[split] Shopping Cart? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Choosing CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=8) +--- Thread: [split] Shopping Cart? (/showthread.php?tid=64189) |
[split] Shopping Cart? - davor - 01-25-2016 Hi I'm reading the documentation and it said that de CI Shoping cart library is depracated, so what I have to use instead of the Cart library from CI??? I did three projects before in CI but never a shop. Thank you very much. RE: [split] Shopping Cart? - ciadmin - 01-25-2016 There are a number of third party open source or commercial shopping carts, most of which are superior to and easier to use than the simplistic one that came from CodeIgniter 2 ... that's why our has been deprecated and will be removed from the framework. A google search will reveal bunches, and hopefully the community can comment on ones that they have used successfully. RE: [split] Shopping Cart? - davor - 01-26-2016 Thank you ! I am reading about OpenCart, but I need to get the data from other database through an API (restaurant SW) and I thought CI was the best option. Can you use Opencart with CI? RE: [split] Shopping Cart? - Narf - 01-26-2016 I wouldn't use OpenCart. https://twitter.com/DEYCrypt/status/690835882602012672 RE: [split] Shopping Cart? - davor - 01-26-2016 (01-26-2016, 06:18 AM)Narf Wrote: I wouldn't use OpenCart. Thanks for the advide, I think I will use the Cart Library with modifications, I know it's depracated but it's better than do my own Library Cart. I just need a cart to insert products and quantities. RE: [split] Shopping Cart? - ivantcholakov - 01-26-2016 I got curious about why is that criticism on OpenCart, does it have ground. I briefly had a look at their repository at GitHub: 1. https://github.com/opencart/opencart/blob/2.2.0.0_a1/upload/system/library/encryption.php MCRYPT_MODE_ECB (ECB) is what scratches eyes: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation 2. https://github.com/opencart/opencart/blob/2.2.0.0_a1/upload/system/library/cart/user.php This thing smells: Code: $user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'"); Aparently there is an attempt md5 hashes to be replaced with an alternative way, but it is self-invented. ------- This is what I saw for 15 minutes. I think, the guys that are alarming are correct. RE: [split] Shopping Cart? - Narf - 01-26-2016 You should know I wouldn't judge other projects based on a stranger's tweet. But that they currently have insecure pieces of code isn't the problem - even if the code was written by a security expert, it's years-old and security practices get updated regularly, of course somebody is going to find some weakness at some point. The problem is that they refuse to fix vulnerabilities when reported and security researchers are met with extreme hostility for no obvious reason. It's not like I haven't been accused of acting hostile at times, but if you think I'm bad, you should see that Daniel Kerr guy, lol. |