101

(15 replies, posted in Installation)

https://frontaccounting.com/punbb/viewtopic.php?pid=18192 seems to describe the same problem.

102

(5 replies, posted in Items and Inventory)

Aha. I may have misread your original post somewhat. So all synchronisation is triggered by that php page? And it only works for items which you have edited/saved from OpenCart?

Then it would have to keep track of previously synced items, presumably by looking at their "modified" timestamps. Are they set by the import script? Even so, if they are equal to the "created" timestamp they could be (wrongly, in this case) assumed to not need to be synced.

You could update them all from phpmyadmin (or whatever tool you use) by a simple SQL statement, like "UPDATE oc_product SET date_modified=NOW() where 1"

103

(5 replies, posted in Items and Inventory)

It seems the synchronisation is triggered by the "save" action. Unfortunately, it also seems the import bypasses this completely.

I guess Cartbooks simply ignores products already in the database, until it detects an update (identified by a click on the "save" button). That means you would have had the same problem if your products had already been in the database.

I can see the following possible solutions:
1. Cartbooks could implement a "forced" sync option to upload all items currently in the database.
2. Excelport could import the items through the web interface, or at least generate a "save" click/event for each item to allow OpenCart and/or its plugins to respond to the change.

Both are features which would not be unreasonable to expect.

But if you have any programming background you could probably explicitly invoke the sync function of Cartbooks from a script of your own. Or at least script the clicking of the save button.

104

(4 replies, posted in Setup)

Quick entries are fine, but it's probably not the kind of automation you are asking about. If you want to adjust balances monthly, you could always query the database "from outside" and insert new transactions based on the result. I do something similar for my VAT reports by importing journal entries.

105

(4 replies, posted in Modules Add-on's)

It is certainly not a bad idea.

There have been a couple of efforts, which you might want to look into before you go about reinventing the wheel.

https://frontaccounting.com/wbt/pages/posts/frontaccounting-mobile-edition174.php
https://frontaccounting.com/punbb/viewtopic.php?pid=17065#p17065

Another idea you might consider is creating/adapting a theme for mobile devices. That would eliminate the need for an API and should be platform independent. (At least for reasonably similar screen sizes.)

106

(5 replies, posted in Installation)

Hostnames are just aliases for IP addresses, so set it to the IP address of the database server. And make sure that the database server is listening on that address. (I think the default setting is to only accept connections from itself.) Also, grant the database user access from the web server's IP address.

(But I'm still not sure why. The WAMP distribution is just a package containing both a web server and a database server. A convenient way of installing both servers on a single machine. While I can see reasons for having dedicated machines for the different servers, I wouldn't use WAMP in that situation.)

107

(5 replies, posted in Installation)

The first thing to note is that the system is web based, so any number of users can use the same install. The user's browser is the client, after all.

But if you need to separate the web and database servers, the database settings are specified in the config_db.php file. FA doesn't care where the database is, as long as it can connect to it.

You just need to make sure the database is listening on its network address (and not only the loopback address) and that the database user is allowed to connect remotely.

108

(6 replies, posted in Installation)

One thing I notice about that log is that it seems to be attempting to connect with two different usernames. (and only one password). Are you somehow including both the config_db.php files? And just which database(s) are you trying to connect to? And does it have any user set up?

To move FA to a new host, I would dump the database on the old host, and recreate it on the new. You may have to create a new database user and grant the appropriate privileges. Then copy the entire FA directory to the new server. If you are using the same credentials, you shouldn't have to edit the database config. (If it is a shared server with only one database user, then you'd just have to put that username/password in config_db.php.)

Try that on a fresh (preferably virtual) server, because I think your two instances are confusing each other.

Personally, I would dump this XAMPP/LAMPP/whatever package and go with the apache, php and mysql packages from the official repo.

I very much doubt that this is a bug. It looks more like a database setting. The database (or table) is using a charset which doesn't include the £ character. Changing it to UTF8 should do it.

But I recommend that you do a proper database dump before changing anything. I don't know how (or if) FA's backup script deals with changes like this, so have a look at my answer to your post about backups.

