Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Cart 4.5.5 released

 
Closed Thread
   X-Cart forums > News and Announcements
 
Thread Tools
  #41  
Old 02-14-2013, 07:31 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: X-Cart 4.5.5 released

PS -- if the "can't login as admin" after the upgrade is related to the "no more simple admin passwords" - so called improvement, and if X-Cart released this installer without a way to workaround or bypass a simple admin password, then the installer MUST be pulled and changed so that there is NO WAY the installer can run if the admin password is "simple". The installer must give the admin an opportunity to create a new password to avoid this mess. You would think?
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
  #42  
Old 02-14-2013, 07:34 AM
 
aim aim is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 928
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by kevinrm
I did that through my store, everything seemed to patch fine but when it was done it logged out and I could never log back in. If I looked at the database version it still showed 4.5.4 but the files were 4.5.5. So tried to figure out a way to manually upgrade the database, patched it but no, it still wouldn't work. You could log in as a customer but not as admin.

I finally threw in the towel, I figure I wasted a good 15 hours on it, plus $139 on a "hot rush" ticket which did basically nothing. Not real thrilled with this experience.

I see at least one other guy having the same problem on other threads so perhaps it's not just me.

When upgrading from X-Cart versions 4.5.4 or earlier to an X-Cart version 4.5.5 or later, one important feature of the upgrade process is that the file config.php has to be patched successfully. Otherwise the shop will not work after the upgrade.
If at the first step of the upgrade process you got an error notification regarding the file config.php, the error needs to be corrected before you proceed with the upgrade.
You can fix the problem as follows:
1) Temporarily remove any customizations you might have made to config.php.
2) Apply the upgrade/4.5.x-4.5.5/config.php.diff patch to your store manually (For more information, see http://help.x-cart.com/index.php?title=X-Cart:To_apply_a_patch_manually)
3) Obtain a new X-Cart 4.5.5 distribution pack and carefully transfer the changes from the config.php file contained in this distribution pack to the config.php in your store using a visual diff tool for file comparison like vimdiff. In transferring the changes you should be guided by upgrade/4.5.x-4.5.5/config.php.diff.
You can then go back to the first step of the upgrade process.


Could you provide us with your
var/upgrade/4.5.4-4.5.5/patch.log file ?
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
  #43  
Old 02-14-2013, 07:39 AM
 
vladimir.gritsenko vladimir.gritsenko is offline
 

X-Cart team
  
Join Date: Aug 2005
Posts: 202
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by carpeperdiem
Vladimir,

There is a basic flaw in your argument:

- the admin password shouldn't even MATTER to an xcart admin. It may as well be "password" - why? Because any store that actually wants to have a secure admin is also going to use at least 2 other modes of admin security:

1. https password
2. IP restriction

Once you have #1 and #2 in place, the admin password is kinda irrelevant.

Let me reply you here. I am Vladimir also

You mentioned HTTPS but it's not about protecting weak passwords, it's about protecting any password than may be sniffed if send in pain text via HTTP. So it's recommended to use it in any case.

As for IP restriction, it's a good idea (and it's already implemented at many levels in X-Cart; search for "user access control", "protected mode" at help.x-cart.com) but it won't work in some cases (e.g. frequently changing IP address for a very same user/connection) so there is a high probability that a merchant will disable this feature and will give a hacker a good chance of accessing his store admin back-end if a weak password is used.

Overall, when speaking about security, especailly in ecommerce where there is a real chance of being fined by VISA or even sued, nothing is superfluous. And since X-Cart is an ecommerce platform with thousands of clients, we lawfully supposed it's a good idea to be a little bit paranoid.

By the way, for now X-Cart is one of the most secured carts on market.



Quote:
Originally Posted by carpeperdiem
Was there a sudden demand from xcart customers for this change?
Was there a need for this because weak passwords were compromising xcart stores?

Absolutely.



Quote:
Originally Posted by carpeperdiem
My daughter does this kind of stuff when she doesn't want to clean her room. She'll do every possible thing except clean her freaking room.

We need x-cart engineering to squash bugs. We do not need new features. Please?

I understand your frustration and there may be a separate thread for this in Rants and Raves but when it comes to security we treat it very seriously. And it's not about doing things we like to do, it's about doing things we must do with the highest priority.
__________________
Sincerely yours,
Vladimir Gritsenko
VP Marketing @ X-Cart
  #44  
Old 02-14-2013, 07:42 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by cflsystems
You do know it is not mandatory to upgrade every time new version is out

AH - yes, but....


If we want to use x-payments 1.0.6 that apparently has been fixed, we must also take the rest of the store to 4.5.5 (even though many patches were made to fix 4.5.4 bugs).

