Please make sure your passwords match magento 1.9.1.0

Problem

Well this is a common problem that is encountered in Magento 1.9.1.0. When a User registers (doesn’t matter if its during checkout or from the Create an Account link) the user keeps getting the password mismatch error even though the password is re-entered correctly.

Reason

The validation method was changed in v1.9.1.

Earlier: $confirmation = $this->getConfirmation();

Now: $confirmation = $this->getPasswordConfirmation();

So the children of class Mage_Customer_Model_Customer should use getPasswordConfirmation() instead of getConfirmation()

Solution

Go to file app/code/core/Mage/Customer/Model/Customer.php

Find the below code : $confirmation = $this->getPasswordConfirmation();
Change this to : $confirmation = $this->getConfirmation();

If this still doesn’t work then add it to a condition mentioned below

if(Mage::app()->getFrontController()->getRequest()->getModuleName() == ‘onepagecheckout’){
$confirmation = $this->getConfirmation();
}else{
$confirmation = $this->getPasswordConfirmation();
}

Reference Validation Links

https://github.com/speedupmate/Magento-CE-Mirror/blame/master/app/code/core/Mage/Customer/Model/Customer.php#L841

https://github.com/speedupmate/Magento-CE-Mirror/commits/magento-ce-1.9.1.0/app/code/core/Mage/Customer/Model/Customer.php

Feel free to reach us if you still face this issue.

How to install Magento patch SUPEE-5994?

Recently Magento released the critical Shoplift bug which we successfully patched over 80 stores. Yesterday Magento has issued another important Security patch  which is named as SUPEE-5994. Please note that this patch should be installed in addition to the recent Shoplift patch (SUPEE-5344).

According to the press release of Magento, SUPEE-5994 is a bundle of seven patches that resolves the following security-related issues. The patch can be downloaded from the Magento Community Downloads page.

  • ClosedAdmin Path Disclosure
  • ClosedCustomer Address Leak through Checkout
  • ClosedCustomer Information Leak through Recurring Profile
  • ClosedLocal File Path Disclosure Using Media Cache
  • ClosedSpreadsheet Formula Injection
  • ClosedCross-site Scripting Using Authorize.Net Direct Post Module
  • ClosedMalicious Package Can Overwrite System Files

The patch has to be applied the same way  Shoplift patch was applied. You need to first find the version of your Magento. Then download the respective SSH patch from magento download page. Upload the patch file respective to your version on Magento root directory.

Now using SSH, run the command and you should get a successful completion message. Here is how it sill look.

$ bash ./patch_file_name.sh
Checking if patch can be applied/reverted successfully…
Patch was applied/reverted successfully.

In case if you find any difficulty, Purchase our Service to get your Magento Store secured now. We shall do this upgrade for your  Magento Store to help you secure it.

Magento Critical Security Patch SUPEE-5994

Just two weeks after Magento raised alarm about the Shoplift bug, it has again issues another Critical update called “SUPEE-5994” yesterday. According to Magento’s official website, SUPEE-5994 – This patch addresses multiple security vulnerabilities in Magento Community Edition software, including issues that can put customer information at risk.

We will be investigating more on this today. Please feel free to reach us if your store needs an urgent patch immediately. We updated over 80 stores successfully for Shoplift bug even without SSH access.

We will be updating the post with the methods on how this patch has to be applied.

How to install Magento patch SUPEE-5994

Purchase our Service to get your Magento Store secured now.

Woocommerce Advance Request A Quote Plugin

The “WooCommerce Advance Request a Quote” allows your woocommerce store customers/visitors to raise a simple quote on any product that they are interested to purchase. The quote goes to the admin of the store. This plugin is aimed to help any WooCommerce store to have more sales. In order to help increase sales, the plugin offers a functionality to have both “Add to Cart” as well as “Request a Quote” at the same time on the store. The plugin also allows the customer to bargain for the quote that the admin sends to them which is the unique thing that the plugin offers. This helps in having better sales and loyalty on the store.

