Mailing List Archive

:-) great job guys. Thanks

Il 08/08/2015 02:10, Josh Lavin ha scritto:
> Greetings,
>
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.
>
> If you weren't aware, Strap is a new template for IC 5.x, which is
> completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> and includes several improvements, such as SEO-friendly results,
> better gift certs, checkout with usability features, etc (see more in
> the link below).
>
> In preparation for replacing the old "standard" template for IC, I could
> use some help in reviewing the "strap" template, to ensure it is ready
> for prime-time.
>
> You will find it here:
> https://github.com/jdigory/strap
>
> If you would be so kind as to clone the repository to a recent install
> of Interchange (5.8.1 or better), and follow the instructions in the
> README, that would be wonderful.
>
> Let me know if you run into any issues...
>
> Thanks,
> Josh

--
"Fino alla bara sinpara"
"Up to demise we rize"

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 10, 2015, 8:26 AM

Post #3 of 39 (9126 views)

Quoting Josh Lavin (jlavin@endpoint.com):
> Greetings,
>
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.

I have updated the demo site here:

http://demo.perusion.com/i/strap/

> If you weren't aware, Strap is a new template for IC 5.x, which is
> completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> and includes several improvements, such as SEO-friendly results,
> better gift certs, checkout with usability features, etc (see more in
> the link below).
>
> In preparation for replacing the old "standard" template for IC, I could
> use some help in reviewing the "strap" template, to ensure it is ready
> for prime-time.
>
> You will find it here:
> https://github.com/jdigory/strap
>
> If you would be so kind as to clone the repository to a recent install
> of Interchange (5.8.1 or better), and follow the instructions in the
> README, that would be wonderful.
>
> Let me know if you run into any issues...
>
> Thanks,
> Josh
> --
> Josh Lavin
> End Point Corporation
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

db at m-and-d

Aug 11, 2015, 5:35 AM

Post #4 of 39 (9120 views)

> Quoting Josh Lavin (jlavin at endpoint.com):
>> Greetings,
>>
>> The "Strap" template which Greg Hanson and I have been working on for a
>> couple years now has been updated to Bootstrap 3.x latest.
>
> I have updated the demo site here:
>
> http://demo.perusion.com/i/strap/

Hi Josh - the demo looks pretty nice and I'll give it another try. I
wasn't able to access the admin however. I wanted to see how the mobile
detection works if mv_add_dot_html is set to yes. You may recall I had
issues with that when I tested previously. I was able to make it work by
hacking up the code but I like to use as-distributed code when possible.
Might you have time to test that on your live demo?

DB

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 11, 2015, 11:24 AM

Post #5 of 39 (9112 views)

Quoting DB (db@m-and-d.com):
> > Quoting Josh Lavin (jlavin at endpoint.com):
> >> Greetings,
> >>
> >> The "Strap" template which Greg Hanson and I have been working on for a
> >> couple years now has been updated to Bootstrap 3.x latest.
> >
> > I have updated the demo site here:
> >
> > http://demo.perusion.com/i/strap/
>
> Hi Josh - the demo looks pretty nice and I'll give it another try. I
> wasn't able to access the admin however. I wanted to see how the
> mobile detection works if mv_add_dot_html is set to yes. You may
> recall I had issues with that when I tested previously. I was able
> to make it work by hacking up the code but I like to use as-
> distributed code when possible. Might you have time to test that on
> your live demo?

The demo site above doesn't have a publicly-accessible admin. Feel free
to try it out on your own install, but the [is-mobile] tag isn't
distributed with Strap.

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 11, 2015, 2:23 PM

Post #6 of 39 (9117 views)

Quoting Josh Lavin (jlavin@endpoint.com):
>
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.

I've re-enabled UTF-8 on Strap, since the only bug I can find is
mentioned in the README.

