Osclass forums

Support forums => General help => Topic started by: Aficionado on February 20, 2018, 10:22:05 am

Title: GDPR Compliance and Osclass script
Post by: Aficionado on February 20, 2018, 10:22:05 am
May I ask what steps Osclass team has taken with regard to GDPR Compliance which come into effect on the 28th of May 2018?

About the plugins, Osclass's or 3rd party ?


Thanks
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 04:16:58 pm
Some very interesting reading:

https://www.cennydd.com/writing/a-techies-rough-guide-to-gdpr

and still waiting for some information on my original question .....
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on February 21, 2018, 05:12:20 pm
Hi Aficionado. I got it wrong by concluding that if the website doesn't use cockies it doesn't need any mods?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:14:32 pm
Hi Aficionado. I got it wrong by concluding that if the website doesn't use cockies it doesn't need any mods?

No you got it totally wrong. GDPR is a completely different thing.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:19:34 pm
To show you how BIG this (crap) is, there is even a lot of talk about using Google Analytics any more.

Go figure.

There is a lot of talk in all cms scripts, Wordpress, Umbraco to mention some i have read about it because i use them.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on February 21, 2018, 05:27:12 pm
I understand now.... regarding osclass... From what I understood here https://www.cennydd.com/writing/a-techies-rough-guide-to-gdpr
near the terms ans cconditions, should be another checkbox with this GDPR, that needs to be separate from terms and in which must be writen some reasons for manipulating personal data in osclass(name, email and phone-are there any other personal infos handled?)

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:33:25 pm
Yes, what you say is on the list.

Apart from Oscass script, it involves also your HOSTING company, just to mention just one.

This new thing is HUGE.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on February 21, 2018, 05:41:52 pm
so the solution is in 2 steps:
1. add checkbox near the terms checkbox in register and post add
2. add a new page with these GDPR compliance infos that for now I don't know what should contain.

Regarding the withdraw osclass has detele account option and delete item.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:44:41 pm
so the solution is in 2 steps:
1. add checkbox near the terms checkbox in register and post add


Does Osclass have such a terms display ? I think not.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on February 21, 2018, 05:46:11 pm
:) Plugin? I use core/theme mods so I have it. The publish/create buttons don't show up until the user checks the terms checkbox.

edit
or is it enough to put "i agree with GDPR terms and terms and conditions" on one checkbox?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:48:49 pm
:) Plugin? I use core/theme mods so I have it. The publish/create buttons don't show up until the user checks the terms checkbox.

Is that a Osclass plugin ? I can't find it. I found one but doesn;t work well.

Anyway that should be NOW included in the core, for new registrations.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:51:57 pm

or is it enough to put "i agree with GDPR terms and terms and conditions" on one checkbox?

I have no idea.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 05:54:38 pm
Also GDPR is actually for Osclass company themselves, OUR connection to the Market and this Forum also.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on February 21, 2018, 05:59:25 pm
Yes. For me the connection to the market is out of discussion:) But I gues all users must be prompted to accept those terms on all websites in the next period...

edit. there will be many popups from now on on the websites we vizit asking for permissions.
Title: Re: GDPR Compliance and Osclass script
Post by: cartagena68 on February 21, 2018, 07:39:10 pm
Just a question, this is a European law, right?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on February 21, 2018, 07:51:47 pm
Just a question, this is a European law, right?

It is yes. For all business/sites that have offices in Europe and also for all business/sites that deal with people in Europe, no matter where their office actually is.

Now, some claim that for US based hosting and companies, this law is not applicable. Not sure if it is correct. There is plently of information about all that on the net.
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on February 22, 2018, 06:48:41 pm
Will this stand also on item inquiry form? Although it doesn't save any data when email is sent, some data is processed and if you use More edit plugin a get a copy of each inquiry, does this counts as storing the data then?  ???

Also, the cookie plugin Cookie Consent offers only "I understand" button for cookies, which are loaded regardless of you would want to accept them. By the new rules, none of the cookies will be automatically installed, if user does not click I accept. Not even analytics tracking, so expect some noticeable falls in visitor stats.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 03:07:03 pm
Hi. I saw that some export of all personal data is added to some of the websites to comply to GDPR.

My question is, if all data stored is available on the osclass installation pages and only the logs-activity data, pasword and IP isn't, is that module really necessary?
I mention that the logs are cleared once every 8 weeks automatically.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 27, 2018, 03:18:41 pm
Hi. I saw that some export of all personal data is added to some of the websites to comply to GDPR.

My question is, if all data stored is available on the osclass installation pages and only the logs-activity data, pasword and IP isn't, is that module really necessary?
I mention that the logs are cleared once every 8 weeks automatically.

I suggest you read in depth what really GDPR actually is, you can use Wordpress info for example (almost same with Osclass).

At Osclass we don't even have an New Signup acceptance page. Also all those questions SHOULD HAVE BEEN answered by Osclass team. EXTREMELY unprofessional from their side not to provide some information.

Also GDPR is also for what exactly is collected and stored in THEIR servers (Osclass market).

Personally i have told to 5 old customers of mine, that i used to manage their Osclass sites, that Osclass is NOT compliant with all that. As for mines, i trying to see what i will do since i have less than two months.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 03:26:16 pm
In my case all is a litle easier. I don't use plugins and I don't connect to the market (never did) so the list of info about the users is verry small and except the above mentioned infos, all of the info that my osclass stores can be viewed by the user in it's dashboard or on the website.
The right to be forgotten is there, the delete item or account.

So the only question remains about that export.

Regarding the checkbox with the GDPR near the terms and conditions I solved it by theme mods, that was the easy part. :))

The hard part is the legal stuff.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 03:31:21 pm
Anyway this forum must comply to GDPR as well so...
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 27, 2018, 03:35:12 pm
In my case all is a litle easier. I don't use plugins and I don't connect to the market (never did) so the list of info about the users is verry small and except the above mentioned infos, all of the info that my osclass stores can be viewed by the user in it's dashboard or on the website.


Connected to Osclass Market or NOT, doesn't matter, the data IS collected in either cases.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 03:48:22 pm
I know, but it's collected only by my website:
Look:

EDITED
GDPR

PERSONAL DATA PROTECTION POLICY

 

I. INFORMATION COLLECTED

1. Regarding the user

- name

- Email Address

- phone

- password

- user type (private or company)

- the country

- County

- locality

- neighborhood

- Address

- website

- description

- user name (username)

- IP address

- Account registration date

- change account changed

- last accessed

- user id

- number of ads

OBS.

          This information can be exported / copied / seen by entering the account management area (the password will not be exported because it is not kept in legible format).

 

- user actions (deleting, modifying or adding information):

    date,
    the section in which the action was taken (ad or user)
    action (deletion, modification or addition),
    the user ID or ad that is the purpose of the action,
    details about the ad or the user who is the purpose of the action (email or title)
    IP address of the author,
    author id.

 These actions are kept for 8 weeks, after which they are automatically deleted, and the user can not access, view, modify or delete them.

 

2. With regard to ads

- title

- description

- category

- price

- coin

- images

- County

- locality

- added time

- Date modified

- expiration date

 

II. USING COLLECTED INFORMATION

 The information collected is used for the good functioning of the bazaar.

They are NOT meant to be sold or disclosed to third parties, except for the competent bodies that may request such information under the legal conditions in force at the time of the request.

 

III. DELETE COLLECTED INFORMATION

 It is possible to delete your ads or account by entering the administration panel.

 

IV. SECURED INFORMATION COLLECTED

 The information collected is public and is displayed on the site's pages, except:

- IP address

- password

- user actions

- the email address - stating that when using the contact form, the sender's email address will be visible in the recipient's email, and the messages between the users are not stored or verified.

 

V. USER AGREEMENT ON COLLECTED PERSONAL INFORMATION

By using this site you agree to these terms and conditions.


EDIT

And if that export is really needed, it could be done in account page (/user/profile) to avoid sending sensitive data over email. In that way the user can collect his data via plain text, and copy it into a csv or text file.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 27, 2018, 03:56:15 pm
Also Contact forms must be compiant and Comments/Rating also.

Anyway not easy to know and handle all that.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 03:59:35 pm
It must be taken step by step. I wrote above the infos that my site collects. It's a start.
Now if many users cotribute to this, this should be not so hard.

edit
in user-profile.php there is a hook
<?php osc_run_hook('user_form', osc_user()); ?>

so a function in functions.php file of the theme should be easy to do...

EDIT

that function would be

Code: [Select]
<?php function mc_export_csv_info_user($user) {
unset(
$user['s_secret']);

foreach(
$user as $k => $v)
{ if(!
is_array($v))
    echo 
"<b>$k: </b>$v<br>";
    else
    {
        echo 
"<b>$k: </b>";
        
print_r($v);
    }
    
}

}
osc_add_hook('user_form''mc_export_csv_info_user');
?>
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 27, 2018, 08:54:46 pm
Anyway this forum must comply to GDPR as well so...

I ask for anybody to read this:

https://wptavern.com/why-gutenberg-and-why-now

You may think it is irrelevent to Osclass because it talks about Wordpress and Project Gutenberg (their new editor thing).

But if you read all the article, you will understand how it totally connects to Osclass also.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 27, 2018, 09:32:29 pm
Any good script doesn't have to die...the need for new and money makes the good scripts die....saddly.
Can you imagine how much money are involved in these GDPR terms... opencart has a plugin already, not 100% perfected, but it's not free:)

EDIT. I think i covered all of the aspects of GSPR for my oasclass with the above export.
Title: Re: GDPR Compliance and Osclass script
Post by: muratbora on March 28, 2018, 02:57:33 pm
I have checked major ads pages in UK, NL, DE, IT, ES, FR countries, I could not see something about GDPR on  register page or any other pages...
May be they will implement when it closes to law starting date.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 28, 2018, 03:30:36 pm
I have checked major ads pages in UK, NL, DE, IT, ES, FR countries, I could not see something about GDPR on  register page or any other pages...
May be they will implement when it closes to law starting date.

Me also i haven't see anything like that anywhere, but i DO know people that are preparing for it heavily. Especially BIG company sites with Ecommerce etc etc.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 31, 2018, 02:55:01 am
@marius-ciclistu

I had a long meeting and talk with IT people in my country running mainly Wordpress and we exchanged opionions and ideas.

It seems that nobody is ready and everybody is NOW starting to understand what it means all that and taking steps. Also it seems that EVERYBODY is affected by this, in all over the world (the civilized world). Even having a webserver that keeps some logs is considered as "data collection and proccessing). So you are traped.

Also i read the everybody need to register (and pay) for an ICO and also put all the personal details of the owner (name, address etc) online for public view.

For Wordpress all plugins that record personal info must be also GDPR compliant, so do plugins for Osclass. Comments must display a warning, registration also some tos, AGE compliance (16). Also a complete list of affiliates, google services (adsense or Analytics) and the rest.

I think for Osclass should be that hard since the users can delete their ads, their account themselfves and all is gone. No need to anonymize anything like the forums for example. So a clear page with help should be enough.

Even better a plugin that allows a registered and logged in user to Request to be "forgotten" and the admin should just delete him (just to be gentle with the users and the admin to do the job with an automated email that all is gone).


Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 31, 2018, 03:16:32 am
This

https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/

remains as a mystery for me, since i think it can't be done without changing the core of any script (Joomla, Wordpress, Osclass).

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 31, 2018, 10:23:18 am
This is "nice"...... So you should keep the phone number, name and email address in another db or what? And even more, if someone sends a contact message for a car add, for example....the car's image is also an identifier....
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on March 31, 2018, 01:19:21 pm
This is "nice"...... So you should keep the phone number, name and email address in another db or what? And even more, if someone sends a contact message for a car add, for example....the car's image is also an identifier....

I have no idea at all.

Also see here for some information (Invision board is a popular standalone forum php script) :

https://invisioncommunity.com/news/product-updates/how-invision-communitys-tools-can-help-with-gdpr-compliance-r1052/
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on March 31, 2018, 07:51:11 pm
Maybe 1% of the users will read there gdpr on some websites......
Title: Re: GDPR Compliance and Osclass script
Post by: osclassics on April 01, 2018, 12:59:57 am
Is there still no OsClass plugin for this?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 05, 2018, 11:11:13 pm
Aficionado, it just occured to me that some users are posting ads without an account  if the webmaster allows it. I don't use this feature, that's why I ask: How is the data of those users handled in DB? In the same way as it is with the registered ones?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 05, 2018, 11:40:57 pm
Aficionado, it just occured to me that some users are posting ads without an account  if the webmaster allows it. I don't use this feature, that's why I ask: How is the data of those users handled in DB? In the same way as it is with the registered ones?

Yeah, i don't use that either. I guess some data are also saved since you are given a link to edit/delete the ad.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 06, 2018, 05:25:27 pm
Will this stand also on item inquiry form? Although it doesn't save any data when email is sent, some data is processed and if you use More edit plugin a get a copy of each inquiry, does this counts as storing the data then?  ???

Also, the cookie plugin Cookie Consent offers only "I understand" button for cookies, which are loaded regardless of you would want to accept them. By the new rules, none of the cookies will be automatically installed, if user does not click I accept. Not even analytics tracking, so expect some noticeable falls in visitor stats.

Hi. I saw that osclass without any plugins is using one cookie that expires in 1969. Do you lnow more about that? What does that cookie contain?

Also if google analitics has a code in my osclass, __utm...cookies are used. If the used doesn't allow tracking it can set that into it's browser. ANd that means these __utm... cookies doesn't have to be accepted by the user?

If not then I gues I must remove the analytics code(anyway it has no use for me..)

EDIT. At a closer look with firefox this is a session cookie.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 06, 2018, 05:56:41 pm
Salut marius. Nu cred ca ar fi ok sa lasi link-ul spre magazinul meu. Nu cred ca cei de la osclass ar fi de acord. Ar fi mai ok sa-l scoti.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 06, 2018, 06:13:04 pm
..We'll end up  with all the sites having a pop-up to accept cookies before visiting the site, just like the adults one have... if the cookies must be accepted by the visitors before viewing the site.
Title: Re: GDPR Compliance and Osclass script
Post by: osclassics on April 10, 2018, 03:33:05 pm
..We'll end up  with all the sites having a pop-up to accept cookies before visiting the site, just like the adults one have... if the cookies must be accepted by the visitors before viewing the site.

Ehm, no.

GDPR is a LOT more complicated than this.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 10, 2018, 04:08:33 pm
I know, but I was just pointing out the effect of having tho accept cookies and only then load them.
I did not found yet the purpose of the cookie used by osclass that has a random string name with exp date 1969.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 11, 2018, 10:03:54 am
Regarding the session cookie. I've read that is used for secuity instead of server session. Is there anything more that need to be added to this statement?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 11, 2018, 10:20:02 pm
quote from
https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies/

Cookies are mentioned only once in the EU General Data Protection Regulation (GDPR), but the repercussions are significant for any organisation that uses them to track users’ browsing activity.

Recital 30 of the GDPR states:

Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

In short: when cookies can identify an individual via their device, it is considered personal data.

Now please give your opinion about the osclass cookie that osclass uses by default (as PHPSESSID I gues, or if i'm wrong, please correct me).

How can we implement the loading of that cookie only after the user acceptance?

I thought about a bar in footer with some text and the accept button , that @ click anywhere in the viewport or scroll should zoom out to blur the whole viewport of the page asking for accept of that cookie in order to browse the website. I gues in this way, SEO won't be affected.

Once that accept is clicked, the action could be recorded in the browser's globals via JS and in this way the bar will be hidden until the user closes that tab or browser.

Of course the display of that bar should be done only if the accept is not stored in browser's globals array, else the
Code: [Select]
display:none; could be used.

In a similar way can be implemented the acceptance for analytics cookies sent by google, but here a footer bar can be used without mandatory action from user, in the way that the user can decite to refuse them, and still be able to use the website.

I don't know  for sure if google rankings are based on analytics or not....and how this will affect google rankings...

I hope a free extension will be made for this, NOT a payed one as the tine needed for it is not so much(cookies consent)...

If we agree uppon a solution, I could share the mods needed in core and bender theme.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 11, 2018, 10:37:54 pm
Personally i don't like the idea of having users to click here and there, to be able to view my site. I think the cookies plugin is enough right now.

Because if i use 10 3rd party of scripts, i shall have 10 options ? I don't think so. It is crazy. One page with all the information is enough.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 12:18:27 am
Well, like it or not, GDPR must be respected....that is why I wrote my point of view for discussion. I'm discussing this on opencart forums as well.

I don't like it either...so any alternative solution for cookie acceptance and loading cookie only after acceptance?


EDIT

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32016R0679

And it's f... long. Just to read it it takes maybe hours...then you must analyse it like in shool, text analysis.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 01:20:23 am
Well, like it or not, GDPR must be respected....that is why I wrote my point of view for discussion. I'm discussing this on opencart forums as well.

I don't like it either...so any alternative solution for cookie acceptance and loading cookie only after acceptance?



I have read all that, months ago. But still i will not destroy my site. And i think nobody will, big players also. If we bombard users and even VISITORS with click here and click there, they will be lost.

One warning for me and that's it. Then a link to a page that clearly says what i do and what i don't do with data etc etc.

If GDPR is ment to destroy the Internet (i think it is not), then what can i say.
Title: Re: GDPR Compliance and Osclass script
Post by: lexosc on April 12, 2018, 11:46:26 am
So if a user is able to delete all data from the site with a request, when cyber police asks me for user info that posted a particular ad that had some illegal stuff (eg saying something bad about someone and giving his phone number) they sent me a court order to give them his ip and all his info.
What should i give them if that user has deleted all his data? should i tell them "Sorry GDPR" can't provide you anything, user deleted all his data.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 12:08:16 pm
The logs are not deleted when the user deletes his account from dashboard. I set the autocleaning for user logs to 8 weeks for example and for admins to something more( can't remember exactly). There you have the email and id for searching what that user has done.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 01:51:34 pm
So if a user is able to delete all data from the site with a request, when cyber police asks me for user info that posted a particular ad that had some illegal stuff (eg saying something bad about someone and giving his phone number) they sent me a court order to give them his ip and all his info.
What should i give them if that user has deleted all his data? should i tell them "Sorry GDPR" can't provide you anything, user deleted all his data.

This is a good question actually.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 02:00:59 pm
The logs are not deleted when the user deletes his account from dashboard. I set the autocleaning for user logs to 8 weeks for example and for admins to something more( can't remember exactly). There you have the email and id for searching what that user has done.

What logs exactly ? Why keep a log of anything ?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 02:05:21 pm
There is a table in db with log in it's name. You use a plugin to erase that table once in a while with drop table. I implemented a core mod to work as I described.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 02:09:59 pm
There is a table in db with log in it's name. You use a plugin to erase that table once in a while with drop table. I implemented a core mod to work as I described.

In that log there is no email address of users (i think) or the body of the ads ? Also we are not forced by any law to keep any logs like that, so we could be erasing them daily or something.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 02:20:24 pm
When the user makes an action, in some column description or something, the user's email is stored. I can't remember for which action, but the email is there for shure at least to identify the used id. Then for other actions there is only user id on some who column.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 02:55:32 pm
When the user makes an action, in some column description or something, the user's email is stored. I can't remember for which action, but the email is there for shure at least to identify the used id. Then for other actions there is only user id on some who column.

I don't see any email
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 02:58:42 pm
Look in s_data.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 03:11:12 pm
Look in s_data.

You are right.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 04:47:14 pm
I'm laughing now reading several posts from users of other FORUM scripts, asking about GDPR and no one seems to have a solution:

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 04:56:20 pm
I have 7 or 8 scripts to modify for gdpr....  With osclass i must only deal with cookies (session id 'osclass' random string cookie + g analytics....)and I'm ok with it.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 12, 2018, 05:14:17 pm
Some information that worth reading:

https://woocommerce.wordpress.com/2018/04/10/how-were-tackling-gdpr-in-woocommerce-core/
Title: Re: GDPR Compliance and Osclass script
Post by: lexosc on April 12, 2018, 09:44:31 pm
The logs are not deleted when the user deletes his account from dashboard. I set the autocleaning for user logs to 8 weeks for example and for admins to something more( can't remember exactly). There you have the email and id for searching what that user has done.

I know and this is what i use when police request me any info, but according to GDPR this log file shouldn't be deleted also when user request to delete his info?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 12, 2018, 10:13:06 pm
I informed the users that these access and action  logs are deleted after 8 weeks and that they can't delete it. They must agree with these terms @registration and when posting ads.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 12:15:49 am
I asked for opinions about cookies like session cookies. Some say they are not under gdpr law being anonymous datas..... google analytics also..... Some opinions from you?

Quote
(26)
The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. To determine whether a natural person is identifiable, account should be taken of all the means reasonably likely to be used, such as singling out, either by the controller or by another person to identify the natural person directly or indirectly. To ascertain whether means are reasonably likely to be used to identify the natural person, account should be taken of all objective factors, such as the costs of and the amount of time required for identification, taking into consideration the available technology at the time of the processing and technological developments. The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.

Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on April 13, 2018, 12:43:00 pm
Only necessary cookies will be allowed, crucial to display the website.
Marketing and statistics cookies like Analytics, Adwords remarketing, Facebook pixel are not mandatory and will have to be explicitely allowed to be installed by a visitor by ticking a checkbox or something in the notification bar.

So prepare yourself for a massive fall in analytics stats.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 03:06:44 pm
Only necessary cookies will be allowed, crucial to display the website.
Marketing and statistics cookies like Analytics, Adwords remarketing, Facebook pixel are not mandatory and will have to be explicitely allowed to be installed by a visitor by ticking a checkbox or something in the notification bar.

So prepare yourself for a massive fall in analytics stats.

Google analytics were removed from all my sites, since it was slowing them down. I already have AWSTATS in my plan, not as good as Analytics, but they are ok.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 09:26:10 pm
I asked for opinions about cookies like session cookies. Some say they are not under gdpr law being anonymous datas.

I see 2 cookies in my Osclass. One session, one from the Cookie Plugin (cookie Consent Dismissed).

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 09:29:09 pm
I asked for opinions about cookies like session cookies. Some say they are not under gdpr law being anonymous datas..... google analytics also..... Some opinions from you?


Is this correct :

Quote
Session cookies: these cookies allow Web site operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

If so, they are not related to any other restrictions and of cource you can't make a site work for visitors without it ? Can you ?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 09:33:22 pm
Some more reading about Cookies and GDPR.

https://www.thesslstore.com/blog/cookies-gdpr-compliance-involves-consent/
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 10:26:04 pm
Osclass has a session cookie yes + the answer from the cookie consent is stored in another cookie in your case.

The session cookie with other info like ip can be used to identify the person...as it is an identificator for the server to know the user's requests-like pages, images etc.  I personally wait for this to be clarified by some officials.... it's easy to say it's not under the law but....

If you and me are on the same network, that has the same ip on the internet, the cookie can be used to identify each of us, as we have different cookies for session.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 10:34:32 pm
Osclass has a session cookie yes + the answer from the cookie consent is stored in another cookie in your case.

The session cookie with other info like ip can be used to identify the person...as it is an identificator for the server to know the user's requests-like pages, images etc.  I personally wait for this to be clarified by some officials.... it's easy to say it's not under the law but....

If you and me are on the same network, that has the same ip on the internet, the cookie can be used to identify each of us, as we have different cookies for session.

So, NO COOKIE should be set when someone is arriving to a site ? Do i get it right ? If so, is that possible ? No script works like that i think. I mean right now. And that needs a CORE change (and maybe other changes also in the core) ?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 10:36:39 pm
Damn, users (me and you and 2-3 others) are trying to solve this. I find his sad, very sad.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 10:41:25 pm
The following is just an opinion by some dev, still nice to know:

Quote
For a WordPress cookie plugin to be compliant, it has to:

    Provide clear and specific information about data types and purpose of the cookies.
    Block all but strictly necessary cookies until the visitor has given consent - a feature called ‘prior consent’.
    Keep a full documentation of all given consents.
    Contain the possibility for users to reject superfluous cookies and still use the website.
    Give users the possibility of withdrawing their consent whenever they want.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 10:47:13 pm
The article you mention says also that is unclear about session cookie...and explains about the purpose of them.

So, as I said..one accept for tracking(g analytics or other) and another for other types of cookies...

For tracking is simple js...with session cookie is not so simple....

If I solve this cookie issue (tracking and session) with my osclass, I think I can say it's gdpr compliant (i already mentioned my other mods in previous posts here).

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 10:53:45 pm
Keep track....imagine your log table from db... It s keeping track of only the logged in users' actions + admins and moderators.... Now imagine keeping that for ALL VISITORS for a certain period...it's nuts.....


That is why I proposed the bar that extends full view port for asking permission.... If the session cookie must be accepted, then without consent, user's can't use the login. In that way the user can't view the page until it chooses to accept or not, so in my oppinion in this way you musn't keep huge logs....  It's answer can be kept in a global, NOT COOKIE.

EDIT.
osclass files with $_COOKIE  (         $this->expires = time() + 3600; // 1 hour by default)

oc-includes/osclass/core/Cookie.php:         if ( isset( $_COOKIE[$this->name] ) )
oc-includes/osclass/core/Cookie.php:             list($vars, $vals) = explode("&", $_COOKIE[$this->name]);
oc-includes/osclass/core/Cookie.php:                $_COOKIE["$var"] = $vals[$key];
oc-includes/osclass/core/Cookie.php:         $_COOKIE["$var"] = $value;
oc-includes/osclass/core/Cookie.php:         unset($_COOKIE[$var]);
oc-includes/osclass/core/Params.php:                    return $_COOKIE;
oc-includes/osclass/install-functions.php:    return $_COOKIE['osclass_save_stats'];
oc-includes/osclass/install.php:        if( Params::getParam('save_stats') == '1'  || isset($_COOKIE['osclass_save_stats'])) {
oc-includes/osclass/install.php:        if( Params::getParam('ping_engines') == '1' || isset($_COOKIE['osclass_ping_engines']) ) {
oc-includes/osclass/install.php:                        ping_search_engines($_COOKIE['osclass_ping_engines']);
oc-includes/phpseclib/Crypt/Random.php:                serialize($_COOKIE) .
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 10:57:41 pm
Keep track....imagine your log table from db... It s keeping track of only the logged in users' actions + admins and moderators.... Now imagine keeping that for ALL VISITORS for a certain period...it's nuts.....


That is why I proposed the bar that extends full view port for asking permission.... If the session cookie must be accepted, then without consent, user's can't use the login. In that way the uset can't view the page until it chooses to accept or not, so in my oppinion in this way you musn't keep huge logs....  It's answer can be kept in a global, NOT COOKIE.

I just hope that this whole GDPR and the havoc that WILL BE CREATED, will not be a failure like the EU cookie notice. Didn't offer a single advantage to users. Right now, i see that those bureaucrats don't have a even some idea how all this works and they just made (an other) law. Laws about everything from people that have almost no idea about all that.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:04:33 pm
Also the cookie is set via

            setcookie($this->name, $cookie_val, $this->expires, REL_WEB_URL);

in Cookie.php in set method from Cookie class

 and

https://secure.php.net/manual/en/function.setcookie.php

setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including <html> and <head> tags as well as any whitespace.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 13, 2018, 11:05:57 pm
I was reading about this from some time. But it still not so clear. From what i understand until now the issue is that you have to be clear about what you collect and the user has to agree with this. Osclass do not store any data on first visit, i mean data that can be use to idetify any person like ip of the user. Some data is store in session but that cannot be used to idetify any person.

I think that as long as you explain clearly what you do with the data you collect and users agree with this collection, i see no issue.

If the user want to use your services, by posting an ad has to be agreed with collection of some info like ip address or other type of info. A checkbox for this on each form i think it enough. If they are not agree with this then the user cannot use the site for posting or register.

For the rest of services that collect info about users, that must be restricted until the user accept. And options for user to change the option whenever they want.

Even with only this some big changes need to be done, to add this options.

Load the tracking script only after the user agree.
Or adsense ads, i think that this ads collect information also.
You server keeps logs about user visit, where is the ipt of the user, this i don't know how will be handled.

Maybe i am wrong with this, but the issue is not so huge just some work need to be done on the site so the user can be more informed and have more control about collected data.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:12:49 pm
@calinbehtuk

So let's start from A. When a new user sign in, he must accept some Terms. Right ? We DON'T have this, have we ? If the new user Accepts the Terms, must we then also ask him for every ad posted ? I think not. What do you think ?

As for cookies, did i got right in your reply that some Core changes must be also done or not ?

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:13:46 pm
Calin you are right:)
Tracking code is simple to resolve,
Check box before posting, registering or logging as well.

 The big issue with SEO, in my oppinion is the possibility that also the session cookie should be accepted .....
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:15:39 pm
Aficionado, I already posted some text to be added in GDPR privacy policy or whathever you decide to call it. It just needs the cookies text to be added to it.

EDIT

https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161274/#msg161274
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:17:23 pm
Also most of us use Adsense. I'm using JUST that, nothing else. So if a give an option to the user to accept or NOT the Adsense and the user selects NO, is he still showing the Adsense ad to him ? If not (i think he will get an EMPTY window), hot we handle that ?

(just tested it. Blocking all cookies, shows to me BLANK areas instead of Adsense).
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:19:31 pm
Aficionado, I already posted some text to be added in GDPR privacy policy or whathever you decide to call it. It just needs the cookies text to be added to it.

Not talking about that. The Signup of Osclass doesn't have ANY TOS reading during that, has it ? How the user will select to accept or not ?

I don't get it.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:20:24 pm
Also most of us use Adsense. I'm using JUST that, nothing else. So if a give an option to the user to accept or NOT the Adsense and the user selects NO, is he still showing the Adsense ad to him ? If not (i think he will get an EMPTY window), hot we handle that ?

WIth full view message @ scroll /tap or click asking him to accept in order to view the page. In the first instance, after the page is loaded, the user can see the page, only after he makes something that should apear. In that way SEO would not be affected(HOPE I'm not wrong).
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:21:53 pm
Also most of us use Adsense. I'm using JUST that, nothing else. So if a give an option to the user to accept or NOT the Adsense and the user selects NO, is he still showing the Adsense ad to him ? If not (i think he will get an EMPTY window), hot we handle that ?

WIth full view message @ scroll /tap or click asking him to accept in order to view the page. In the first instance, after the page is loaded, the user can see the page, only after he makes something that should apear. In that way SEO would not be affected(HOPE I'm not wrong).

So after accepting or not, a page REFRESH must automatically be done i guess. Still no cookies means NO adsense, right ?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:22:32 pm
Aficionado, I already posted some text to be added in GDPR privacy policy or whathever you decide to call it. It just needs the cookies text to be added to it.

Not talking about that. The Signup of Osclass doesn't have ANY TOS reading during that, has it ? How the user will select to accept or not ?

I don't get it.

That must me implemented - the check box (I did it already for my site with core mods and the user can't submit until he accepts GDPR terms).
The text it's made after inspecting the DB for infos about the user.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:24:40 pm
Also most of us use Adsense. I'm using JUST that, nothing else. So if a give an option to the user to accept or NOT the Adsense and the user selects NO, is he still showing the Adsense ad to him ? If not (i think he will get an EMPTY window), hot we handle that ?

WIth full view message @ scroll /tap or click asking him to accept in order to view the page. In the first instance, after the page is loaded, the user can see the page, only after he makes something that should apear. In that way SEO would not be affected(HOPE I'm not wrong).

So after accepting or not, a page REFRESH must automatically be done i guess. Still no cookies means NO adsense, right ?

Not quite sure of that. If it's JS (and I think it is) page loading can be "simulated" via a js function that  is called on accept button click .... It's just a guess... I never dealed with adsense...

EDIT

But that means another(3rd) accept button as adsense uses cookies for other reasons than g analytics does....
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:27:23 pm
Also i read that cookies must expire (whatever the user selected) every 6 months. But i can't verify that.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:29:21 pm
I've set my g analytics cookie to expire after 14 months (min period) from g a settings page.

Firefox and EDGE have options to delete all cookies when the browser closes. Chrome doesn't :)) The reason is obvious:))
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 13, 2018, 11:35:17 pm
My vision

First you have to ask yourself as an administrator what data you collect and what data is collected by third parties services that you use.
Any data that can identify a person will be under gdpr regulation.
Like:
- ip;
- email;
- address;
- social number or other type of data unique that is allocated to that person and can be used to identify that person;

Now on first visit you inform users that the site use cookie and other type of services that will collect information.
The user has to agree with use of cookie to be able to use the site but you will give them separate option to activate the analytics, adsense or other type of services that collect informations.
This settings can be stored in cookie, and save in database if the user register on the site. You can use this settings from cookie to load adsense ads or tracking script on your site. My plugin do this, but has minimal options.
When the user register you will add a checkbox with gdpr, or data collection, if they don't agree with this, will not be able to register on the site.

I don't see this such a big issue just some changes in the site, to force user to agree with some data collection if they want to use the site as registered users.
Of Course that you need some clear explanation about what you collect, what third parties services collect, how the information is stored, who has access to the information, how is the information is deleted.All this need to be explain to users, and the user has to be agree with this.

In case of losing the information or security breach the user has to be informed, and the authorities also.

Just for example you can check this site. For the start i think that this is a good example.

https://www.cookielaw.org/your-cookie-law-rights/
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 13, 2018, 11:42:46 pm
Calin , that site uses 2 cookies before you accept...
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:46:24 pm
My vision

In case of losing the information or security breach the user has to be informed, and the authorities also.



This (and not only this) can't be applied. How do we inform the users ? Mass mail ? We simply can't, we only can post the information online (and that is not any "user notification"). Also inform the authorities ? What authorities ?

All those are not applicable, among other also.

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 13, 2018, 11:48:11 pm
Marius, every site will use cookie. This is not the issue if your cookie will not contain any information that is sensitive, and information that can be used to make a profile of that user or to identify the user. This is my opinion.
I think this law is for big fish, and this law try to avoid  user profile or data colected from some scops and sell to other for other scope.

Email used for spam or any information used in other scope that the scope presented when the user was agreed to give that information.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 13, 2018, 11:50:06 pm
Calin , that site uses 2 cookies before you accept...

That kind of sites try to sell something. GDPR is a new opportunity as you understand .....

I think the correct information is how BIG Players like Wordpress script will deal with it. Simple as that, since Wordpress has a big slice of the sites on the net.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 13, 2018, 11:54:30 pm
Yes Aficionado. All this can be implement but with some changes.
In my country exist such legal service that monitoring this type of things.

We are small. Let see what the bigs one do, and we can make an idea about this after that. I mean a better idea.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 14, 2018, 12:01:54 am


We are small. Let see what the bigs one do, and we can make an idea about this after that. I mean a better idea.

Sure, that is what i posted above. Let's see what Wordpress script will do (or not do). And yes we are small (very small for me) and that is why i don't like all that. We have now to spend time and money for it. Big players don't mind.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:03:49 am
Calin, I know and understand that..

It just occured to me.. in the cookies name(session cookie) can be inserted other info if two way crypting is applied.... Am I wrong?



PS. after consent that site added another cookie consent:)
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:06:17 am

In my country exist such legal service that monitoring this type of things.


Is there a law that says that you must keep records for visitors/users access? (you as a client of a hosting company I mean)  The hosting companies must keep records, I know.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 14, 2018, 12:08:21 am
Yes, this is an more difficult situation for a small business.
But i think that you need to ask yourself what data you collect and start from there.
As we know osclass store in database the  name, email and other type of information, so your issue if you don-t use other third-party services, is to inform users and get the agrement of that user to store that information. And for the rest we will see on the way.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 14, 2018, 12:09:22 am
Yes Aficionado. All this can be implement but with some changes.


Still it is a mystery to me how i will email around 40000 registrations (in 5 sites Osclass sites) if something happens.

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 14, 2018, 12:11:11 am
Marius i don't know exactly all the aspects, i just read and watch some videos about this to understand better but still i am far from the true.

Uite, te poti uita aici, si am mai urmarit si altele pe acest subiect.
https://www.youtube.com/watch?v=8n706N7G_pI
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:12:26 am
Yes Aficionado. All this can be implement but with some changes.


Still it is a mystery to me how i will email around 40000 registrations (in 5 sites Osclass sites) if something happens.

I put a mandatory checkbox on register, login and item post just to avoid sending emails. I give you a hint. Show the submit button only after the GDPR checkbox is checked.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 14, 2018, 12:13:35 am

In my country exist such legal service that monitoring this type of things.


Is there a law that says that you must keep records for visitors/users access? (you as a client of a hosting company I mean)  The hosting companies must keep records, I know.

Speaking of Hosting Companies, i asked a week ago my US Based company about compliance with all that, and they replied they have no idea about all that.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 14, 2018, 12:13:49 am
Yes Aficionado. All this can be implement but with some changes.


Still it is a mystery to me how i will email around 40000 registrations (in 5 sites Osclass sites) if something happens.



Yes. I know. But we will see about this in the future along with other issues.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:17:03 am
Marius i don't know exactly all the aspects, i just read and watch some videos about this to understand better but still i am far from the true.

Uite, te poti uita aici, si am mai urmarit si altele pe acest subiect.
https://www.youtube.com/watch?v=8n706N7G_pI

The law text is the base...people are different and a vague text is understood vaguely by people.... I talken on linkedin yesterday evening with someone that gives advices on GDPR and he also wasn't sure :))  I talked on opencart forum about this (and there one of the devs says that session cookie, currency and language cookies are not under gdpr....)

But still. what do you think about 2 way crypting to insert datas into the apparently random cookie nameValue(I'm not saying that osclass does this, but a random string can hide some datas... and that means that session cookie is under GDPR).
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on April 14, 2018, 12:34:19 am

But still. what do you think about 2 way crypting to insert datas into the apparently random cookie nameValue(I'm not saying that osclass does this, but a random string can hide some datas... and that means that session cookie is under GDPR).

Here i can't tell you anything about that. I know that osclass store in session for visitors some data but this data cannot be used to identify a person, in this data is no ip or email, so i think that is no issue if this cookie is created in the vistor browser with the session id.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 14, 2018, 12:51:34 am
Thank you @marius and @calinbehtuk for the time you spend to talk about all that.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:55:32 am
Aficionado,

https://support.google.com/analytics/answer/6004245

Google Analytics cookies

Google Analytics mainly uses first-party cookies to report on user interactions on Google Analytics customers’ websites.

For customers who use Google Analytics Advertising Features, Google advertising cookies are used to enable features, such as Remarketing, for products like AdWords on the Google Display Network. For more information about how Google uses advertising cookies, visit the Google Advertising Privacy FAQ. To manage settings for these cookies and opt-out of these features, visit the Ads Settings.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 14, 2018, 12:59:47 am

But still. what do you think about 2 way crypting to insert datas into the apparently random cookie nameValue(I'm not saying that osclass does this, but a random string can hide some datas... and that means that session cookie is under GDPR).

Here i can't tell you anything about that. I know that osclass store in session for visitors some data but this data cannot be used to identify a person, in this data is no ip or email, so i think that is no issue if this cookie is created in the vistor browser with the session id.

I was talking in general way...it could be possible.... and when a non IT entity finds out that is possible, those cookies also will be included.

You have more experience than me, if you don't start the session with session_start() or if session.auto_start is set to 1 https://secure.php.net/manual/en/intro.session.php  can you work on the db OOP way like osclass does? I gues not, am I right?
EDIT
I've read that you can't use $_SESSION global array then...so I gues the site won't show even the homepage as it checks to see if the user is logged in in header and footer in order to show register/login instead of my account and log out.

Edit again.
I tested with cookies disabled and deleted in browser. Besides that login is not working, the site seems fine. This is good news.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 14, 2018, 03:17:34 am
Some more data for reading, especially the comments:

https://make.wordpress.org/core/2018/03/28/roadmap-tools-for-gdpr-compliance/
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 16, 2018, 09:08:17 pm
What do you know about the cookie from gcs custom search?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 20, 2018, 04:36:10 pm
Only a month is left and still not a SINGLE information from Osclass team about GDPR.

Not enough time to do anything. I'm a bit sceptical about all this.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 20, 2018, 09:18:31 pm
Aficionado, have you seen some new info about the seesion's cookie?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on April 20, 2018, 09:35:27 pm
Aficionado, have you seen some new info about the seesion's cookie?

No, i did not. Please post here any important information.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 20, 2018, 09:41:29 pm
I still wait to see/read clarification about that cookie.... And I don't know what to do about it...
For gcs and g analytic it's clear. Load only after user accept.
Title: Re: GDPR Compliance and Osclass script
Post by: muratbora on April 22, 2018, 12:01:17 pm
How do you do loading G Analystic after user accept? is it not loading automatically as soon as user visit your site?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 22, 2018, 12:50:14 pm
By putting the g a code into a function that gets called with an onclick event via an accept button. For this you must place that script in footer, not just enter your g a code in admin for example.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 22, 2018, 04:47:30 pm
I forgot. In order to not show that button in all pages after one accept, you can store that info in SESSION global and with an if load that function on pageload or via accept button.

Edit. Or you can set a cookie instead of that session :))))

After I'll make this for me, I'll share the mods needed for g a here. I still wait for infos about the session cookie.
Title: Re: GDPR Compliance and Osclass script
Post by: teseo on April 23, 2018, 02:04:48 pm
Hi,

That Osclass session cookie contains a random code needed to bind the browser to an internal session file (sess_[random_code]).

This session file contains sensitive data when the visitor is logged in or (temporarily) when they are posting an ad anonymously.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 23, 2018, 04:32:27 pm
Hi,

That Osclass session cookie contains a random code needed to bind the browser to an internal session file (sess_[random_code]).

This session file contains sensitive data when the visitor is logged in or (temporarily) when they are posting an ad anonymously.

Regards

Hi. So in your opinion it's under GDPR or not?
Title: Re: GDPR Compliance and Osclass script
Post by: teseo on April 23, 2018, 04:57:53 pm
I don't know, this is a very tricky matter. ???

Session files should be temporary, but for instance, if a logged-in user doesn't logout and just closes the browser, sensitive data would still remain there.

The main problem is that once the browser is closed, you as admin don't have a way to identify that given session file, so I guess you should add a cronjob to delete all session files older than 1 day.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 23, 2018, 05:12:00 pm
I think my host does that already, after I found 1gb of session files on server.

But the question is, should the user accept session cookie before osclass sets it or not....
Title: Re: GDPR Compliance and Osclass script
Post by: teseo on April 23, 2018, 06:26:03 pm
Let's see, the visitor enters the site and no sensitive data in session files until user login or post and ad anonimously, so is there where you need to warn the user about this.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 23, 2018, 07:04:38 pm
So if only registered users can post, then visitors are not affected by session cookie. Then in my case, I think the gdpr compliance is done if I deal with the g analytics cookies.

