Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Scrambled Order Numbers


Guest

Recommended Posts

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Richard, the paypal IPN (I am using Greg's IPN v2.8) has different/seperate checkout_process that I believe should be revised too in order for that to work and not screw things up when the customer is making the order with PayPal. Am I correct?

Edited by dr_lucas
Link to comment
Share on other sites

Paypal IPN :

 

I've just taken a quick look at this contribution - there's a lot of it, isn't there ?!

 

Yes, I very much suspect that you would need to alter the Paypal IPN to make it work with this contribution.

 

To give you some pointers -

 

Basically, you need to keep the order number as the standard 'raw' value as much as possible (1, 2, 3, 4.....).

 

Whenever you expose the order number to the customer, whether it is in an email or on the web site or in a link generated by the web site, you need to convert it into a 'scrambled' number.

 

When responding to links containing scrambled order numbers, you need to convert them back to 'raw' order numbers to use them internally.

 

For traceability (and presumably because Paypal sends emails to the customer that might contain the order number - at least I think it does; I don't really know), if you pass any order numbers to paypal then you will probably want to convert them into a scrambled number, and as with web links, if paypal passes any order number back to you, you will need to convert it back into a 'raw' number.

 

...and that's pretty much all you need to do. You'll probably find that there's only half a dozen or so places you need to change and the changes will be relatively very minor (as the changes in the base contribution)

 

To answer the obvious unasked question, no, I'm not going to do this work. Not this year, anyway. I'm afraid I have too much to do already and as I don't use paypal (and as this is a seperate contribution and not part of the OSC base code), I don't really have the means to test it anyway.

 

Sorry if this sounds unhelpful, but that's life. If you (or anyone else) wants to do the work then I'm happy to assist in any way I can, though I probably can't help you any more than you could help yourself by looking at the code.

 

If you do the work and want to add it to the contribution then PLEASE PLEASE PLEASE either make it a completely separate contribution on a different thread or make it VERY VERY clear which bits of the contribution are the baseline and which bits are specific to the Paypal IPN (ideally keeping two seperate sets of patches). I don't want to impose a load of changes on people for another contribution that they are not actually using, and I don't want to make things confusing by having different contributions in the same thread that actually do different things.

 

regards,

 

Rich

Link to comment
Share on other sites

Paypal IPN :

 

I've just taken a quick look at this contribution - there's a lot of it, isn't there ?!

 

Yes, I very much suspect that you would need to alter the Paypal IPN to make it work with this contribution.

 

To give you some pointers -

 

Basically, you need to keep the order number as the standard 'raw' value as much as possible (1, 2, 3, 4.....).

 

Whenever you expose the order number to the customer, whether it is in an email or on the web site or in a link generated by the web site, you need to convert it into a 'scrambled' number.

 

When responding to links containing scrambled order numbers, you need to convert them back to 'raw' order numbers to use them internally.

 

For traceability (and presumably because Paypal sends emails to the customer that might contain the order number - at least I think it does; I don't really know), if you pass any order numbers to paypal then you will probably want to convert them into a scrambled number, and as with web links, if paypal passes any order number back to you, you will need to convert it back into a 'raw' number.

 

...and that's pretty much all you need to do. You'll probably find that there's only half a dozen or so places you need to change and the changes will be relatively very minor (as the changes in the base contribution)

 

To answer the obvious unasked question, no, I'm not going to do this work. Not this year, anyway. I'm afraid I have too much to do already and as I don't use paypal (and as this is a seperate contribution and not part of the OSC base code), I don't really have the means to test it anyway.

 

Sorry if this sounds unhelpful, but that's life. If you (or anyone else) wants to do the work then I'm happy to assist in any way I can, though I probably can't help you any more than you could help yourself by looking at the code.

 

If you do the work and want to add it to the contribution then PLEASE PLEASE PLEASE either make it a completely separate contribution on a different thread or make it VERY VERY clear which bits of the contribution are the baseline and which bits are specific to the Paypal IPN (ideally keeping two seperate sets of patches). I don't want to impose a load of changes on people for another contribution that they are not actually using, and I don't want to make things confusing by having different contributions in the same thread that actually do different things.

 

regards,

 

Rich

 

Thank you for your quick response, Rich.

Although I can perfectly understand you, I also can say "I wish I had the coding knowledge to make these IPN changes myself without breaking everything". I guess I will just have to wait until someone will come up with a step-by-step quick manual on how to make everything work together, especially since the PayPal IPN contribution is one of the most popular cont. it will probably happen sooner or later. Unfotuntaley I will not be able to test or use your (very much appreciated) important contribution obviously until then...

 

Thanks again for your valuable time mate! :)

Edited by dr_lucas
Link to comment
Share on other sites

One slight correction (at least for me!)...

 

--------------
* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After this line...

           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

...add the following (note that because this is my own hack, you might want to
  adjust the text according to your specific needs)...

// >>> BEGIN ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
// Display order number
// >>> BEGIN SCRAMBLED_ORDER_NUMBER
echo 'Your order number is...<h3>' . randomise_order_num($orders['orders_id']) . '</h3>Please make a note of this and
quote it in any correspondence with us.';
// <<< END SCRAMBLED_ORDER_NUMBER
// <<< END ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION

 

should be

 

--------------
* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After this line...

           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

...add the following (note that because this is my own hack, you might want to
  adjust the text according to your specific needs)...

<?php
// >>> BEGIN ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
// Display order number
// >>> BEGIN SCRAMBLED_ORDER_NUMBER
echo 'Your order number is...<h3>' . randomise_order_num($orders['orders_id']) . '</h3>Please make a note of this and
quote it in any correspondence with us.';
// <<< END SCRAMBLED_ORDER_NUMBER
// <<< END ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
?>

 

W/o the added "<?php" and "?>" it wouldn't output properly.

Link to comment
Share on other sites

Nevermind, i spoke too soon. When I added the extra code, the order number displayed to the customer is different than the real one.

 

The code from my checkout_success is below. Can anybody else see my problem?

 

        <td><table border="0" width="100%" cellspacing="4" cellpadding="2">
         <tr>
           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="left" class="pageHeading" valign=top><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

// >>> BEGIN ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
// Display order number
// >>> BEGIN SCRAMBLED_ORDER_NUMBER
echo 'Your order number is...<h3>' . randomise_order_num($orders['orders_id']) . '</h3>Please make a note of this and
quote it in any correspondence with us.';
// <<< END SCRAMBLED_ORDER_NUMBER
// <<< END ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
                      
<?php
 if ($global['global_product_notifications'] != '1') {
   echo TEXT_NOTIFY_PRODUCTS . '<br><p class="productsNotifications">';

 

One slight correction (at least for me!)...

 

--------------
* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After this line...

           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

...add the following (note that because this is my own hack, you might want to
  adjust the text according to your specific needs)...

// >>> BEGIN ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
// Display order number
// >>> BEGIN SCRAMBLED_ORDER_NUMBER
echo 'Your order number is...<h3>' . randomise_order_num($orders['orders_id']) . '</h3>Please make a note of this and
quote it in any correspondence with us.';
// <<< END SCRAMBLED_ORDER_NUMBER
// <<< END ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION

 

should be

 

--------------
* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After this line...

           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

...add the following (note that because this is my own hack, you might want to
  adjust the text according to your specific needs)...

<?php
// >>> BEGIN ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
// Display order number
// >>> BEGIN SCRAMBLED_ORDER_NUMBER
echo 'Your order number is...<h3>' . randomise_order_num($orders['orders_id']) . '</h3>Please make a note of this and
quote it in any correspondence with us.';
// <<< END SCRAMBLED_ORDER_NUMBER
// <<< END ADD_ORDER_NUM_TO_CUSTOMER_CONFIRMATION
?>

 

W/o the added "<?php" and "?>" it wouldn't output properly.

Link to comment
Share on other sites

Also, when trying to delete orders, I get the following error.

 

Warning: Cannot add header information - headers already sent by (output started at /home/*****/public_html/admin/includes/functions/scrambled_order_num.php:203) in /home/*****/public_html/admin/includes/functions/general.php on line 18

 

Here is the general.php file

<?php
/*
 $Id: general.php,v 1.160 2003/07/12 08:32:47 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

////
// Redirect to another page or site
 function tep_redirect($url) {
   global $logger;

   header('Location: ' . $url);

   if (STORE_PAGE_PARSE_TIME == 'true') {
     if (!is_object($logger)) $logger = new logger;
     $logger->timer_stop();
   }

   exit;
 }

////
// Parse the data used in the html tags to ensure the tags will not break
 function tep_parse_input_field_data($data, $parse) {

Link to comment
Share on other sites

You were right the first time - there is a small error in the instructions. The instructions for the file .../catalog/success.php SHOULD read.....

