's on and set as blank somewhere. just an idea..

good luck
24 Jan 2010, 05:03 AM
greenhat

Re: Fast and Easy Checkout for Zen Cart

just looked into it.. it looks like if the Master Password is set to true, you can login to any account with your admin password.. so , if your admin password is blank (which is highly unlikely, but double check) , you will get the behavior you're describing.
24 Jan 2010, 05:10 AM
rwoody

Re: Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by greenhat

just looked into it.. it looks like if the Master Password is set to true, you can login to any account with your admin password.. so , if your admin password is blank (which is highly unlikely, but double check) , you will get the behavior you're describing.

I could kiss you!!!!!!!!! My customer was in there poking around and did just that!!! He cleared out the password and voilla! I have spent hours looking for this...LOL I never even thought of that.

Thank you sooooooooo much!!! :clap:
24 Jan 2010, 05:57 PM
greenhat

Re: Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by rwoody

I could kiss you!!!!!!!!! My customer was in there poking around and did just that!!! He cleared out the password and voilla! I have spent hours looking for this...LOL I never even thought of that.

Thank you sooooooooo much!!! :clap:

:) glad i could help.
24 Jan 2010, 07:53 PM
taz79

Re: Fast and Easy Checkout for Zen Cart

Hello! I just ran into problems with this add-on. Hope there is a kind soul that maybe could spend a few minutes trying to help me? :)

I just tried to install this add-on.. Everything went fine until I later came to the sql question text file to run...

When i ran it i got the following output:

Code:

1364 Field 'query_keys_list' doesn't have a default value in: [INSERT INTO query_builder ( query_id , query_category , query_name , query_description , query_string ) VALUES ( '', 'email,newsletters', 'Permanent Account Holders Only', 'Send email only to permanent account holders ', 'select customers_email_address, customers_firstname, customers_lastname from TABLE_CUSTOMERS where COWOA_account != 1 order by customers_lastname, customers_firstname, customers_email_address');] If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.

I'm not an expert to this.. But I guess a "field name" from another add-on is already in the database and the SQL script from this plugin (Fast and Easy Checkout) did not have this adoption to the insert into string? ..

Is there a way to fix this?

Also. When I ran this.. Is this change inside my database now or did it never execute because of the error?
29 Jan 2010, 01:25 AM
bigjon1982

Re: Fast and Easy Checkout for Zen Cart

Under my who's online I am getting /javascript_check.php?zenid=

Anyone knows if this is a issue or if we got a fix?
29 Jan 2010, 01:42 AM
greenhat

Re: Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by bigjon1982

Under my who's online I am getting /javascript_check.php?zenid=

Anyone knows if this is a issue or if we got a fix?

i noticed this also.. i cant figure out when exactly this is happening, as it does not happen on every page.. but i do see a lot of users with that link.
31 Jan 2010, 04:02 PM
poosk

Re: Fast and Easy Checkout for Zen Cart

Quote:

Originally Posted by barco57

On a cart that I have installed this has a bit of a problem with the cowoa part. The products are downloadable, and when I get to the checkout success page where the download button is displayed, clicking on the download button sends me to the "whoops, your session has expired" and you don't get the download. Any help would be appreciated.

I'm getting session expired every time I try to checkout! Any ideas how to fix it?

Show 100 post(s) from this thread on one page