That is a relief. Thank you for this info.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 23, 2018, 09:21:12 pm
SOLUTION FOR GOOGLE ANALYTICS COOKIES LOAD ONLY AFTER USER ACCEPT
EDITED AND TESTED. WORKS OK.
In your theme's functions.php

replace UA-........ with your ga code.

Replace css style for your needs

Code: [Select]
function mc_g_analytics_after_user_accept() {
echo "
    <div style='position:relative;display:none;' id='gaaccept'>
        <p style='
            text-decoration: none;
            position: fixed;
            top: 0;
            background-color: yellow;
            padding: 80px 0;
            margin: 0;
            width: 100%;
            text-align: center;
            '>Please accept the <a href='https://support.google.com/analytics/answer/6004245' target='_blank'>Google Analytics</a> cookies.<br/><br/>
            <button onclick='g_a_user_accept();$(\"#gaaccept\").hide();set_gaaccept();'>Accept</button>
         </p>
    </div>
   
    <script type='text/javascript'>
   
    function set_gaaccept(){
        sessionStorage['g_a_user_accept'] = 'accepted';
    }
   

        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-........']);
        _gaq.push(['_trackPageview']);

     function g_a_user_accept(){
        (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    }
   
    if(sessionStorage['g_a_user_accept'] && sessionStorage['g_a_user_accept'] == 'accepted'){
            g_a_user_accept();
    } else {
       
        $('#gaaccept').show();
    }
       
    </script>

";
}
osc_add_hook('footer', 'mc_g_analytics_after_user_accept');
?>
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 26, 2018, 07:15:36 pm
 Does anyone have a similar solution for google custom search?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on April 27, 2018, 03:09:07 pm
I solved the Google custom search cookies analog to gogle analitics.

BUT my question is. If I have youtube videos embeded in my pages, they also have cookies:)) Also the image hosting sites "Deliver"cookies with their images.
Any opinions about those cookies?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 01, 2018, 03:35:40 pm
Today we got a few nice updates for Wordpress sites i run/manage, mostly about GDPR. Two plugins were restructured, just to able to host some GDPR notices etc etc.

Still i have no idea how to make my Osclass installations (more or less) GDPR compliant or even start to.

In 3 weeks we will be all totally ILLEGAL with our Osclass sites, and it doesn't matter if we are in danger or not.

Probably we are not in danger right now (if we are small/medium sites), still not a professional way to run a business.
Title: Re: GDPR Compliance and Osclass script
Post by: tito on May 01, 2018, 06:46:10 pm
A few days ago here was a link to a GDPR plugin with a reply from marius-ciclistu.

Both the post and the reply are deleted by osclass.

What a shame is this forum :-\
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 01, 2018, 06:57:03 pm
-edited-
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 01, 2018, 07:17:22 pm
A few days ago here was a link to a GDPR plugin with a reply from marius-ciclistu.

Both the post and the reply are deleted by osclass.

What a shame is this forum :-\

Yes they were deleted. Also a week ago several NEW themes links and info was posted by OsclassWizards and DELETED also.

I wonder what is happening not to the forums only but with Osclass as a script.

I don't have any problem with Moderation if something is posted and it shouldn't. But i have a feeling that something else is going on.



I think that is just a business decision. Any links to other stores will mean less sells for osclass team. So they don't want to promote other osclass markets. I don't think that this is somenthing bad, each of us would do the same.
But who knows, maybe i am wrong and how Aficionado say something it going on and we will have a surprise.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 01, 2018, 07:20:37 pm

I think that is just a business decision. Any links to other stores will mean less sells for osclass team. So they don't want to promote other osclass markets. I don't think that this is somenthing bad, each of us would do the same.
But who knows, maybe i am wrong and how Aficionado say something it going on and we will have a surprise.


Also how about Osclass team be kind enough to the Community and let us know about GDPR ? Is that a business decision also ?

Silence is not always gold.

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 01, 2018, 07:28:32 pm
Most of the sites listed with free products will not contain only free plugins/themes, will contain paid products also.
And a see a change in cookie warning when you visit the market, but maybe i am mistaken.

We use our own and third party cookies to offer our services, collect and share with our partners statistical information and include advertising. If you continue browsing you accept its use and you are accepting the collection and the use of data, as well as the sharing of data with third parties more information.

I don't remember if the message before was like this.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 01, 2018, 07:30:22 pm
My reply regarding those plugins was removed by me at the owner's request:)

Aficionado, I made my osclass gdpr compliant as I described in previous posts. You can do the same PLUS add infos about the personal data handled by the plugins you use.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 01, 2018, 08:37:48 pm
My reply regarding those plugins was removed by me at the owner's request:)

Aficionado, I made my osclass gdpr compliant as I described in previous posts. You can do the same PLUS add infos about the personal data handled by the plugins you use.

How do i make every new registration to view and accept some TOS ? Otherwise not been able to register ? Let's start with this. I haven't found a way or a plugin (that works).

Second, Osclass Comments. How do i make each comment to have a checkbox with something ?

Making a page with info and details is not the hard part. It is easy.

If you did all that, good for you. Still there are thousands of Osclass sites out there, that are not. Me included.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 01, 2018, 08:49:25 pm
I made  core/theme mods:)
 
A checkbox with I agree with gdpr terms that when checked, displays the register, login, submit, add comment etc. button. Simple javascript.

(I have a WP site that I must make gdpr compliant. What plugins do I need for it?)
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 01, 2018, 11:08:34 pm
You replace the button tag with a span one, empty only with an id. Then you add before that spam a checkbox with text and link to your TOS and a js script that inserts into that span the button tag and olso removes it when unchecked.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 02, 2018, 12:16:59 am
You replace the button tag with a span one, empty only with an id. Then you add before that spam a checkbox with text and link to your TOS and a js script that inserts into that span the button tag and olso removes it when unchecked.

There is actually a TOS plugin at Osclass Market but doesn't seem to work.

https://market.osclass.org/plugins/miscellaneous/lopd_22

Made by Osclass team.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 03:28:32 pm
18 days left (25 May) and nothing.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 07, 2018, 06:54:53 pm
Aficionado...do it yourself and keep record of your changes made in the theme's files.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 08:01:25 pm
Aficionado...do it yourself and keep record of your changes made in the theme's files.

Well, i won't and probably also can't. Neither for my sites or other people's sites (that I have promoted Osclass to them).

That means that i will have to find a way to continue to be in classifieds business, but with some other way/script. Not because of GDPR only but i'm afraid of other future surprises also from Osclass (many in the past in  my book).




Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 07, 2018, 08:25:01 pm
I don't know if you remember my words from this topic about free scripts like osclass https://forums.osclass.org/3-7-x/is-there-a-list-of-changes-between-3-7-1-and-3-7-3/msg152720/#msg152720
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 08:32:13 pm
I don't know if you remember my words from this topic about free scripts like osclass https://forums.osclass.org/3-7-x/is-there-a-list-of-changes-between-3-7-1-and-3-7-3/msg152720/#msg152720

Sure. All valid opinions.


I'm here several years and i have expressed many times my opinion about osclass shortcomings etc. But GDPR is not like these, it is a different problem. LEGAL. With PENALTIES at some point. And we are FORCED to do it, we like it or not.

Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 07, 2018, 11:12:01 pm
Hello everyone,

I haven't been active on this topic so I will ask you something instead of reading the whole topic.

Is it okay if I just add a cookie permission modal, if a user accepts the cookies it can continue to the website and Google Analytics will be enabled and if the user refuses, he will be denied to access the website? Or this will be more complicated?

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: tito on May 07, 2018, 11:18:56 pm
It is way more complicated.

You have to ask permissions for almost anything.

You need permission to place an ad.
Permission on the contact form

Make it easy to delete account

And much more.

I placed popups on my european websites. If people dont agree they dont see the website.
I dont have stats about denie permissions but lloks like 99% gave permissions.

Also i dont know if that will be enough for the European Law, but time will tell
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 07, 2018, 11:26:00 pm
I use an osclass without plugins and I posted my way of making it gdpr compliant, in this topic.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 11:28:06 pm
Hello everyone,

I haven't been active on this topic so I will ask you something instead of reading the whole topic.

Is it okay if I just add a cookie permission modal, if a user accepts the cookies it can continue to the website and Google Analytics will be enabled and if the user refuses, he will be denied to access the website? Or this will be more complicated?

Regards.

As Tito posted, it seems a lot more complicated. A lot more. Analytics can be removed (for a while) but what about Adsense or other Adsense-like services we all use ? What about first time registration TOS ? What about COMMENTING/Voting ? Plugins that keep track of anything like IPs ?

That is why i posted that this can't be a plugin. Or not only a plugin. And we can't possibly patch here and there ourselves.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 11:32:17 pm
I use an osclass without plugins and I posted my way of making it gdpr compliant, in this topic.

Nope. What you posted is not GDPR compliant, it is an attempt to do so.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 07, 2018, 11:39:22 pm
Please point out what I missed.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 07, 2018, 11:44:28 pm
Please point out what I missed.

I think we talked about all that in previous posts. New user TOS, Comments, to name some that came to my mind.

Also anonymization of ads ? GDPR says to remove any info that can identify/connect the poster with something. BUT most posters are AGENCIES and not the CLIENT. So we CAN KEEP the ads and just remove the poster (in most cases, not all).
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 07, 2018, 11:49:33 pm
Thank you for your fast replies. Can I ask for all permissions on first page load and when user accepts them, I store a cookie that he accepted?

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: tito on May 07, 2018, 11:51:56 pm
That is what i did Patrick.

Also wordpress plugins like GDPR (https://nl.wordpress.org/plugins/gdpr/) do it that way
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 07, 2018, 11:54:03 pm
It would be perfect if someone create something like this for osclass.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 07, 2018, 11:56:36 pm
Yes it complicated, but if you know some basic knowledge of php you can get your site to be GDPR compliance.
The issue is not when a vistor land on your site, the issue is when the user register on your site and posts ads. But even so it not such a big issue. You can make a privacy page with all the terms and explication about data colecting. And you can force the user to accept this terms and data colection if they whant to use the site.
All your adsense code or other service that will collect data will be display only after the use allow this.
Rating and review, i suppose that this is made by a plugin and only registered users can add review, if so then you are safe with the terms that are accepted when the use register on the site.
Now data exporting. This is the big issue in my opinion. You have to give user the option to export their data. The issue is with posts that contains images. This is more complicated to do but not imposible. This remain to be discussed more because i am not sure if you have to provide the information stored by other services, and if you have to provide that data also then it an issue.
I intend to implement this options in my plugin in the next release.

Maybe i see this issue from my point  of view much more easy, and other are not agree with this.
I see in facebook the option to download the stored data.  You can check there how it working.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 07, 2018, 11:57:36 pm
Please point out what I missed.

I think we talked about all that in previous posts. New user TOS, Comments, to name some that came to my mind.

Also anonymization of ads ? GDPR says to remove any info that can identify/connect the posted with something. BUT most posters are AGENCIES and not the CLIENT. So we CAN KEEP the ads and just remove the poster (in most cases, not all).

I gave the idea about TOS for all places.Insert submit button only after check box is check via javascript.

Anonymisation... Delete the ad.  Why store an ad without contact information on it? What's the purpose of the ad if a buyer can't contact the seller?

I admit this anonymisation is something difficult to understand.... I understood it like if you want to store statistical info about some personal datas from the ads, you must change for example the email, name and phone of the user with some random ones, after the user asks for it, or deletes it's account.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 12:03:36 am
Calin, it's the first time I read about exporting images....
I solved the data export by printing it in the user account dashboard, but without the ads related infos/images....
I did not want to send it via email because email is less safe.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 12:09:29 am
User data:
- account information;
- comments;
- items(each item information including images);
- other data stored by plugins that are related with user;

All this informations are related with users and the user has to have the option to export this.
Each site is different and contain different plugins or options. So it imposible to include all this in a plugin, you cand ad minimal options that is related with osclass core and about what you are sure that exists.
So each administrator has to inspect his site and see what data is stored.
And from there has to start with all the changes on the site to be GDPR compliance.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 12:13:09 am
Check Google account, facebook account to better understanding about this. You will have this option  to export account information and stored data in each of this accounts.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 12:18:39 am
I have no ads limit, so an user with 100 ads multiplied by 8 pictures multiplied by 100 kb -> 80 mb in pictures....
Don't tell me that fb lets you export ALL the pictures you ever posted on it....yahoo mail has 20 mb attachment limit...gmail I don't know....

Edit
Export data is also right click save image as...
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 12:22:50 am
I don't not tell you, facebook will tell you that you are allow to export all the information from your account, images, videos and other. Just make a test. I made one and i am surprised about how much information i can export.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 12:24:16 am


Anonymisation... Delete the ad.  Why store an ad without contact information on it? What's the purpose of the ad if a buyer can't contact the seller?

I admit this anonymisation is something difficult to understand.... I understood it like if you want to store statistical info about some personal datas from the ads, you must change for example the email, name and phone of the user with some random ones, after the user asks for it, or deletes it's account.

I have an Indian agency that has more than 1000 ads posted, mainly from USA Lawyers. How about that ?

No one contacts the Indian email agency, but the LAW office posted in the ad with emails and website.

Deleting the agency if he wants, why delete the ads if NOTHING connects with them/him ?

Just an example.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 12:31:04 am
Aficionado, if the real owners did not accept your TOS, but the indians did it for them, then can we admit that the owners delegated their agree right to the indians? And if so, you deal only with the ad author, not with the real owner.

This is the first idea that came into mind after reading your example.

Otherwhise ... How could you anonymize the real owner personal data without making that ad useless?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 12:32:41 am
Yes it complicated, but if you know some basic knowledge of php you can get your site to be GDPR compliance.


This is absurd. Know a little php and modify a script ? A totally wrong approach and i haven't seen/read anything like that anywhere for anything. And it is my business to know and follow what is happening in all popular scripts, php or else.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 12:32:53 am
I don't not tell you, facebook will tell you that you are allow to export all the information from your account, images, videos and other. Just make a test. I made one and i am surprised about how much information i can export.
I don't use fb, but i don't think they'll give you an archive of pictures that can reach big sizes..
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 12:37:38 am
Aficionado, if the real owners did not accept your TOS, but the indians did it for them, then can we admit that the owners delegated their agree right to the indians? And if so, you deal only with the ad author, not with the real owner.

This is the first idea that came into mind after reading your example.

Otherwhise ... How could you anonymize the real owner personal data without making that ad useless?

Ok, same for here. Do you know who ACTUALLY i am ? You don't. So deleting my account, can leave all  my posts intact ? Or not ?

The whole reason of GDPR is to DISCONNECT the data from SOMEONE identifiable. Can you INDENTIFY ME from my post right now ? You can't. Why remove it then ?

Anyway, i just wanted to point out that Osclass needs to be CORE MODIFIED to host all that. Just what i think. I'm not a programmer but i know what i'm talking about (otherwise i stay silent).

Now what happens here: 10 (or less) users (some with programming skills) try to solve the Osclass GDPR compliance problem. Not good in my book.

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 12:42:58 am
Yes it complicated, but if you know some basic knowledge of php you can get your site to be GDPR compliance.


This is absurd. Know a little php and modify a script ? A totally wrong approach and i haven't seen/read anything like that anywhere for anything. And it is my business to know and follow what is happening in all popular scripts, php or else.



I have a plugin that give you a start in this, but that plugin need to be implement on your site. If you have no basic knowledge about php how you will implement?  And i am refering on all users not to you in particular.

To make yous site GDPR compliance, you have to make some changes and new options for your users, to export the stored data. If you do not know how, the only option is to hire a developer.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 12:43:46 am
Aficionado, your questions are legit.
(I did not test if deleting the account deletes all the user's ads, but I gues it does).
Now if the account is deleted and the ads remain in the webpage, they remain also with contact posibility (email and maybe phone nr). If you anonymise the email and phone, how can a buyer contact the seller?

This rises another issue of dealing with the users that posted ads without an account....
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 12:54:39 am


I have a plugin that give you a start in this, but that plugin need to be implement on your site. If you have no basic knowledge about php how you will implement?  And i am refering on all users not to you in particular.

To make yous site GDPR compliance, you have to make some changes and new options for your users, to export the stored data. If you do not know how, the only option is to hire a developer.

Yes i have seen the plugin AND THANK YOU !!!!

Always greatful to people that contribute.

We could hire someone of cource, still not the issue here. If a script can't follow GDPR (again GDPR is not a feature but it is the LAW) then it is dead and burried. Today it is GDPR, tomorrow something else.

Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 12:57:23 am


I have a plugin that give you a start in this, but that plugin need to be implement on your site. If you have no basic knowledge about php how you will implement?  And i am refering on all users not to you in particular.

To make yous site GDPR compliance, you have to make some changes and new options for your users, to export the stored data. If you do not know how, the only option is to hire a developer.

Yes i have seen the plugin AND THANK YOU !!!!

Always greatful to people that contribute.

We could hire someone of cource, still not the issue here. If a script can't follow GDPR (again GDPR is not a feature but it is the LAW) then it is dead and burried. Today it is GDPR, tomorrow something else.

Could you give me a link to that plugin? Thanks.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 01:01:05 am
Aficionado, your questions are legit.
(I did not test if deleting the account deletes all the user's ads, but I gues it does).
Now if the account is deleted and the ads remain in the webpage, they remain also with contact posibility (email and maybe phone nr). If you anonymise the email and phone, how can a buyer contact the seller?

This rises another issue of dealing with the users that posted ads without an account....

Also keep in mind (you and me and all) that GDPR applies to INDIVIDUALS Personal Data and not to any kind o business accounts.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 01:04:57 am
Aficionado, your questions are legit.
(I did not test if deleting the account deletes all the user's ads, but I gues it does).
Now if the account is deleted and the ads remain in the webpage, they remain also with contact posibility (email and maybe phone nr). If you anonymise the email and phone, how can a buyer contact the seller?

This rises another issue of dealing with the users that posted ads without an account....

Also keep in mind (you and me and all) that GDPR applies to INDIVIDUALS Personal Data and not to any kind o business accounts.

Before we start talking about code solutions, the algorithm must be clear... This anonymisation is not so clear in this classifields area if the ads remain on site without the main purpose of a classifield website.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 07:55:49 pm
I understood (by information from my country), any website need be very expicit with privacy policy. How the website intend to do with that data information of users, and that need be very, but very explicit, and very, very simple (short as possible with good visibility), to users understand. Indeed, the admin of website, need to inform all users if something happened with that data information, and if admin not did that in some period of time will be punished with heavy fines. And the priority is really inform the entities regulators of the same problem as soon as possible, or can be a much more huge problem.

Why exists other rules beyond these? On my country I don't see any other revelant new rules.

If admin need export user information data to other companies, or other situation, before any registrations of users, need contain that information to users agree. Of course, you as admin cannot use that information data, if before your users are already registered without that previous information on register form. On my opinion, old users need edit your user profile and agree with new rules, or they cannot post ads. A simple function can do that, to redirect to profile settings page and display a flash message, Just a example. User will decide, and he have a button to remove own account too, it make part of the rules.

For non register users, to publish new ads he need agree with a checkbox, and just that.

A simple plugin can do that using hooks, is not need change any theme.

Edit:

Another priority things:

On user profile need existing options to user choose, if will be public or not on public profile, like: real names, real location, fiscal number, and others to reveal a entity of a real person.

The rules want protect user information data, and what admin and companies intent to do with that content, the need be explicit in public. The responsability is totally of companies to keep safe the content data of users.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: cartagena68 on May 08, 2018, 08:18:32 pm
Is not just the consent, you must give tools to users to access the data, to download the data etc...
https://www.eugdpr.org/the-regulation.html
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 08:26:05 pm
I propose that who has a solution for at least a point in the gdpr and wants to share it, should do it here. To much talk and no solutions....

For example lets resolve the anonymisation of data. Is it usefull for osclass or not. If yes how to solve it. If not, is the deletion of account enough?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 08:38:13 pm

For example lets resolve the anonymisation of data. Is it usefull for osclass or not. If yes how to solve it. If not, is the deletion of account enough?

Of cource deleting the account is enough. Ads are also gone.

As for the rest:

https://gdpr.report/news/2017/11/07/data-masking-anonymisation-pseudonymisation/
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 08:40:40 pm
I propose that who has a solution for at least a point in the gdpr and wants to share it, should do it here. To much talk and no solutions....


But solutions require to be a programmer. So the rest of us can only talk.

Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 08:45:22 pm
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

Right to access:

He have access to your own info. He can copy all information in an electronic format. He can: erase, edit, Copy/paste and save is not enought to him? He have a computer, so the minimal he can do is save the file on notpad.

To right to be forgotten:

Another option in profile settings to user choose. Admin need be alerted when the options was edited by user.

I don't see anything special to do on user side to follow the rules, just simple things to do. Just my opinion.

A simple free plugin can do that, by hooks, no need change current theme.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 08:49:19 pm
I propose that who has a solution for at least a point in the gdpr and wants to share it, should do it here. To much talk and no solutions....


But solutions require to be a programmer. So the rest of us can only talk.

You are right. I came with some solutions. Others can do the same.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 08:52:58 pm
A simple free plugin can do that, by hooks, no need change current theme.
Regards
Here i agree with you. You can do this with some hooks, but this it not impossible to do. And in my opinion this is not so big deal only some transparency about the data you collect about your users.

The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 08:53:07 pm
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

Right to access:

He have access to your own info. He can copy all information in an electronic format. He can: erase, edit, Copy/paste and save is not enought to him? He have a computer, so the minimal he can do is save the file on notpad.

To right to be forgotten:

Another option in profile settings to user choose. Admin need be alerted when the options was edited by user.

I don't see anything special to do on user side to follow the rules, just simple things to do. Just my opinion.

A simple free plugin can do that, by hooks, no need change current theme.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards
Read the topic from the begining. You will find some replies from me with basic solutions, except the data stored by plugins.


Regarding forgoting the user, I gues deletion of it's account resolves that, among anonymisation. What do you think?
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 08:56:48 pm
A simple free plugin can do that, by hooks, no need change current theme.
Regards
Here i agree with you. You can do this with some hooks, but this it not impossible to do. And in my opinion this is not so big dal only some transparency about the data you collect about your users.

The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.

Calin, can the export of pictures and item info be considered to be 'done' if you put a button on item's page with save html page?   What do you think.


Edit:
Or make a new page on wich you dump all items with their infos and pictures, and then use the save html page button.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 09:01:56 pm
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards

Because GDPR says so. Users should be able to get their data in downloadable format (still i haven't seen that anywhere).

An other thing missing is the way we MUST alert users in case of a hack or something. No way to do that with Osclass and even if there was a way, i have thousands of users and mass email them is not tecnically possible (for me).

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 09:03:39 pm
The easy way to check what you need to provide to your users is to see on google or facebook. A simple html format of the page, i think that this is not enough.
It simple, go in your google or facebook account and you will find the option to export your data.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 09:04:05 pm


The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.

maybe some kind of ZIPing all together the images and the exported text ?
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 09:05:28 pm


The issue remain with the option to export the data stored. You have to provide this on your users. And here is the issue. All the ads and images and the stored data which is related with the user.

maybe some kind of ZIPing all together the images and the exported text ?

Google and facebook provide a zip archive with this data.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 09:07:11 pm
Why a user need download from your own data information? He can see what he did on registration account, and on your profile settings, inclusive delete your own account.

Right to access:

He have access to your own info. He can copy all information in an electronic format. He can: erase, edit, Copy/paste and save is not enought to him? He have a computer, so the minimal he can do is save the file on notpad.

To right to be forgotten:

Another option in profile settings to user choose. Admin need be alerted when the options was edited by user.

I don't see anything special to do on user side to follow the rules, just simple things to do. Just my opinion.

A simple free plugin can do that, by hooks, no need change current theme.

So in your opinion what missing? Because I see a lot of information here, but I don't see anything like a list job to do a plugin.

Regards
Read the topic from the begining. You will find some replies from me with basic solutions, except the data stored by plugins.


Regarding forgoting the user, I gues deletion of it's account resolves that, among anonymisation. What do you think?


I not will read all pages of this topic.  ???

I think is more easy, if someone can create a list, is just a start to try do something.

If user delete own account all ads related and all information will be deleted. You can try use a subdomain and clone your website content with your users, and delete their accounts, to check that. On database I think not exists duplicate content, or something similar to do store these type of information.

To users not registered, these data, I no idea, I never checked before for this type of content, what exists on database with that or temporary, etc. But it need be temporary, or no make sense to store data not used.

I back later to this topic, now I need leave.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 09:08:58 pm
I'll try to make a static page unlisted in footer, in wich to dump all user related data( user profile and items) that when finishes loading prompts the user to save it as html page, thus saving all the images from it in a folder. It will not load the host server with archives etc.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 09:11:55 pm
Ok i tried that on Facebook. After my request i got an email that my "archive" is currently building and i will be notified.

One minute later, i was able to download a ZIP file, with everything in HTML format.



Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 09:15:15 pm
@fog SO is the deletion of user and item solving the forgot rule?

@Aficionado I think html format is good for export.

@Calin What is your opinion?
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 09:19:25 pm
Ok i tried that on Facebook. After my request i got an email that my "archive" is currently building and i will be notified.

One minute later, i was able to download a ZIP file, with everything in HTML format.





Yes.But all the data is in your pc in those folders. Images and style. This will be hard.

@fog SO is the deletion of user and item solving the forgot rule?

@Aficionado I think html format is good for export.

@Calin What is your opinion?

As long as the data is in that archive and the html page does not have to take pictures or style from the original site. I think it will be okay.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 09:25:28 pm
Good.

I export now the user data , except items like this

https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161276/#msg161276

I will post the solution including images, that will include this one.

EDIT.
I tested with blocked and published item on a new registered account.
Deleting the account deletes all ads.
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 08, 2018, 09:31:25 pm
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 09:37:41 pm
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services

That's why I'll make this solution with a new page in which all the data will be published only for the logged user.
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 08, 2018, 09:57:37 pm
This is Google, Facebook. Some big fish with resources. We are small, with little resources, so this will be hard for a small business. To allow a safe export of this data you have to store this on your server, and allow acces to that data oly to the right owner. Imagine if you have 1000 ads with images how much space this images  take from your server.

I see no option like this on olx. at least on olx.ro. But some extra info about data collection from google analytics and other services

What if you ZIP it on request and then its removed from the server after download? Basically a session file of some kind.
Does anyone know if there is a helper in form if(cookies=accepted) do this... then we would be able to put this over all scripts that make third-party cookies to prevent the load before accepting cookies.

As for other data, contact form should only include a note that data won't be stored and only used for email communication from buyer to seller.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 10:10:34 pm
Quote from: marius-ciclistu
@fog SO is the deletion of user and item solving the forgot rule?

If you not have any special plugin to store any data of user, in a different custom table, yes, deleting account will erase all.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 10:18:54 pm
Ok. By chance, does any of you know how to load views in static page?
I know I saw in the forums in the past the solution but now I can't find it.

osc_user() returns nothing but osc_logged_user_id() works fine...
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 10:33:51 pm
Don't know if is that you need, to get user id. If not, sorry.

Code: [Select]
<?php //$user = User::newInstance()->findByPrimaryKey( osc_item_user_id() );
//View::newInstance()->_exportVariableToView('user', $user);
?>


<?php $id osc_item_user_id(); $user User::newInstance()->findByPrimaryKey($id); ?>
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 10:40:06 pm
That's it. I found it just before reading your post, but thank you:)
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 10:53:18 pm
Okay, here's what I'm going to do.


That's all that I could remember. Do I need anything else?

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 08, 2018, 10:56:49 pm
I managed to disable all cookies apart from necessary ones.
It's quite easy, as European cookie law plugin by Conejo has this function:
Code: [Select]
if (jQuery.cookie('cc_cookie_accept') == "cc_cookie_accept") {
Just install this plugin, wrap the if sentence around analytics, pixel, adsense, addthis and whatever makes cookies on your website and all cookies will be disabled if you choose to do so.

Although the law requires for this to be changed easily, so I must still figure it out how to make a link for this notification window to reappear on demand to change the consent.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 10:57:41 pm
Add a modal at first visit:
Modal will ask to accept TOS
If user accepts, it will save a cookie that it accepted. If not, it will redirect him to some kind of access denied page.

You will loose seo if you do that.... the session cookie is "accepted" .... or nor, but lets say it is if the users are not posting comments or items(if you allow them to do that without registration).
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 10:59:50 pm
Add a modal at first visit:
Modal will ask to accept TOS
If user accepts, it will save a cookie that it accepted. If not, it will redirect him to some kind of access denied page.

You will loose seo if you do that.... the session cookie is "accepted" .... or nor, but lets say it is if the users are not posting comments or items(if you allow them to do that without registration).

Well, users can't comment or post ads without logging in. I guess I could add that modal only for existing users (if they are logged in). That should not affect SEO.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 11:04:03 pm
I managed to disable all cookies apart from necessary ones.
It's quite easy, as European cookie law plugin by Conejo has this function:
Code: [Select]
if (jQuery.cookie('cc_cookie_accept') == "cc_cookie_accept") {
Just install this plugin, wrap the if sentence around analytics, pixel, adsense, addthis and whatever makes cookies on your website and all cookies will be disabled if you choose to do so.

Although the law requires for this to be changed easily, so I must still figure it out how to make a link for this notification window to reappear on demand to change the consent.

Is this the plugin you are talking about: https://market.osclass.org/plugins/analytics/european-cookie-law_85?

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 11:06:00 pm
Okay, here's what I'm going to do.

  • Add the following in my TOS:
  • What data we collect?
  • How do we use the data we collect?
  • Add the following at the registration page:
  • Uncheck "I accept TOS" and hide "Submit" button until user accepts them.
  • Checkbox to show user data (address and contact information) on their public profile.
  • Add the following at the ad post page:
  • Checkbox to show user phone on the ad page.
  • Checkbox to show user email on the ad page (already exists?).
  • Checkbox to show user address on the ad page.
  • Add a modal at first visit:
  • Modal will ask to accept TOS
  • If user accepts, it will save a cookie that it accepted. If not, it will redirect him to some kind of access denied page.
  • Add at user profile:
  • Download user data.
  • Delete user.
  • EVENTUALLY - download user items

That's all that I could remember. Do I need anything else?

Regards.

Just for curiosity, why you needed get number of views? I meant, related with GDPR. That data information need be exported too by user including inside of file downloaded?

So, all data, it will need be really all data related with items published too. That's crazy.

After read your last post with your list...

I don't like cookies, and users avoid them too. Maybe it can be done by session values without cookies, and after post a item delete that variable sessions, or after register, etc.

Yes, a checkbox to display email already exists to non registered users, but on item post form, and not on profile settings if I'm not wrong.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 11:11:05 pm
I asked nothing about the views, that was @marius-ciclistu. ;)

About the cookies, only registered users can post ads so I could store a value that will say that they accepted the terms of service in the database. About the checkbox values, I will save them using a attributes plugin.

Regards-
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 08, 2018, 11:11:35 pm
Guys how to use the results of this query
osc_query_item("author=$userId");

in static page?
The functions ends with

View::newInstance()->_exportVariableToView("customItems", $mSearch->doSearch());

and it's located in osclass/helpers/hItems.php
Thank you.


edit.
Got it
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 11:16:08 pm
I asked nothing about the views, that was @marius-ciclistu. ;)

About the cookies, only registered users can post ads so I could store a value that will say that they accepted the terms of service in the database. About the checkbox values, I will save them using a attributes plugin.

Regards-

I'm sorry, my mistake, was not marius-ciclistu posted the list. The message was mixed, and is for you both (marius-ciclistu, patrickFromCroatia). Sorry again.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 11:17:03 pm
No problem. ;)




I might have an idea, there are some developers here (I am too, but a beginner). If we can join, we can probably do this.
Someone can do the plugin for checkboxes at item post and registration form. Someone can try to create a function/plugin to export data for users. Someone can try to create a function/plugin to export user items. Someone can create a simple function/plugin to show a "Delete user" button at the user page.

It would be much easier if everybody does something.

Edit:
Delete feature already exists.
Someone can create a simple function/plugin to show a "Delete user" button at the user page.
Isn't that part of user menu by default?
I mean this inside functions:
Code: [Select]
$options[] = array(
                'name'  => __('Delete account', 'bender'),
                'url'   => '#',
                'class' => 'opt_delete_account'
            );

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 08, 2018, 11:17:56 pm
I managed to disable all cookies apart from necessary ones.
It's quite easy, as European cookie law plugin by Conejo has this function:
Code: [Select]
if (jQuery.cookie('cc_cookie_accept') == "cc_cookie_accept") {
Just install this plugin, wrap the if sentence around analytics, pixel, adsense, addthis and whatever makes cookies on your website and all cookies will be disabled if you choose to do so.

Although the law requires for this to be changed easily, so I must still figure it out how to make a link for this notification window to reappear on demand to change the consent.

Is this the plugin you are talking about: https://market.osclass.org/plugins/analytics/european-cookie-law_85?

Regards.

Yep, that's the one. Check here for more documentation if you need to adjust things: http://cookiecuttr.com/

Someone can create a simple function/plugin to show a "Delete user" button at the user page.
Isn't that part of user menu by default?
I mean this inside functions:
Code: [Select]
$options[] = array(
                'name'  => __('Delete account', 'bender'),
                'url'   => '#',
                'class' => 'opt_delete_account'
            );
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 11:20:29 pm
I managed to disable all cookies apart from necessary ones.
It's quite easy, as European cookie law plugin by Conejo has this function:
Code: [Select]
if (jQuery.cookie('cc_cookie_accept') == "cc_cookie_accept") {
Just install this plugin, wrap the if sentence around analytics, pixel, adsense, addthis and whatever makes cookies on your website and all cookies will be disabled if you choose to do so.

Although the law requires for this to be changed easily, so I must still figure it out how to make a link for this notification window to reappear on demand to change the consent.

Is this the plugin you are talking about: https://market.osclass.org/plugins/analytics/european-cookie-law_85?

Regards.

Yep, that's the one. Check here for more documentation if you need to adjust things: http://cookiecuttr.com/

Thanks.

Edit: Yes, the delete button already exists. Fixed. ;)

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 08, 2018, 11:40:40 pm

I might have an idea, there are some developers here (I am too, but a beginner). If we can join, we can probably do this.
Someone can do the plugin for checkboxes at item post and registration form. Someone can try to create a function/plugin to export data for users. Someone can try to create a function/plugin to export user items. Someone can create a simple function/plugin to show a "Delete user" button at the user page.

It would be much easier if everybody does something.

I understand your idea, and of course is good, but the problem is:

Why osclass team do not says anything about this long topic? That was created a long time ago, and we read him, inclusive they.

They can say what is the correct path to follow, they are the correct people to do that.

I think we will lose our time with something wrong or obsolete, or with a different sctructure, when they broke the silence. That for me is time lost to do something now.

That's, I'm affraid can happens that, must sure will.

I suggest we need wait for some notice from them.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 08, 2018, 11:46:17 pm

I might have an idea, there are some developers here (I am too, but a beginner). If we can join, we can probably do this.
Someone can do the plugin for checkboxes at item post and registration form. Someone can try to create a function/plugin to export data for users. Someone can try to create a function/plugin to export user items. Someone can create a simple function/plugin to show a "Delete user" button at the user page.

It would be much easier if everybody does something.

I understand your idea, and of course is good, but the problem is:

Why osclass team do not says anything about this long topic? That was created a long time ago, and we read him, inclusive they.

They can say what is the correct path to follow, they are the correct people to do that.

I think we will lose our time with something wrong or obsolete, or with a different sctructure, when they broke the silence. That for me is time lost to do something now.

That's, I'm affraid can happens that, must sure will.

I suggest we need wait for some notice from them.

Regards

It would be perfect if the osclass team would do what is needed or at least help, but there is not too much time left. I will continue checking the forums to see if they will do something about this, but until then I will try to do something myself. I just added checkboxes to accept TOS and to show or not user data at his public profile to registration.

EDIT: Custom user fields tutorial: https://forums.osclass.org/development/changing-item-url-(in-user-account)-28145/

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 08, 2018, 11:52:56 pm

I not will read all pages of this topic.  ???


Nice to know that, thanks. Be sure to come back when we have something ready.
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 09, 2018, 12:02:51 am
Of course, I not intend interrupt anything. But on my opinion, GDPR will check big companies first with your data of users. Osclass on the list, we don't know when. So, the osclass market need add the new apdates of that GDPR right? So, I will wait for see what changes will be implanted on osclass market. They have personal data of all of world, or almost all countries in eurpean union and out.

I'm not worried with nothing until see what they will do. I bet they already started. So I need see with my eyes on my user profile, what they will do to follow something to do.

@aficionado, that is very wrong from you.

My opinion is, a big storm on a water glass so far. Learn to wait is a good think. You said your words, but I don't need do anything now. For other hand, if I ask for something to other people to do, the minimal I will do is make a list with priorities I will need. That's why I said "I not will read all the pages of this topic"... is more easy someone create a list for what is needed to do. Indeed, someone did that, but was not from you. Please, I hope you understand wrong, and now understand my reason.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 09, 2018, 12:05:32 am
Or maybe I understood wrong. Sorry @aficionado if was that, my bad. Peace. Yes I will back, but on the certain circumstances I posted here.

Thanks
Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 09, 2018, 01:02:31 am
Solution for dumping data about user account, alerts and items WITHOUT ARCHIVE


1. Create a new static page in admin with slug 'export' and DO NOT SHOW THE LINK in the footer.
2. Create 'page-export.php' in oc-content/themes/bender/


EDITED
Added custom fields.

EDITED
Added alerts


Code: [Select]
<?php
    
/*
     *      Osclass – software for creating and publishing online classified
     *                           advertising platforms
     *
     *                        Copyright (C) 2014 OSCLASS
     *
     *       This program is free software: you can redistribute it and/or
     *     modify it under the terms of the GNU Affero General Public License
     *     as published by the Free Software Foundation, either version 3 of
     *            the License, or (at your option) any later version.
     *
     *     This program is distributed in the hope that it will be useful, but
     *         WITHOUT ANY WARRANTY; without even the implied warranty of
     *        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     *             GNU Affero General Public License for more details.
     *
     *      You should have received a copy of the GNU Affero General Public
     * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
     */

    // meta tag robots
    
osc_add_hook('header','bender_nofollow_construct');

    
bender_add_body_class('page');
    
osc_current_web_theme_path('header.php') ;
?>

<h1><?php echo osc_static_page_title(); ?></h1>
<?php echo osc_static_page_text(); 

if(
osc_is_web_user_logged_in()) {
    
$baseUrl=osc_base_url();
    
$userId=osc_logged_user_id();
    
$user User::newInstance()->findByPrimaryKey($userId);

    unset(
$user['s_secret']);
    unset(
$user['s_password']);
    echo 
'<br/>*For download, save this page (if you are using a computer press CTRL+S).<br/><br/><h2>Summary account data:</h2><br/><br/>';
    foreach(
$user as $k => $v)
    {   
        if(!
is_array($v)){
            if(
$v) {echo "<b>$k: </b>$v,<br>";}
        }
        else
        {
            echo 
"<b>$k: </b><br/>";
            foreach(
$v as $country => $locale){
                echo 
" ****<b>$country:</b><br/>";
                foreach(
$locale as $lk => $lv){
                    if(
$lv) {
                        echo 
" ********<b>$lk: </b>$lv,<br/>";
                        
                    }
                    
                    
                }
                
            }

        }
        
    }

    echo 
'<br/><br/><h2>Summary alerts data:</h2><br/><br/>';
    
$alerts Alerts::newInstance()->findByUser($userIdtrue );

    foreach(
$alerts as $alert)
    {   unset(
$alert['s_secret']);
        
$alert['s_search'] = json_decode($alert['s_search'], true);

        foreach(
$alert as $k => $v)
        {
            if(!
is_array($v)) {
                echo 
"<b>$k:</b>$v</br>";
            } else {
                               
                foreach(
$v as $kk => $vv){
                    
                    if(!
is_array($vv)) {
                        echo 
"****<b> $kk:</b> $vv</br>";
                    } else {
                        foreach(
$vv as $kkk => $vvv){
                            if(
strpos($kkk'catched') >= ){
                                
$re explode("'"$vvv);
                                echo 
"********<b> $kkk:</b> $re[1]";
            
                                if(isset(
$re[3])) {
                                    echo 
" - $re[3]</br>";
                                } else {
                                    echo 
"</br>";
                                }
                            } else {
                               echo 
"********<b> $kkk:</b> $vvv</br>";
                            }
                        }
                    }
                }
            }
        }
    }


    
osc_query_item(array('author' => $userId'results_per_page' => 10000));

    echo 
'<br/><br/><h2>Summary items:</h2><br/><br/>';
    
$items=View::newInstance()->_get('customItems');

    foreach(
$items as $item)
    {   unset(
$item['s_secret']);

        foreach(
$item as $k => $v)
        {
            if(!
is_array($v)) {
                if(
$v) {
                    echo 
"<b>$k: </b>$v,<br/>";
                }
            }
            else
            {
                echo 
"<b>$k: </b><br/>";

                foreach(
$v as $country => $locale){
                    echo 
" ****<b>$country:</b><br/>";

                    foreach(
$locale as $lk => $lv){

                        if(
$lv) {
                            echo 
" ********<b>$lk: </b>$lv,<br/>";
                            
                        }
                        
                        
                    }
                    
                }

            }
            
        }

        
View::newInstance()->_exportVariableToView('metafields'Item::newInstance()->metaFields($item['pk_i_id']) );
        
$custom_fields=View::newInstance()->_get('metafields');

        foreach (
$custom_fields as $custom_field){
            echo 
'"' $custom_field['s_name'] . '": "' $custom_field['s_value'] . '"' ",<br/>";
        }
        
        
View::newInstance()->_exportVariableToView('resources'ItemResource::newInstance()->getAllResourcesFromItem($item['pk_i_id']) );
        
$pictures=View::newInstance()->_get('resources');

        foreach(
$pictures as $picture){
            echo 
'<img src="' $baseUrl $picture['s_path'] . $picture['pk_i_id'] . '.' $picture['s_extension'] . '">';
            
        }
        echo 
"<hr/>";
    }
    
} else {
    
header('Location: 'osc_base_url() . 'user/login');
}

?>


<?php if( osc_get_preference('homepage-728x90''bender') != '') { ?>
<!-- homepage ad 728x60-->
<div class="ads_728">
    <?php echo osc_get_preference('homepage-728x90''bender'); ?>
</div>
<!-- /homepage ad 728x60-->
<?php ?>
<?php osc_current_web_theme_path('footer.php') ; ?>

3. in bender's functions.php
(replaces this https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161276/#msg161276)

Code: [Select]
function mc_export_html_info_user($usr) {

echo '<br/><br/><span class="ui-button" onclick="window.location = \'' . osc_base_url() . 'export-pXX' . '\';">Export personal data</span>';

}
osc_add_hook('user_form', 'mc_export_html_info_user');
REPLACE XX with export's page id
Title: Re: GDPR Compliance and Osclass script
Post by: fog on May 09, 2018, 02:08:18 am
Hi, I admire you arround this. But I don't understand why you need an dynamic page on your code, and user need create a static page. I think you can avoid these all troubles.