 

* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After the two lines...

 

<td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div al

ign="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

<?php

 

...and just before the line...

 

if ($global['global_product_notifications'] != '1') {

 

...add... etc etc etc.....

 

also, the 'echo' line being added has had a newline inserted in the middle of it. This is incorrect - it should be all one line

 

----------------------

 

As or the problem with deleting orders, try removing the last newline character from the end of .../admin/includes/functions/scrambled_order_num.php

 

:-)

 

I'll put up a new version (1.3) that includes both these fixes.

 

Rich.

Edited by CMOTD
Link to comment
Share on other sites

Instructions are good now, but there I found another bug.

 

The scrambled order number given in checkout_success is wrong. It gives the order number "JBA-1094039642" but the real order number is "XWT-1912907354"... So far, the only incorrect instance is in the checkout_success page.

 

My guess is "randomise_order_num($orders['orders_id'])" might be the wrong command, but I'm in no way certain.

 

You were right the first time - there is a small error in the instructions. The instructions for the file .../catalog/success.php SHOULD read.....

 

* Approx line 79 (hint - search for 'TEXT_SUCCESS'). After the two lines...

 

            <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div al

ign="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>

<?php

 

...and just before the line...

 

  if ($global['global_product_notifications'] != '1') {

 

...add... etc etc etc.....

 

also, the 'echo' line being added has had a newline inserted in the middle of it. This is incorrect - it should be all one line

 

----------------------

 

And sorry to be a bother, but I don't quite understand. Could you elaborate on the part that says "removing the last newline character from the end of .../admin/includes/functions/scrambled_order_num.php"

 

I don't know what a "newline character" is where it's at, lol.

 

As or the problem with deleting orders, try removing the last newline character from the end of .../admin/includes/functions/scrambled_order_num.php

 

:-)

 

I'll put up a new version (1.3) that includes both these fixes.

 

Rich.

Link to comment
Share on other sites

Mmmm....

 

I'll look at the 'wrong order number' problem this evening (about 12 hours from now) - never noticed that before !

 

Newline character : The very last line of the scrambled_order_num.php file has an an extra blank line. Instead of being...

 

....bla bla bla...

 

?>

----------- end of file ---------

 

...it reads...

 

....bla bla bla...

 

?>

 

----------- end of file ---------

 

The extra blank line causes the problem you have. If in doubt, just copy the new version of this file from v1.3 that I put up yesterday. It should be replaced in both the admin and catalog sections.

 

Rich.

Link to comment
Share on other sites

I've looked at the problem you're having in checkout_success, and I can't see what could be wrong. Mine works fine - it generates the same order number as any other part of the website.

 

As this is exactly the area of code that you had the other problems with, I would make absolutely sure that you haven't applied the patch incorrectly to this file or messed anything up whle you were trying to debug the other problem. Try going back to the original (unpatched) version of the file and re-applying the patch to it.

 

Let me know how you get on

 

Rich.

Link to comment
Share on other sites

I've looked at the problem you're having in checkout_success, and I can't see what could be wrong. Mine works fine - it generates the same order number as any other part of the website.

 

As this is exactly the area of code that you had the other problems with, I would make absolutely sure that you haven't applied the patch incorrectly to this file or messed anything up whle you were trying to debug the other problem. Try going back to the original (unpatched) version of the file and re-applying the patch to it.

 

Let me know how you get on

 

Rich.

 

Okay, I may have another clue here...

 

The following order number is always displayed in the checkout_success "JBA-1094039642" for some strange reason. The real order number is "17 ( XSO-1161148634 )".

 

Seems like something isn't being randomized, and it may be stuck. Do you think it may be an issue w/the keys I chose? All I did was change the last digits of each one.

 

There may be a coding mistake on my behalf, or perhaps a bug.

Link to comment
Share on other sites

I bet 'JBA-1094039642' equates to an order number of zero.

 

ie - you aren't passing the order number to the randomise function at all; you're passing zero.

 

You could check this by exlicitely putting zero in the call

 

randomise_order_num(0);

 

...and see what you get.

