Pages:
Author

Topic: BitShop - cryptocurrency shopping cart script [PHP/MYSQL] (v1.1.2) - page 33. (Read 74905 times)

legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Well that sucks, BTC-e removed from bitcoin charts USD

I had BitShop set to read the BTC-e USD price and now it doesn't work. Had to change it back to Mt. Gox USD.

Just a note for anyone who may be experiencing the same problem.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Does it work on/over TOR?
No, because it requires javascript to be enabled and the buyers IP address cannot change at any point during the transaction (this is to protect against session hijacking attacks). Adding support for Tor is in my list of planned updates, but like I said before it wont be a small job so I probably wont get around to it for a while.
legendary
Activity: 1064
Merit: 1001

// security string used for encryption (16 chars)
$sec_str = 'CHANGETHISSTRING';

I don't get what I'm supposed to do with this though.

You just have to change this to any random string. Like:

$sec_str = 'CHANGET35345325xxxHISSTRING';
$sec_str = 'fXUMDwzgU6kYxJb8p';
$sec_str = '9S9egqpZWp64kSLmTHUPSfSsrzx8rQ65pZRVEs';
...

All ok, doesn't matter. Just change, dont leave this defaut string.

So just any random bs thats 16 chars long, k.
legendary
Activity: 1232
Merit: 1011
Monero Evangelist

// security string used for encryption (16 chars)
$sec_str = 'CHANGETHISSTRING';

I don't get what I'm supposed to do with this though.

You just have to change this to any random string. Like:

$sec_str = 'CHANGET35345325xxxHISSTRING';
$sec_str = 'fXUMDwzgU6kYxJb8p';
$sec_str = '9S9egqpZWp64kSLmTHUPSfSsrzx8rQ65pZRVEs';
...

All ok, doesn't matter. Just change, dont leave this defaut string.
legendary
Activity: 1232
Merit: 1011
Monero Evangelist
MoreBloodWine:

- I check my Installation, wait a second.
- Does the captcha generation work for you?
legendary
Activity: 1064
Merit: 1001
In addition to my above sugestion, I'm a little lost.

I created and set the public rsa key.

// security string used for encryption (16 chars)
$sec_str = 'CHANGETHISSTRING';

I don't get what I'm supposed to do with this though.
legendary
Activity: 1232
Merit: 1011
Monero Evangelist
Does it work on/over TOR?
legendary
Activity: 1064
Merit: 1001
Finally heh... I know this might seem trivial, but in the next update. Might you consider ormatting like I have done ?

1 BTC = $984.46 USD (24hr W.Avg)

Except in the case of the dollar sign, this could be the denomination set by the user in the one confi file. Then there's the adiion of the (24hr W.Avg)

As you saw, I hadd some confusion about why that figure was off as wwell as some others until you told me it's the weighed average figure.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
I finally solved MoreBloodWine's problem, it was a problem with his server configuration after all. It seems like the problem was caused because output_buffering was enabled and it was causing the headers_sent() function to always return false, which led to it doing header redirections when it shouldn't have been, which stopped the cookies from being saved properly. I solved it by forcing a javascript redirection on the admin login page. All future versions of BitShop will contain this change but if you're using v0.9.6 or earlier and you are experiencing this problem send me a PM and I will tell you how to fix it.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
would all the user (not admin) functionality not work, or just parts of it ?
Like could I get away with not using java and still order stuff ?
It requires javascript to be enabled to make orders. I plan on adding support for those people with javascript disabled but it'll be a fairly complex job so I probably wont get around to it for a while.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
I seriously doubt it's my server, there's nothing special about it, its a cloud. It runs 5 websites and a number of minecraft servers.
Ok, I just released v0.9.6 and it contains some of the fixes we've discussed here and some other stuff. Log into the client area and obtain the new files and update the files listed there. If your problem still isn't solved after updating to v0.9.6 then it is something with your server because many people are using the script and none of them are reporting problems logging into the admin area.

Edit: In what file(s) am I lookin for the avg thing ?
There are many files. Search the entire project for the text $btc_stats['avg'] and you will see everywhere it is used.

Edit 3: Not sure if this helps - http://www.eojmarket.com/php_info.php
It looks ok, but be sure to remove that file because it can give attackers a lot of helpful information.
legendary
Activity: 1064
Merit: 1001
Just tried 10 times in a row to no avail, in two browsers.
Ok, well then it has something to do with your server not handling cookies properly. I remember there was another guy a few months ago who had a similar problem logging into the admin area and the only way he could solve it was by changing to another host or by completely removing the cookie handling code from the admin login page.

So if I wanted it to be as close as possible to whats shown on Gox, what do I need to do ? I assume something will need to be rewriten to pull from their API directly ?
Oh I realized why it's different, because the script is using the 24 weighted average price. If you want to change it find all places where $btc_stats['avg'] is used and replace it with $btc_stats['close']
I seriously doubt it's my server, there's nothing special about it, its a cloud. It runs 5 websites and a number of minecraft servers.

So we can forgo the guessing game, what can we do to see what it is, or isnt ?

Edit: In what file(s) am I lookin for the avg thing ?

Edit 2: Most of my sites have SMF installed and cookies run fine for them.

Edit 3: Not sure if this helps - http://www.eojmarket.com/php_info.php
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
looks pretty cool Smiley
just wondering, do users need javascript enabled in the browser ??

thanks
Yes.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Just tried 10 times in a row to no avail, in two browsers.
Ok, well then it has something to do with your server not handling cookies properly. I remember there was another guy a few months ago who had a similar problem logging into the admin area and the only way he could solve it was by changing to another host or by completely removing the cookie handling code from the admin login page.

So if I wanted it to be as close as possible to whats shown on Gox, what do I need to do ? I assume something will need to be rewriten to pull from their API directly ?
Oh I realized why it's different, because the script is using the 24 weighted average price. If you want to change it find all places where $btc_stats['avg'] is used and replace it with $btc_stats['close']
legendary
Activity: 1064
Merit: 1001
Did as sugested in previous reply and this as well. Admin pass seems to take now, but upon hitting the submit button the admin login page just sorta refreshed back to the enter password screen. Is that what its supposed to do ?
Try logging in a second time like I said before and see if it works. It looks like my javascript fix didn't fix that annoying problem after all.
Just tried 10 times in a row to no avail, in two browsers.

Quote
Just ran /goxgrab/mtgox_update.php manually, shows price now as $763.31 but the price on gox itself is $843
The price data is actually taken from bitcoincharts.com, so it might not be exactly the same as shown on Mt. Gox. It should be though.
So if I wanted it to be as close as possible to whats shown on Gox, what do I need to do ? I assume something will need to be rewriten to pull from their API directly ?
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Did as sugested in previous reply and this as well. Admin pass seems to take now, but upon hitting the submit button the admin login page just sorta refreshed back to the enter password screen. Is that what its supposed to do ?
Try logging in a second time like I said before and see if it works. It looks like my javascript fix didn't fix that annoying problem after all.

Quote
Just ran /goxgrab/mtgox_update.php manually, shows price now as $763.31 but the price on gox itself is $843
The price data is actually taken from bitcoincharts.com, so it might not be exactly the same as shown on Mt. Gox. It should be though.
legendary
Activity: 1064
Merit: 1001
will wait the 2hrs and try again and will post back here.
You don't have to wait 2 hours, just add these lines to the bottom of \inc\common.inc.php (just before the closing PHP tag):

  session_unset();
  session_destroy();
  unset_cookies();

And then refresh the login page, and then remove those lines from the common.inc.php page and try logging in again.
Did as sugested in previous reply and this as well. Admin pass seems to take now, but upon hitting the submit button the admin login page just sorta refreshed back to the enter password screen. Is that what its supposed to do ?

I suspet this is going to come back down to me missing something since I didnt wah the full install video, but as I said before. I'd rather wait for the updated video before proceeding.

Edit: Just ran /goxgrab/mtgox_update.php manually, shows price now as $763.31 but the price on gox itself is $843
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
will wait the 2hrs and try again and will post back here.
You don't have to wait 2 hours, just add these lines to the bottom of \inc\common.inc.php (just before the closing PHP tag):

  session_unset();
  session_destroy();
  unset_cookies();

And then refresh the login page, and then remove those lines from the common.inc.php page and try logging in again.
legendary
Activity: 1536
Merit: 1000
electronic [r]evolution
Ok, I just noticed a small javascript error on the admin login page which might be causing your problem.

Replace all of line 48 of the inc/admin/login.inc.php file with the following line of code:

  var pass = $("#pass_txt").val();

I forgot to put the 'var' keyword before the variable and that was causing the problem I mentioned earlier.
After applying that fix I don't have to try to log in twice anymore, so it may fix your problem as well.
legendary
Activity: 1064
Merit: 1001
Have you got javascript enabled? The admin login now requires javascript to be enabled because it uses a hashing scheme to protect the admin password for those people who don't have an SSL certificate.
Tried it in two different browsers with cookies enabled to the same effect... wrong pass. I went ahead and changed it from the default, will wait the 2hrs and try again and will post back here.
Pages:
Jump to: