ecartz

In product_info.php <td class="main"><input type="file" name="id[<?php echo TEXT_PREFIX . $products_options_name['products_options_id']; ?>]"><br><?php echo $cart->contents[$HTTP_GET_VARS['products_id']]['attributes_values'][$products_options_name['products_options_id']] . tep_draw_hidden_field(UPLOAD_PREFIX . $number_of_uploads, $products_options_name['products_options_id']) . tep_draw_hidden_field(TEXT_PREFIX . UPLOAD_PREFIX . $number_of_uploads, $cart->contents[$HTTP_GET_VARS['products_id']]['attributes_values'][$products_options_name['products_options_id']]); ?></td> change to <td class="main"> <?php echo if ($number_of_uploads == 1) tep_draw_hidden_field('MAX_FILE_SIZE', UPLOAD_MAX_FILE_SIZE); ?> <input type="file" name="id[<?php echo TEXT_PREFIX . $products_options_name['products_options_id']; ?>]"><br> <?php echo $cart->contents[$HTTP_GET_VARS['products_id']]['attributes_values'][$products_options_name['products_options_id']] . tep_draw_hidden_field(UPLOAD_PREFIX . $number_of_uploads, $products_options_name['products_options_id']) . tep_draw_hidden_field(TEXT_PREFIX . UPLOAD_PREFIX . $number_of_uploads, $cart->contents[$HTTP_GET_VARS['products_id']]['attributes_values'][$products_options_name['products_options_id']]); ?> </td> You still won't get the message stack error, but it should give an error prior to upload. Hth, Matt

Sure. You would lose the ability to include dashes in the product, category, and manufacturer names though. You can just add str_replace calls in rewrite.php and the tep_href_link function. Hth, Matt

What happens if you duplicate the product row and change the category path in the second one? Hth, Matt

I wanted to use Master Products with attributes such that attributes associated with the Master Product would apply to the slaves. First, I updated to the newest version of the contribution (1.1.4); this allows for the recognition of attribute choices on pages with slave listings. I also made seven changes across four files. In catalog/shopping_cart.php, around line 88, change where pa.products_id = '" . $products[$i]['id'] . "' to where (pa.products_id = '" . $products[$i]['id'] . "' or pa.products_id = '" . $products[$i]['master'] . "') In catalog/includes/classes/shopping_cart.php, around line 273, change $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_model, p.products_image, p.products_price, p.products_weight, p.products_tax_class_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$products_id . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'"); to $products_query = tep_db_query("select p.products_id, pd.products_name, p.products_model, p.products_image, p.products_price, p.products_weight, p.products_tax_class_id, p.products_master from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_id = '" . (int)$products_id . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "' order by p.products_master"); and around line 293, add 'master' => $products['products_master'], In catalog/includes/classes/order.php, around line 224, add 'master' => $products[$i]['master'], Around line 230, change $attributes_query = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . (int)$products[$i]['id'] . "' and pa.options_id = '" . (int)$option . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . (int)$value . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . (int)$languages_id . "' and poval.language_id = '" . (int)$languages_id . "'"); to $attributes_query = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where (pa.products_id = '" . (int)$products[$i]['id'] . "' or pa.products_id = '" . (int)$products[$i]['master'] . "') and pa.options_id = '" . (int)$option . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . (int)$value . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . (int)$languages_id . "' and poval.language_id = '" . (int)$languages_id . "'"); In checkout_process.php, around line 182, change where pa.products_id = '" . $order->products[$i]['id'] . "' to where (pa.products_id = '" . $order->products[$i]['id'] . "' or pa.products_id = '" . $order->products[$i]['master'] . "') Around line 191, change $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where pa.products_id = '" . $order->products[$i]['id'] . "' and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'"); to $attributes = tep_db_query("select popt.products_options_name, poval.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_OPTIONS_VALUES . " poval, " . TABLE_PRODUCTS_ATTRIBUTES . " pa where (pa.products_id = '" . $order->products[$i]['id'] . "' or pa.products_id = '" . $order->products[$i]['id'] . "') and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "' and pa.options_id = popt.products_options_id and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "' and pa.options_values_id = poval.products_options_values_id and popt.language_id = '" . $languages_id . "' and poval.language_id = '" . $languages_id . "'"); Hth, Matt

Kvasir, look at admin > Configuration > Stock. For more help, I would recommend looking the General Support forum or Installation & Configuration forum. There would be more discussion about stock handling for regular products there (there is also a section in the Collaborative Documentation Effort). Hth, Matt

I would try changing the following code from includes/application_top.php // BOF: WebMakers.com Added: Header Tags Controller v1.0 require(DIR_WS_FUNCTIONS . 'header_tags.php'); // Clean out HTML comments from ALT tags etc. require(DIR_WS_FUNCTIONS . 'clean_html_comments.php'); // Also used by: WebMakers.com Added: FREE-CALL FOR PRICE // EOF: WebMakers.com Added: Header Tags Controller v1.0 to if ($PHP_SELF != 'rewrite.php') { // BOF: WebMakers.com Added: Header Tags Controller v1.0 require(DIR_WS_FUNCTIONS . 'header_tags.php'); // Clean out HTML comments from ALT tags etc. require(DIR_WS_FUNCTIONS . 'clean_html_comments.php'); // Also used by: WebMakers.com Added: FREE-CALL FOR PRICE // EOF: WebMakers.com Added: Header Tags Controller v1.0 } and adding the original code into the rewrite.php file. Essentially the problem is that it is trying to generate the header tags before it knows what product it is. With most of the other cases where this happened, I moved the variable definition into the rewrite.php file and it worked. Hth, Matt P.S. I'm not sure that I understand the issue with the all prods that you mention in your other post. Perhaps you could explain more? Possibly with example links? P.P.S. I know of two sites that are using this mod, but I'm not really comfortable posting them here as they are not my sites. If someone has a site installed that meets the My Store posting criteria, please post the link here. Thanks.

Eyal, I tried three different times and it worked for me every time. Have you tried any other browsers or internet connections? Not sure what would cause that. Hth, Matt

$products_options = tep_db_query should be $products_options_query = tep_db_query in both places where it appears, so that it can be referenced in while ($products_options = tep_db_fetch_array($products_options_query)) { Hth, Matt

Try changing to array_shift instead. I uploaded a new version of the contribution if you want to try that. Hth, Matt

To clarify, the tmpdir setting is normally something like '/catalog/temp/' but needs to be 'temp/' or something like that in your case. Hth, Matt

If that's the case, then I'd actually recommend passing an ID that corresponds to the contents through to PayPal. Then processing the IPN to match the payment to the cart contents and create the order.The problem is that each customer only has one cart. Using your method, they would not be able to order again until the IPN comes through. Also, one would have to change the current cart code to prevent changing the cart in the meantime (after sending for payment processing but before order confirmation from the processor -- PayPal in this case). The way it works now, while in the cart, the order can be changed at any time. Once it is moved from the cart to the orders database, the order is fixed. Thus preventing someone for paying for one cart and getting another delivered (e.g. I pay for a DVD and then change my order to hold 20 video cards; order shows paid). There is a system to check for crack attempts that might catch this if the cart ID (which is just the customer ID) were submitted, but if there is a long (i.e. more than a few seconds) interval between payment submittal and the notification (approved/declined), then this might block *legitimate* attempts to start a new order. This is undesirable because it angers customers. Also, this could end up with the same problem as happens with the default PayPal module: payment could be approved but the order could be rejected, which causes payment to arrive without any indication for what it is meant (i.e. the order contents is lost). Using the orders table solves this by creating a new order ID that only corresponds to this order. The change that may be made in the future (in the default osC) would be to create orders in a Payment Pending status *prior* to submittal to a gateway. This has nothing to do with saved carts, which are currently stored in the database for logged in users (and all customers log in prior to check out -- Purchase Without Account creates a dummy account for this purpose). An alternate solution would be to create a third set of tables which would hold the static information of the order but not be considered final until the order is placed. This would be created during the checkout process and be eliminated when payment is made. The advantage of this is that the orders table would only hold actual orders then. The disadvantage would be that it is essentially wasteful as it would hold the same info as the orders table. Cheers, Matt

