The Zen Cart Better Together Promotional Page had a problem with category images displayed when advertising add_prod_to_cat(), add_cat_to_cat(), add_cat_to_prod() or add_twoforone_cat() linkages. This has been fixed and posted to the Zen Cart downloads area.
Impulse Buy for Zen Cart shows a group of items of your choosing on the Checkout Shipping page that can be purchased with the click of a checkbox. The sales funnel is not disrupted by returning to the shopping cart page; the customer goes directly to the payment page.
I enhanced the “Group Functionality for CMS/Info Block” contribution to be a more general CMS Group Restrictions module for PrestaShop.
Reconcile yourself to a weekend of hard work. It’s not invention – you can do it yourself, and you don’t need to hire me – but it is work, and I recommend not taking shortcuts that might leave holes in your system.
You will need to delete what’s on your site and restore from a known good backup. And when I say “delete what’s on your site,” I mean everything. The exploits I have seen are infecting files in unrelated directories; every PHP file is getting damaged.
If you don’t have a good backup, you should install the latest Zen Cart and install your mods and template by hand.
Before you install your backup (or a fresh download), here is what you need to do locally to your files. This will become your new backup site.
- Install all of the security patches.
- One of these patches had as a substep, “rename your admin directory.” Have you done this? YOU MUST DO THIS. Here are step by step changes for renaming your Zen Cart Admin Page.
- Check the permissions on all files and directories. My SysCheck utility for Zen Cart will help you do this. It’s a free download from my site.
Once you’re ready to install, check your PC for viruses. You may have a trojan or a keylogger that’s capturing passwords running on your PC. Then (and only then!) do these things:
- Change your CPanel password.
- Change your database password (from your hosting control panel – cPanel or some similar system). Then put this new password in includes/configure.php and YOUR-ADMIN/includes/configure.php.
- Change your FTP password.
- Install your files
- Add .htaccess protection to your new admin directory from your control panel.
- Go into your admin panel, and go to tools/admin settings. Make sure there aren’t any extra admin accounts. Change the passwords on all admin accounts.
- Re-run SysCheck (you installed it, right?) to double-check your installation.
The question of whether running phpSuExec is better is often asked. I do have a preference for phpSuExec because it means you don’t have to leave your images directory open (permissions 777). But the I prefer PHP as an Apache module with all the fixes above to phpSuExec without them. The real issue is generally whether you have applied patches and security recommendations and kept up to date, not whether you are using mod PHP or phpSuExec; I have seen both types of servers attacked.
If you are running osCommerce instead of Zen Cart, the steps and recommendations are similar. There is also a SysCheck for osCommerce.
I have just uploaded the Better Together module for Prestashop contribution. This is the first external discounting module for PrestaShop. Like Better Together for osCommerce and Zen Cart, it allows you to create “Buy X get Y at a discount (possibly free)” type offers using special Better Together commands. I hope people find it useful!
The default sort order for PrestaShop CMS pages is the creation order. Sometimes this is not what is desired, so I added a PrestaShop CMS Sort Order Mod.
I modified my Zen Cart tips on adding boilerplate to make them applicable to osCommerce. Here they are: Boilerplate text in Description field, and Using files containing boilerplate text in Description field.