• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[split] Shopping Cart?

#1
Hi I'm reading the documentation and it said that de CI Shoping cart library is depracated, so what I have to use instead of the Cart library from CI???



I did three projects before in CI but never a shop.

Thank you very much.
Reply

#2
There are a number of third party open source or commercial shopping carts, most of which are superior to and easier to use than the simplistic one that came from CodeIgniter 2 ... that's why our has been deprecated and will be removed from the framework.

A google search will reveal bunches, and hopefully the community can comment on ones that they have used successfully.
Reply

#3
Thank you ! I am reading about OpenCart, but I need to get the data from other database through an API (restaurant SW) and I thought CI was the best option. Can you use Opencart with CI?
Reply

#4
I wouldn't use OpenCart.

https://twitter.com/DEYCrypt/status/690835882602012672
Reply

#5
(01-26-2016, 06:18 AM)Narf Wrote: I wouldn't use OpenCart.

https://twitter.com/DEYCrypt/status/690835882602012672

Thanks for the advide, I think I will use the Cart Library with modifications, I know it's depracated but it's better than do my own Library Cart.
 I just need a cart to insert products and quantities.
Reply

#6
I got curious Smile about why is that criticism on OpenCart, does it have ground.

I briefly had a look at their repository at GitHub:

1.

https://github.com/opencart/opencart/blo...yption.php

MCRYPT_MODE_ECB (ECB) is what scratches eyes: https://en.wikipedia.org/wiki/Block_ciph..._operation

2.

https://github.com/opencart/opencart/blo...t/user.php

This thing smells:

Code:
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");

Aparently there is an attempt md5 hashes to be replaced with an alternative way, but it is self-invented.

-------

This is what I saw for 15 minutes. I think, the guys that are alarming are correct.
Reply

#7
You should know I wouldn't judge other projects based on a stranger's tweet. Smile

But that they currently have insecure pieces of code isn't the problem - even if the code was written by a security expert, it's years-old and security practices get updated regularly, of course somebody is going to find some weakness at some point.

The problem is that they refuse to fix vulnerabilities when reported and security researchers are met with extreme hostility for no obvious reason. It's not like I haven't been accused of acting hostile at times, but if you think I'm bad, you should see that Daniel Kerr guy, lol.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.