This is going to be a week+ project -- my kids are off school monday/tuesday and I am not working for a few days! Yeah!
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
  #45  
Old 02-14-2013, 09:22 AM
  cherie's Avatar 
cherie cherie is offline
 

X-Wizard
  
Join Date: May 2003
Location: USA
Posts: 1,534
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by aim
When upgrading from X-Cart versions 4.5.4 or earlier to an X-Cart version 4.5.5 or later, one important feature of the upgrade process is that the file config.php has to be patched successfully. Otherwise the shop will not work after the upgrade.
  1. The upgrader should deal with this and the admin password issue automatically
  2. The Upgrade Notes and the pre-patch warnings on the screen do not but should mention this and the admin password issue
  3. There is no provision to continue an upgrade if something doesn't go quite right
__________________
redlimeweb.com
custom mods and design integration
4.7 linux

The following user thanks cherie for this useful post:
aim (02-15-2013)
  #46  
Old 02-14-2013, 11:02 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: X-Cart 4.5.5 released

From a few posts here - I must say:

Why are you upgrading live store with new version that was just released, no feedback on it yet, it features new futures (not only bug fixes) so it is almost 100% that there will be either bugs or hickups or something not working...

Go back to your working 4.5.4 store. Upgrade to 4.5.5 on a dev copy

It is QTs fault to release buggy upgrade but it is your fault that it broke your live store... Sorry....
__________________
Steve Stoyanov
CFLSystems.com
Web Development
  #47  
Old 02-14-2013, 11:44 AM
  cherie's Avatar 
cherie cherie is offline
 

X-Wizard
  
Join Date: May 2003
Location: USA
Posts: 1,534
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by cflsystems
From a few posts here - I must say:
Who are you addressing?
__________________
redlimeweb.com
custom mods and design integration
4.7 linux
  #48  
Old 02-14-2013, 11:52 AM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 14,190
 

Default Re: X-Cart 4.5.5 released

kevinrm
__________________
Steve Stoyanov
CFLSystems.com
Web Development
  #49  
Old 02-14-2013, 08:12 PM
 
kevinrm kevinrm is offline
 

X-Wizard
  
Join Date: Aug 2003
Posts: 1,003
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by aim
When upgrading from X-Cart versions 4.5.4 or earlier to an X-Cart version 4.5.5 or later, one important feature of the upgrade process is that the file config.php has to be patched successfully. Otherwise the shop will not work after the upgrade.

Could you provide us with your
var/upgrade/4.5.4-4.5.5/patch.log file ?

There was no problem with the config.php file, it patched successfully.

The first time I tried to run it, I found about 10 files that were not stock so I went back and replaced those with stock 4.5.4 files in order to proceed with the upgrade smoothly, I planned to modify them again after the upgrade. Ran the upgrade again. The only file that could not be patched was the currencies.php file because for some reason that file is not located in the standard download of x-cart 4.5.4.

Attached (zipped) is the patch log.
Attached Files
File Type: zip patch.log.txt.zip (51.4 KB, 1 views)
__________________
X-Cart 5.4.1.39 Live
PHP 7.4.33
5.5.5-10.3.38-MariaDB MariaDB
Apache 2.4
CENTOS 7.8 64Bit Single Quad-Core E3-1241v3 3.4Ghz 8M 1600 w/ HT
32GB RAM 2x 512GB Samsung 850 Pro SSD RAID 1

The following user thanks kevinrm for this useful post:
aim (02-15-2013)
  #50  
Old 02-14-2013, 11:08 PM
  random's Avatar 
random random is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 79
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by carpeperdiem
We learned that admin passwords can no longer be "simple". So it's probably best to change them before the upgrade.

Actually, if admin had "simple" password before upgrade he should be able to use it successfully after upgrade.
However, it can be changed only to "strong" password and we strongly recommend to do this after upgrade.

Quote:
Originally Posted by kevinrm
I did that through my store, everything seemed to patch fine but when it was done it logged out and I could never log back in. If I looked at the database version it still showed 4.5.4 but the files were 4.5.5. So tried to figure out a way to manually upgrade the database, patched it but no, it still wouldn't work. You could log in as a customer but not as admin.

Regarding the issue with inability to log in after upgrade - it can be caused only by incorrectly performed upgrade.
It may happen due to different reasons - manual apply, highly cusmozied store, etc.
We've also found out that unticking "Tick here to continue upgrading regardless of the found problems" checkbox may solve the problem. Please try it.

Meanwhile, we are now working on the new upgrade pack which should also solve these issues. It will be released soon.
__________________
Sincerely yours,
Vladimir Petrov
Senior X-Payments Developer
Closed Thread
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 01:49 AM.

   

 
X-Cart forums © 2001-2020