Benefits of the WooCommerce Advance Request a Quote plugin

  • The Customize URL for the Quote List Page.
  • Automatic Creation of product Order.
  • Simple to show or hide Price columns.
  • At individual / category product level, Simple to hide or show Add to Cart button or add to Quote.
  • Higher Flexibility in order to customize the template of email.
  • Simple to hide Price on the Product and Shop Pages.
  • Simple to customize the button look.
  • Simple to show total number of the items in the added list.
  • In the request form, it allows you to give high flexibility in remove or add fields.
  • 100% customizable
  • Fully responsive

Envision Ecommerce has always focused on helping the store owners with their unique concept that helps increase their sales and revenue. Woocommerce Advance Request a Quote plugin is perfect for rental stores, offering custom services from the shopper being able to get a quote. Shoppers add the interested items into their cart list and their product list is sent to the store admin along with an optional short message, the customer email address and name. The admin then is able to send the customer a quote and the customer can bargain back if required. If the customer is okay with the quote, admin can directly create a cart link where the customer can pay.

The extension is also available on Codecanyon. Incase if you need any more details, please feel free to Contact Us or raise a ticket on our helpdesk.

visit-envision-extension-page

How to apply Magento patch SUPEE-1533 and SUPEE-5344 without SSH

We all know by now that around 30% Ecommerce portals globally are now using Magento framework. This increased number shows the potential this framework carries. But the same strongest platform recently announced a major security patch a serious vulnerability “SUPEE-5344 and SUPEE-1533” code named as Shoplift. We have been posting about the bug since the day it was discovered in our posts “Shoplift bug :: Is your Magento shop vulnerable to it(SUPEE-5344)?” , “Have you patched your Magento for shoplift?” & “Magento Shoplift Security Update, haven’t done yet?” .

Why so Serious?

The heading reminds of a Batman movie :). Well, this particular vulnerability was detected by Netanel Rubin who said that it allowed hackers to access the store admin rights which can help them be the store admin. Every aspect of store admin user role can be accessed thought this hole. The data that hacker take from the store can be used any way they want which was the end for a store.

How do I Fix it?

magento-securityWe have posted one solution which was based on SSH based Patch update in our post the day it first surfaced. The method needed technical expertise and server root level access. This method required developers assistance and precise implementation else could result to bigger trouble.

Today, we are sharing with you all an easy way to do it. The FTP way which almost all the developers will love to use. The reason for sharing this method is to help  the community overall to update their store quickly and be safe from the possible security threat.

How to apply Magento patch SUPEE-1533 and SUPEE-5344 with FTP?

We applied the patch successfully on some 40+ store successfully. Out of curiosity, we checked and found that the patches SUPEE 1533 and SUPEE 5344 when applied, mainly affected following 7 files of magento core system collectively.

Changes affecting after patch SUPEE 1533:

• app/code/core/Mage/Adminhtml/Block/Dashboard/Graph.php
• app/code/core/Mage/Adminhtml/controllers/DashboardController.php

Changes affecting after patch SUPEE 5344:

• app/code/core/Mage/Admin/Model/Observer.php
• app/code/core/Mage/Core/Controller/Request/Http.php
• app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php
• app/code/core/Mage/XmlConnect/Model/Observer.php
• lib/Varien/Db/Adapter/Pdo/Mysql.php

We then tried to create a solution so that someone without a SSH access(which is very common these days due to website being mostly on shared servers) can also update the Magento store for the patch.

The steps to follow are as follow :

– Backup your Magento Store
– Download the zip files for the patch SUPEE-1533 and SUPEE-5344
– Unzip both the downloaded files and upload it to your magento root directory
– And, you are done. Congrats the Urgent critical security patch is applied.

Did it really happen?

We understand that after all the terror floating around, you will want to be extra sure that the above mentioned steps worked for your store or not. Well you can check if your Magento store is patched or not by going to this link and putting your Magento store URL on https://shoplift.byte.nl/ or http://magento.com/security-patch

The second way to check is by going to these locations mentioned above and see if the files are changed or not.

If still it says, the store is not safe, contact us and we will ensure to help you fix it. We have a list of happy customers already.

Purchase our Service to get your Magento Store secured now.

Magento Shoplift Security Update, haven’t done yet?

Magento has been issuing regular warning by all the way possible. It has posted message over Magento Connect account Profile for all the developers to be aware about it. The reason they are so furious about the update and want people to know and update their store is that this security threat can lead your store go into the hands of hackers. They can take full control of your store. We have already posted about it in details in our posts earlier, Shoplift bug :: Is your Magento shop vulnerable to it(SUPEE-5344)?  & Have you patched your Magento for shoplift? .

Contact Envision Ecommerce if you have still not updated your store for this patch. Purchase our Service to get your Magento Store secured now.