Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Super Contact us enhancement 1.0


John-Peter

Recommended Posts

You state that you included the "Contact Us Form Vunerability Fix", which im guessing your reffering to the following: http://www.oscommerce.com/community/contributions,2976

 

There was also a "Contact Us Form XSS Issue" bug that was addressed in osCommerce 2.2 Milestone 2 Update 051113(Update Package 13th November 2005). It was corrected by changing the 'html_output.php' files.

 

What im wondering...are both of the above fixes related to the same problem? If so and I already applied the fix as outlined in Update 051113, will applying it again in your contribution in teh contact_us.php itself be a good idea? Will anything clash?

 

Thanks

Edited by Sid04
Link to comment
Share on other sites

  • Replies 339
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

You state that you included the "Contact Us Form Vunerability Fix", which im guessing your reffering to the following: http://www.oscommerce.com/community/contributions,2976

 

There was also a "Contact Us Form XSS Issue" bug that was addressed in osCommerce 2.2 Milestone 2 Update 051113(Update Package 13th November 2005). It was corrected by changing the 'html_output.php' files.

 

What im wondering...are both of the above fixes related to the same problem? If so and I already applied the fix as outlined in Update 051113, will applying it again in your contribution in teh contact_us.php itself be a good idea? Will anything clash?

 

Thanks

 

Bob,

 

Thank for that, I didn't know for the Contact Us Form XSS Issue bug that was addressed in osCommerce 2.2 Milestone 2 Update 051113, I will check this ASAP.

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Hi, have added the contribution but the store name and address details field is too small. Have tried altering width of the tables but to no avail. Where are the table widths for the details and the contact forms set?

 

Thanks

Robr

Link to comment
Share on other sites

Hi, have added the contribution but the store name and address details field is too small. Have tried altering width of the tables but to no avail. Where are the table widths for the details and the contact forms set?

 

Thanks

Robr

 

To resolving this, edit catalog/contact_us.php and search for the following lines :

 

							 				<STRONG><?php echo nl2br(STORE_NAME_ADDRESS); ?></STRONG>

 

Change IT TO :

 

											  <STRONG><font size="7"><?php echo nl2br(STORE_NAME_ADDRESS); ?></font></STRONG>

 

Play with <font size="7"> now and change it to whatever size you want. Asta la Vista. :rolleyes:

Edited by Jeep_ice

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

I've installed the contrib, but I am getting the following error message...

 

Fatal error: Call to a member function on a non-object in /usr/www/users/jdee/testing/catalog/contact_us.php on line 82

 

Line 82 from catalog/contact_us.php

if ($messageStack->size('contact') > 0) {

 

Can someone attached the contact_us.php on a zip and see if that helps?

Daniel

Link to comment
Share on other sites

I've installed the contrib, but I am getting the following error message...

 

Fatal error: Call to a member function on a non-object in /usr/www/users/jdee/testing/catalog/contact_us.php on line 82

 

Line 82 from catalog/contact_us.php

if ($messageStack->size('contact') > 0) {

 

Can someone attached the contact_us.php on a zip and see if that helps?

Daniel

Link to comment
Share on other sites

I've installed the contrib, but I am getting the following error message...

 

Fatal error: Call to a member function on a non-object in /usr/www/users/jdee/testing/catalog/contact_us.php on line 82

 

Line 82 from catalog/contact_us.php

if ($messageStack->size('contact') > 0) {

 

Can someone attached the contact_us.php on a zip and see if that helps?

Daniel

 

Did you run the MySQL command in your PHPmyadmin ? Did you do all the thing in the install instruction ? Check again correctly if you not missing anything... If the problem continue, send your page contact_us here. I will check.

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

I added this contrib and it works great except for after the user send the email the contact_us.php page refreshes saying just "contact us" the telephone and the "continue" button..

 

how can i insert some text that says "your email has been sent.." something along those lines?

Link to comment
Share on other sites

Bob,

 

Thank for that, I didn't know for the Contact Us Form XSS Issue bug that was addressed in osCommerce 2.2 Milestone 2 Update 051113, I will check this ASAP.