111

(2 replies, posted in Report Bugs here)

The browser has nothing to do with it. But the backup script's execution time does depend on the database size, so I suspect it's a timeout issue. In your case, you've probably happened to use IE at times when the server load has been lower.

I don't know why it was implemented this way, but yes... I would say it qualifies as a bug. The workaround is to do a database dump using mysqldump from the command line or from phpmyadmin.

You might want to have a look at https://frontaccounting.com/punbb/viewtopic.php?id=3433

113

(45 replies, posted in Modules Add-on's)

Thank you. I'm looking at the new code now (C Estrella's commit), and it's getting better. Not quite there yet, but... At least I'm getting data into sales_add.

Line 282 is still passing a string to input_num() which can't be right.

And the .htaccess file causes the following entry in the error log
[Fri Sep 13 00:29:15 2013] [alert] [client 192.168.22.50] /var/www/frontaccounting/modules/api/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration

Now I'm sure that is a problem with my local configuration, so I've just renamed it for now. I do however get another, more interesting entry:
[Fri Sep 13 00:49:26 2013] [error] [client 192.168.22.50] 0::connect_db.inc:51: mysql_query() expects parameter 2 to be resource, null given

Parameter 2 is $db, a global variable. It is not passed to the function (db_query) which calls mysql_query. It should just be there. How can it not be there? Does it get overwritten by the API code somewhere? Because everything is fine when accessing the system through a web browser.

Edit: No. More likely, it is never set to begin with.

114

(45 replies, posted in Modules Add-on's)

I'm looking into importing sales data using this API, and I found the following errors in sales.inc:

On lines 220, 323 and 422 the string 'freight_cost' should really be $info['freight_cost']
On lines 241 and 353 the test for ($can_process == false) should be ($can_process['passed'] == false)

But I still don't seem to get any data whatsoever into the sales_add function. It's probably just me, but... Has anyone managed to POST data? In particular multi-dimensional arrays, such as required here. Just what format is the data expected to be in?

Don't bother with the repo version at all. What happens if someone ever packages a more recent version, and your package manager attempts an "upgrade"? After all, it won't know that you've replaced the files with newer versions.

116

(11 replies, posted in FA Modifications)

Did you run your test from the browser? Or from the command line? I believe the two php's use different ini files.

There is a module to integrate OSC and FA, but I don't know if it's any good. For one thing, I believe it does this by working directly against the databases. Which is fine if both systems are installed on the same server. Otherwise, one of the databases must be accessible over the network. Anyway, it might be something to work from.

I would, however, suggest that you start by defining what you really need and what you can do without.

I use Prestashop and what I do is write each sale to a file on the PS server, to be imported into my local FA by a daily cron job. That only gets me journal entries, which is fine as I have no inventory to worry about. The goods are shipped from the manufacturer and the web server creates the invoices during checkout. I only have to book the payments when they arrive, which is fairly painless using quick entries.

At some point I expect to have to implement some form of accounts receivable support, but... At the time I couldn't make sense of the web service implementations I found, so I settled for a cURL-driven import using a plugin from the FA repo. If you take payment online in OSC you shouldn't need the AR bit, but if you plan on using FA to keep track of your inventory you will probably need to create a sales order/invoice.

That's what I meant with "its own thing". I do a curl-triggered backup (so that it can be restored from within FA) whenever my daily import script runs, and it does indeed take a few minutes. I expect it to get worse as the database grows, but for now my server doesn't have anything better to do in the middle of the night. (It is clear, however, that I will at some point have to switch to some "external" method of creating the backups.)

I don't know why FA's "create backup" script involves complex queries - and that could well be classified as a bug in itself - but noting that seahawk has the same problem when using tools which do rely on mysqldump, I suggest his problem might actually be with the database settings.

FA seems to do "its own thing" when it comes to backups, but cpanel (I presume) and phpmyadmin should just dump the database as it is. I'm guessing (as in "I haven't a clue, but I'm trying to think of something helpful") that you have some database setting activated which slows the process down significantly. Logging? Statistics? Accounting?