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

justinl at fragrancenet

Aug 12, 2015, 6:10 AM

Post #7 of 39 (9109 views)

The only issue I see with the demo store is a visual issue. At the media
query break point of 991px (medium grid size in boostrap parlance) and
below, the site goes to single column but honestly doesn't look too good.

I've attached a screenshot of what I'm talking about and added some
annotations to it. All suggestions should be taken with a grain of salt,
I'm no designer.

Quoting Josh Lavin

> I have updated the demo site here:
>
> http://demo.perusion.com/i/strap/

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 14, 2015, 1:59 PM

Post #8 of 39 (9082 views)

Quoting Justin La Sotten (justinl@fragrancenet.com):
> The only issue I see with the demo store is a visual issue. At the media
> query break point of 991px (medium grid size in boostrap parlance) and
> below, the site goes to single column but honestly doesn't look too good.
>
> I've attached a screenshot of what I'm talking about and added some
> annotations to it. All suggestions should be taken with a grain of salt,
> I'm no designer.

Thanks, Justin, for catching this. I've made some updates, so I think it
looks better on mobile now.

Git repo:
https://github.com/jdigory/strap

Demo site:
http://demo.perusion.com/i/strap/

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 14, 2015, 5:41 PM

Post #9 of 39 (9079 views)

Quoting Josh Lavin (jlavin@endpoint.com):
>
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.

One cool thing about Strap is you can easily update the theme to
whatever you can find that is based on Bootstrap. Here is a quick
example I did in less than an hour for Google's Material Design:

http://demo.perusion.com/i/strap_md/

It has a few rough edges, but I myself was impressed at how easy it was
to apply this. Courtesy of:
https://github.com/FezVrasta/bootstrap-material-design

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

db at m-and-d

Aug 15, 2015, 10:33 AM

Post #10 of 39 (9075 views)

> Quoting Josh Lavin (jlavin at endpoint.com):
>>
>> The "Strap" template which Greg Hanson and I have been working on for a
>> couple years now has been updated to Bootstrap 3.x latest.
>
> One cool thing about Strap is you can easily update the theme to
> whatever you can find that is based on Bootstrap. Here is a quick
> example I did in less than an hour for Google's Material Design:
>
> http://demo.perusion.com/i/strap_md/
>
> It has a few rough edges, but I myself was impressed at how easy it was
> to apply this. Courtesy of:
> https://github.com/FezVrasta/bootstrap-material-design
>
> --
> Josh Lavin
> End Point Corporation

Hi Josh. I installed your latest version and it's mostly working and
looks nice. One issue... when I log into the back end I see:

UI update appears to have been done and metadata has not been updated
for this catalog...

but when I try to merge I get:
Cannot merge metadata -- table mv_metadata_asc is missing.

I see the table mv_metadata in the back end and the file
products/mv_metadata.asc exists and contains stuff. Any thoughts what's
wrong?

DB

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 15, 2015, 12:19 PM

Post #11 of 39 (9071 views)

On Fri, 14 Aug 2015, Josh Lavin wrote:

> One cool thing about Strap is you can easily update the theme to
> whatever you can find that is based on Bootstrap. Here is a quick
> example I did in less than an hour for Google's Material Design:
>
> http://demo.perusion.com/i/strap_md/

Nice! Did you do that by replacing all the templating, or setting it up as
alternate styles like the Standard demo supported?

Jon

--
Jon Jensen
End Point Corporation
https://www.endpoint.com/

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

sbatschelet at mac

Aug 15, 2015, 12:43 PM

Post #12 of 39 (9075 views)

> On Aug 14, 2015, at 8:41 PM, Josh Lavin <jlavin@endpoint.com> wrote:
>
> Quoting Josh Lavin (jlavin@endpoint.com):
>>
>> The "Strap" template which Greg Hanson and I have been working on for a
>> couple years now has been updated to Bootstrap 3.x latest.
>
> One cool thing about Strap is you can easily update the theme to
> whatever you can find that is based on Bootstrap. Here is a quick
> example I did in less than an hour for Google's Material Design:
>
> http://demo.perusion.com/i/strap_md/
>

Josh,
Great work one thing I noticed in the mobile view was the product divs on say the homepage being different heights donâ€™t stack correctly and explode. To resolve this issue in other projects I have used https://github.com/PaulSpr/jQuery-Equal-Height-Columns. Here for example http://tinyurl.com/psfh4xo SysPete deployed it in the PerlDancer conference site and it works great maybe something to consider add? I hope you find this useful.