The forum moderators have asked that we start new threads with each new version of the contribution. This helps avoid the 40 page threads of some older contributions. Thanks for posting the older thread link. It is useful for reference purposes. Cheers, Matt

The most secure way to access a payment method from osCommerce is to call via secure cURL. This encrypts the transaction. The gateway processes the info on its side and returns an authorization or a decline (possibly with reason). It does this inside the before_process function of the payment method, which is called from the checkout_process page. The checkout process page is called directly from the checkout_confirmation page. Now, PayPal doesn't support this. With PayPal, the process goes slightly differently. From the checkout_confirmation page, the store will post info to PayPal. The customer will verify the info and add new info as necessary. When completed, the customer will use Auto-Return to return to the checkout_process.php page. In that page, the before_process function will check for the transaction authorization (the IPN). If it gets it, it should add the order to the database. If not, then there is a problem. I think that Greg's contribution adds the order to the database anyway, but that is not really correct for how osC works at the moment (although it is consistent with what the check/money order module does--i.e. payment comes after processing). For example, one could spoof this to allow a download of a virtual product without paying. The problem is that currently osC assumes that the payment has been authorized before creating the order. In your paradigm, it needs to create the order and then call PayPal. Unfortunately, that is *not* how osC currently works. It cannot create the order first, as order creation is dependent on payment authorization. AFAIK, this isn't scheduled to be changed until version 3.0 (it's not on the 2.2 workboard). To get back to Greg's question, to work with osCommerce, we need to have the customer auto-return to the site after making their payment. We also need to be able to check for an authorization in the before_process function. Thus, the IPN would have to be available by then. Essentially, the authorization or decline would have to be made at the time of the auto-return (it is checked a trivial amount of time after). If not, then nothing has changed. PayPal still doesn't feed back a usable response to osCommerce. The store owner needs to generate orders based on the PayPal receipts rather than the osCommerce system (otherwise people could order without paying). Hth, Matt

This is the support thread for the 1.2 version of http://www.oscommerce.com/community/contributions,577

Your baseref is getting set incorrectly. I.e. it is showing as https://edenmicro.net/store/ instead of http://edenmicro.net/store/ That is why your images and stylesheet are not showing up. Btw, your COOKIE_DOMAIN settings should not have the http:// in them, just the domain names. Hth, Matt

It's a problem with sites that POST to and from in general. The problem is that there isn't a good general way of checking that your response is coming from the site that is supposed to be sending it. The site is supposed to provide some verification method in the before_process function (for example, you could check the HTTP_REFERRER or look for a special response code), but this would be on a per module basis. The only real fix is to not POST back and forth. It would be better for the gateway to implement some kind of secure connection method where the customer does not have any chance to intervene. When this is done, you know that an authorization is valid, because you made the connection to the gateway and it responded on the same connection. The POST methods use a connection opened from the other end, which is spoofable. It's also worth noting that the system does work. You just can't trust the results of the osCommerce order system. You need to start with the payment and work forward to the order system (ignoring orders without payment) rather than the other way around. Cheers, Matt

This is what the zones module does. Hth, Matt

At a guess, you are closing the switch statement early with Mark's changes. When integrating with the Option Type Feature, you need to be careful to keep all the changes in a single case. Any new { need to be matched with a } and vice versa. Hth, Matt

There is a max file size setting for PHP. The actual name is posted earlier in this thread. Hth, Matt