If I understand you correctly you have (at least) one company which you can backup, and one which you cannot. In that case I would open the working and non-working databases in phpmyadmin in separate windows, and see if any settings differ.

It seems you are missing the Visual C++ runtime libraries from Microsoft.

http://www.microsoft.com/en-us/download/details.aspx?id=30679

I really hope we have some Windows users here who can assist you. Because once you get PHP running, you'll need to install and configure a database. I understand the Linux VM suggestion was probably a bit much for an accountant, but... Wouldn't it have been easier to just install something like XAMPP?

Anyway... The error suggests that IIS did call PHP, but the latter returned an error (or didn't return anything). What happens if you open a command prompt, change directory to that of the phpinfo.php file and type the command "C:\php\php-cgi.exe phpinfo.php"?

32 bit software on a 64 bit machine is fine, the other way around is not. (I doubt you need 5.5, though. If you're more comfortable with 64 bits, you could just grab a stable release of whatever reasonably recent version they have.)

I would however take Xero's advice and install a complete server environment like XAMPP. Or install a complete virtual Linux server. (Bitnami or turnkey would be good places to start, they have pre-built LAMP stacks available as ready-to-run virtual machines or as ISO's which can be installed into your favourite VM.) However, the latter may not be as "accountant friendly". And it will be scarier. smile

On the other hand, it will be a "contained" installation which will not interfere with Windows. And you could easily move the whole virtual machine to another host if you wanted to. Not to mention how much fun it will be. And how much you will learn. If you don't believe me, just go with XAMPP.

If the translations can be executed as code, that is indeed a problem. I suggest you report it as a bug.

However, it is a different problem. It has nothing to do with this particular button. In fact, the malicious translator could add anything he wanted - including buttons.

As for this problem... Fair enough. Moving the string to a span certainly does no harm. But it doesn't solve your problem with an apache module trying to "protect" your FA instance by filtering posted data either. The "vulnerability" just isn't there as long as the posted value is ignored. And this "protection" applies to all fields, which means that local rules may block anything the provider considers suspicious. Including user supplied data. There is no way that FA can prevent that.

The "requirement" here is being able to set the button caption to anything, even including characters that may be deemed "unsafe" by some rule. It's perfectly safe as long as the data is not passed as a command line, and in this case (as with all buttons I've ever come across) the value is completely ignored.

That the caption gets sent along with the form data, is really a problem with the way HTML buttons are defined. It may be a bit late to address that problem now, though. And modsecurity is not essential in any way. All it does is add filtering which should already be present in applications receiving form data.

Also, these rules were not exactly delivered on stone tablets. They can be changed and extended by the provider. Moving targets, again. Thus, there is no way to ensure that any particular string will not match a rule. The translations seem messy enough without introducing a build time filter (that needs constant updates) to ensure they do not trigger some "security" rule which may exist on some server somewhere.

Since I'm not the developer, I can't say whether they considered it "smart" to submit the offending characters. But I can't see it as particularly dumb either. It's actually a good visual hint for a "continue" or "next" button. The only reason it's become a problem here is that some other software tries to overrule FA's input handling. Working around such a "feature" would be a waste of time and resources.

I'm not sure it's a bug at all. Conflicting requirements, perhaps. Both FA and modsecurity seem to be doing just what they were intended to do.

An HTML button's caption is defined by its value, which (naturally) gets passed when the form is submitted. If modsecurity regards any form field's value as suspicious, it will give an error. It has no way of knowing how those values are used on the server, if at all.

And there is no way to guarantee that a value will not match a rule, as they can be (mis-)configured by the provider. And since strings in FA are translated, such errors might only appear on certain pages, when certain languages are used.

Besides, any application which uses brackets in button captions would be affected. Unless the issue has been raised with the developers of modsecurity, I suspect the rule in question is part of a local ruleset. In that case, it is the provider's problem. Or perhaps the end user's.

Since these rulesets (local or otherwise) are moving targets, modifying FA (and all translations) does not seem like the way forward. This time it's brackets. What if someone decides that exclamation marks are suspicious?