A simple plugin to install, and use the proper hook after form will do the job. That page export.php file can stay inside the plugin, and will reduce code. On index.php of plugin you can add the functions needed, including your button to export with a file, someting like: require_once( 'user_form.php') . You will need  a independent form after submit button of profile settings page.

Is only my suggestion, and no needs any action, just install plugin, and the proper hook will display your custom form on profile settings on current theme. That is the first part, independently of anything, is just a proper way to do it.

I not test anything, like I said, just a suggestion to you start something to avoid other troubles on your code.

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 09, 2018, 08:09:49 am
I do not use plugins so that's my way of solving this... The issue is that limit of 10 items...

Who doesn't like my solution can search another one or pay a developer to solve his need.

And I'll add some js to load all images only onclick to speed up the process for the users that don't want to save the images.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 09, 2018, 01:41:20 pm
I do not use plugins so that's my way of solving this... The issue is that limit of 10 items...


I think the "10" limit is from here:

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 09, 2018, 06:38:59 pm
More and more big players are in sync with GDPR.

See some interesting COOKIES approach:

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 09, 2018, 08:09:25 pm
I solved the limit issue.
    osc_query_item(array('author' => $userId, 'results_per_page' => 10000));
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 09, 2018, 10:35:57 pm
Calin, what do you think? IS this a good and "cheap"(from host space point of view) solution?

Of course each one that uses it, could customize the html/css of the page.
edit.
You do realize that now it would be easier to export your items and move them to another ads site..that means that sites like olx etc will not give their users this opportunity. :))



Next point to solve?
Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 09, 2018, 10:38:13 pm
Calin, what do you think? IS this a good and "cheap"(from host space point of view) solution?

Of course each one that uses it, could customize the html/css of the page.

Next point to solve?

My vision it little different and you will see that in the next update of the plugin. I am working on this.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 09, 2018, 10:44:36 pm
Ok. I wil not see it, as I don't even look at the plugin's code:)
Anyway thanks to all. With this occasion I solved this images /items export.

I wait for other possible unhandled requirements of GDPR that I missed.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 10, 2018, 11:39:19 pm
Solution for dumping data about user account and items


1. Create a new static page in admin with slug 'export' and DO NOT SHOW THE LINK in the footer.
2. Create 'page-export.php' in oc-content/themes/bender/
EDIT

   osc_query_item("author=$userId");

    $items=View::newInstance()->_get('customItems');
This retrieves only 10 items. Does anyone know the solution to get them all?

Solved

Code: [Select]
<?php
    
/*
     *      Osclass – software for creating and publishing online classified
     *                           advertising platforms
     *
     *                        Copyright (C) 2014 OSCLASS
     *
     *       This program is free software: you can redistribute it and/or
     *     modify it under the terms of the GNU Affero General Public License
     *     as published by the Free Software Foundation, either version 3 of
     *            the License, or (at your option) any later version.
     *
     *     This program is distributed in the hope that it will be useful, but
     *         WITHOUT ANY WARRANTY; without even the implied warranty of
     *        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     *             GNU Affero General Public License for more details.
     *
     *      You should have received a copy of the GNU Affero General Public
     * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
     */

    // meta tag robots
    
osc_add_hook('header','bender_nofollow_construct');

    
bender_add_body_class('page');
    
osc_current_web_theme_path('header.php') ;
?>

<h1><?php echo osc_static_page_title(); ?></h1>
<?php echo osc_static_page_text(); 

if(
osc_is_web_user_logged_in()) {
    
$baseUrl=osc_base_url();
    
$userId=osc_logged_user_id();
    
$user User::newInstance()->findByPrimaryKey($userId);

    unset(
$user['s_secret']);
    unset(
$user['s_password']);
    echo 
'<br/>*For download, save this page (if you are using a computer press CTRL+S).<br/><br/><h2>Summary account data:</h2><br/><br/>';
    foreach(
$user as $k => $v)
    {   
        if(!
is_array($v)){
            if(
$v) {echo "<b>$k: </b>$v,<br>";}
        }
        else
        {
            echo 
"<b>$k: </b><br/>";
            foreach(
$v as $country => $locale){
                echo 
" ****<b>$country:</b><br/>";
                foreach(
$locale as $lk => $lv){
                    if(
$lv) {
                        echo 
" ********<b>$lk: </b>$lv,<br/>";
                        
                    }
                    
                    
                }
                
            }

        }
        
    }
        
osc_query_item(array('author' => $userId'results_per_page' => 10000));

    echo 
'<br/><br/><h2>Summary items:</h2><br/><br/>';
    
$items=View::newInstance()->_get('customItems');

    foreach(
$items as $item)
    {   unset(
$item['s_secret']);

        foreach(
$item as $k => $v)
        {
            if(!
is_array($v)) {
                if(
$v) {
                    echo 
"<b>$k: </b>$v,<br/>";
                }
            }
            else
            {
                echo 
"<b>$k: </b><br/>";

                foreach(
$v as $country => $locale){
                    echo 
" ****<b>$country:</b><br/>";

                    foreach(
$locale as $lk => $lv){

                        if(
$lv) {
                            echo 
" ********<b>$lk: </b>$lv,<br/>";
                            
                        }
                        
                        
                    }
                    
                }

            }
            
        }
        
        
View::newInstance()->_exportVariableToView('metafields'Item::newInstance()->metaFields($item['pk_i_id']) );
        
$custom_fields=View::newInstance()->_get('metafields');

        foreach (
$custom_fields as $custom_field){
            echo 
'"' $custom_field['s_name'] . '": "' $custom_field['s_value'] . '"' ",<br/>";
        }

        
View::newInstance()->_exportVariableToView('resources'ItemResource::newInstance()->getAllResourcesFromItem($item['pk_i_id']) );
        
$pictures=View::newInstance()->_get('resources');

        foreach(
$pictures as $picture){
            echo 
'<img src="' $baseUrl $picture['s_path'] . $picture['pk_i_id'] . '.' $picture['s_extension'] . '">';
            
        }
        echo 
"<hr/>";
    }
    
} else {
    
header('Location: 'osc_base_url() . 'user/login');
}

?>


<?php if( osc_get_preference('homepage-728x90''bender') != '') { ?>
<!-- homepage ad 728x60-->
<div class="ads_728">
    <?php echo osc_get_preference('homepage-728x90''bender'); ?>
</div>
<!-- /homepage ad 728x60-->
<?php ?>
<?php osc_current_web_theme_path('footer.php') ; ?>

3. in bender's functions.php
(replaces this https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161276/#msg161276)

Code: [Select]
function mc_export_html_info_user($usr) {

echo '<br/><br/><span class="ui-button" onclick="window.location = \'' . osc_base_url() . 'export-pXX' . '\';">Export personal data</span>';

}
osc_add_hook('user_form', 'mc_export_html_info_user');
REPLACE XX with export's page id

I used your solution on my website and it's awesome. Thanks a lot for this.

P.S.
If someone (like me) is using OsclassWizards theme, replace this code:

Code: [Select]
    osc_add_hook('header','bender_nofollow_construct');

    bender_add_body_class('page');
    osc_current_web_theme_path('header.php') ;

With this one:

Code: [Select]
    osc_add_hook('header','osclasswizards_nofollow_construct');

    osclasswizards_add_body_class('page');
    osc_current_web_theme_path('header.php') ;

EDIT: Code fixed by @marius-ciclistu, custom fields now showing.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 11, 2018, 12:35:26 am
https://wptavern.com/wordpress-4-9-6-beta-1-adds-tools-for-gdpr-compliance

Wordpress adds also GDPR for its own services (what kind of information is exchanged between Wordpress.org and the sites using WP script etc etc).

Read all the info, very interesting what they do and how.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 11, 2018, 12:47:56 am
https://wptavern.com/wordpress-4-9-6-beta-1-adds-tools-for-gdpr-compliance

Wordpress adds also GDPR for its own services (what kind of information is exchanged between Wordpress.org and the sites using WP script etc etc).

Read all the info, very interesting what they do and how.

That's nice. ;) It would be nice if there are some GDPR regulations for BuddyPress plugin.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 11, 2018, 12:52:41 am

That's nice. ;) It would be nice if there are some GDPR regulations for BuddyPress plugin.


https://buddypress.trac.wordpress.org/ticket/7698
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 11, 2018, 01:34:25 am

That's nice. ;) It would be nice if there are some GDPR regulations for BuddyPress plugin.


https://buddypress.trac.wordpress.org/ticket/7698

Thanks. I hope the new version releases soon. :D

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 11, 2018, 02:17:29 am
It seems that it will be a while for most scripts to be compliant, and that is fine.

But at least they talk about it and prepare for it.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 11, 2018, 09:42:24 am
For chance, does someone know if the osclass core sends something to osclass (excepting plugins) if the connection to the market was never made?

I ask because Aficionado mentioned something about WP in regard to this( or I've read it in one of the links he posted).
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 11, 2018, 01:08:12 pm
For chance, does someone know if the osclass core sends something to osclass (excepting plugins) if the connection to the market was never made?

I ask because Aficionado mentioned something about WP in regard to this( or I've read it in one of the links he posted).

I think there is a checkbox at the installation where the script asks you to send usage reports or something like that to osclass.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 11, 2018, 01:46:26 pm
For chance, does someone know if the osclass core sends something to osclass (excepting plugins) if the connection to the market was never made?

I ask because Aficionado mentioned something about WP in regard to this( or I've read it in one of the links he posted).

Is this something we have to guess or probably look at the code to know.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 11, 2018, 02:10:19 pm
For chance, does someone know if the osclass core sends something to osclass (excepting plugins) if the connection to the market was never made?

I ask because Aficionado mentioned something about WP in regard to this( or I've read it in one of the links he posted).

I think there is a checkbox at the installation where the script asks you to send usage reports or something like that to osclass.

Regards.

I found this in preference table in osc DB:

(https://s7.postimg.cc/ldbjr8y7b/error_reporting.png) (https://postimg.cc/image/ldbjr8y7b/)

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 11, 2018, 04:46:43 pm
Thank you. I'll look in the core for that field.
Edit
Who has that enabled, should adapt their TOS.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 11, 2018, 06:43:50 pm
Update on google analitics accept. https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161843/#msg161843

Added accept indefinitely

Code: [Select]
            <button onclick='g_a_user_accept();$(\"#gaaccept\").hide();set_gaaccept();'>Accept</button>
            <button onclick='g_a_user_accept();$(\"#gaaccept\").hide();set_gaaccept(\"local\");'>Accept indefinitely</button>

Code: [Select]
    function set_gaaccept(place = 'session'){
        switch (place) {
            case 'local':
                localStorage['gauseraccept'] = 'accepted';
                break;
            default:       
                sessionStorage['gauseraccept'] = 'accepted';
        }
    }

Code: [Select]
    if((localStorage['gauseraccept'] && localStorage['gauseraccept'] == 'accepted') || (sessionStorage['gauseraccept'] && sessionStorage['gauseraccept'] == 'accepted')){
          g_a_user_accept();
    } else {
       
        $('#gaaccept').show();
    }
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 12, 2018, 12:29:56 am
Solution for dumping data about user account and items


1. Create a new static page in admin with slug 'export' and DO NOT SHOW THE LINK in the footer.
2. Create 'page-export.php' in oc-content/themes/bender/
EDIT

   osc_query_item("author=$userId");

    $items=View::newInstance()->_get('customItems');
This retrieves only 10 items. Does anyone know the solution to get them all?