 

Any word on this yet? Thanks B)

Link to comment
Share on other sites

I added this contrib and it works great except for after the user send the email the contact_us.php page refreshes saying just "contact us" the telephone and the "continue" button..

 

how can i insert some text that says "your email has been sent.." something along those lines?

 

Nice Idea, I will work on this.... :thumbsup:

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Any word on this yet? Thanks B)

 

Bob,

 

I don't forget you.... It 's just the time I don't have these day, very rushed :blush: . I will work on this tomorrow or friday... Let me 2-3 days and it's will done... Anyway, I want to release a new version updated with news features in it :rolleyes: .

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Bob,

 

I don't forget you.... It 's just the time I don't have these day, very rushed :blush: . I will work on this tomorrow or friday... Let me 2-3 days and it's will done... Anyway, I want to release a new version updated with news features in it :rolleyes: .

 

Awesome, maybe it's a good thing I havnt installed it yet :D

Link to comment
Share on other sites

Installed this great contribution although the mails are not recieved in the store email adresses.

 

ie Sales <[email protected]>, Returns <[email protected]>

 

Hi,

 

It's not supposed, check all your installation because, the mail is not touched from the original mail, I have just added new email. Try without the contribution and retry to install to see if the problem come of the contribution of from another place.

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

I added this contrib and it works great except for after the user send the email the contact_us.php page refreshes saying just "contact us" the telephone and the "continue" button..

 

how can i insert some text that says "your email has been sent.." something along those lines?

 

Hi,

 

Just checked and when I click on send email, it's work normally and it's say "Your enquiry has been successfully sent to the Store Owner". check your installation correctly. You are the only one who is doing this.

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Hi

 

This look super, thanks.

 

Has anyone got this to work on MS-1? I have so many mods ....

 

TIA

 

David

 

Try it, I think it's not different so so.... Give it a try, it's very easy to install.

:thumbsup:

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Thanks Jeep

 

Step 1 is fine but step two I have this ...

 

 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 $error = false;
 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
if (tep_validate_email(trim($HTTP_POST_VARS['email']))) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $HTTP_POST_VARS['enquiry'], $HTTP_POST_VARS['name'], $HTTP_POST_VARS['email']);
  tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
} else {
  $error = true;
}
 }

 

I will keep playing .... :)

 

Regards

 

David

Link to comment
Share on other sites

Hello I am having a small problem, everything is working fine, just when I specify two emails to choose from ex.

Sales <[email protected]>, Support [email protected]

In admin panel,

After choosing first option on the form I am receiving message fine, but after choosing second radio button message is going to the both e-mails instead to only second one.

Is that DB problem or there is something wrong in the code?

 

Thank you for any help.

 

This is my php code.

 

 

<?php
/*
 $Id: contact_us.php,v 1.1.1.1 2004/03/04 23:37:58 ccwjr Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

$error = false;
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
$name = tep_db_prepare_input($HTTP_POST_VARS['name']);
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);
// BOF Super Contact us enhancement 1.0
$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);
$emailsubject = tep_db_prepare_input($HTTP_POST_VARS['reason']) . ' ' . EMAIL_SUBJECT;
if (tep_validate_email($email_address)) {
if (CONTACT_US_LIST !=''){
$send_to_array=explode("," ,CONTACT_US_LIST);
preg_match('/\<[^>]+\>/', $send_to_array[$send_to], $send_email_array);
$send_to_email= eregi_replace (">", "", $send_email_array[0]);
$send_to_email= eregi_replace ("<", "", $send_to_email);

tep_mail(preg_replace('/\<[^*]*/', '', $send_to_array[$send_to]), $send_to_email, $emailsubject, $enquiry, $name, $email_address);
}else{
tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $emailsubject, $enquiry, $name, $email_address);
}
// EOF Super Contact us enhancement 1.0

tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
} else {
$error = true;

$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
}
}

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));

 $content = CONTENT_CONTACT_US;

 require(DIR_WS_TEMPLATES . TEMPLATE_NAME . '/' . TEMPLATENAME_MAIN_PAGE);

 require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

Link to comment
Share on other sites

Good afternoon,

 

I'm getting this error: Parse error: syntax error, unexpected ';' in C:\Inetpub\wwwroot\oscommerce\contact_us.php on line 221

 

my line 221 has the folowing: echo ;

what it could be?