-Sam

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 15, 2015, 2:34 PM

Post #13 of 39 (9073 views)

Quoting Jon Jensen (jon@endpoint.com):
> On Fri, 14 Aug 2015, Josh Lavin wrote:
>
> >One cool thing about Strap is you can easily update the theme to whatever
> >you can find that is based on Bootstrap. Here is a quick example I did in
> >less than an hour for Google's Material Design:
> >
> >http://demo.perusion.com/i/strap_md/
>
> Nice! Did you do that by replacing all the templating, or setting it up as
> alternate styles like the Standard demo supported?

I changed variables/CSS and JS, but one could easily create alternate
template files to switch back and forth.

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 17, 2015, 7:23 AM

Post #14 of 39 (9056 views)

Quoting DB (db@m-and-d.com):
> > Quoting Josh Lavin (jlavin at endpoint.com):
> >>
> >> The "Strap" template which Greg Hanson and I have been working on for a
> >> couple years now has been updated to Bootstrap 3.x latest.
>
> Hi Josh. I installed your latest version and it's mostly working and
> looks nice. One issue... when I log into the back end I see:
>
> UI update appears to have been done and metadata has not been updated
> for this catalog...
>
> but when I try to merge I get:
> Cannot merge metadata -- table mv_metadata_asc is missing.
>
> I see the table mv_metadata in the back end and the file
> products/mv_metadata.asc exists and contains stuff. Any thoughts what's
> wrong?

It seems the now-hidden mv_metadata file throws off this admin page.
I've updated it to fix, and I've also updated the metadata version, so
we won't see this warning.

https://github.com/jdigory/strap

Thanks!

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Aug 17, 2015, 10:26 AM

Post #15 of 39 (9046 views)

Quoting Sam Batschelet (sbatschelet@mac.com):
>
> > On Aug 14, 2015, at 8:41 PM, Josh Lavin <jlavin@endpoint.com> wrote:
> >
> > Quoting Josh Lavin (jlavin@endpoint.com):
> >>
> >> The "Strap" template which Greg Hanson and I have been working on for a
> >> couple years now has been updated to Bootstrap 3.x latest.
> >
> > One cool thing about Strap is you can easily update the theme to
> > whatever you can find that is based on Bootstrap. Here is a quick
> > example I did in less than an hour for Google's Material Design:
> >
> > http://demo.perusion.com/i/strap_md/
>
> Great work one thing I noticed in the mobile view was the product divs
> on say the homepage being different heights donâ€™t stack correctly
> and explode. To resolve this issue in other projects I have used https://github.com/PaulSpr/jQuery-Equal-Height-
> Columns. Here for example http://tinyurl.com/psfh4xo SysPete deployed
> it in the PerlDancer conference site and it works great maybe
> something to consider add? I hope you find this useful.

Thanks, Sam. I've updated the project to use it:
https://github.com/jdigory/strap/commit/8efc191f4100a58eda06fa24006d23031cc66bb8

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

peter at pajamian

Oct 16, 2015, 7:04 PM

Post #16 of 39 (8728 views)

On 08/08/2015 12:10 PM, Josh Lavin wrote:
> The "Strap" template which Greg Hanson and I have been working on for a
> couple years now has been updated to Bootstrap 3.x latest.
>
> If you weren't aware, Strap is a new template for IC 5.x, which is
> completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> and includes several improvements, such as SEO-friendly results,
> better gift certs, checkout with usability features, etc (see more in
> the link below).
>
> In preparation for replacing the old "standard" template for IC, I could
> use some help in reviewing the "strap" template, to ensure it is ready
> for prime-time.

I just got around to having a look at some of the code for this and have
a couple of suggestions:

1. Customer and affiliate passwords should be encrypted with bcrypt,
not plain text. I think the time for allowing plain text storage of
passwords is long past and IC is perfectly capable of using the current
recommendation for this which is bcrypt.

2. Not a strap issue, but admin passwords should also be bcrypt now,
not old crypt.

To accommodate the above we may need to update KitchenSink to add the
modules needed for bcrypt, I'm not sure if they're in KitchenSink at the
moment or not. There may be a case for changing Bundle::Interchange, I
don't know.

I'll let you know if I come across anything else.

Peter

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Oct 16, 2015, 7:43 PM

Post #17 of 39 (8732 views)

On Sat, 17 Oct 2015, Peter wrote:

> 1. Customer and affiliate passwords should be encrypted with bcrypt,
> not plain text. I think the time for allowing plain text storage of
> passwords is long past and IC is perfectly capable of using the current
> recommendation for this which is bcrypt.
>
> 2. Not a strap issue, but admin passwords should also be bcrypt now,
> not old crypt.
>
> To accommodate the above we may need to update KitchenSink to add the
> modules needed for bcrypt, I'm not sure if they're in KitchenSink at the
> moment or not.

Good points, Peter.

They're not in either of the bundles now.

We need to add:

Digest::Bcrypt
Crypt::Random

I don't think I've seen any trouble installing those with various versions
of Perl and other CPAN modules yet. Although Crypt::Random depends on
Math::Pari which I vaguely recall being a pain in the distant past.

But we don't have any other strong, modern password hashing options in
Interchange right now, so it seems reasonable to make bcrypt the default
and include the needed modules.

> There may be a case for changing Bundle::Interchange,

I think so.

Mike, what do you think?

Thanks,
Jon

--
Jon Jensen
End Point Corporation
https://www.endpoint.com/

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

mikeh at endpoint

Oct 17, 2015, 5:18 AM

Post #18 of 39 (8731 views)

Quoting Jon Jensen (jon@endpoint.com):
> On Sat, 17 Oct 2015, Peter wrote:
>
> >1. Customer and affiliate passwords should be encrypted with
> >bcrypt, not plain text. I think the time for allowing plain text
> >storage of passwords is long past and IC is perfectly capable of
> >using the current recommendation for this which is bcrypt.
> >
> >2. Not a strap issue, but admin passwords should also be bcrypt
> >now, not old crypt.
> >
> >To accommodate the above we may need to update KitchenSink to add
> >the modules needed for bcrypt, I'm not sure if they're in
> >KitchenSink at the moment or not.
>
> Good points, Peter.
>
> They're not in either of the bundles now.
>
> We need to add:
>
> Digest::Bcrypt
> Crypt::Random
>
> I don't think I've seen any trouble installing those with various
> versions of Perl and other CPAN modules yet. Although Crypt::Random
> depends on Math::Pari which I vaguely recall being a pain in the
> distant past.
>
> But we don't have any other strong, modern password hashing options
> in Interchange right now, so it seems reasonable to make bcrypt the
> default and include the needed modules.
>
> >There may be a case for changing Bundle::Interchange,
>
> I think so.
>
> Mike, what do you think?

I think it's done! V1.11 is up in CPAN.

