All Activity

Canceling an order is not the same as returning an order - they are two completely different processes. A customer who has no information about their order is not a customer. Can you log into your bank account without any login information? You can't make this feature so that hackers from all over the world can cancel all orders in our store. This is my own module running on the displayOrderDetail hook - it is visible in standard customer and guest orders. The screenshot shows a simple configuration of the module. Of course, for orders that have the status “Order shipped” or “Delivered,” there can be no question of canceling the order. For such orders, the customer should make a standard return after receiving the shipment.

Such a leak of customer data could result in huge fines for Prestashop. This is probably why the previous owners sold Prestashop so quickly.

It's a very interesting discussion here. I can understand both positions. It's really a chicken-egg game. But imo there is a huge game changer: AI. It has become way more simple and fast to write code. I am also not aware of the plans/roadmap of TB. But with the new AI tools, it's even possible for no coders to start modifying some stuff. Ofc it's always better, if you have some basic coding knowledge, otherwise you might mess things up. Even if you aren't brave enough to use AI yourself: I would guess, that prices for a custom module will come down a lot. @datakick what is your experience with AI these days? I would say it has speed up my developing work about 3-5 times. It's hard to tell, but it's for sure huge. The first time I have the feeling, that my todo-list may become shorter 🫣

Wtf. If this statement is true... 😵 Probably they are afraid of lawsuit against them.

There are certainly various possibilities, but the law provides clear rules. Of course, this also applies to guest orders. How do we handle it if not all items are returned? Is this sufficient in this form, or does it comply with the law? The button must also be accessible to customers who no longer have a confirmation email, who can't log in, etc. Thus, they also can't access the guest tracking information. And I don't think a cloned contact form requires too much information. As already mentioned, name and order number are actually sufficient. @Yabber What solution do you actually use (shown in the picture)?

@DRMasterChief It won't be a "Cancel order" button, but a confusing contact form where the customer has to fill in dozens of pieces of information. This was certainly not the intention of the creators of this law. The customer clicks on the "Guest Tracking" link and sees a single "Cancel order" button, which changes the status of the order in the store to "Order canceled". And that's it.

Nice module idea — integrating WhatsApp chat can really help shops connect with customers quickly in real time. Just be sure to use a safe version like GB WhatsApp resmi or the official WhatsApp so chats are reliable and secur

Hello, thank you for your input. I have read several papers from lawyers and from the Chamber of Commerce. My concrete ideas are: we need to have a withdrawal button next to each order for the specified withdrawal period (by law or if extended by our policies) >> No, I don't want to make it that complicated, and there's no legal obligation to link it to the cancellation period. It's mandatory that the customer must be able to easily access the cancellation button anytime, anywhere (just like the legal notice). And it's important that they don't have to be logged in! It must be accessible to the customer even without logging in (e.g. for guest customers and if you have forgotten your password, it must be hold super simple for the customers). Of course, a customer could then press the button even after the cancellation period has expired, but the right of cancellation is quite clear about that, and once the time has passed, the cancellation is no longer effective (or, as a retailer, you can handle it however you like). However, I definitely want to avoid a very complicated implementation in the back office and don't want to automate any checks using back office data. The cancellation button must always be visible on the front end anyway. we should lead the customer to another page where they can confirm the request of withdrawal >> Yes, but easily accessible. I would therefore like to simply place the cancellation button in the footer, where information about shipping costs, legal notice, etc., is also found. The refund process does not need to be initiated simultaneously, nor does it need to be started digitally. This is generally covered by the right of withdrawal or the retailer's terms and conditions. we should send them email with the details of the withdrawal request >> Yes, a very simple confirmation that the cancellation has been received is sufficient. I believe that the retailer will then check it manually anyway. If you are a large retailer who has to process many returns a day, you will have a different, expensive solution programmed including payment management etc. We should have this solution simple and easy for smaller retailers. My specific idea is therefore to clone the contact form including the controller (with a new name). It already includes everything necessary: The subject selection function (customer service, etc.) should even be deleted. The heading should be renamed "Cancellation." The submit button must also be renamed, and a new email template should be created, which will then be automatically sent (by the cloned Controller) to the customer and the retailer. It is of course necessary to have a field for the customer's name and email address, as well as the order number if applicable. You might also want to include a field for the postal code to ensure consistency with the customer data and prevent misuse (however, this presents a legal hurdle). On this cancellation form, we can include a fixed text so that the customer automatically declares their cancellation. It may be helpful to add a free text field so that the customer can indicate if they are only cancelling part of the purchase. Just like with the contact form, you should probably include Turnstile (or another Captcha) to prevent the form from being misused by bots.