 

Can you send your contact_us.php code here, I will check this what is the problem...

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Hello I am having a small problem, everything is working fine, just when I specify two emails to choose from ex.

Sales <[email protected]>, Support [email protected]

In admin panel,

After choosing first option on the form I am receiving message fine, but after choosing second radio button message is going to the both e-mails instead to only second one.

Is that DB problem or there is something wrong in the code?

 

Thank you for any help.

 

Hi,

 

If you have put the email like this in the admin panel --> :Sales <[email protected]>, Support [email protected] - It's normal. The second email is not writed the good way. You have to write Support <[email protected]> it's gonna work after this..

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Thanks Jeep

 

Step 1 is fine but step two I have this ...

 

 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 $error = false;
 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {
if (tep_validate_email(trim($HTTP_POST_VARS['email']))) {
  tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, EMAIL_SUBJECT, $HTTP_POST_VARS['enquiry'], $HTTP_POST_VARS['name'], $HTTP_POST_VARS['email']);
  tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
} else {
  $error = true;
}
 }

 

I will keep playing .... :)

 

Regards

 

David

 

David,

 

Good. Keep trying and let me know when is working.

John

--------------------

osCommerce 2.3.4 Bootstrap Edge

Link to comment
Share on other sites

Here is my contact_us.php:

 

 

<?php

/*

$Id: contact_us.php,v 1.42 2003/06/12 12:17:07 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

#################

$page_query = tep_db_query("select

p.pages_id,

p.sort_order,

p.status,

s.pages_title,

s.pages_html_text

from

" . TABLE_PAGES . " p LEFT JOIN " .TABLE_PAGES_DESCRIPTION . " s on p.pages_id = s.pages_id

where

p.status = 1

and

s.language_id = '" . (int)$languages_id . "'

and

p.page_type = 2");

 

 

$page_check = tep_db_fetch_array($page_query);

 

$pagetext=stripslashes($page_check[pages_html_text]);

 

#################

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 

$error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'send')) {

$name = tep_db_prepare_input($HTTP_POST_VARS['name']);

$email_address = tep_db_prepare_input($HTTP_POST_VARS['email']);

// BOF Super Contact us enhancement 1.0

$enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']);

$emailsubject = tep_db_prepare_input($HTTP_POST_VARS['reason']) . ' ' . EMAIL_SUBJECT;

if (tep_validate_email($email_address)) {

if (CONTACT_US_LIST !=''){

$send_to_array=explode("," ,CONTACT_US_LIST);

preg_match('/\<[^>]+\>/', $send_to_array[$send_to], $send_email_array);

$send_to_email= eregi_replace (">", "", $send_email_array[0]);

$send_to_email= eregi_replace ("<", "", $send_to_email);

 

tep_mail(preg_replace('/\<[^*]*/', '', $send_to_array[$send_to]), $send_to_email, $emailsubject, $enquiry, $name, $email_address);

}else{

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $emailsubject, $enquiry, $name, $email_address);

}

// EOF Super Contact us enhancement 1.0

 

tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));

} else {

$error = true;

 

$messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

}

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

 

<!-- body //-->

<table border="1" width="770" cellspacing="3" cellpadding="3" align="center">

<tr>

<td width="<?php echo BOX_WIDTH_LEFT_IS; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH_LEFT_IS; ?>" cellspacing="0" cellpadding="2">

<!-- left_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>

<!-- left_navigation_eof //-->

</table></td>

<!-- body_text //-->

<td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_contact_us.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('contact') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('contact'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

 

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'success')) {

?>

<tr>

<td class="main" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_SUCCESS; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

<!-- BOF Super Contact us enhancement 1.0 //-->

<?php

} else {

if (tep_session_is_registered('customer_id')) {

$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");

$account = tep_db_fetch_array($account_query);

 

$name = $account['customers_firstname'] . ' ' . $account['customers_lastname'];

$email = $account['customers_email_address'];

}

?>

 

