Leaderboard

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.[1] TOTP is the cornerstone of Initiative for Open Authentication (OATH), and is used in a number of two-factor authentication (2FA) systems. A Time-Based One-Time Password or TOTP is a passcode valid for 30 to 90 seconds that has been generated using the value of the Shared Secret and system time. How it works inside CliShopping, You have two options you can activate, one for the administration protection and one on Catalog login. The approach is the same for the both. You insert your email and your are redirected on Topt page QR code. You have just to scan the code with your phone. Aministration Login : Protection 1 Connexion : You must enter you login and password. If it's does not work you must restart. It's security normal process Protection 2 Ip identification : You Ip is registred everytime you want to try to log inside the administration. After 5 times (you can define), you account is blocked and you must wait to try another time. You can also receive an email to know if someone try to connect on you admin Protection 3 Double authentification by TOTP: (option) This is an option where you can include the TOTP identification. The process is quite simple. If you activate the TOTP, the first time when you tried to connect inside the admin, a TOTP password is generated and save inside your database. After a QR code appears and you must terminate your identification with the sanc of your QR code and include the number given by your phone. The process compare the TOTP number with your QR code number and allow you to connect or not inside the administration. The login This the same process as the administration. Protection 1 Connexion : You must enter you login and password. If it's does not work you must restart. It's security normal process Protection 2 Double authentification by Topt : (option) Same process as the Administration for the TOTP authentification. Conclusion : This approach is not a perfect process security but allow you to have something best with a low interference with the action client. It's in coformity with the regulation recommandtion proposed in Europe. You can activate this process only for administration or for the catalog. It's independent process. For example, Amazon is more restritive about the double identification because you must receive a code on your smartphone. The problem with this approach if you tried to connect with another computer and you do not have your phone, you can not. In other part, with the TOTP process implemented inside the ClicShopping, you can use on every computer. To increase the application security and data storage, you always have a compromise to choose and there is always a repercution on your client. For moment, it can be transparent, another moment, it must do an action. Also you can increase again the security to include and antispam App and create different kind to security approach inside different ClicShopping forms. The point aborded here is only about the identification.

General Data Protection Regulation (GDPR) The European Union's General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The GDPR imposes new obligations and responsibilities on controllers and processors of data. As a merchant, you are generally the controller of your customers’ data. This means that you collect your customers’ data and choose how it is handled. Additionally, though it is a European regulation, the GDPR might apply to your business if you make goods and services available in Europe, even if you or your business are not located in Europe. ClicShopping believes strongly in protecting your customers’ personal data as well as your own, and understands that doing so is critical to help you preserve the trust and confidence of your customers. ClicShopping has designed its platform to allow merchants to operate anywhere in the world. GDPR-compliant features are built into ClicShopping 's platform, including features to enable you to offer your customers transparency into and control over their personal data, and technical measures to ensure that your customers’ personal data is protected as it crosses borders. ClicShopping believes in making it easy for you to use our platform in a manner that complies with privacy and data protection laws like the GDPR. While ClicShopping does what it can to set you up for success, there are also steps you will need to take on your own, and ultimately, compliance with the GDPR is the responsibility of each individual merchant. If you have legal questions specific to your obligations under the GDPR, consult with a local lawyer who is familiar with data protection laws. How does the GDPR affect ClicShopping ? The General Data Protection Regulation (GDPR) requires ClicShopping to make the following changes inside the code Make sure that ClicShopping is able to honor the rights of European merchants and customers over their personal data, and that when using ClicShopping 's services, merchants are able to do the same. How does the GDPR affect you? The General Data Protection Regulation (GDPR) affects any ClicShopping merchants who are based in Europe or who serve European customers. While ClicShopping is working hard to make sure that it complies, and allows its merchants to comply with the GDPR as of May 25, 2018, it is important to note that the GDPR will also require you to take action independently from the ClicShopping platform. The GDPR is a complicated regulation, and it will apply differently to different merchants. You should consult with a lawyer to figure out what you specifically need to do. For information about processing data requests, see Processing GDPR data requests. Processing GDPR data requests The GDPR expands on an individual's right to access and control their personal data.