--
Mike Heins
End Point -- Expert Internet Consulting http://www.endpoint.com/
phone +1.765.253.4194 <mikeh@endpoint.com>

There's nothing sweeter than life nor more precious than time.
-- Barney

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

mikeh at endpoint

Oct 17, 2015, 5:27 AM

Post #19 of 39 (8727 views)

Quoting Mike Heins (mikeh@endpoint.com):
> Quoting Jon Jensen (jon@endpoint.com):
> > On Sat, 17 Oct 2015, Peter wrote:
> >
> > >1. Customer and affiliate passwords should be encrypted with
> > >bcrypt, not plain text. I think the time for allowing plain text
> > >storage of passwords is long past and IC is perfectly capable of
> > >using the current recommendation for this which is bcrypt.
> > >
> > >2. Not a strap issue, but admin passwords should also be bcrypt
> > >now, not old crypt.
> > >
> > >To accommodate the above we may need to update KitchenSink to add
> > >the modules needed for bcrypt, I'm not sure if they're in
> > >KitchenSink at the moment or not.
> >
> > Good points, Peter.
> >
> > They're not in either of the bundles now.
> >
> > We need to add:
> >
> > Digest::Bcrypt
> > Crypt::Random
> >
> > I don't think I've seen any trouble installing those with various
> > versions of Perl and other CPAN modules yet. Although Crypt::Random
> > depends on Math::Pari which I vaguely recall being a pain in the
> > distant past.
> >
> > But we don't have any other strong, modern password hashing options
> > in Interchange right now, so it seems reasonable to make bcrypt the
> > default and include the needed modules.
> >
> > >There may be a case for changing Bundle::Interchange,
> >
> > I think so.
> >
> > Mike, what do you think?
>
> I think it's done! V1.11 is up in CPAN.

And in Bundle-Interchange-1.07 too.

--
Mike Heins
End Point -- Expert Internet Consulting http://www.endpoint.com/
phone +1.765.253.4194 <mikeh@endpoint.com>

{((>:o}~ <<<<Oh look!!! An idolatrous image of the prophet!!! Surely
we must now avenge this blasphemy by burning down the world!!!

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Oct 17, 2015, 10:19 AM

Post #20 of 39 (8723 views)

On Sat, 17 Oct 2015, Mike Heins wrote:

>>> Digest::Bcrypt
>>> Crypt::Random
>>>
>>> Mike, what do you think?
>>
>> I think it's done! V1.11 is up in CPAN.
>
> And in Bundle-Interchange-1.07 too.

Looks good in Bundle::Interchange, but I got this error with
Bundle::InterchangeKitchenSink:

% cpanm Bundle::InterchangeKitchenSink
--> Working on Bundle::InterchangeKitchenSink
Fetching http://www.cpan.org/authors/id/M/MI/MIKEH/Bundle-InterchangeKitchenSink-1.11.tar.gz ... OK
Configuring Bundle-InterchangeKitchenSink-1.11 ... OK
==> Found dependencies: previous
! Finding previous on cpanmetadb failed.
! Finding previous () on mirror http://www.cpan.org failed.
! Couldn't find module or a distribution previous
! Installing the dependencies failed: Module 'previous' is not installed
! Bailing out the installation for Bundle-InterchangeKitchenSink-1.11.

Also, running perldoc again the 1.10 version of
Bundle::InterchangeKitchenSink I got this error:

POD ERRORS
Hey! The above document had some coding errors, which are explained below:

Around line 216:
You forgot a '=back' before '=head1'

Thanks,
Jon

--
Jon Jensen
End Point Corporation
https://www.endpoint.com/

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Oct 17, 2015, 11:58 AM

Post #21 of 39 (8732 views)

Quoting Peter (peter@pajamian.dhs.org):
> On 08/08/2015 12:10 PM, Josh Lavin wrote:
> > The "Strap" template which Greg Hanson and I have been working on for a
> > couple years now has been updated to Bootstrap 3.x latest.
> >
> > If you weren't aware, Strap is a new template for IC 5.x, which is
> > completely modern HTML5 + CSS. It is based on the Bootstrap Framework,
> > and includes several improvements, such as SEO-friendly results,
> > better gift certs, checkout with usability features, etc (see more in
> > the link below).
> >
> > In preparation for replacing the old "standard" template for IC, I could
> > use some help in reviewing the "strap" template, to ensure it is ready
> > for prime-time.
>
> I just got around to having a look at some of the code for this and have
> a couple of suggestions:
>
> 1. Customer and affiliate passwords should be encrypted with bcrypt,
> not plain text. I think the time for allowing plain text storage of
> passwords is long past and IC is perfectly capable of using the current
> recommendation for this which is bcrypt.

I put this on the #interchange channel, but the reason we don't use
crypt in Strap at this point, is because of the demo mode. We want to
keep plain-text passwords for the demo users, so you can look in the
database and see what a user's password is, to login to their account.

Perhaps we can configure this on/off in catalog.cfg, depending on if
demo mode is on/off. I'll look at that.

Josh

> 2. Not a strap issue, but admin passwords should also be bcrypt now,
> not old crypt.
>
> To accommodate the above we may need to update KitchenSink to add the
> modules needed for bcrypt, I'm not sure if they're in KitchenSink at the
> moment or not. There may be a case for changing Bundle::Interchange, I
> don't know.
>
> I'll let you know if I come across anything else.
>
>
> Peter
>
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users

--
Josh Lavin
End Point Corporation

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

Oct 17, 2015, 5:49 PM

Post #22 of 39 (8728 views)

On Sat, 17 Oct 2015, Josh Lavin wrote:

>> 1. Customer and affiliate passwords should be encrypted with bcrypt,
>> not plain text. I think the time for allowing plain text storage of
>> passwords is long past and IC is perfectly capable of using the current
>> recommendation for this which is bcrypt.
>
> I put this on the #interchange channel, but the reason we don't use
> crypt in Strap at this point, is because of the demo mode. We want to
> keep plain-text passwords for the demo users, so you can look in the
> database and see what a user's password is, to login to their account.

That doesn't seem like a compelling reason to me. Much more important to
do the right thing by default for real sites, I think. Demos are
temporary, but real ecommerce sites are forever. :)

For the demo, can't we just show in plain text what the logins are on the
login page itself?

Jon

--
Jon Jensen
End Point Corporation
https://www.endpoint.com/

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

peter at pajamian

Oct 17, 2015, 7:57 PM

Post #23 of 39 (8731 views)

On 10/18/2015 07:58 AM, Josh Lavin wrote:
> Perhaps we can configure this on/off in catalog.cfg, depending on if
> demo mode is on/off. I'll look at that.

This should be easy to do, but you're left with plain text passwords in
the db when the catalog is switched. You can use promote and from_plain
to make them work, but it still won't convert them to bcrypt until the
customer logs in. Then you're left with a situation that switching
*back* to demo mode will cause logins to fail if the passwords have been
encrypted. So this seems to me to not be a good solution.

Peter

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

peter at pajamian

Oct 17, 2015, 8:00 PM

Post #24 of 39 (8725 views)

On 10/17/2015 03:04 PM, Peter wrote:
> I'll let you know if I come across anything else.

This in pages/member/get_password.html:
[if variable
SECURE_ENABLE]__SECURE_SERVER__[else]http://__SERVER_NAME__[/else][/if]__CGI_URL__/query/pw_reset?u=[scratch
found_user]&x=[scratch expire]&k=[scratch hmac]

Much better done using [area]:
[area href=query/pw_reset secure="__SECURE_ENABLE__" no_session=1 form="
u=[scratch found_user]
x=[scratch expire]
k=[scratch hmac]
"]

Peter

_______________________________________________
interchange-users mailing list
interchange-users@icdevgroup.org
http://www.icdevgroup.org/mailman/listinfo/interchange-users

Re: For review - new Strap template for Interchange 5 [ In reply to ]

gert at 3edge

Oct 18, 2015, 1:01 AM

Post #25 of 39 (8718 views)