Leaderboard

Yes, if this code exists in your tpl files, it means your store is already infected. But the fact that it isn't present doesn't mean your store is not vulnerable to this attack. We don't know about any vulnerability in the core that would allow attacker to modify/write to tpl files. We regularly check CVE database for prestashop vulnerabilities, and look for those that are relevant to ps16 codebase (so they are relevant to us, most likely). Again, that doesn't mean that they don't exists, we just don't know about any at the moment. But there were some that we have fixed in the past - running very old thirty bees versions is not encouraged. Most of the time the culprits are third party modules, usually those that allow uploading files (images usually) and do not properly sanitise inputs. That may allow attacker to upload php files instead of image, and then they have complete access to your entire store. Thankfully, you can use core updater module to check if any of the core files have been modified. If your store is infected, you will see it there as well. If your store is infected, it's not enough to just remove the infection. You need to find out the back door that was used to install the infection. That can be quite hard. Your server access logs can help a lot, so keep a few months of them if you can.

Hi Vincent Thank you for your post and for your support. We are aware of the issues of communication, lack of a clear roadmap, the improvements to the premium modules etc. We will have a discussion with the team and will be posting about our roadmap in the future. For now however, I can reveal that we have been working on updating Mollie as well as PayPal. However, with limited resources, this has proven to take longer than expected. But we're getting there and there will be a release with those modules in the future. Also, I will discuss the outdated shipping modules with the team to formulate an action plan. Regards

I'm a paying member. A In my opinion there are several 'problems' with TB: 1) Some basic modules such as a payment module (mollie) or shipping modules (myparcel, send cloud) are outdated. The modules or not updated for TB/PS 1.6 2) Lack of communication about the roadmap of TB (what can we expect in the near future from TB). "The team is working on a surprise. When they are ready, it will be revealed. 🙂" Investors don't like surprises and uncertainty. I think the same applies to (potential) users of TB. For now TB still works for me but I think in the future I'm forced to with to another platform. Not because I wan't to, but because basic functions as mentioned above, don't work anymore. The 'membership' modules are nice to have, but are useless without good basic modules. We will see what the future brings

It's a very interesting discussion here. I can understand both positions. It's really a chicken-egg game. But imo there is a huge game changer: AI. It has become way more simple and fast to write code. I am also not aware of the plans/roadmap of TB. But with the new AI tools, it's even possible for no coders to start modifying some stuff. Ofc it's always better, if you have some basic coding knowledge, otherwise you might mess things up. Even if you aren't brave enough to use AI yourself: I would guess, that prices for a custom module will come down a lot. @datakick what is your experience with AI these days? I would say it has speed up my developing work about 3-5 times. It's hard to tell, but it's for sure huge. The first time I have the feeling, that my todo-list may become shorter 🫣

A connector to a newsletter service, a modified connector to LexOffice to send Amazon invoices to LexOffice, and a connector to the ShopVote API. But these are already for PS 8.2.

@vincentdenkspelI said not just ... not just not. :) I have also created some modules that work. It's amazing!

I also created other modules. I use a dutch version of 'trustpilot' (keurmerk.info) The module I created with ai is twofold: 1) after the status of on order becomes 'delivered' the module will send a 'message' to keurmerk.info. Keurmerk.info will than send a review request to the customer. I the module I can set how much days after status 'delivered' the info is send to keurmerk.info. 2) the second part of the module is that I will display the last 5 reviews on my site in a slider. The third module I have created is a bulk-list-picker. With this module I select orders and the module will create a list of the stock locations of the ordered product. I can select 'per order' or 'bulk' This module has a bug in it, but I hope to sort this out very soon. consolidated_picking_list_20260223_123059.pdf

I will. It is only on a test site. What I did: I uploaded the all Thirtybees 1.6.0 files in AI and had it analyse all the files. Based on the analysis I made AI create a 'Thirtybees module development guide' Whit this guide and my input I had ai create the module.

Here is a description of the attack vector: https://www.prestashop.com/forums/topic/1105466-recent-prestashop-securtity-alert/?do=findComment&comment=3543558 Conclusion: Prestashop Addons Marketplace is a dangerous store where you should not provide any login details for your store. If you have provided your login details for your store on Prestashop Addons Marketplace, you should change them immediately.

