Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Anna

Archived
  • Posts

    88
  • Joined

  • Last visited

Everything posted by Anna

  1. Update: I tried utf8_encode & that sorted out the "?"s, but some products appeared in Google Base with undefined characters that I think were originally long "em" dashes. So there's more to do, and I'm really not going to come back to this for a while. Happy weekend folks! anNA
  2. It seems we can upload our Froogle feed as usual and now products go into Google Base as well as Froogle. .....BUT.... it seems the Froogle file is being processed by the MUCH fussier Google Base upload/server. I was getting 100% success on Froogle feeds, but that instantly dropped to about 50% after the changeover. The errors are all "An invalid encoding was specified for the bulk upload file", which the Help elaborates as "Your bulk upload contains an invalid UTF-8 character.". Most of the failed items contained a "?" in the description. As an experiment I converted them to "GBP " and they uploaded successfully. Unfortunately this still leaves odd characters that cause errors. I think the real solution is to use something like utf8_encode, iconv, recode or mbstring in the code, but I don't know which yet (and probably won't have time to get back to this for a while). Hope this enlightens others wondering why their feeds are now erroring. aNNa
  3. Do you get the same problem with encryption switched offF?
  4. (Re: PayPal IPN Address Change During Checkout, Not updating Order & http://www.oscommerce.com/community/bugs,2498 ) Great news thanks. :) I'm less sure when it comes to the billing address as I don't use checkout_payment.php, so my untested suggestion would be to add $cart->cartID = $cart->generate_cart_id(); $cartID = $cart->cartID; at line 37 i.e. just after the "// avoid hack attempts" block. I hope these changes don't affect the hack detection, which I've yet to check, but frankly it's more important to me that the correct addresses get saved! anNa
  5. Hi Applauz I hope you weren't reading my code as a solution for your $0 problem - which I'm sorry I have no idea about - as my code was in reply to the earlier post I quoted! annA
  6. Hiya, I've hit this too and seem to have fixed it. I have messed hugely with my checkout code so unfortunately can't guarantee this'll work for others, but for what it's worth: add $cart->cartID = $cart->generate_cart_id(); into checkout_shipping.php at about line 47: if (!tep_session_is_registered('cartID')) tep_session_register('cartID'); $cart->cartID = $cart->generate_cart_id(); //<- this is the new line $cartID = $cart->cartID; Please do & backup & test it well! Let me know if it works & I'll update the bug report. The problem also affects the billing address so I'm going to see if the same approach will solve that too. annA
  7. Hi Andy (& anyone else interested!) Here's a quick fix to hide from shoppers their orders that are currently "Preparing" status. Store admin is completely unchanged. It does rely on "Set Preparing Order Status" having been set to a distinctive value e.g. "Preparing [PayPal IPN]" in the Store Admin's Payment Modules - Paypal IPN section. I have NOT checked to see what would happen if this was, for example, 'default' account.php about line 97: Replace $orders_query = tep_db_query("select o.orders_id, o.date_purchased, o.delivery_name, o.delivery_country, o.billing_name, o.billing_country, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$customer_id . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' order by orders_id desc limit 3"); with $orders_query = tep_db_query("select o.orders_id, o.date_purchased, o.delivery_name, o.delivery_country, o.billing_name, o.billing_country, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$customer_id . "' and o.orders_status != '" . MODULE_PAYMENT_PAYPAL_IPN_PREPARE_ORDER_STATUS_ID . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' order by orders_id desc limit 3"); account_history.php about line 65: Replace $history_query_raw = "select o.orders_id, o.date_purchased, o.delivery_name, o.billing_name, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$customer_id . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' order by orders_id DESC"; with $history_query_raw = "select o.orders_id, o.date_purchased, o.delivery_name, o.billing_name, ot.text as order_total, s.orders_status_name from " . TABLE_ORDERS . " o, " . TABLE_ORDERS_TOTAL . " ot, " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$customer_id . "' and o.orders_status != '" . MODULE_PAYMENT_PAYPAL_IPN_PREPARE_ORDER_STATUS_ID . "' and o.orders_id = ot.orders_id and ot.class = 'ot_total' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' order by orders_id DESC"; (I added and o.orders_status != '" . MODULE_PAYMENT_PAYPAL_IPN_PREPARE_ORDER_STATUS_ID . "' to each file's database order query.) Warning! IF a shopper's only orders are (all) preparing status AND they look at account_history.php, they may see something like "Result Pages: -4 -3 -2 -1 0". I think this is because tep_count_customer_orders probably won't exclude orders with preparing status. I don't want to look at the implications of changing tep_count_customer_orders right now. For now, I'd rather show "Result Pages: -4 -3 -2 -1 0" than the "Preparing" orders. Hope that helps! Anna
  8. Andy, I agree. I'm interested if anyone has any reasons that shoppers should be able to see orders with this status? Anna
  9. Hello all, IF your unencrypted calls to Paypal work, but encrypted ones don't AND at checkout_confirmation.php you view page source and see that the hidden field called encrypted is empty AND you have safe_mode on, then read on.... The rest of the store was fine & live since last year. I've just added osCommerce-PayPal_IPN-v1.1 and have been testing in the Sandbox. Unencrypted calls went fine (great contribution & easy to install!), but encrypted calls to Paypal were not working as field 'encrypted' was empty. I looked at function process_button in includes/modules/payment/paypal_ipn.php and determined that line 355: if (function_exists('openssl_pkcs7_sign') && function_exists('openssl_pkcs7_encrypt')) was not true for us (if it's true for you then you have a different problem sorry!) so instead of the openssl_pkcs7_... calls it was doing the execs at lines 382 & 385. Except that they were not creating the signed and encrypted files which they should have. Well there's problems with exec & spaces with safe mode on (see the 2nd Warning in the PHP Manual (exec) that seems to mean that exec commands using redirects ("<" & ">"), among other things, will not work as expected. (The openssl commands worked fine at the linux command line.) Sure enough, just switching safe mode off for the site worked for us.:thumbsup: (If you're on a shared server this has security implications.) It would be great if this bit were coded in a way that did not rely on safe mode = off, but having spent too long hunting this down I'm off to tackle my next bit of work. I hope this helps anyone else hitting the same issue. All the best Anna (using osCommerce-PayPal_IPN-v1.1 and PHP 4.3.4)
  10. :blush: Please excuse my brain-death above - I just couldn't see the tep_db_input in tep_db_perform. Not so bad after all!
  11. Hi I believe I see a security vulnerability in osCommerce-PayPal_IPN-v1.1/catalog/ext/modules/payment/paypal_ipn/ipn.php POSTED variables are inserted in the database (via $comment_status) at line 147 without having gone through tep_db_prepare_input or tep_sanitize_string. I know these should be safe from Paypal (equally unprotected insert at line 111), but the insert at line 147 is specifically for invalid IPNs - therefore any not originating from Paypal would be processed here. Please tell me I'm wrong as this looks pretty easy to exploit... Anna
  12. Hi Jane I can't provide files as my designs were custom, but here's some tips: Change the easy stuff in the WorldPay Payment Page editor - font sizes, colours etc. Saves you having to get into the properties files or use any html. If I remember correctly it's pretty easy to replace button images too. Don't try to do all the files at once. You'll go a long way towards customising it if you start with just header.html & footer.html. Download the default header.html & footer.html from WorldPay. Look at your own site in a browser and 'view source' to get the html. Identify the header and footer parts of your shop's html and start modifying header.html & footer.html to match. Don't forget that any tables etc you open in the header will have to be closed either there or in the footer. You'll need to know some html, but you can start easy by replacing say the worlpay logo with your own. Upload in the worldpay file manager any images your design needs and make the image tags refer to the uploaded images e.g. <img src="/i/123456/mylogo.jpg"> where 123456 is your installation