Thread: Security Token

Results 1 to 10 of 11

Hybrid View

  1. #1
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Security Token

    Depends whether you change your non-ZC button to read something other than "add to cart".

    The security token is tied to the active Zen Cart session. And, since your non-Zen Cart code isn't running Zen Cart and has no Zen Cart session active, you have no ability to insert a security token into your forms.
    Zen Cart was designed to BE your product catalog, not be merely a payment collector.

    What exactly is it that you're doing that has caused you to relegate ZC to merely a back end payment processing engine?
    A link to your site would add some meaningful context to this discussion.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  2. #2
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    My site is www.shalach-manos.com - for now, I went back to the previous version.
    The problem is that I created this site years ago and the business runs on SEO.

    So to change all the product pages (and therefore url and so on..) would not be a good idea for me at the moment.
    Also, when someone purchases a basket - I need the contact info for the person recieving the basket (and some people purchase multiple baskets thus with different recipients per basket) so I custom programmed it to go to a page to take all the info. The way that I did it is neater than being in zencart. If you add a product to cart, you will see what I mean.

    Thanks for all your help.

    Leora

  3. #3
    Join Date
    May 2010
    Location
    WA State
    Posts
    1,678
    Plugin Contributions
    3

    Default Re: Security Token

    The site is not loading for me.

  4. #4
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    Sorry the server was down for a bit, back up now.

    Thanks, Leora

  5. #5
    Join Date
    Aug 2009
    Posts
    6
    Plugin Contributions
    1

    Default Re: Security Token

    I know this is an old post, but just in case there's someone trying to do this, here's a quick workaround.

    Open up includes/init_includes/init_sanitize.php and add a new conditional if statement to bypass the security restriction for the actions you need. For example, this will allow you to add items to the cart without a securityToken present:

    PHP Code:
    // Line 30: Add if statement around zen_redirect() function call
    if(!(
        
    $_GET['action'] == 'add_product' 
        
    && isset($_POST['cart_quantity']) 
        && !empty(
    $_POST['products_id'])
    )) {
        
    zen_redirect zen_href_link FILENAME_TIME_OUT''$request_type ) );

    Enjoy!

  6. #6
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: Security Token

    Or just use the buy_now action like this:

    /index.php?main_page=index&action=buy_now&products_id=11
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. security token error
    By nour72sy in forum Addon Language Packs
    Replies: 0
    Last Post: 24 Oct 2011, 02:38 PM
  2. login security token
    By cameoflage in forum Templates, Stylesheets, Page Layout
    Replies: 4
    Last Post: 14 May 2010, 10:14 PM
  3. Security Token Generation
    By glenelkins in forum General Questions
    Replies: 3
    Last Post: 4 Feb 2009, 07:39 PM
  4. Security Token vs my mod
    By sanji in forum Upgrading from 1.3.x to 1.3.9
    Replies: 3
    Last Post: 29 Dec 2007, 03:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg