Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Posts posted by ecartz

  1. 21 minutes ago, René H4 said:

    So either this does not work for the language file or I am overseeing something.

    This is very new, so it may be that your version of Phoenix is older than this change.  Also, it probably isn't incorporated in Gustavo, as Burt doesn't normally update until a .0 release. 

  2. 1 hour ago, PupStar said:
    $sql="select parent_id, categories_id from tbl_temp_categories where (categories_id='$id')";// check id is already copied


    That line says, "Select only rows from the temp table where the category ID is $id."

    1 hour ago, PupStar said:
    if ($id==$row['categories_id']) {
      echo "Already copied"; //error message if already copied
    } else {
      $query = "INSERT INTO categories SELECT parent_id, categories_id FROM tbl_temp_categories WHERE categories_id=$id";


    Those lines say, "Only insert if the category ID is not $id."

    Those two things are never  simultaneously true, so the insert is never called.  The logic would make more sense if the first line was

    $sql = "select parent_id, categories_id from categories where (categories_id='$id')";// check id is already copied

    But even then, I don't think it would work without changing more of the logic.  The else should be on mysqli_num_rows not inside it. 

    Note that if you dumped PHP and just did this in phpMyAdmin, the whole thing could just be

    INSERT INTO categories SELECT t.* FROM categories c RIGHT JOIN tbl_temp_categories t ON c.categories_id = t.categories_id WHERE c.categories_id = NULL AND t.categories_id = 3

    replace 3 with whatever category ID.  That line does nothing if either the row already exists in categories or does not exist tbl_temp_categories.  If it does not exist in categories but does exist in tbl_temp_categories, it copies.  And if you got rid of the AND clause, you'd just have

    INSERT INTO categories SELECT t.* FROM categories c RIGHT JOIN tbl_temp_categories t ON c.categories_id = t.categories_id WHERE c.categories_id = NULL

    which would copy everything at once.  I.e. all rows that are in tbl_temp_categories but not categories. 

  3. 3 hours ago, Nige-A said:

    Do I need to add the "define('ENABLE_SSL', true);" to a new install of ?

    No. will ignore it entirely. 

    3 hours ago, Nige-A said:

    The installed configure.php files use const instead of define. Which is correct ?

    While there are reasons to prefer const, it doesn't make a functional difference. 

  4. On 1/8/2021 at 11:44 AM, burt said:

    it might be that the developer approaches one of us to "bend" the core code to make "whatever module" possible. 

    I would far prefer this than adding something to core. 

    If we modify core to make it flexible, then it is entirely in your power to determine how important something is to you and how you want the store to behave.  Whereas if we modify core to work in a certain way that happens to support you, it will likely break some other store owner.  So I (and I think I speak for Burt as well) would very much prefer to make core flexible rather than try to use core to meet each individual need.  It's more generally useful.  It doesn't exclude some people to help others.  And it doesn't get us bogged down in long discussions about whether or not the majority of shop owners want things to work one way or the other. 

    Everyone wants to be the store owner for whom core caters every need.  But no one wants to be the store owner left outside when we cater to someone else's needs. 

    Note in this specific topic, there is a straight-forward way to make things work.  Just apply for a VAT ID in each country to which you ship.  Then there's no difference between the way you charge small and large orders.  You always charge and remit VAT (sometimes to the taxing agency and sometimes to customs).  Alternately, don't ship to countries where you don't have a VAT ID.  Neither of those solutions requires a core change.  Many stores will find that they can do one or the other (unfortunately, not shipping may often be the easier choice). 

    I understand why store owners don't want to get VAT IDs for each country.  It's extra work.  But it's also extra work to create a module.  If you are profiting from that module, then you should be able to pay for that extra work.  If you are not profiting from the module enough to pay for extra work, then you should stop shipping to the country that is making things difficult. 

    A simple business level solution that would be extra work for someone else:  have UPS (or whatever shipper) remit the VAT.  You collect it on their behalf.  They take payment, along with the shipping price.  And they remit to the relevant government.  Note that shippers are highly incented to encourage these shipments, as they make money from them.  As opposed to modifying core, which costs Burt's time (even if I make the actual modification, he still has to process it and maintain it) and profits no-one.  If you can't convince a shipper to do this to get your business, why do you expect someone to do it for you for free? 