Karsten, Try INSERT INTO `configuration` ( `configuration_title` , `configuration_key` , `configuration_value` , `configuration_description` , `configuration_group_id` , `sort_order` , `last_modified` , `date_added` , `use_function` , `set_function` ) VALUES ( 'Product option type Select', 'PRODUCTS_OPTIONS_TYPE_SELECT', '0', 'The number representing the Select type of product option.', 0, NULL , now( ) , now( ) , NULL , NULL ) instead. also remove 'configuration_id' and the associated number in VALUES for the other lines as well. Hth, Matt

Mike, around lines 20-4 of includes/modules/new_products.php, try changing if ( (!isset($new_products_category_id)) || ($new_products_category_id == '0') ) { $new_products_query = tep_db_query("select p.products_id, p.products_image, p.products_tax_class_id, if(s.status, s.specials_new_products_price, p.products_price) as products_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' order by p.products_date_added desc limit " . MAX_DISPLAY_NEW_PRODUCTS); } else { $new_products_query = tep_db_query("select distinct p.products_id, p.products_image, p.products_tax_class_id, if(s.status, s.specials_new_products_price, p.products_price) as products_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c where p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and c.parent_id = '" . (int)$new_products_category_id . "' and p.products_status = '1' order by p.products_date_added desc limit " . MAX_DISPLAY_NEW_PRODUCTS); } to if ( (!isset($new_products_category_id)) || ($new_products_category_id == '0') ) { $new_products_query = tep_db_query("select p.products_id, p.products_image, p.products_tax_class_id, if(s.status, s.specials_new_products_price, p.products_price) as products_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id where products_status = '1' and p.products_master_status = '0' order by p.products_date_added desc limit " . MAX_DISPLAY_NEW_PRODUCTS); } else { $new_products_query = tep_db_query("select distinct p.products_id, p.products_image, p.products_tax_class_id, if(s.status, s.specials_new_products_price, p.products_price) as products_price from " . TABLE_PRODUCTS . " p left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_CATEGORIES . " c where p.products_id = p2c.products_id and p2c.categories_id = c.categories_id and c.parent_id = '" . (int)$new_products_category_id . "' and p.products_status = '1' and p.products_master_status = '0' order by p.products_date_added desc limit " . MAX_DISPLAY_NEW_PRODUCTS); } this should make only non-master products display IIRC. Hth, Matt

Following my instructions apparently... $products_name .= '<br>' . tep_image(DIR_WS_UPLOADS . $products[$i][$option]['products_options_values_name'], $products[$i][$option]['products_options_values_name'], 5, 5) . '<br>'; I remember thinking that it would need DIR_WS_UPLOADS there, but apparently I forgot to actually write it that way. Sorry, Matt

Try $products_name .= '<br>' . tep_image($products[$i][$option]['products_options_values_name'], $products[$i][$option]['products_options_values_name'], 5, 5) . '<br>'; Hth, Matt

I prefer the built in directory protection of the web server. With Apache, you do this with htpasswd files. There is a discussion of the mechanics in the Tips & Tricks forum. I have also used the Admin Access w/ Levels contribution in cases where directory protection was too simplistic. Hth, Matt

I would try changing $products_options_file->set_filename("$insert_id" . $products_options_file->filename); to $products_options_file->set_filename("$insert_id" . '. ' . $products_options_file->filename); If that doesn't work, try changing both $real_ids[TEXT_PREFIX . $HTTP_POST_VARS[UPLOAD_PREFIX . $i]] = $insert_id . ". " . $products_options_file->filename; $products_options_file->set_filename("$insert_id" . $products_options_file->filename); to $real_ids[TEXT_PREFIX . $HTTP_POST_VARS[UPLOAD_PREFIX . $i]] = "$insert_id" . '.' . $products_options_file->filename; $products_options_file->set_filename("$insert_id" . '.' . $products_options_file->filename); Hth, Matt