Jump to content

demoalt

Members
  • Content count

    15
  • Joined

  • Last visited

Profile Information

  • Real Name
    Demoalt
  1. a rising issue is PERFORMANCE with Image Magic (which hasn't been yet fixed in recent releases as 1.14 by mortal or 1.16). with IMAGE MAGIC, the more pictures in your thumbnails folders, the longer it takes to perform a routine to clean the cache folder. therefore, it takes LONGER and LONGER to generate a thumbnail. It's getting slower and slower and can kill your server and crash it rapidly if thumbnails are generated on the fly simultaneously. I had hard times figuring the problems at first but now it seems to be localized. you have to look the function modify_tn_path in the imagemagic.php file the following code is the source of the problem: it looks each file and compare to the hash, delete if different. when you have thousands of pics in the folder, that might take some time and a lot of CPU USAGE, even if there are no files matching the patterns. So actually you are running some routines that you could rune once in a while. foreach (glob("*.*") as $filename) { if (!is_dir($filename) && !strstr($filename,$append_hash)) { unlink($filename); } } } so the patch is to deactivate/comment this part... and create a script to perform separately the cache cleaning part (and put in on a cron job). instead of running it each time you generate a thumb, better run it once in a while and separately. you will save a lot of time, CPU usage.... and thumbnails will generate much much faster!
  2. demoalt

    Customer Testimonials v1.0

    another fix is to ensure the contents of your variables the sql injection is possible due to a variable testimonials_id which is passed like that... a simple cast and a limitation in the SQL Query make it safer.... this script is also vulnerable to cross scripting if the user input is displayed you should in general in your website ensure all variables input by the user are sanitized. i have myself clean/clear all "GET and POST" variables directly in the application_top.php by default, all HTML code is forbidden (use strip_tags) here is my modified code m in customers_testimonials.php and uploaded in the old version of customers_testimonials (2.1 version) in case people directly download version 2.0 and not 3.X if ($testimonial_id != '') { $full_testimonial = tep_db_query("select * FROM " . TABLE_CUSTOMER_TESTIMONIALS . " WHERE testimonials_id = '".(int)$testimonial_id."' LIMIT 1"); } if my code is not sufficient, please let me know. http://www.oscommerce.com/community/contri...rs_testimonials
  3. demoalt

    NEW! Complete Order Editing Tool!

    I had to modify this way since it was not working for me... it was getting 0% for each new added product. works for me :) strange behaviour :(
  4. demoalt

    NEW! Complete Order Editing Tool!

    have installed last version: v2.8.5 with minor bug fix there is a bug when adding product... it adds product with 0% tax. around line 566 in edit_orders.php, lines refer to countryid and zoneid that haven't been defined yet, just add: $countryid = $order->delivery['country_id']; $zoneid=$order->delivery['zone_id']; before if ($new_price) { $p_products_price = $new_price['specials_new_products_price']; } // 2.2 UPDATE ORDER #### $Query = "INSERT INTO " . TABLE_ORDERS_PRODUCTS . " SET orders_id = '" . (int)$oID . "', products_id = '" . $_POST['add_product_products_id'] . "', products_model = '" . $p_products_model . "', products_name = '" . tep_html_quotes($p_products_name) . "', products_price = '". $p_products_price . "', final_price = '" . ($p_products_price + $AddedOptionsPrice) . "', products_tax = '" . tep_get_tax_rate($p_products_tax_class_id, $countryid, $zoneid) . "', products_quantity = '" . $_POST['add_product_quantity'] . "'"; tep_db_query($Query); $new_product_id = tep_db_insert_id();
  5. Great contribution! I have few comments on it It could be improved. I have made some changes on my own server. 1?) Performance could be improved. Each time an image is called by imagequick.php, it grabs some data from the database. That reduces massively the performance for the website. I have tested it.... you save definitely space but not time. To fix this, do not use encrypt filename functionality + add some codes to load the image instead of calling imagequick.php. Of course, by doing this you lose some functionalities brought by image quick. 2?) Crop capability is missing. So when you do some thumbnails with a specified width and length, the image gets distorted. So definitely an alternative 'Crop' function should be proposed. Anyway, great contrib! I am using it. Hope it's getting better. To fix issue 1, add following to html_output.php //ADDON DAVE if ($page=="prod_info" || $page =="popup"){ $page_prefix=$page."prod_info_"; } $last_hash=LAST_HASH; $fileextension = strtolower(substr(trim($src), -3)); $myfilename = CFG_TN_CACHE_DIRECTORY."/".$src.'.thumb_'.$page_prefix.$width."x".$height."_".$last_hash.'.'.$fileextension; // echo $myfilename; if (file_exists($myfilename)) $image = '<img src="'.$myfilename.'" '; else //EOF ADDON DAVE $image = '<img src="imagemagic.php?img='.$src.'&w='. tep_output_string($width).'&h='.tep_output_string($height).'&page='.$page.'"'; NB: If you use configure cache, you will have to save twice in the config so 'LAST_HASH' get saved correctly
  6. demoalt

    RMA Returns error for 2.2 MS2

    Add this instead... it also check the products ID... require(DIR_WS_CLASSES . 'order.php'); //check if order ID belongs to current customer! might have a hack $order_and_customer_query = tep_db_query("SELECT * FROM " . TABLE_ORDERS . " o, " . TABLE_ORDERS_PRODUCTS . " op where o.orders_id = op.orders_id and o.orders_id = '" . $HTTP_GET_VARS['order_id'] . " ' and op.products_id = '" . $HTTP_GET_VARS['products_id'] . "' and o.customers_id = '".$customer_id."'"); if (tep_db_num_rows($order_and_customer_query)>0) $order = new order($HTTP_GET_VARS['order_id']); else { tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL')); $order = ""; } //eof check
  7. demoalt

    RMA Returns error for 2.2 MS2

    Just installed RMA System 2.5h I found some bugs maybe not relevant at all for you. But notice all the forms use POST method. And some data are not transfered since most of the data in files refer to HTTP_GET_VARS and not HTTP_POST_VARS (at least on my version since I modified forms to use tep_draw_form fonction). I had to rewrite some part using oscommerce class for design (select box) but there is a MAJOR SECURITY ISSUE. Anyone can access by playing with the order_id parameter to other customers adresses (billing, delivery) with the file return_product. Please add the following line in return_product.php AFTER require(DIR_WS_CLASSES . 'order.php'); ADD //check if order ID belongs to current customer! Fix by Demoalt $order_and_customer_query = tep_db_query("SELECT * FROM " . TABLE_ORDERS . " o where o.orders_id = ".$HTTP_GET_VARS['order_id']." and o.customers_id = '".$customer_id."'"); if (tep_db_num_rows($order_and_customer_query)>0) $order = new order($HTTP_GET_VARS['order_id']); else { tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL')); $order = ""; } //eof check Will check if it is the same for RMA numbers. Well that shouldn't be a problem since the number is quite hard to find.
  8. demoalt

    Customers extra fields

    you are right andrew. it is taking the fields id instead of its size. in the javascript file, replace check_input("<?php echo 'fields_' . $extra_fields['fields_id']?>", <?php echo $extra_fields['fields_id']-1;?>, "<?php echo $string_error; ?>"); by check_input("<?php echo 'fields_' . $extra_fields['fields_id']?>", <?php echo $extra_fields['fields_size']-1;?>, "<?php echo $string_error; ?>");
  9. demoalt

    Customers extra fields

    change the sql structure of this field from varchar 32 to 255
  10. I confirm that post. I had the same problem. When I log in with a user, the tax rate was different (return 0). Someone should update the contribution with this fix!
×