id. If your store has the default 3-column oscommerce layout then you'll have a bit of work reproducing that unless you're very patient with html! My advice is don't sweat the difficult stuff - change the easier stuff to match your store and people might not notice the difference! Sometimes I found that changes I uploaded went 'live' immediately and sometimes they took a long time. When the latter happens use the Payment Page Editor test transaction facility to see the results of new files. Use their backup screen to save your files whenever you get a result you like the look of. That way you always have something to fall back to. Sorry I can't give you files but then you wouldn't want your payment pages to look like the stores I customised! Hope that helped Anna
  13. Hi Joanna, I have completely reworked my callback script BUT something like this might work for adding the WorldPay transaction ID into admin. SO BACK UP FIRST, and if any of this doesn't match what you have then revert to your backup and apologies for wasting your time! I hope you're comfortable with php because I may have made a few mistakes here & there. This gets the ID into the admin order lists (default order.php display). If it works for you then it won't be much effort to add the ID into the order detail page, invoice etc. I'm afraid I don't have much time to spend on this board so don't count on any support of this. I'm providing this as a hint rather than a solution! anna 1. In mysql: alter table orders add `worldpay_transId` int(16) unsigned default NULL; 2. In catalog/wpcallback.php approx line 74: replace $url = tep_href_link(FILENAME_CHECKOUT_PROCESS, $cartId, 'NONSSL', false); with $worldpay_transId = (int) $_POST['transId']; $url = tep_href_link(FILENAME_CHECKOUT_PROCESS, $cartId.'&trans='.$worldpay_transId, 'NONSSL', false); as WorldPay should POST the transId to the callback and you need to send it on to checkout_process.php 3. In catalog/checkout_process.php approx line 95: In the line before: tep_db_perform(TABLE_ORDERS, $sql_data_array); that ends 'currency_value' => $order->info['currency_value']); change the end from 'currency_value' => $order->info['currency_value']); to 'currency_value' => $order->info['currency_value'], 'worldpay_transId' => (int) $_GET['trans']); to get it into the database. 4. In admin/orders.php approx line 350 After <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_STATUS; ?></td> add <td class="dataTableHeadingContent" align="right">Worldpay ID</td> to give a heading. Note this doesn't use the language file - I was lazy as I don't have any call for multi-language admin. 5. Still in admin/orders.php 3 lines follow soon after and they all start with $orders_query_raw. Add o.worldpay_transID into the sql as below: Change $orders_query_raw = "select o.orders_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$cID . "' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by orders_id DESC"; to $orders_query_raw = "select o.orders_id, o.customers_name, o.customers_id, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.worldpay_transID, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.customers_id = '" . (int)$cID . "' and o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by orders_id DESC"; then change $orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and s.orders_status_id = '" . (int)$status . "' and ot.class = 'ot_total' order by o.orders_id DESC"; to $orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.worldpay_transID, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and s.orders_status_id = '" . (int)$status . "' and ot.class = 'ot_total' order by o.orders_id DESC"; and change $orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by o.orders_id DESC"; to $orders_query_raw = "select o.orders_id, o.customers_name, o.payment_method, o.date_purchased, o.last_modified, o.currency, o.currency_value, o.worldpay_transID, s.orders_status_name, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id), " . TABLE_ORDERS_STATUS . " s where o.orders_status = s.orders_status_id and s.language_id = '" . (int)$languages_id . "' and ot.class = 'ot_total' order by o.orders_id DESC"; all to retrieve it from the db 6. Still in admin/orders.php approx line 379 after <td class="dataTableContent" align="right"><?php echo $orders['orders_status_name']; ?></td> add <td class="dataTableContent" align="right"><?php echo $orders['worldpay_transID']; ?></td> to display it. good luck!
