Leaderboard

Yes, if this code exists in your tpl files, it means your store is already infected. But the fact that it isn't present doesn't mean your store is not vulnerable to this attack. We don't know about any vulnerability in the core that would allow attacker to modify/write to tpl files. We regularly check CVE database for prestashop vulnerabilities, and look for those that are relevant to ps16 codebase (so they are relevant to us, most likely). Again, that doesn't mean that they don't exists, we just don't know about any at the moment. But there were some that we have fixed in the past - running very old thirty bees versions is not encouraged. Most of the time the culprits are third party modules, usually those that allow uploading files (images usually) and do not properly sanitise inputs. That may allow attacker to upload php files instead of image, and then they have complete access to your entire store. Thankfully, you can use core updater module to check if any of the core files have been modified. If your store is infected, you will see it there as well. If your store is infected, it's not enough to just remove the infection. You need to find out the back door that was used to install the infection. That can be quite hard. Your server access logs can help a lot, so keep a few months of them if you can.

Hi Vincent Thank you for your post and for your support. We are aware of the issues of communication, lack of a clear roadmap, the improvements to the premium modules etc. We will have a discussion with the team and will be posting about our roadmap in the future. For now however, I can reveal that we have been working on updating Mollie as well as PayPal. However, with limited resources, this has proven to take longer than expected. But we're getting there and there will be a release with those modules in the future. Also, I will discuss the outdated shipping modules with the team to formulate an action plan. Regards

I'm a paying member. A In my opinion there are several 'problems' with TB: 1) Some basic modules such as a payment module (mollie) or shipping modules (myparcel, send cloud) are outdated. The modules or not updated for TB/PS 1.6 2) Lack of communication about the roadmap of TB (what can we expect in the near future from TB). "The team is working on a surprise. When they are ready, it will be revealed. 🙂" Investors don't like surprises and uncertainty. I think the same applies to (potential) users of TB. For now TB still works for me but I think in the future I'm forced to with to another platform. Not because I wan't to, but because basic functions as mentioned above, don't work anymore. The 'membership' modules are nice to have, but are useless without good basic modules. We will see what the future brings

@vincentdenkspelI said not just ... not just not. :) I have also created some modules that work. It's amazing!

I also created other modules. I use a dutch version of 'trustpilot' (keurmerk.info) The module I created with ai is twofold: 1) after the status of on order becomes 'delivered' the module will send a 'message' to keurmerk.info. Keurmerk.info will than send a review request to the customer. I the module I can set how much days after status 'delivered' the info is send to keurmerk.info. 2) the second part of the module is that I will display the last 5 reviews on my site in a slider. The third module I have created is a bulk-list-picker. With this module I select orders and the module will create a list of the stock locations of the ordered product. I can select 'per order' or 'bulk' This module has a bug in it, but I hope to sort this out very soon. consolidated_picking_list_20260223_123059.pdf

I will. It is only on a test site. What I did: I uploaded the all Thirtybees 1.6.0 files in AI and had it analyse all the files. Based on the analysis I made AI create a 'Thirtybees module development guide' Whit this guide and my input I had ai create the module.

It's a very interesting discussion here. I can understand both positions. It's really a chicken-egg game. But imo there is a huge game changer: AI. It has become way more simple and fast to write code. I am also not aware of the plans/roadmap of TB. But with the new AI tools, it's even possible for no coders to start modifying some stuff. Ofc it's always better, if you have some basic coding knowledge, otherwise you might mess things up. Even if you aren't brave enough to use AI yourself: I would guess, that prices for a custom module will come down a lot. @datakick what is your experience with AI these days? I would say it has speed up my developing work about 3-5 times. It's hard to tell, but it's for sure huge. The first time I have the feeling, that my todo-list may become shorter 🫣

Here is a description of the attack vector: https://www.prestashop.com/forums/topic/1105466-recent-prestashop-securtity-alert/?do=findComment&comment=3543558 Conclusion: Prestashop Addons Marketplace is a dangerous store where you should not provide any login details for your store. If you have provided your login details for your store on Prestashop Addons Marketplace, you should change them immediately.