    Note that the actual code to do this would be relatively small and trivial.  What would be complicated would be making it work correctly for your needs.  That's exactly what the certified developers do.  You give them money and they make code that fits your needs. 

  5. 41 minutes ago, Jan_hartvig said:

    Worked fine the first time i impemented the extra pages. the suddenly this texta appered.
    Do you have an idee whats wrong?

    Your PHP version was updated to at least 7.2.  This changed what used to be a Notice into a Warning.  It was always wrong; it's just that your error reporting was hiding the notice until 7.2. 

    To fix it, go to line 33 of that file.  Look for something like


    and change it to


    If the code doesn't match, you can always post line 33 (and perhaps some context) for more review. 

  6. They are almost certainly false positives.  The first one is simple.  Try it.  If it shows the alert, then there is a problem.  Find out where it displays and add the call to htmlspecialchars. 

    The second is more difficult, but less likely to be a problem.  Because the software already sanitizes all input before use.  It's barely possible that you have installed something that doesn't (probably not Ultimate SEO URLs).  But certainly core already does that. 

    3 hours ago, rule said:

    Solution: all user-supplied parameters should be checked for illegal characters, such as a single quote ('), before being used in an SQL query.

    This is not the approach that osCommerce takes.  Instead, it sanitizes all parameters before using them in a SQL query.  In the case of a product ID, this would typically happen via a cast to int.  For strings (including the extended product IDs used with attributes), it uses mysqli_real_escape_string and a charset of UTF-8 when communicating with the database.  In general, checking for illegal characters is a bad approach, as it leads to cleverer exploits. 

    It is conceivable that you are using an older version that has a bug in it.  You should update to the latest to pick up all the security fixes.  The most recent change was to always use UTF-8, which is required for mysqli_real_escape_string to work consistently (other character sets are also safe but some are unsafe).  Before that was the switch to casting to int and mysqli_real_escape_string (I forget which was more recent--both are really old). 

  7. 25 minutes ago, raiwa said:

    To convert it to all upper case just replace "RemoveShouting" with "strtoupper".

    I don't think that's what he wants.  I read it as wanting REMOVE SHOUTING to become Remove Shouting.  What is often called Title Cased.  So he may want ucwords to wrap either RemoveShouting or strtolower. 

            if (isset($customer_details['company']) && MODULE_STORE_SWCLEANER_CLEAN_COMPANY == 'True') {
              $customer_details['company'] = ucwords(RemoveShouting($customer_details['company'], 'company'));

    I.e. his problem is "INTERNATIONAL BUSINESS MACHINES" is becoming "International business machines" when he wants "International Business Machines".  I guess he's all right with IBM becoming Ibm. 


    18 minutes ago, LeeFoster said:
    $_SESSION['admin'] = [
      'id' => $check['id'],
      'username' => $check['user_name'],
      'user_group_id' => $check['user_group_id'],
      'default_page' => $check['default_page'],


    I would try doing it immediately after that code. 

    You also might change

    echo '<script>


  9. I'm assuming that you'd use this for people who aren't allowed to view the index page. 

    If you want people who can view the index page to start with a different page, you'd probably need to use one of the other solutions.  Or add another session variable for "just logged in" that you would unset just before redirecting. 

  10. Even without moving all the logic, you could use the same logic for finding the user_group_id as you do later. 

    Another option would be to create a page called redirect.php and always redirect to that -- your info pages example proves that works.  Then, on that page, redirect to the correct page by "user_group_id". 

    For that matter, a hook on index.injectAppTop would allow you to redirect after going to the index page. 

  11.               if (isset($_SESSION['redirect_origin'])) {
                    $page = $redirect_origin['page'];
                    $get_string = http_build_query($redirect_origin['get']);
                    tep_redirect(tep_href_link($page, $get_string));
                  } else {

    This code runs before the

    $OSCOM_Hooks->call('login', 'processAction');

    I.e. the hook only runs when log in fails. 

    I think that you would be better off hooking

      $OSCOM_Hooks->call('login', 'preAction');

    and setting the redirect_origin if it is not already set when the action is 'process'. 

    Alternately, duplicate the entire process action in the preAction hook and unset the action, which would let you make more changes. 

    Note that you may find that you get more help within the Phoenix Club.