Hi everyone! For the last few years I’ve been using JoliSearch module v4.3.28. It’s been a staple in my store, but as my catalog grew to over 10k products, I felt it was time for something faster and more precise, especially for technical search terms. I’m not a hardcore developer, but I’m passionate about making my store run better. 😊 Why replace JoliSearch? JoliSearch has several limitations today: It is no longer actively maintained. Search relevance is difficult to fine-tune. Loose matching often returns hundreds of results. The first visible results are not always the most relevant. Users may leave the store because they cannot quickly find what they are looking for. In my case, searching for a popular product type returned over 500-800 products, many only partially matching the intent. That creates noise instead of helping the customer. For technical stores (industrial hardware, connectors, cables, IPC systems, etc.), this becomes a serious UX and conversion issue. Why Meilisearch? Meilisearch is a modern, open-source search engine designed specifically for high-performance, real-time search experiences. https://github.com/meilisearch/meilisearch Key characteristics: Index stored in RAM --> extremely fast response times (often 1–5 ms). Built-in typo tolerance and smart ranking. Simple and clean REST API. Lightweight and easy to self-host (currently running on same VPS as my store). Much easier to tune than older search modules. Native support includes: Synonyms Custom ranking rules Faceted search Filtering Typo tolerance controls Vector search (embeddings support) Automatic typo handling Meilisearch automatically handles common input problems: Minor spelling mistakes Missing hyphens (e.g. “usbc” vs “usb-c”) Word order variations At the same time, it allows strict control for technical catalogs: Disable typo tolerance for SKU/reference fields Limit the number of allowed typos depending on word length Keep technical codes exact (e.g. 81271, CA-SASA-12CU) This is extremely important in stores with many product references and model numbers. Dynamic suggestions & smart autocomplete The module already includes a live search endpoint and basic fast autocomplete. Further improvements (some already implemented, others in progress) include: Real-time product suggestions with image, price, manufacturer, and reference Intelligent grouping (products, categories, manufacturers, feature values) Query preprocessing for better intent detection Smart result limiting to avoid overwhelming users Even in its current state, this approach can significantly reduce search exit rates compared to classic result pages. AI integration – OpenAI embeddings & hybrid search One of the most exciting aspects is semantic search. Meilisearch supports vector search, which allows: Storing product embeddings Performing similarity-based queries Combining keyword search + semantic similarity (hybrid search) Using the OpenAI Embeddings API (or local embedding models), we can: Generate embeddings from: product name, technical parameters, categories, descriptions Store them in Meilisearch Enable natural language queries This enables: “Cable for powering laptop via USB-C 100W” “Splitter for two devices” “Industrial ethernet connector” The goal is not to replace keyword search, but to enhance it. Current status of my module After short initial testing, the results are very promising. Already implemented: Custom index (products_pl, products_eng) Batch reindexing (500 products per batch) Live progress bar in BO Live search endpoint Synonyms editor (graphical table UI) Automatic JSON generation for Meilisearch settings Query preprocessing for better intent detection Matching strategy control (strict vs fallback) Monitoring estimated result counts (to avoid result explosion) The improvement in relevance compared to JoliSearch is clearly visible, especially in edge cases e.g. “Y-type cables”, where search behavior can now be precisely controlled. The target is a search interface that behaves more like a modern SaaS-powered discovery engine rather than a traditional e-commerce search box — fast, relevant, visually structured, and intuitive for users (as shown in attached screenshot) Has anyone experimented with Meilisearch in ThirtyBees yet?

I don't think that's necessary. I think, for starters, you should improve your paid modules. There is a lot of good stuff coming out of premium modules.. but they are: - Undocumented - real pain... I don't really know what they do... - Not UI/UX friendly - some are pain to manage So basically... idea of those modules, and functions are cool. However... Forgive me @Acer but if you can't get https://store.thirtybees.com/premium-modules straight... then you think you will be able to sell thirty bees? Look at this page, sorry to say.. .but from marketing view its not worth much... First of all... and most important... It's a hell to see how they work and if they worth it. There is a WALL.... Want to see how it looks? Support TB first. FAQ Snippets... more like basic docs than advertising description.... and where is banner saying? "Want it? You can have it for free if you support tb development" Bulletpoints... Same story... really nothing about module. Purchases... some won't even know its a re-stock inventory planner. Purchases sounds like customer purchasing.. Shortcodes... some more info... but how it looks? Dynamic lists... is a mystery to me couldn't get it to work All those software is made more for programmers than for users/merchants (Unlike thirtybees). You could really get those modules to profit you, just first put some effort. Because making TB paid without good marketing will cost you a lot. And heed my warning... there are a lot who will say "Look at thirty bees, Prestashop is newer, better and FREE, but TB became paid for useless script" You will pour oil into fire and it may burn you. Also... you can make a module marketplace, where you - for a fee like 10%? - allow people sell their modules. For module creator it's a fee based place to advertise... only one thing they need to do is make their module compatible with TB - and belive me, more modules compatible with TB = better future for TB. Don't go making TB paid, before you finish what you actually started with Premium modules, because IDEA is cool, Backoffice integration is cool... however visual and informational layer is at its lowest.