Hi everyone! For the last few years I’ve been using JoliSearch module v4.3.28. It’s been a staple in my store, but as my catalog grew to over 10k products, I felt it was time for something faster and more precise, especially for technical search terms. I’m not a hardcore developer, but I’m passionate about making my store run better. 😊 Why replace JoliSearch? JoliSearch has several limitations today: It is no longer actively maintained. Search relevance is difficult to fine-tune. Loose matching often returns hundreds of results. The first visible results are not always the most relevant. Users may leave the store because they cannot quickly find what they are looking for. In my case, searching for a popular product type returned over 500-800 products, many only partially matching the intent. That creates noise instead of helping the customer. For technical stores (industrial hardware, connectors, cables, IPC systems, etc.), this becomes a serious UX and conversion issue. Why Meilisearch? Meilisearch is a modern, open-source search engine designed specifically for high-performance, real-time search experiences. https://github.com/meilisearch/meilisearch Key characteristics: Index stored in RAM --> extremely fast response times (often 1–5 ms). Built-in typo tolerance and smart ranking. Simple and clean REST API. Lightweight and easy to self-host (currently running on same VPS as my store). Much easier to tune than older search modules. Native support includes: Synonyms Custom ranking rules Faceted search Filtering Typo tolerance controls Vector search (embeddings support) Automatic typo handling Meilisearch automatically handles common input problems: Minor spelling mistakes Missing hyphens (e.g. “usbc” vs “usb-c”) Word order variations At the same time, it allows strict control for technical catalogs: Disable typo tolerance for SKU/reference fields Limit the number of allowed typos depending on word length Keep technical codes exact (e.g. 81271, CA-SASA-12CU) This is extremely important in stores with many product references and model numbers. Dynamic suggestions & smart autocomplete The module already includes a live search endpoint and basic fast autocomplete. Further improvements (some already implemented, others in progress) include: Real-time product suggestions with image, price, manufacturer, and reference Intelligent grouping (products, categories, manufacturers, feature values) Query preprocessing for better intent detection Smart result limiting to avoid overwhelming users Even in its current state, this approach can significantly reduce search exit rates compared to classic result pages. AI integration – OpenAI embeddings & hybrid search One of the most exciting aspects is semantic search. Meilisearch supports vector search, which allows: Storing product embeddings Performing similarity-based queries Combining keyword search + semantic similarity (hybrid search) Using the OpenAI Embeddings API (or local embedding models), we can: Generate embeddings from: product name, technical parameters, categories, descriptions Store them in Meilisearch Enable natural language queries This enables: “Cable for powering laptop via USB-C 100W” “Splitter for two devices” “Industrial ethernet connector” The goal is not to replace keyword search, but to enhance it. Current status of my module After short initial testing, the results are very promising. Already implemented: Custom index (products_pl, products_eng) Batch reindexing (500 products per batch) Live progress bar in BO Live search endpoint Synonyms editor (graphical table UI) Automatic JSON generation for Meilisearch settings Query preprocessing for better intent detection Matching strategy control (strict vs fallback) Monitoring estimated result counts (to avoid result explosion) The improvement in relevance compared to JoliSearch is clearly visible, especially in edge cases e.g. “Y-type cables”, where search behavior can now be precisely controlled. The target is a search interface that behaves more like a modern SaaS-powered discovery engine rather than a traditional e-commerce search box — fast, relevant, visually structured, and intuitive for users (as shown in attached screenshot) Has anyone experimented with Meilisearch in ThirtyBees yet?

I don't think that's necessary. I think, for starters, you should improve your paid modules. There is a lot of good stuff coming out of premium modules.. but they are: - Undocumented - real pain... I don't really know what they do... - Not UI/UX friendly - some are pain to manage So basically... idea of those modules, and functions are cool. However... Forgive me @Acer but if you can't get https://store.thirtybees.com/premium-modules straight... then you think you will be able to sell thirty bees? Look at this page, sorry to say.. .but from marketing view its not worth much... First of all... and most important... It's a hell to see how they work and if they worth it. There is a WALL.... Want to see how it looks? Support TB first. FAQ Snippets... more like basic docs than advertising description.... and where is banner saying? "Want it? You can have it for free if you support tb development" Bulletpoints... Same story... really nothing about module. Purchases... some won't even know its a re-stock inventory planner. Purchases sounds like customer purchasing.. Shortcodes... some more info... but how it looks? Dynamic lists... is a mystery to me couldn't get it to work All those software is made more for programmers than for users/merchants (Unlike thirtybees). You could really get those modules to profit you, just first put some effort. Because making TB paid without good marketing will cost you a lot. And heed my warning... there are a lot who will say "Look at thirty bees, Prestashop is newer, better and FREE, but TB became paid for useless script" You will pour oil into fire and it may burn you. Also... you can make a module marketplace, where you - for a fee like 10%? - allow people sell their modules. For module creator it's a fee based place to advertise... only one thing they need to do is make their module compatible with TB - and belive me, more modules compatible with TB = better future for TB. Don't go making TB paid, before you finish what you actually started with Premium modules, because IDEA is cool, Backoffice integration is cool... however visual and informational layer is at its lowest.

Cyber_Folks is owned by H88, a company that has been acquiring smaller hosting companies in Poland for many years. After each such acquisition, the prices of all services are raised by an average of 300%. Also, after this acquisition, Prestashop will be the most expensive SaaS in the world.

