Jipa331

Regarding this,
They demanded money to avoid leaking my website's ID and password information. To test their capabilities, I asked if they could obtain the ID and password for three other random IPS-based websites. Within 10 minutes, they sent me the credentials for these sites, involving thousands of accounts for each.
What's most alarming is that these ID and password combinations were indeed functional on other IPS websites.
Even though it's not IPS's fault, there needs to be better login protection. The current 2FA system is insufficient for securing all accounts. Currently, members must manually register 2FA after logging into our website.
Implementing email code verification at login would be a more effective method to protect all accounts.
 
 

Yes, I am aware that ID and passwords are not stored as plaintext in the database but are encrypted. It's possible that the hacker found various IPS sites using a different ID/PW saving tool and organized this information to send to me.
However, there is a major flaw in the IPS login system. I know that 2-Factor Authentication (2FA) is available and can be enforced, but this is useless for people who have already left the website. A hacker could log in using the leaked ID and password and then register their own 2FA key.
Like many other websites, why doesn't IPS require email-based code verification when logging in? If this were possible, it could securely protect all accounts, including those of people who no longer use the website.
 

Ah I found a problem.
I just miss typed on captcha setting.
I thought captcha key can be used for different domains. Didn't know it was a unique for each domain.

Ah I found a problem.
I just miss typed on captcha setting.
I thought captcha key can be used for different domains. Didn't know it was a unique for each domain.

Issue fixed. 
Sharing my approach for others to use.
If you created a Stripe Webhook on the Stripe website (https://dashboard.stripe.com/webhooks/),
Ensure that the number of webhooks does not exceed 16.
Excessive webhooks on Stripe may disrupt its functionality.
I resolved this by deleting duplicate, outdated, and unused Stripe webhooks.
 
 

We are having this exact same issue, but I don't see that this was specifically resolved. 

I've double checked the webhook on Stripe and it is fully functioning with  "source.chargeable, charge.succeeded, charge.failed, charge.dispute.created and charge.dispute.closed" all selected and enabled. We created a new webhook with all available events selected just to be sure, with the same results. 

We are using the provided endpoint URL:
https://www.<our-web-site>.com/applications/nexus/interface/gateways/stripe.php Any help would be appreciated. 
 

It's a template hack as mentioned. In nexus/front/checkout/paymentForm
I replaced
 
<input type="radio" {{if (string) $input->value == (string) $k or ( isset( $input->options['userSuppliedInput'] ) and !\in_array( $input->value, array_keys( $input->options['options'] ) ) and $k == $input->options['userSuppliedInput'] )}}checked{{endif}} {{if $input->required === TRUE}}required{{endif}} {{if $input->disabled === TRUE or ( \is_array( $input->disabled ) and \in_array( $k, $input->disabled ) )}}disabled{{endif}} {{if isset( $input->options['toggles'][ $k ] ) and !empty( $input->options['toggles'][ $k ] )}}data-control="toggle" data-toggles="{expression="implode( ',', $input->options['toggles'][ $k ] )"}"{{endif}} id="elRadio_{$input->name}_{$k}" name="{$input->name}" value="{$k}"> with
 
{{if $k==9}} <input type="radio" {{if (string) $input->value == (string) $k or ( isset( $input->options['userSuppliedInput'] ) and !\in_array( $input->value, array_keys( $input->options['options'] ) ) and $k == $input->options['userSuppliedInput'] )}}checked{{endif}} {{if $input->required === TRUE}}required{{endif}} {{if $input->disabled === TRUE or ( \is_array( $input->disabled ) and \in_array( $k, $input->disabled ) )}}disabled{{endif}} {{if isset( $input->options['toggles'][ $k ] ) and !empty( $input->options['toggles'][ $k ] )}}data-control="toggle" data-toggles="9-9_card,{expression="implode( ',', $input->options['toggles'][ $k ] )"}"{{endif}} id="elRadio_{$input->name}_{$k}" name="{$input->name}" value="{$k}"> {{else}} <input type="radio" {{if (string) $input->value == (string) $k or ( isset( $input->options['userSuppliedInput'] ) and !\in_array( $input->value, array_keys( $input->options['options'] ) ) and $k == $input->options['userSuppliedInput'] )}}checked{{endif}} {{if $input->required === TRUE}}required{{endif}} {{if $input->disabled === TRUE or ( \is_array( $input->disabled ) and \in_array( $k, $input->disabled ) )}}disabled{{endif}} {{if isset( $input->options['toggles'][ $k ] ) and !empty( $input->options['toggles'][ $k ] )}}data-control="toggle" data-toggles="{expression="implode( ',', $input->options['toggles'][ $k ] )"}"{{endif}} id="elRadio_{$input->name}_{$k}" name="{$input->name}" value="{$k}"> {{endif}} not sure if k==9 is the same for you. Might be a different value for you. You should be able to see it when you inspect the payment form html in your browser.

and below {{endforeach}} I added this
<div id="9-9_card" class="" style="display: none;"> <div style="display: block;"> <div data-role="errorMessage" class="ipsMessage ipsMessage_warning">Please be aware that Payment via SEPA / Klarna will withdraw the money right away, but it can take up to 14 working days for the payment to complete. On average it takes about 3 working days. Your order will be in a 'Pending' state for this duration.</div> </div></div>  
 

Hi,
I'm also planning to make a multi-language site which supports auto-translation.
How did you solve this problem? even I've installed language packs in ACP, I cannot see any language change option in my website.
would you help me out?
Thanks !

New version pending approval:
 
* I can't reproduce it, but I think I know why by what is was caused. Let me know if it won't be fixed - send me PM with access details. I'll check it directly on your board.