Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

X-Cart 4.5.5 released

 
Closed Thread
   X-Cart forums > News and Announcements
 
Thread Tools
  #31  
Old 02-14-2013, 04:45 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by random
This is a part of security improvements introduced in 4.5.5.
"Weak" passwords are not suitable for admin/provider accounts now

Vladimir,

There is a basic flaw in your argument:

- the admin password shouldn't even MATTER to an xcart admin. It may as well be "password" - why? Because any store that actually wants to have a secure admin is also going to use at least 2 other modes of admin security:

1. https password
2. IP restriction

Once you have #1 and #2 in place, the admin password is kinda irrelevant.

Was there a sudden demand from xcart customers for this change?
Was there a need for this because weak passwords were compromising xcart stores?

My daughter does this kind of stuff when she doesn't want to clean her room. She'll do every possible thing except clean her freaking room.

We need x-cart engineering to squash bugs. We do not need new features. Please?
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4
  #32  
Old 02-14-2013, 06:11 AM
 
kevinrm kevinrm is offline
 

X-Wizard
  
Join Date: Aug 2003
Posts: 1,003
 

Default Re: X-Cart 4.5.5 released

They tell me to downgrade, then upgrade carefully. I have done in now twice. I do that and it appears to upgrade, then logs me out and I can't log back in. The database still shows 4.5.4 even though I manually applied the patch.

I'm about to pull out my hair with this, they're not really helping me at all, just giving me suggestions. WTF!?!?! I've never had anything like this, nor have I ever seen them so hands off, even after paying for a hot rush. I guess I'm on my own here!
__________________
X-Cart 5.4.1.39 Live
PHP 7.4.33
5.5.5-10.3.38-MariaDB MariaDB
Apache 2.4
CENTOS 7.8 64Bit Single Quad-Core E3-1241v3 3.4Ghz 8M 1600 w/ HT
32GB RAM 2x 512GB Samsung 850 Pro SSD RAID 1
  #33  
Old 02-14-2013, 06:18 AM
  ADDISON's Avatar 
ADDISON ADDISON is offline
 

X-Man
  
Join Date: Jan 2008
Posts: 2,613
 

Default Re: X-Cart 4.5.5 released

Upgrading XC was a nightmare from the very beginning. Especially when you do custom work too much. Please use a test server before uploading new versions over your functional one. When you do the job and everything works as expected make a backup of your online version and put it o a CD/DVD/...

Your rage comes from your mind, you just let us know you are loosing money already. Just relax, put your 4.5.4 back as it was before and start upgrading on a work/test version.

Quote:
Originally Posted by kevinrm
They tell me to downgrade, then upgrade carefully. I have done in now twice. I do that and it appears to upgrade, then logs me out and I can't log back in. The database still shows 4.5.4 even though I manually applied the patch.

I'm about to pull out my hair with this, they're not really helping me at all, just giving me suggestions. WTF!?!?! I've never had anything like this, nor have I ever seen them so hands off, even after paying for a hot rush. I guess I'm on my own here!
__________________
X-Cart Next: Business 5.2 (learning and testing)
X-Cart Classic: Gold and Gold Plus 4.7
Lots of Modules and Customizations
OS in use: Red Hat Enterprise, Fedora, CentOS, Debian, Ubuntu, Linux Mint, Kali Linux
Ideas for Server configuration (basicaly): Nginx/Pound (reverse proxy), Apache/Nginx (webserver), Squid/Varnish (cache server), HHVM or (PHP-FPM + PHP 5.6 + opcache), MariaDB/Percona MySQL Server, Redis (storing sessions)

You can catch my ideas here: http://ideas.x-cart.com
  #34  
Old 02-14-2013, 06:22 AM
  RichieRich's Avatar 
RichieRich RichieRich is offline
 

X-Adept
  
Join Date: Sep 2004
Location: London, England
Posts: 750
 

Default Re: X-Cart 4.5.5 released

looks like i will make a full working backup before even touching the upgrade with a barge pole...
__________________
Richard