I miss possibility that if superior combination limiter is set then in lower impossible options are inactive. At the moment You can make all combinations and system gives to seller only message "This combination is not allowed" (or something similar).

For sure, I'm not the first to come up with this idea, and precisely because of what nickz said (code quality) I will never release any of those as a paid module. Saying that, if anybody wants to further develop/maintain some of those modules or a later version is worthy of becoming a thirty bees free community module, I'm more than happy to assist.

OK, let stick to topic here and I will split it later tonight.\ EDIT - better late than ever... Let's discuss community modules and core additions made with AI here. Vibe coders - unite! My entries: antifraud module - sits in BO Orders and displays account info (number of orders, account age), device info (ip, location (based on external database), device, osint tools (sometimes it's usefull to check the customer email, phone in google if some order smells fishy - if they are present - most probably the order is OK). Also - 'soft ban' function - If I want to ban some customers and not fulfill their orders I can ban the account, the module tries to search for similar later registrations and notify me if it detects similar fingerprints. Also global account note - if I want to say something for later orders in this account it can be saved here. control center - offers a dragNdrop dashboard for merchants that want to see the high-level information - order by status, order profit by period, other KPIs, template export/import, etc My vision is when I 'become big' I will have this in my office on an LCD on the wall and only drink my Caipirinhas while looking at the numbers.... 🙂 dual currency display for our EUR adoption - similar to Croatia we have to display prices in both currencies for a period - in FO and emails, not a complete solution but works. Dynamic llms.txt per shop - set up a dynamic llms.txt file per shop in multistore IndexNow Integration - update search providers that support it. thirty bees File Integrity - most recent and still unfinished - goes through each file on the root and tracks edits, deletions, or new files. Using SQLlite it gives a quick note on what is changed on the server in all folders - useful to find malicious files on the server if they are placed, let's say in img where they are extremely hard to find manually Dynamic Robots - serves a dynamic robots.txt file in a multistore environment. And of course many attempts on core changes - visible in github.

I use abacus.ai. Although I like it, it although it has some disadvantage: you buy credits, but do not know how much credit a 'instruction' will cost.

Such a leak of customer data could result in huge fines for Prestashop. This is probably why the previous owners sold Prestashop so quickly.

I am grateful to hear that you are working on the most important additional functions merchants need in my opinion, like Mollie, PayPal etc. But there again is the promise, "somewhere in the future". If we do a search on Mollie alone in this forum we might find hits about this promise that go back from the Corona time. Me, as a wanna be merchant, I can't plan with promises vague like that. I need to know if I can use this until e.g. Black Friday or what ever. I have to plan ahead, like you, and I have to rely on basic functions. Roadmaps with specific timelines have become extremely important on the internet and the times we live in.

They didn't disclose attack vector - we don't know how those shops were infected with this malware. Without that information we can't really say if thirty bees is affected or not.

Can agree.. back in old days, it was "Our monthly goal is to gather xxxx$. We currently have. xxxx$ for server". We don't know state of your treasury... is it good, has it improved. Any monthly commission reports? Sorry @Acer but if your only communication will be "We need you pay or we will make you pay" then you will not go far I believe. I realize amount of frustration tho. But don't led frustration lead you. Inform, make community, make everyone feel responsible. Monthly goal: 1000$ = 1 Full time developer Monthly goal: 2000$ = 2 Full time developer Monthly goal: 2500$ = 2 Full time developers and 1 part time developer. Other way around, in communication could be: We plan {list of features} for next release. If we get monthly xxxx $ we will make it in 6 months, otherwise update will be in 12 months as we lack human resources at the moment. If you make tb paid... you can, however I'm quite positive forks may appear. More or less successful.

No. It is not that simple. I supported for a long time. I wasn't even able to get a simple approximate answer on when the promised updated Mollie module would be made available. Often, I didn't get even get an answer to questions. This included questions about me wanting to make some privately developed modules public in the hope that they might attract users to thirtybees.

That's only example (and yes, you can use it): Abandoned Cart Reminder – Recover Lost Sales Automatically Every day, customers add products to their cart… and then leave. This module helps you win them back automatically. Abandoned Cart Reminder sends friendly, well-timed reminders to customers who didn’t finish their purchase, encouraging them to return to your store and complete the order. It works quietly in the background and helps you recover sales that would otherwise be lost. What this module does for your store 🛒 Recovers abandoned carts Automatically reminds customers about products they left behind. ⏰ Smart reminder timing Send up to 3 reminders at custom time intervals (for example: after 2 hours, 22 hours, and 48 hours). 🔄 Always up to date If a customer comes back and updates their cart, old reminders are reset so messages stay relevant and accurate. 🤝 Customer-friendly approach Gentle reminders instead of aggressive marketing — perfect for building trust and increasing conversions. 📈 Boosts conversion rate & revenue Turn abandoned carts into completed orders with minimal effort. Why merchants love it Fully automatic — no daily work required Works with all shops (multi-shop supported) Simple configuration Designed specifically for thirty bees Perfect for you if You want more completed orders without increasing ad spend You want to remind customers at the right moment You want a reliable, lightweight solution that just works

Habe mal einen kleinen, (hoffentlich möglichst sauberen) neuen Controller dafür erstellt, Cloudflare Turnstile ist integriert, damit das nicht von Bots überschwemmt wird. Datei ist angehängt. Bitte mal prüfen wer davon Ahnung hat und mitarbeiten 🙂 <?php class WiderrufbutController extends FrontController { public $php_self = 'widerrufbut'; public $ssl = true; public function postProcess() { if (Tools::isSubmit('submitwiderrufbut')) { // 1) Turnstile prüfen $turnstileResponse = Tools::getValue('cf-turnstile-response'); if (!$turnstileResponse) { $this->errors[] = $this->trans('Bitte bestätigen Sie, dass Sie kein Roboter sind.'); return; } $secret = 'DEIN_SECRET_KEY'; $verify = file_get_contents('https://challenges.cloudflare.com/turnstile/v0/siteverify', false, stream_context_create([ 'http' => [ 'method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", 'content' => http_build_query([ 'secret' => $secret, 'response' => $turnstileResponse, 'remoteip' => Tools::getRemoteAddr(), ]), ], ])); $result = json_decode($verify, true); if (empty($result['success'])) { $this->errors[] = $this->trans('Die Turnstile‑Prüfung ist fehlgeschlagen. Bitte erneut versuchen.'); return; } // 2) Formularfelder $from = Tools::getValue('from'); $order_reference = Tools::getValue('order_reference'); $message = Tools::getValue('message'); // 3) Validierung if (!Validate::isEmail($from)) { $this->errors[] = $this->trans('Bitte geben Sie eine gültige E-Mail-Adresse ein.'); return; } if (empty($message)) { $this->errors[] = $this->trans('Bitte geben Sie einen Widerrufstext ein.'); return; } // 4) Mailvariablen $mailVars = [ '{email}' => $from, '{order_reference}' => $order_reference, '{message}' => nl2br($message), ]; // 5) Mail an den Kundendienst Mail::Send( (int)$this->context->language->id, 'widerruf_admin', $this->trans('Neuer Widerruf'), $mailVars, Configuration::get('PS_SHOP_EMAIL'), null, $from ); // 6) Bestätigung an den Kunden Mail::Send( (int)$this->context->language->id, 'widerruf_customer', $this->trans('Ihr Widerruf wurde übermittelt'), $mailVars, $from, null, Configuration::get('PS_SHOP_EMAIL') ); // 7) Erfolg anzeigen $this->context->smarty->assign('confirmation', true); } } public function initContent() { parent::initContent(); $this->setTemplate(_PS_THEME_DIR_.'widerrufbut.tpl'); } } WiderrufbutController.php

Hi everyone My shop is https://sklep.metalpro.pl/

Ich wechsele das Shop-System und wohl vor dem Stichtag. Daher vorerst keine Beiträge von mir. Sorry!