Email is part of communication, below different examples how to set email inside ClicShopping Example 1 : o2switch.net User name : myemail@domain.com - Password : email password - Server : mail.test.domain.com - remove mail. and write only test.domain.com - SMTP Port: 26 - SMTP authentication : true - SMTP secured protocol : ssl - Emails activation : true Example 2 : gmail.com - User name : myemail@gmail.com - Password : Utilisez le mot de passe du compte de messagerie. - Server smtp : smtp.gmail.com - remove smtp. and write only gmail.com - SMTP Port: 25 ou 465 - SMTP authentication : true - SMTP secured protocol : ssl or Tls - Emails activation : true

When Google or other search engines come to your site to read and store the content in its search index, it will look for a special file called robots.txt. This file is a set of instructions to tell search engines where they can look to crawl content and where they are not allowed to crawl content. We can use these rules to ensure that search engines don't waste their time looking at links that do not have valuable content and avoid links that produce faceted content. Why is this important? Search engines need to look at and store as many pages that exist on the internet as possible. There are currently an estimated more 4.5 billion web pages active today. That's a lot of work for Google. It cannot look and store every single page, so it needs to decide what to keep and how long it will spend on your site indexing pages. This is called a crawl budget. How many pages a day Google will index depends on many factors, including how fresh the site is, how much content you have and how popular your site is. Some websites will have Google index as few as 30 links a day. We want every link to count and not waste Google's time. What does the suggested Robots.txt file do? ClicShopping optimised rules exclude site areas with no unique content but instead redirect links to existing topics. Also excluded are areas such as the privacy policy, cookie policy, log in and register pages and so on. Submit buttons and filters are also excluded to prevent faceted pages. Finally, user profiles are excluded as these offer little valuable content for Google but contain around 150 redirect links. Given that Google has more seconds on your site, these links that exist elsewhere eat up your crawl budget quickly. What is the suggested Robots.txt file? Here is the content of the suggested Robots.txt file. If your ClicSHoppingis inside a directory, you will need to apply it to the root of your site manually. So, for example, if your community was at /home/site/public_html/myDirectory/ - you would need to create this robots.txt file and add it to /home/site/public_html. It's simple just edit robot.txt and change inside the information example of robot.txt Note : domain.ltd must be changed by your domain. # Rules for ClicSopping (https://www.clicshopping.org) User-Agent: * # Block pages with no unique content Disallow: /Account/LogIn/ Disallow: /Account/CreatePro Disallow: /Account/Create Disallow: /Account/PasswordForgotten Disallow: /Search/AdvancedSearch/ Disallow: /Search/Q/ # Block faceted pages and 301 redirect pages Disallow: /*?page= Disallow: /*?sort= # Sitemap URL Sitemap: https://domain.tld/index.php?Sitemap&GoogleSitemapIndex

The version 3.323 allows to use htaccess to rewrite the url. To use this function you must activate in Shop/SEO urls this 2 options 1 - Use Search-Engine Safe Native URLs this option rewrites the url like this : https://demo.clicshopping.org/index.php/Products/Description/logitech-trackman-marble-mouse/Id-12 and 2- Use Search-Engine Safe URLs Pro (with htaccess) This option rewrites the url like this : https://demo.clicshopping.org/Products/Description/logitech-trackman-marble-mouse/Id-12 To use the last option, you must include inside your root an htaccess with this syntax. Of course, it can updated in function of your server. note : This option works only on the catalog without customer, if your are logged you will see the url above. It's optimized only for the search engine. For apache 2.4 ################################## # url rewiting #improve url rewriting #work fine without directory https://mydomain.com/test/index.php #the rewriting must be activated inside the application # uncomment ################################## <IfModule mod_rewrite.c> RewriteEngine On DirectorySlash Off # # Remove WWW # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^ https://%1%{REQUEST_URI} [R=302,L] # # Remove Trailing Slashes # RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{THE_REQUEST} \s(.+?)//+[?\s] RewriteRule ^ %1 [R=302,L] # # Reroute to index.php # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] </IfModule>