Ultimate 5.4 testing
  #35  
Old 02-14-2013, 06:30 AM
  ADDISON's Avatar 
ADDISON ADDISON is offline
 

X-Man
  
Join Date: Jan 2008
Posts: 2,613
 

Default Re: X-Cart 4.5.5 released

Just an advice, even it could eat too much time. Every time a new release is coming, I prefer to install it than upgrading. Then customize it according to my notes I already have in text files. Generally it takes 2 days, but nothing wrong is going with automatically patching. DB is intact, files the same, no pull out of the hair. Yes, XC upgrade is difficult to do, especially when you did lot of customization, modules, and so on.
__________________
X-Cart Next: Business 5.2 (learning and testing)
X-Cart Classic: Gold and Gold Plus 4.7
Lots of Modules and Customizations
OS in use: Red Hat Enterprise, Fedora, CentOS, Debian, Ubuntu, Linux Mint, Kali Linux
Ideas for Server configuration (basicaly): Nginx/Pound (reverse proxy), Apache/Nginx (webserver), Squid/Varnish (cache server), HHVM or (PHP-FPM + PHP 5.6 + opcache), MariaDB/Percona MySQL Server, Redis (storing sessions)

You can catch my ideas here: http://ideas.x-cart.com
  #36  
Old 02-14-2013, 06:54 AM
 
aim aim is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 928
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by kevinrm
Could anyone here with a working copy of 4.5.5 please take a look at their "xcart_xauth_user_ids" table and see the structure? Mine only shows 5 columns, does yours have more?

Really not please here....


[14-Feb-2013 20:50:45] SQL error:

SQL query : SELECT xcart_xauth_user_ids.auth_id, xcart_xauth_user_ids.id, xcart_xauth_user_ids.identifier, xcart_xauth_user_ids.provider, xcart_xauth_user_ids.service, xcart_customers.usertype, xcart_xauth_user_ids.signature FROM xcart_customers INNER JOIN xcart_xauth_user_ids ON xcart_customers.id=xcart_xauth_user_ids.id AND xcart_customers.usertype IN ('A','P')
Error code : 1054
Description : Unknown column 'xcart_xauth_user_ids.signature' in 'field list'
Request URI: /admin/home.php?keep_https=yes
Backtrace:
/home/ocha/public_html/include/func/func.db.php:309
/home/ocha/public_html/include/func/func.db.php:209
/home/ocha/public_html/include/func/func.db.php:489
/home/ocha/public_html/include/func/func.security.php:77
/home/ocha/public_html/admin/auth.php:105
/home/ocha/public_html/admin/home.php:44

It seems your Social login module was not upgraded.

Check if you have the following lines in your
var/upgrade/4.5.4-4.5.5/patch.log file

Code:
File xauth_return_rpx.php successfully patched SQL PATCH: ``patch.sql'' applied successfully SQL PATCH: ``patch_XAuth.sql'' applied successfully <font color="green">The database was successfully patched !</font> Converting the xcart_customers structure ... Converting the xcart_config structure ... Converting the xcart_xauth_user_ids structure ... Converting the xcart_ppa structure ... AFTER-PATCH was applied successfully. Updating DB version info.
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
  #37  
Old 02-14-2013, 07:16 AM
 
aim aim is offline
Advanced Staff Users
 

X-Cart team
  
Join Date: Dec 2008
Posts: 928
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by kevinrm
They tell me to downgrade, then upgrade carefully. I have done in now twice. I do that and it appears to upgrade, then logs me out and I can't log back in. The database still shows 4.5.4 even though I manually applied the patch.