Solved

Code: [Select]
<?php
    
/*
     *      Osclass – software for creating and publishing online classified
     *                           advertising platforms
     *
     *                        Copyright (C) 2014 OSCLASS
     *
     *       This program is free software: you can redistribute it and/or
     *     modify it under the terms of the GNU Affero General Public License
     *     as published by the Free Software Foundation, either version 3 of
     *            the License, or (at your option) any later version.
     *
     *     This program is distributed in the hope that it will be useful, but
     *         WITHOUT ANY WARRANTY; without even the implied warranty of
     *        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     *             GNU Affero General Public License for more details.
     *
     *      You should have received a copy of the GNU Affero General Public
     * License along with this program.  If not, see <http://www.gnu.org/licenses/>.
     */

    // meta tag robots
    
osc_add_hook('header','bender_nofollow_construct');

    
bender_add_body_class('page');
    
osc_current_web_theme_path('header.php') ;
?>

<h1><?php echo osc_static_page_title(); ?></h1>
<?php echo osc_static_page_text(); 

if(
osc_is_web_user_logged_in()) {
    
$baseUrl=osc_base_url();
    
$userId=osc_logged_user_id();
    
$user User::newInstance()->findByPrimaryKey($userId);

    unset(
$user['s_secret']);
    unset(
$user['s_password']);
    echo 
'<br/>*For download, save this page (if you are using a computer press CTRL+S).<br/><br/><h2>Summary account data:</h2><br/><br/>';
    foreach(
$user as $k => $v)
    {   
        if(!
is_array($v)){
            if(
$v) {echo "<b>$k: </b>$v,<br>";}
        }
        else
        {
            echo 
"<b>$k: </b><br/>";
            foreach(
$v as $country => $locale){
                echo 
" ****<b>$country:</b><br/>";
                foreach(
$locale as $lk => $lv){
                    if(
$lv) {
                        echo 
" ********<b>$lk: </b>$lv,<br/>";
                        
                    }
                    
                    
                }
                
            }

        }
        
    }
        
osc_query_item(array('author' => $userId'results_per_page' => 10000));

    echo 
'<br/><br/><h2>Summary items:</h2><br/><br/>';
    
$items=View::newInstance()->_get('customItems');

    foreach(
$items as $item)
    {   unset(
$item['s_secret']);

        foreach(
$item as $k => $v)
        {
            if(!
is_array($v)) {
                if(
$v) {
                    echo 
"<b>$k: </b>$v,<br/>";
                }
            }
            else
            {
                echo 
"<b>$k: </b><br/>";

                foreach(
$v as $country => $locale){
                    echo 
" ****<b>$country:</b><br/>";

                    foreach(
$locale as $lk => $lv){

                        if(
$lv) {
                            echo 
" ********<b>$lk: </b>$lv,<br/>";
                            
                        }
                        
                        
                    }
                    
                }

            }
            
        }

        
View::newInstance()->_exportVariableToView('metafields'Item::newInstance()->metaFields($item['pk_i_id']) );
        
$custom_fields=View::newInstance()->_get('metafields');

        foreach (
$custom_fields as $custom_field){
            echo 
'"' $custom_field['s_name'] . '": "' $custom_field['s_value'] . '"' ",<br/>";
        }
        
        
View::newInstance()->_exportVariableToView('resources'ItemResource::newInstance()->getAllResourcesFromItem($item['pk_i_id']) );
        
$pictures=View::newInstance()->_get('resources');

        foreach(
$pictures as $picture){
            echo 
'<img src="' $baseUrl $picture['s_path'] . $picture['pk_i_id'] . '.' $picture['s_extension'] . '">';
            
        }
        echo 
"<hr/>";
    }
    
} else {
    
header('Location: 'osc_base_url() . 'user/login');
}

?>


<?php if( osc_get_preference('homepage-728x90''bender') != '') { ?>
<!-- homepage ad 728x60-->
<div class="ads_728">
    <?php echo osc_get_preference('homepage-728x90''bender'); ?>
</div>
<!-- /homepage ad 728x60-->
<?php ?>
<?php osc_current_web_theme_path('footer.php') ; ?>

3. in bender's functions.php
(replaces this https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg161276/#msg161276)

Code: [Select]
function mc_export_html_info_user($usr) {

echo '<br/><br/><span class="ui-button" onclick="window.location = \'' . osc_base_url() . 'export-pXX' . '\';">Export personal data</span>';

}
osc_add_hook('user_form', 'mc_export_html_info_user');
REPLACE XX with export's page id

Is there a way to get custom fields to show in this loop?


EDIT: Code fixed by @marius-ciclistu, custom fields now showing.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 12, 2018, 09:02:25 am
Yes. I forgot about them :))

Add

Code: [Select]
        View::newInstance()->_exportVariableToView('metafields', Item::newInstance()->metaFields($item['pk_i_id']) );
        $custom_fields=View::newInstance()->_get('metafields');

        foreach ($custom_fields as $custom_field){
            echo '"' . $custom_field['s_name'] . '": "' . $custom_field['s_value'] . '"' . ",<br/>";
        }
You can replace s_name with s_slug if you want.

I edited the main answer. Can you delete the initial answer from your quotes to make it clear.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 12, 2018, 03:56:01 pm
Thanks, it works. I edited the quotes.
BTW, is there any documentation for using "View" class? I see it used in many examples on this forums, but I actually have no idea how it works.

Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 12, 2018, 04:03:59 pm
I used it first with phalcon framework. I did not found documentation for osclass.
Title: Re: GDPR Compliance and Osclass script
Post by: patrickFromCroatia on May 12, 2018, 04:16:49 pm
Hmm, okay then. I will probably create a new topic to ask, maybe someone could explain it to me.



Solution to show custom plugin attributes in @marius-ciclistu's export code:

Code: [Select]
<?php
        
// ATTRIBUTES PLUGINS
        
$carAttr ModelCars::newInstance()->getCarAttr($item['pk_i_id']); // Modify model name and function by your plugin.
        
if(!empty($carAttr)) {
           foreach(
$carAttr as $k => $v) {
               if(empty(
$v)) {
                   continue;
               }
               echo 
"<tr>"// Used to show data in table, can be easily changed.
               
echo "<td>".$k."</td> <td>".$v."</td>";
               echo 
"</tr>";
           }
        }
?>


Regards.
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 16, 2018, 06:58:23 pm
I saw on opencart forums that you must sign confidenciality  contracts with those that have access to your site's data. Hosting, developers, payment processors, transport firms etc...
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 16, 2018, 07:05:16 pm
I saw on opencart forums that you must sign confidenciality  contracts with those that have access to your site's data. Hosting, developers, payment processors, transport firms etc...

I don't really think so. Simply because nobody will EVER be able to check for all that. Also there are millions of hobby sites that can't do that, they simply can't.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 16, 2018, 07:41:29 pm
Well..I don't know for shure, but it's reasonable to think that who has access to the personal data of your site's visitors/users should keep their confidenciality.
Title: Re: GDPR Compliance and Osclass script
Post by: lexosc on May 18, 2018, 11:01:14 am
I found some info about google analytics that may help:

Quote
Google Analytics is a perfect example of this kind of stat-driven reporting, but don't start worrying if you use this on your site; the basic configuration of Google Analytics which most people will use does not collect any identifying information and doesn't conflict with the GDPR, so no consent is required from the user. However, if we use something beyond the default configuration and turn on any of the following features:

User ID
Demographic reports
Remarketing functions
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 01:15:05 pm
The first attempt from Wordpress to be GDPR compliant is out as 4.9.6.

A lot of debate the last weeks between people that  believed that no core support for GDPR was needed and a plugin could do that. Apparently Wordpress team selected to include everything in the core and for me, it was a good decision because now they can also force the plugins and themes to be GDPR compliant.

The bad is the old WP versions will not have all that.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 04:03:19 pm
Only a week left until 25 May that we all should have (at leat a start with) GDPR compliance.

And we are not. And the excuse that others also are not, doesn't actually mean anything.


Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 18, 2018, 06:00:06 pm
Good news for wp. I have to resolve some wp sites.

Core mods are always the best choice.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 06:18:49 pm
I see two Osclass cookies for visitors. One named "osclass" that expire after the session.

I see one named "797009857a64e4f7e13a71eff3baec04" or something with Description "listing_iDisplayLenght%2160" but not always. Also the expiration is close to one MONTH BACK (25 Apr 2018!!). Any ideas from where that comes from and what it is ?

Thanks

Title: Re: GDPR Compliance and Osclass script
Post by: m6mmi on May 18, 2018, 06:59:40 pm
.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 08:49:23 pm
market.osclass.org published a GDRP plugin,

https://market.osclass.org/osclass-plugins/extra-fields-and-other/osclass-gdpr-plugin_i87

Experts can you please check tell your opinion, this is not sold on Osclass market.

There is NO SUCH thing, 404 from your link. Why you keep posting that ?

Title: Re: GDPR Compliance and Osclass script
Post by: calinbehtuk on May 18, 2018, 08:51:04 pm
market.osclass.org published a GDRP plugin,

https://market.osclass.org/osclass-plugins/extra-fields-and-other/osclass-gdpr-plugin_i87

Experts can you please check tell your opinion, this is not sold on Osclass market.


I am curious from where you get this link?
From the competition ;)
Title: Re: GDPR Compliance and Osclass script
Post by: tito on May 18, 2018, 08:53:34 pm
Offcourse from the competetion ;)

Osclass changes the link from the competition to market.osclass.org

So who is smart google the last part of the link ;)

Title: Re: GDPR Compliance and Osclass script
Post by: tito on May 18, 2018, 08:54:40 pm
hahahaha..   now murat  gets it :) :) :) :)
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 08:55:22 pm
Guys can you please stop posting links that lead to 404 errors ?

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 09:00:37 pm
Instead of all that, you all should be PUSHING Osclass team to include that in the core.

The rest is a waste of time and efforts.

GDPR is very important to be left to some 3rd party plugin, sold OUTSIDE Osclass Market.

Title: Re: GDPR Compliance and Osclass script
Post by: muratbora on May 18, 2018, 09:05:14 pm
How to push? Please start a campaign and we support you...Let us to know what to be done?
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 18, 2018, 09:07:53 pm
How to push? Please start a campaign and we support you...Let us to know what to be done?

I did. This topic. And also an other similar topic 6 months ago. What else to do ?

As you can see there is practically no interest. 6-7 people participate. No interest. Personally i'm highly disappointed from this both from serious users/devs here and of cource Osclass Team.

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 18, 2018, 09:50:21 pm
Small chances of a free gdpr compliant new core.....
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 20, 2018, 09:14:48 am
If it stops cookies from loading before user accept, it is ok...but it seemn that is for the previous law that states just to notify the user that you are using cookies.
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 24, 2018, 01:32:00 pm
Cookies are easy to solve, a few checkboxes and notices plus a great privacy policy and that's fine on the front-end, but the backend needs work too, as we cannot store IP's from users anymore, not even temporary, without a good explanation on why we do, how we do and how long are these strored. In osclass they are permanently saved in users module? How to get rid of that?
Also the frontend alerts, if your theme has them, should save consent and it's opt-in date.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 24, 2018, 01:38:56 pm
@p206ab Of cource we are allowed to store IP addresses. For many reasons. Security is one thing i can easily thik off.  Webserver logs do that also.

Who told you that we can't store IPs ?

If you post an ad in my site and i have your IP, how can i find out who you are ? Can i ?

I think all we have to do is explain in details what we do and why and that is enough.
Title: Re: GDPR Compliance and Osclass script
Post by: garciademarina on May 24, 2018, 02:48:20 pm
Hi there,

We just upload a new plugin that will help you with Gdpr compliance, however installing this plugin it's not enough, it's mandatory that you understand Gdpr and make the necessary changes, like terms and conditions, privacy policy, cookies, ...

https://forums.osclass.org/plugins-20/gdpr-compliance-plugin/

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 24, 2018, 03:20:55 pm
as we cannot store IP's from users anymore, not even temporary, without a good explanation on why we do, how we do and how long are these strored. In osclass they are permanently saved in users module? How to get rid of that?
Also the frontend alerts, if your theme has them, should save consent and it's opt-in date.


https://news.ycombinator.com/item?id=16479995
Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 24, 2018, 04:05:42 pm
@p206ab Of cource we are allowed to store IP addresses. For many reasons. Security is one thing i can easily thik off.  Webserver logs do that also.

Who told you that we can't store IPs ?

If you post an ad in my site and i have your IP, how can i find out who you are ? Can i ?

I think all we have to do is explain in details what we do and why and that is enough.
The German goverment and their law :) As IP is considered personal data.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 24, 2018, 04:20:38 pm

The German goverment and their law :) As IP is considered personal data.

But here we are talking about GDPR and not German (or other local) laws.

Also i guess that German law is NOT new, so everyone running Osclass in Germany is already illegal ?

Title: Re: GDPR Compliance and Osclass script
Post by: p206ab on May 24, 2018, 06:15:34 pm

The German goverment and their law :) As IP is considered personal data.

But here we are talking about GDPR and not German (or other local) laws.

Also i guess that German law is NOT new, so everyone running Osclass in Germany is already illegal ?
Everyone running analytics is German is illegal as well :) Yes, Germany had a law like GDPR for a few years now. But the fact is that GDPR is just a "template", a guide or a base for individual country laws which will be accepted by each goverment individually. So if you are working internationally, you need to consider all laws individually, not just the GDPR regulations.
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 24, 2018, 08:33:36 pm

Everyone running analytics is German is illegal as well :) Yes, Germany had a law like GDPR for a few years now. But the fact is that GDPR is just a "template", a guide or a base for individual country laws which will be accepted by each goverment individually. So if you are working internationally, you need to consider all laws individually, not just the GDPR regulations.

And Adsense a assume, since if you just run Adsense (no Analutics), it is exactly the same. IPs are fully logged and processed.

Seems strange to me, that's all ....
Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 24, 2018, 10:15:33 pm
Update on this dumping solution to add also alerts
https://forums.osclass.org/general-help/gdpr-compliance-and-osclass/msg162176/#msg162176

I edited that solution.



Title: Re: GDPR Compliance and Osclass script
Post by: BritWeb on May 25, 2018, 01:22:42 am
Apologies if this has already been raised!

Wondering what the situation is when it comes to GDPR with the Ads being shared on social network by the site owners or users. It's likely that images from these Ads found their way onto Google Images and freely available on the world-wide-web.

Again phone numbers and in some cases, email addresses are displayed openly on their Ad page and these could be easily harvested by anyone with malicious intent - where does the site owner stand on this?

Regards
Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 25, 2018, 02:05:21 am
Apologies if this has already been raised!

Wondering what the situation is when it comes to GDPR with the Ads being shared on social network by the site owners or users. It's likely that images from these Ads found their way onto Google Images and freely available on the world-wide-web.

Again phone numbers and in some cases, email addresses are displayed openly on their Ad page and these could be easily harvested by anyone with malicious intent - where does the site owner stand on this?

Regards

Keep in mind that all that GDPR doesn't apply to business posting ads for their product/service. GDPR is for INDIVIDUALS.

Other than that, GDPR doesn't concern the "body" of the ads or posts. It is not about that. Of cource their data will be indexed by search engines etc etc. because they want to be so.

Title: Re: GDPR Compliance and Osclass script
Post by: Aficionado on May 25, 2018, 03:15:25 am
Funny things happen due to GDPR.

Many USA based sites, when i decline cookies, they point me to "nothing", telling to visit again in the future (bye-bye).

For example: https://anon.healthline.com/

Title: Re: GDPR Compliance and Osclass script
Post by: marius-ciclistu on May 25, 2018, 08:07:32 am
Apologies if this has already been raised!

Wondering what the situation is when it comes to GDPR with the Ads being shared on social network by the site owners or users. It's likely that images from these Ads found their way onto Google Images and freely available on the world-wide-web.

Again phone numbers and in some cases, email addresses are displayed openly on their Ad page and these could be easily harvested by anyone with malicious intent - where does the site owner stand on this?

Regards

1. When you post an ad, you want it to be visible to everyone.
2. I think social media references the pictures etc, and doesn't store them.
3. It's the social media responsability if they store that info, but anyway, the ad's info is meant to be public.
This is my opinion.
Title: Re: GDPR Compliance and Osclass script
Post by: osclassics on January 24, 2019, 06:40:55 am
Any updates on ways to make OsClass GDPR compliant?