Hi @DRMasterChief, Can you describe what you want to achieve? I reviewed few online articles and the information I get is: we need to have a withdrawal button next to each order for the specified withdrawal period (by law or if extended by our policies) we should lead the customer to another page where they can confirm the request of withdrawal we should send them email with the details of the withdrawal request I think the best implementation would be in BO: In Preferences->Orders - a value in days to specify the withdrawal period and a switch to display or hide the withdrawal button in FO-> order history In FO: In My Account-> Order history right after the current buttons we place new column with the withdrawal button, after that we take the customer to a confirmation page and after confirmation we send out a withdrawal confirmation email. After the request is recieved it gets little bit messy. Probably we will have to track those requests in separate BO controller and process them there. Or we simply receive a message with the order ID and we apply appropriate actions depending on it's current status (we contact the customer to return the products, cancel the order if not shipped, refund money, etc.). But then what happens with their personal data? Should we also obfuscate it as part of the process? Sources: https://www.heuking.de/en/news-events/newsletter-articles/detail/new-cancellation-button-what-companies-must-implement-by-june-19-2026.html https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L_202302673

Hi everyone, Has no one really looked into this yet? It's coming into effect across the EU in June. I can't believe no one has started working on a solution yet. I think a paid module for this is overkill, especially since you can easily put together your own solution. Or perhaps offering a small paid module / code solution would be a good option for ThirtyBees, considering future financing, etc. @Acer Here's my post in the German forum, where I'm already working on a solution: Widerrufsbutton - Deutsches Forum - Generelle Fragen - thirty bees forum

Here is a description of the attack vector: https://www.prestashop.com/forums/topic/1105466-recent-prestashop-securtity-alert/?do=findComment&comment=3543558 Conclusion: Prestashop Addons Marketplace is a dangerous store where you should not provide any login details for your store. If you have provided your login details for your store on Prestashop Addons Marketplace, you should change them immediately.

Hi @nicponim We've added your site. Nicely done, thank you 👍 https://thirtybees.com/powered-by-thirty-bees/shops-using-thirty-bees/

To clarify, we do have full time employees. Some of us are volunteers that are working on TB part-time. The point is that we require additional support to have more full time employees to make TB better and deliver additional features faster.

TB should invite more to their project, over time workload increases. There are volunteers here.

I wonder how our paying shop customers would react to the excuse of: Hey, I work part-time on this shop and I am alone. Sorry for all that didn't go well. I don't think that's the right attitude. And I want you to succeed. I'm not being critical to be mean.

Was funktioniert mit dem Silberseiten modul nicht?

Was Shoprunners betrifft, kann ich empfehlen, dort einfach ein ticket zu eröffnen oder gar durchzurufen.

I am grateful to hear that you are working on the most important additional functions merchants need in my opinion, like Mollie, PayPal etc. But there again is the promise, "somewhere in the future". If we do a search on Mollie alone in this forum we might find hits about this promise that go back from the Corona time. Me, as a wanna be merchant, I can't plan with promises vague like that. I need to know if I can use this until e.g. Black Friday or what ever. I have to plan ahead, like you, and I have to rely on basic functions. Roadmaps with specific timelines have become extremely important on the internet and the times we live in.

Ich wechsele das Shop-System und wohl vor dem Stichtag. Daher vorerst keine Beiträge von mir. Sorry!