There are no SQL query like
UPDATE xcart_config SET `value` = "4.5.5" WHERE `name` = "version";
in the patch.sql file

You have to use the usual Patch/Upgrade center to upgrade your store.
__________________
Sincerely yours,
Ildar Amankulov
Head of Maintenance group
  #38  
Old 02-14-2013, 07:24 AM
 
jillsybte jillsybte is offline
 

eXpert
  
Join Date: Jun 2006
Location: New York, USA
Posts: 389
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by ADDISON
Just an advice, even it could eat too much time. Every time a new release is coming, I prefer to install it than upgrading. Then customize it according to my notes I already have in text files. Generally it takes 2 days, but nothing wrong is going with automatically patching. DB is intact, files the same, no pull out of the hair. Yes, XC upgrade is difficult to do, especially when you did lot of customization, modules, and so on.

This is what I prefer as well. I always keep a detailed changelog so I can go back and repeat changes I have made. I just feel better doing a clean install rather than trying to patch/upgrade. I see so many users reporting all sorts of nightmares when they patch/upgrade. I just like to start fresh. It does take more time, though, and has caused me several "false starts."
__________________
X-Cart Gold 4.1.8 (Live)
BCSE Shipping Estimator for FLC Mod
BCSE Shipping Methods per Product Mod
BCSE Customer Review Management Mod
BCSE Catalog Order Form Mod
X-Cart Gold 4.5.2 (Building/Testing)
USA
  #39  
Old 02-14-2013, 07:26 AM
 
kevinrm kevinrm is offline
 

X-Wizard
  
Join Date: Aug 2003
Posts: 1,003
 

Default Re: X-Cart 4.5.5 released

I did that through my store, everything seemed to patch fine but when it was done it logged out and I could never log back in. If I looked at the database version it still showed 4.5.4 but the files were 4.5.5. So tried to figure out a way to manually upgrade the database, patched it but no, it still wouldn't work. You could log in as a customer but not as admin.

I finally threw in the towel, I figure I wasted a good 15 hours on it, plus $139 on a "hot rush" ticket which did basically nothing. Not real thrilled with this experience.

I see at least one other guy having the same problem on other threads so perhaps it's not just me.
__________________
X-Cart 5.4.1.39 Live
PHP 7.4.33
5.5.5-10.3.38-MariaDB MariaDB
Apache 2.4
CENTOS 7.8 64Bit Single Quad-Core E3-1241v3 3.4Ghz 8M 1600 w/ HT
32GB RAM 2x 512GB Samsung 850 Pro SSD RAID 1
  #40  
Old 02-14-2013, 07:27 AM
 
carpeperdiem carpeperdiem is offline
 

X-Guru
  
Join Date: Jul 2006
Location: New York City, USA
Posts: 5,399
 

Default Re: X-Cart 4.5.5 released

Quote:
Originally Posted by kevinrm
They tell me to downgrade, then upgrade carefully. I have done in now twice. I do that and it appears to upgrade, then logs me out and I can't log back in. The database still shows 4.5.4 even though I manually applied the patch.

Kevin,

I can appreciate your frustration. I sure hope you are able to press a button and restore, to live another day?

Not that this will help you if you didn't do that -- I always make a point of planning my upgrade strategy, and making a roadmap of the process before I even think about modifying a file.

http://forum.x-cart.com/showthread.php?t=66105

We learned that admin passwords can no longer be "simple". So it's probably best to change them before the upgrade.

I will add to the upgrade roadmap: install a virgin copy of 4.5.5 and play with it on a default database to see if there's anything interesting or surprises.

Another technique is to have the actual 4.5.5 files (virgin) available, use them in place of your patched files (edit file.lst to exclude these from the upgrade script).

YES -- there will be some files that need patching - but if you are careful and only working on a clone, you have very little to lose since you can simply walk away and try again.

I sure hope you are not working on a live store.
__________________
xcart 4.5.4 gold+ w/x-payments 1.0.6; xcart gold 4.4.4

The following user thanks carpeperdiem for this useful post:
ambal (02-20-2013)
Closed Thread
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 09:28 AM.

   

 
X-Cart forums © 2001-2020