  14. Hi Susan, I don't know if there's a "quick" way! :( I think you're in the same boat as me as I posted the message below nearly a month ago but got no replies. Function calculate_credit in includes/modules/order_total/ot_coupon.php checks a whole load of things such as minimum order amount, restrict to products and restrict to categories, but I don't find any mechanism for displaying a message if any of those checks fail. As I wrote before, I don't want to change that code as it seems to be called from all over the place. I'd really appreciate a reply from someone who's more familiar with this stuff, especially as it now looks like I'm not the only one! Anna
  15. Hi Rick, I think it's set in the session by the order_total class pre_confirmation_check() at checkout_confirmation.php but, once again, I have heavily modified the store code. I hope that clue helps! Good luck! Anna
  16. Hi All, I've just been reminded of this (thanks Mibble!) and as it seems I might not be the only person that gets it, I thought I'd share the (easy!) solution: In checkout_process.php: replace line 88 or thereabouts: 'payment_method' => $order->info['payment_method'], with 'payment_method' => (($credit_covers) ? 'Nothing to pay!' : $order->info['payment_method']), & replace about line 251: if (is_object($$payment)) { with if ((!$credit_covers) && (is_object($$payment))) { This also saves you from having 'Credit Card' (or whatever your default is) appearing on Invoices and Packing Slips when there was no payment. Disclaimer: I have heavily modified the code so the line numbers above are just a guide, although they shouldn't be too far off for stock osC+ccgv. Hope it helps someone, Anna
  17. Not as far as I can tell sorry! If you find a way to do this easily (also a heavily modified store) let me know ! Anna
  18. Hi Autumn, means you haven't added files: admin/includes/add_ccgvdc_application_top.php or includes/add_ccgvdc_application_top.php or you haven't added the references to them needed in: admin/includes/application_top.php or includes/application_top.php (You see it says TABLE_COUPON_GV_CUSTOMER doesn't exist, not coupon_gv_customer doesn't exist. So you have the table - it just doesn't know its real name until you add those bits above.) Hope that helps! Anna
  19. Hi All, Does anyone else get a message if they attempt to use a discount coupon but the minimum order has not been reached? e.g. if someone is trying to use a "?2 off your next order over ?10" coupon, but is spending only ?8, my store currently acts correctly by making no discount, but gives no message. :huh: >> Have I broken the message or is it not there for everyone else too? Anna
  20. Hi All, If a voucher completely covers the cost of a purchase I end up with "Payment Method: Credit Card" in order history, admin etc. which is a bit misleading & might alarm some dozy shoppers ;) Can I fix this in checkout_process.php by: replacing line 88 or thereabouts: 'payment_method' => $order->info['payment_method'], with 'payment_method' => (($credit_covers) ? 'Credit Covers' : $order->info['payment_method']), & replacing about line 251: if (is_object($$payment)) { with if ((!$credit_covers) && (is_object($$payment))) { I can't try this in my test store right now so can anyone enlighten me? Thanks Anna
  21. You have a dot missing before categories_description: select cd.categories_name, cd.categories_heading_title, cdcategories_description, c.categories_image should be select cd.categories_name, cd.categories_heading_title, cd.categories_description, c.categories_image (see tiny red dot?!) You should be able to find it by searching for cdcategories_description.
  22. Assuming http://www.oscommerce.info/kb/osCommerce/D...plementations/6 is still the current thinking on escaping input for security... I think includes/classes/shopping_cart.php functions add_cart & update_quantity should have: $attr_value = tep_db_prepare_input($value); instead of: $attr_value = htmlspecialchars(stripslashes($value), ENT_QUOTES); (lines 116 & 162 of version 1.7, don't know line number for 1.6) Opinions anyone? anna
  23. I just entered 0123456789&0123456789&0123456789 in the city field of an address to see if there was the same problem generally in the store that I see with text options, but there isn't. It appeared in the address_book table exactly as 0123456789&0123456789&0123456789 and not encoded to 0123456789&0123456789&0123456789& as it would have been if I'd entered it as a text option (except it would have been truncated to 0123456789&0123456789&01 and shown as 0123456789&0123456789&01 which is my problem). So I'm reluctant to just give in and alter the field size. Gotta go hunt this one down! Chris: did the $checked bit help at all for your checkboxes or radio buttons? anna
  24. Okay I fixed my checkboxes too :D Chris, it looks like I'd coded this bit myself in order to preserve the choices from shopping cart to product info. In product_info.php for all checkboxes I have: <td valign="top"><table> <?php $products_options_type_query = tep_db_query("select distinct popt.products_options_id, popt.products_options_name, popt.products_options_type, popt.products_options_length, popt.products_options_comment from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_ATTRIBUTES . " patrib where popt.products_options_type = " . PRODUCTS_OPTIONS_TYPE_CHECKBOX . " and patrib.products_id='" . (int)$HTTP_GET_VARS['products_id'] . "' and patrib.options_id = popt.products_options_id and popt.language_id = '" . (int)$languages_id . "' order by popt.products_options_type, popt.products_options_id"); while ($products_options_name = tep_db_fetch_array($products_options_type_query)) { //CLR 030714 Add logic for checkboxes $products_attribs_query = tep_db_query("select distinct patrib.options_values_id, patrib.options_values_pricez" . $apricezone . " as options_values_price, patrib.price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " patrib where patrib.products_id='" . (int)$HTTP_GET_VARS['products_id'] . "' and patrib.options_id = '" . $products_options_name['products_options_id'] . "' order by patrib.options_values_id"); // aw 24/9/04 added order by $products_attribs_array = tep_db_fetch_array($products_attribs_query); echo '<tr><td class="main">' . $products_options_name['products_options_name'] . ': </td><td class="main">'; // aw 25/9/04 next 3 lines if (isset($cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']])) { $checked = ( $products_attribs_array['options_values_id']== $cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']]); } echo tep_draw_checkbox_field('id[' . $products_options_name['products_options_id'] . ']', $products_attribs_array['options_values_id'], $checked); $checked = false; echo $products_options_name['products_options_comment']; if ($products_attribs_array['options_values_price'] != '0') { echo '(' . $currencies->display_price(($aprice + $products_attribs_array['options_values_price']), tep_get_tax_rate($product_info['products_tax_class_id'])) .') '; } echo '</td></tr>'; } // e o checkboxes ?> </table></td> Now remember I have a VERY eccentric store (ignore pricezone, order by etc) so please compare this with your code & don't just overwrite! Again, $checked is the key. Hope it helps, Anna
  25. That was my first thought too for a fix. Seems a bit quick & dirty & makes me wonder if there may be a similar issue anywhere else in the store :'( but I guess I'll end up doing that. If 1.7 had been around when I started on this store I would've used a textarea instead, but I don't fancy upgrading now. Eeeeek! :'( I thought mine were perfectly correct but I just got the weirdest effect. The correct radio button was chosen, but one extra unwanted checkbox was ticked. That's so odd it must be my fault! Anyway, what I have in the radio buttons section of product_info.php (don't ask me line number - my code is heavily customised) is: $checked = true; // assuming we want to select the 1st // go through each applicable products_options_values_id/products_options_values_name while ($products_options = tep_db_fetch_array($products_options_query)) { // If option specified in url then see if it's this one // if this product is already in the cart with a value for this option if (isset ($cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']])) { $checked = ( $products_options['products_options_values_id']== $cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']]); } $tmp_html .= '<tr><td class="main">'; $tmp_html .= tep_draw_radio_field('id[' . $products_options_name['products_options_id'] . ']', $products_options['products_options_values_id'], $checked); //radio btns 9/6/04 $checked = false; // radio labels ......... I don't know if this bears any relationship to your product_info.php but you can see that $checked is key to this for me. Now I've got to figure out what's wrong with my checkboxes! anna
×
×
  • Create New...