I use abacus.ai. Although I like it, it although it has some disadvantage: you buy credits, but do not know how much credit a 'instruction' will cost.

Such a leak of customer data could result in huge fines for Prestashop. This is probably why the previous owners sold Prestashop so quickly.

I am grateful to hear that you are working on the most important additional functions merchants need in my opinion, like Mollie, PayPal etc. But there again is the promise, "somewhere in the future". If we do a search on Mollie alone in this forum we might find hits about this promise that go back from the Corona time. Me, as a wanna be merchant, I can't plan with promises vague like that. I need to know if I can use this until e.g. Black Friday or what ever. I have to plan ahead, like you, and I have to rely on basic functions. Roadmaps with specific timelines have become extremely important on the internet and the times we live in.

They didn't disclose attack vector - we don't know how those shops were infected with this malware. Without that information we can't really say if thirty bees is affected or not.

Can agree.. back in old days, it was "Our monthly goal is to gather xxxx$. We currently have. xxxx$ for server". We don't know state of your treasury... is it good, has it improved. Any monthly commission reports? Sorry @Acer but if your only communication will be "We need you pay or we will make you pay" then you will not go far I believe. I realize amount of frustration tho. But don't led frustration lead you. Inform, make community, make everyone feel responsible. Monthly goal: 1000$ = 1 Full time developer Monthly goal: 2000$ = 2 Full time developer Monthly goal: 2500$ = 2 Full time developers and 1 part time developer. Other way around, in communication could be: We plan {list of features} for next release. If we get monthly xxxx $ we will make it in 6 months, otherwise update will be in 12 months as we lack human resources at the moment. If you make tb paid... you can, however I'm quite positive forks may appear. More or less successful.

No. It is not that simple. I supported for a long time. I wasn't even able to get a simple approximate answer on when the promised updated Mollie module would be made available. Often, I didn't get even get an answer to questions. This included questions about me wanting to make some privately developed modules public in the hope that they might attract users to thirtybees.

That's only example (and yes, you can use it): Abandoned Cart Reminder – Recover Lost Sales Automatically Every day, customers add products to their cart… and then leave. This module helps you win them back automatically. Abandoned Cart Reminder sends friendly, well-timed reminders to customers who didn’t finish their purchase, encouraging them to return to your store and complete the order. It works quietly in the background and helps you recover sales that would otherwise be lost. What this module does for your store 🛒 Recovers abandoned carts Automatically reminds customers about products they left behind. ⏰ Smart reminder timing Send up to 3 reminders at custom time intervals (for example: after 2 hours, 22 hours, and 48 hours). 🔄 Always up to date If a customer comes back and updates their cart, old reminders are reset so messages stay relevant and accurate. 🤝 Customer-friendly approach Gentle reminders instead of aggressive marketing — perfect for building trust and increasing conversions. 📈 Boosts conversion rate & revenue Turn abandoned carts into completed orders with minimal effort. Why merchants love it Fully automatic — no daily work required Works with all shops (multi-shop supported) Simple configuration Designed specifically for thirty bees Perfect for you if You want more completed orders without increasing ad spend You want to remind customers at the right moment You want a reliable, lightweight solution that just works

Hi there Thank you for your post, and welcome to ThirtyBees. We literally have thousands of stores running, so you're not alone. TB remains one of the best and top eCommerce platforms out there. It's stable, it's fast and it's awesome. It's the best PS that PS could've been - and better! So it may still be a good choice for you. About your comment about TB going the same route as PrestaShop. The reason PS went down this slow and painful dead-end is due to corporate greed and dark-side behavior; where they would literally take what was free before and lock it behind a paywall; not to mention not giving a sh*t about their client base and what was good for PS and going symphony route. Which hurt them badly. Many of these reasons are why TB exists in the first place. And it's for that reason that we are unlikely to go down that specific path and "fail like PS did". However; our very nature (being good, doing it for the community, hoping for the best) may be our undoing. And we may fail anyway. As simply closing our eyes, crossing our fingers, and hoping that people who love the software will signup for memberships or make a donation - to make TB better, get more developers, make more themes, do more marketing to pull in more customers etc. Wishful thinking on our part? Maybe you're right. Maybe we should start charging entry. Maybe people would stop being indifferent then. And if people feel strongly about what I just said, even if it made them upset, then well, they know what to do:

Well, the current model where the software is provided for free (ThirtyBees), is also not so great for ThirtyBees. Will be interesting to see if there is a silver bullet technique for free software that is supported by the community. Imo, it would help if everyone that is a long term user of ThirtyBees sees the merit of what we've done and donate or signup as a member - if only for the purpose of supporting development, server cost and keeping the lights on. If everyone does it, we can do more themes, modules, bug fixes and get more than one developer - and still keep the software free without losing the plot and going PS and even Magento routes. Which we all know how that landed up...

As Yabber said. They consolidated many hosting companies over years, shut them down and moved everyone under Cyber_folks brand. Prices rose, and quality dropped (not for all, depends on needs). However available server resources were restricted. Many say that its worse. I know many people who ran away after that (including myself). It will be no different here I think. Knowing Cyber_folks, they didn't acquire it for no reason. Monetization process will surely continue, one way or other I belive. I think this project might end up like many other open source projects. Open source development will slow or even stop, and new features will be available only when you will host on their servers. Where they will have good optimizations. So PS will work as it worked till now, and alternative version may be developed for those who use their infrastructure. However, maybe they will come up with another monetization method. Who knows... I have bad feelings about it. What I can tell for sure, they all are Symfony worshippers and everything will be more and more based on symfony. Sylius (one of companies invloved in purchase) is creating headless commerce platform based on Symfony. So Symfony will surely be they way they go (I'm not a fan of symfony)

I have upgrade TB from 1.4 to 1.6 and works like a charm and it took me less than an hour! I am still on PHP 7.4.

Good for the previous owner - they squeezed whatever they can and sold a shell...

Hi, many thirty-bees/PrestaShop themes provide the variable `$cart` in the shopping cart template. Then, in the template, you can simply add: smarty {* show Cart ID *} div class="cart-id"> Cart ID: {$cart->id} </div> If it's not already available, you'll need to pass the Cart ID to Smarty via a controller. The correct controller for the shopping cart is `CartController` (controllers/front/CartController.php) (or for one-page checkout: `OrderController`, I think, you'll need to check that). If you have to retrieve it via a controller, I would create an override for it so that it persists after an update.

Hey, everyone, I'm checking this project and I'm very interested in it, but I wondering if it is still an active project. I've seen that there are a lot of pull requests and issues open. Also, the last release was a lot of time ago. I haven't seen much activity.

Habe mal einen kleinen, (hoffentlich möglichst sauberen) neuen Controller dafür erstellt, Cloudflare Turnstile ist integriert, damit das nicht von Bots überschwemmt wird. Datei ist angehängt. Bitte mal prüfen wer davon Ahnung hat und mitarbeiten 🙂 <?php class WiderrufbutController extends FrontController { public $php_self = 'widerrufbut'; public $ssl = true; public function postProcess() { if (Tools::isSubmit('submitwiderrufbut')) { // 1) Turnstile prüfen $turnstileResponse = Tools::getValue('cf-turnstile-response'); if (!$turnstileResponse) { $this->errors[] = $this->trans('Bitte bestätigen Sie, dass Sie kein Roboter sind.'); return; } $secret = 'DEIN_SECRET_KEY'; $verify = file_get_contents('https://challenges.cloudflare.com/turnstile/v0/siteverify', false, stream_context_create([ 'http' => [ 'method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded\r\n", 'content' => http_build_query([ 'secret' => $secret, 'response' => $turnstileResponse, 'remoteip' => Tools::getRemoteAddr(), ]), ], ])); $result = json_decode($verify, true); if (empty($result['success'])) { $this->errors[] = $this->trans('Die Turnstile‑Prüfung ist fehlgeschlagen. Bitte erneut versuchen.'); return; } // 2) Formularfelder $from = Tools::getValue('from'); $order_reference = Tools::getValue('order_reference'); $message = Tools::getValue('message'); // 3) Validierung if (!Validate::isEmail($from)) { $this->errors[] = $this->trans('Bitte geben Sie eine gültige E-Mail-Adresse ein.'); return; } if (empty($message)) { $this->errors[] = $this->trans('Bitte geben Sie einen Widerrufstext ein.'); return; } // 4) Mailvariablen $mailVars = [ '{email}' => $from, '{order_reference}' => $order_reference, '{message}' => nl2br($message), ]; // 5) Mail an den Kundendienst Mail::Send( (int)$this->context->language->id, 'widerruf_admin', $this->trans('Neuer Widerruf'), $mailVars, Configuration::get('PS_SHOP_EMAIL'), null, $from ); // 6) Bestätigung an den Kunden Mail::Send( (int)$this->context->language->id, 'widerruf_customer', $this->trans('Ihr Widerruf wurde übermittelt'), $mailVars, $from, null, Configuration::get('PS_SHOP_EMAIL') ); // 7) Erfolg anzeigen $this->context->smarty->assign('confirmation', true); } } public function initContent() { parent::initContent(); $this->setTemplate(_PS_THEME_DIR_.'widerrufbut.tpl'); } } WiderrufbutController.php

Hi everyone My shop is https://sklep.metalpro.pl/

Ich wechsele das Shop-System und wohl vor dem Stichtag. Daher vorerst keine Beiträge von mir. Sorry!