Good work! Sharing is caring! 🙂

Hi everyone! For the last few years I’ve been using JoliSearch module v4.3.28. It’s been a staple in my store, but as my catalog grew to over 10k products, I felt it was time for something faster and more precise, especially for technical search terms. I’m not a hardcore developer, but I’m passionate about making my store run better. 😊 Why replace JoliSearch? JoliSearch has several limitations today: It is no longer actively maintained. Search relevance is difficult to fine-tune. Loose matching often returns hundreds of results. The first visible results are not always the most relevant. Users may leave the store because they cannot quickly find what they are looking for. In my case, searching for a popular product type returned over 500-800 products, many only partially matching the intent. That creates noise instead of helping the customer. For technical stores (industrial hardware, connectors, cables, IPC systems, etc.), this becomes a serious UX and conversion issue. Why Meilisearch? Meilisearch is a modern, open-source search engine designed specifically for high-performance, real-time search experiences. https://github.com/meilisearch/meilisearch Key characteristics: Index stored in RAM --> extremely fast response times (often 1–5 ms). Built-in typo tolerance and smart ranking. Simple and clean REST API. Lightweight and easy to self-host (currently running on same VPS as my store). Much easier to tune than older search modules. Native support includes: Synonyms Custom ranking rules Faceted search Filtering Typo tolerance controls Vector search (embeddings support) Automatic typo handling Meilisearch automatically handles common input problems: Minor spelling mistakes Missing hyphens (e.g. “usbc” vs “usb-c”) Word order variations At the same time, it allows strict control for technical catalogs: Disable typo tolerance for SKU/reference fields Limit the number of allowed typos depending on word length Keep technical codes exact (e.g. 81271, CA-SASA-12CU) This is extremely important in stores with many product references and model numbers. Dynamic suggestions & smart autocomplete The module already includes a live search endpoint and basic fast autocomplete. Further improvements (some already implemented, others in progress) include: Real-time product suggestions with image, price, manufacturer, and reference Intelligent grouping (products, categories, manufacturers, feature values) Query preprocessing for better intent detection Smart result limiting to avoid overwhelming users Even in its current state, this approach can significantly reduce search exit rates compared to classic result pages. AI integration – OpenAI embeddings & hybrid search One of the most exciting aspects is semantic search. Meilisearch supports vector search, which allows: Storing product embeddings Performing similarity-based queries Combining keyword search + semantic similarity (hybrid search) Using the OpenAI Embeddings API (or local embedding models), we can: Generate embeddings from: product name, technical parameters, categories, descriptions Store them in Meilisearch Enable natural language queries This enables: “Cable for powering laptop via USB-C 100W” “Splitter for two devices” “Industrial ethernet connector” The goal is not to replace keyword search, but to enhance it. Current status of my module After short initial testing, the results are very promising. Already implemented: Custom index (products_pl, products_eng) Batch reindexing (500 products per batch) Live progress bar in BO Live search endpoint Synonyms editor (graphical table UI) Automatic JSON generation for Meilisearch settings Query preprocessing for better intent detection Matching strategy control (strict vs fallback) Monitoring estimated result counts (to avoid result explosion) The improvement in relevance compared to JoliSearch is clearly visible, especially in edge cases e.g. “Y-type cables”, where search behavior can now be precisely controlled. The target is a search interface that behaves more like a modern SaaS-powered discovery engine rather than a traditional e-commerce search box — fast, relevant, visually structured, and intuitive for users (as shown in attached screenshot) Has anyone experimented with Meilisearch in ThirtyBees yet?

with a busy store that's quite hard to do, though. We have an installation with average of 1M daily requests, that's hard to comb though manually. You can install some software to detect anomalies, but that's it. When you find an infection on your store, you know from the file modification date when it happen (unless the script changed it, but in my experience they rarely do), so that can help a lot. You just need to detect it and still have access logs

And check every day.

Yes, if this code exists in your tpl files, it means your store is already infected. But the fact that it isn't present doesn't mean your store is not vulnerable to this attack. We don't know about any vulnerability in the core that would allow attacker to modify/write to tpl files. We regularly check CVE database for prestashop vulnerabilities, and look for those that are relevant to ps16 codebase (so they are relevant to us, most likely). Again, that doesn't mean that they don't exists, we just don't know about any at the moment. But there were some that we have fixed in the past - running very old thirty bees versions is not encouraged. Most of the time the culprits are third party modules, usually those that allow uploading files (images usually) and do not properly sanitise inputs. That may allow attacker to upload php files instead of image, and then they have complete access to your entire store. Thankfully, you can use core updater module to check if any of the core files have been modified. If your store is infected, you will see it there as well. If your store is infected, it's not enough to just remove the infection. You need to find out the back door that was used to install the infection. That can be quite hard. Your server access logs can help a lot, so keep a few months of them if you can.

They do outline the script code to look for. I just searched my website via f12 and then looked through the website code via MS Code and didn't find this expression anywhere, so I assume that I am not affected. " <script>(function(){var x=new XMLHttpRequest;x.open('GET',atob"