<tr>

<td>

<table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td width="650" height="0"></td>

<td width="600"></td>

</tr>

 

<tr>

<td rowspan="11" valign="top">

<table width="100%" border="0" cellpadding="0" cellspacing="0">

<tr>

<td colspan="2" align="left" valign="top" class="main"></td>

</tr>

<tr>

<td width="38" height="120" align="left" valign="top" class="main"></td>

<td width="334" valign="top">

<table width="100%" border="0" cellpadding="0" cellspacing="0">

<tr>

<td width="333" height="120" align="left" valign="top" class="main">

<STRONG><font size="7"><?php echo nl2br(STORE_NAME_ADDRESS); ?></font></STRONG><br><br><br>

<?php echo (OPENING_HOURS); ?>

</td>

<td width="1"> </td>

</tr>

</table>

</td>

</tr>

<tr>

<td align="left" valign="top" class="main"><p> </p></td>

</tr>

</table>

</td>

<td height="40" valign="top" class="main">

<?php echo ENTRY_NAME; ?><br>

<?php echo tep_draw_input_field('name'); ?>

</td>

</tr>

<tr>

<td height="4"></td>

</tr>

<tr>

<td height="40" valign="top" class="main">

<?php echo ENTRY_EMAIL; ?><br>

<?php echo tep_draw_input_field('email'); ?>

</td>

</tr>

<tr>

<td height="4"></td>

</tr>

 

<tr>

<td height="40" valign="top" class="main">

<?php

if (CONTACT_US_LIST !=''){

echo SEND_TO_TEXT . '<br>';

if(SEND_TO_TYPE=='radio'){

foreach(explode("," ,CONTACT_US_LIST) as $k => $v) {

if($k==0){

$checked=true;

}else{

$checked=false;

}

echo tep_draw_radio_field('send_to', "$k", $checked). " " .preg_replace('/\<[^*]*/', '', $v);

}

 

}else{

foreach(explode("," ,CONTACT_US_LIST) as $k => $v) {

$send_to_array[] = array('id' => $k, 'text' => preg_replace('/\<[^*]*/', '', $v));

}

echo tep_draw_pull_down_menu('send_to', $send_to_array);

}

 

echo ;

}

?>

</td>

</tr>

<tr>

<td height="4"></td>

</tr>

<tr>

<td height="40" valign="top" class="main">

<?php echo ENTRY_REASON; ?><br>

<select name="reason">

<?php echo '<option value="' . REASONS1 . '">' . REASONS1 . '</option>'; ?>

<?php echo '<option value="' . REASONS2 . '">' . REASONS2 . '</option>'; ?>

<?php echo '<option value="' . REASONS3 . '">' . REASONS3 . '</option>'; ?>

<?php echo '<option value="' . REASONS4 . '">' . REASONS4 . '</option>'; ?>

<?php echo '<option value="' . REASONS5 . '">' . REASONS5 . '</option>'; ?>

<?php echo '<option value="' . REASONS6 . '">' . REASONS6 . '</option>'; ?>

 

</select>

</td>

</tr>

<tr>

<td height="4"></td>

</tr>

<tr>

<td height="200" width="350" valign="top" class="main">

<?php echo ENTRY_ENQUIRY; ?><BR>

<!-- BOF This is the change for the Form Vunerability Fix //-->

<?php echo tep_draw_textarea_field('enquiry', 'soft', 50, 15, tep_sanitize_string($_POST['enquiry']), '', false); ?>

<!-- EOF This is the change for the Form Vunerability Fix //-->

</td>

</tr>

<tr>

<td height="4"></td>

</tr>

<tr>

<td height="66" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">

<tr>

<td width="547" height="62" valign="top" align="middle"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>

</tr>

<tr>

<td height="4"></td>

</tr>

</table>

</td>

</tr>

<tr>

<td height="41" colspan="2" align="left" class="main"><br> </td>

</tr>

</table>

</td>

</tr>

<tr>

<td height="41" colspan="2" align="left" class="main"><br> </td>

</tr>

<?php

}

?>

<!-- EOF Super Contact us enhancement 1.0 //-->

</table></form></td>

 

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

 

thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...