Thread: Security Token

Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Security Token

    My site has an html/php front end which connects to zen cart to do the shopping cart stuff.
    I have products on my site where when someone clicks "add to cart" it connects them to zencart's add to cart form. This was working for the last few years unitl I now upgraded to 1.5 - it seems to be because there is something extra that is getting passed into the form now. This is the "security token" field.

    How do I pass this field as well from my form so that I can continue to submit the way that I have been submitting.

    Thanks,

    Leora

  2. #2
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Security Token

    Any links in your site which point to the Zen Cart section of your site should direct the customer to the product page or the product-listing page, so that the customer can click Add To Cart from the Zen Cart page, where the security token is properly generated and included in the form.
    Anything else will prevent normal operation.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    Thanks for getting back to me - for various reasons, I can't make the product pages zencart pages - only once you click on "add to cart" can I use the zen cart pages.

    How does zencart generate this security key - can I just mimic the code on my side before I pass it over?

    Thanks,
    Leora

  4. #4
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Security Token

    Let me rephrase: make your add-to-cart buttons that exist outside ZC be links to the ZC product page, where the ZC add-to-cart button will be properly shown with all its requirements.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    But then the person will have to click add to cart twice - correct? Is there not another way to add the security token to my pages?

    Thanks,
    Leora

  6. #6
    Join Date
    Jan 2004
    Posts
    66,364
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Security Token

    Depends whether you change your non-ZC button to read something other than "add to cart".

    The security token is tied to the active Zen Cart session. And, since your non-Zen Cart code isn't running Zen Cart and has no Zen Cart session active, you have no ability to insert a security token into your forms.
    Zen Cart was designed to BE your product catalog, not be merely a payment collector.

    What exactly is it that you're doing that has caused you to relegate ZC to merely a back end payment processing engine?
    A link to your site would add some meaningful context to this discussion.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  7. #7
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    My site is www.shalach-manos.com - for now, I went back to the previous version.
    The problem is that I created this site years ago and the business runs on SEO.

    So to change all the product pages (and therefore url and so on..) would not be a good idea for me at the moment.
    Also, when someone purchases a basket - I need the contact info for the person recieving the basket (and some people purchase multiple baskets thus with different recipients per basket) so I custom programmed it to go to a page to take all the info. The way that I did it is neater than being in zencart. If you add a product to cart, you will see what I mean.

    Thanks for all your help.

    Leora

  8. #8
    Join Date
    May 2010
    Location
    WA State
    Posts
    1,678
    Plugin Contributions
    3

    Default Re: Security Token

    The site is not loading for me.

  9. #9
    Join Date
    Jul 2006
    Posts
    35
    Plugin Contributions
    0

    Default Re: Security Token

    Sorry the server was down for a bit, back up now.

    Thanks, Leora

  10. #10
    Join Date
    Aug 2009
    Posts
    6
    Plugin Contributions
    1

    Default Re: Security Token

    I know this is an old post, but just in case there's someone trying to do this, here's a quick workaround.

    Open up includes/init_includes/init_sanitize.php and add a new conditional if statement to bypass the security restriction for the actions you need. For example, this will allow you to add items to the cart without a securityToken present:

    PHP Code:
    // Line 30: Add if statement around zen_redirect() function call
    if(!(
        
    $_GET['action'] == 'add_product' 
        
    && isset($_POST['cart_quantity']) 
        && !empty(
    $_POST['products_id'])
    )) {
        
    zen_redirect zen_href_link FILENAME_TIME_OUT''$request_type ) );

    Enjoy!

 

 
Page 1 of 2 12 LastLast

Similar Threads

  1. security token error
    By nour72sy in forum Addon Language Packs
    Replies: 0
    Last Post: 24 Oct 2011, 02:38 PM
  2. login security token
    By cameoflage in forum Templates, Stylesheets, Page Layout
    Replies: 4
    Last Post: 14 May 2010, 10:14 PM
  3. Security Token Generation
    By glenelkins in forum General Questions
    Replies: 3
    Last Post: 4 Feb 2009, 07:39 PM
  4. Security Token vs my mod
    By sanji in forum Upgrading from 1.3.x to 1.3.9
    Replies: 3
    Last Post: 29 Dec 2007, 03:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR