DevinLewis

DevinLewis does not currently provide support for this item.

100 comments found.

Asked 3 time support with contact form and directly with mail. No answer!

Please dont buy this product have some serious security issues i saw a hacker changes paypal id to his paypal id he changed 4 times e even after i use strong password

Dont buy this product! This has vero dangerous bug!!! A hacker has changed paypal id into script 5 times! I contact Autor 10 Times: no answer! I will write to envato to remove this script and refound money!!!!

Please stop spreading misinformation about this script.

Dont buy this product! This has vero dangerous bug!!! A hacker has changed paypal id into script 5 times! I contact Autor 10 Times: no answer! I will write to envato to remove this script and refound money!!!!

Please stop spreading misinformation about this script.

1. First time you answer! 2. See other users comment and you will see all people have same issue! 3. I bought support and not give me 1 answer to my email o answer request by contact form 4. My server is not hacked! I’m using a secure hosting provider! 5. You see “Supported” on green near my name????? 6. 4 users say same thing!!!!!

See comments on page 4 and 5! All hack! Same issue!!!!!

@lizzus how to report to envato please let me know i will do that tooo its not safe to use this script and get hacked and loose money too ..

@anonymix did you read what write DevinLewis?!? He say that it’s my server compromised! OMG!!! I think he not know what is a SQL inejction! I see that this script is very simar to another in envato: http://codecanyon.net/item/paypal-pro-payment-terminal/234015?ref=CriticalGears. I think this is a clone…

if Devin wont release new version fixed bugs i will raise dispute and ask for refund ,developer looks such a useless guy if one guy is posted then ok if all said its bug then he should check again script to fix it anyway iam buying membership plugin for wordpress and remove this script

Can you add form builder for terminal? I want use calculate

I have modified this script for a project, so what specific files were updated?

Hello, yes I confirm, there is a security breach in this script, allowing attacker to change the PayPal ID, And it’s concerning everyones, If google list your website, it mean that the attacker can found you directly with google dorks and exploit it.

Please contact me directly to discuss this issue, I’d be happy to help you work through things.

HI, my sever is already got SSL I would like to use this script to take payments for monthly subscription. But I want to know that do I can customized the code according to mine. looking forward hearing from you soon. thanks

gatto78

gatto78 Purchased

Hi Devin, can you tell me which changes did you made in the last update? In my app I have change a little your code, so I can’t diff the sources easily. Thank you very much!

Hi, good work with this script, which I have been using for a while. Recently, I had some time to look into the code in preparation for customization, and sorry for the long post, but I have some security related questions:

1. Where is the IPN Notification Validation? I see there is a file “ipnlistener.php” which does this, but this file and none of it’s functions seem to be used by PAPT. Of course, this means that anyone can POST a purchase to the notify_url. Perhaps I missed something? https://developer.paypal.com/docs/classic/ipn/integration-guide/IPNImplementation/#specs

2. I don’t understand why admin-only functions (like delete_item) are routed through the process.php script. Admin-only functions should be checked vs logged-in user, no? This is why there are reports of vulnerabilities earlier, since anyone could POST ‘save_config’. I see this is fixed now by checking HTTP_REFERER and CSRF, but I still don’t see why these functions are not checked vs logged-in user in the first place.

3. I’m curious why the return and cancel_return url values sent to Paypal are routed through the process.php script? Seems they are just redirected to index.php#status without further processing anyway.

4. I’m not sure why CSRF is added to custom field sent to Paypal from index.php. This var does not even get forwarded with GET method for return url’s, and it’s ignored for action=paypal_ipn anyway …

Sorry, I don’t mean to sound negative … it’s a really nice script. I’m mostly curious about #1, although the three other questions elude me in an otherwise well-crafted solution.

The recipent email paiement from paypal has been solved ? someone knows ?

Are the security bugs with this product solved? I don’t want to buy something exploitable but this is exactly what I need.

Yes, the security issues have been resolved.

Hi, I have 2-3 one page websites where I sell different products. Can I have different payment pages for each website and connect them into one admin page to control then from one place?

Le système ne fonctionne pas pour le moment. Réessayez plus tard. new issues any help

Hi,

Is there anyway to create subscription via backend, and send out link for each individual customer to proceed with payment?

Hi, Is it possible to add a label in which customer insert a personal code, as the italian fiscal law requires?

Can anyone guide me how to change the currency seetigs. I have edit the admin.php, process.php still input amount showing zero in DB also in email notification….

by
by
by
by
by
by