 

If this is the case then there's your problem. Again, I would check that you have applied the patch absolutely correctly - Make sure you have spelled everything correctly (if you get a variable name wrong, you'll generate a zero from thin air). If you miss off a '$' at the start of the variable name you'll get a zero (or an error).

 

If you still can't figure it out, let me know and I'll PM you my email address - you can email me the file if you like and I'll take a look.

 

Rich.

Link to comment
Share on other sites

I've just had another look at this, and I think I may have spotted the problem.

 

Try changing the lines 40 - 42 from this....

 

if ($global['global_product_notifications'] != '1') {

$orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");

$orders = tep_db_fetch_array($orders_query);

 

...to this...

 

$orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");

$orders = tep_db_fetch_array($orders_query);

if ($global['global_product_notifications'] != '1') {

 

ie - Move the 'if' line down two. I'll can check this myself this evening but in case you get there first....

 

Rich.

Link to comment
Share on other sites

BINGO!

 

That worked awesome! Much thanks, and damn you're good!

 

I've just had another look at this, and I think I may have spotted the problem.

 

Try changing the lines 40 - 42 from this....

 

  if ($global['global_product_notifications'] != '1') {

    $orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");

    $orders = tep_db_fetch_array($orders_query);

 

...to this...

 

  $orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");

  $orders = tep_db_fetch_array($orders_query);

  if ($global['global_product_notifications'] != '1') {

 

ie - Move the 'if' line down two. I'll can check this myself this evening but in case you get there first....

 

Rich.

Link to comment
Share on other sites

Don't get carried away - if I was THAT good, I would have done it right the first time, rather than the 6th or 7th !

 

Anyway, I have uploaded a new version (v 1.4) that includes this fix.

 

I never saw this problem before because I have hacked out the 'product notification' option from OSC code and because of this, the bit of code that was causing the problem was always being executed for me; hence no problem (ignore these ramblings if they don't make sense to you).

 

Anyway, it's fixed now. Thanks for the feedback and for pointing out the problem. If you find anything else, let me know, but I think it's probably ok now. (fingers crossed)

 

Rich.

Link to comment
Share on other sites

hi, how i display the order number only in checkout_processe.php

You should be able to pick out the code change that I made in checkout_process.php, and just miss out the randomisation.

 

...But this is off-topic, and I'm sure if you search the board you will find loads of references to this.

 

Rich.

Link to comment
Share on other sites

I have been falowing all the steps described in the instructions, but when I try to check the funtionality of the contribution I have gotten the falowing error:

 

Warning: main(includes/functions/scrambled_order_num.php): failed to open stream: No such file or directory in /home/andesflo/public_html/tienda2/checkout_process.php on line 36

 

Fatal error: main(): Failed opening required 'includes/functions/scrambled_order_num.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/andesflo/public_html/tienda2/checkout_process.php on line 36

 

 

i don't know where is the mistake.

 

the instruccions are:

".../catalog/checkout_process.php

 

--------------

* Near the top of the file, just above...

 

include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_PROCESS);

 

...add the following...

 

// >>> BEGIN SCRAMBLED_ORDER_NUMBER

require('includes/functions/scrambled_order_num.php');

// <<< END SCRAMBLED_ORDER_NUMBER

 

--------------

* Approx line 222 (hint - search for 'STORE_NAME'). Change this...

 

// lets start with the email confirmation

$email_order = STORE_NAME . "\n" .

EMAIL_SEPARATOR . "\n" .

EMAIL_TEXT_ORDER_NUMBER . ' ' . $insert_id . "\n" .

EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $insert_id, 'SSL', false) . "\n" .

 

...to this...

 

// lets start with the email confirmation

// >>> BEGIN SCRAMBLED_ORDER_NUMBER

$scrambled_order_num = randomise_order_num($insert_id);

// <<< END SCRAMBLED_ORDER_NUMBER

 

$email_order = STORE_NAME . "\n" .

EMAIL_SEPARATOR . "\n" .

// >>> BEGIN SCRAMBLED_ORDER_NUMBER

EMAIL_TEXT_ORDER_NUMBER . ' ' . $scrambled_order_num . "\n" .

EMAIL_TEXT_INVOICE_URL . ' ' . tep_href_link(FILENAME_ACCOUNT_HISTORY_INFO, 'order_id=' . $scrambled_order_num, 'SSL', false) . "\n" .

// <<< END SCRAMBLED_ORDER_NUMBER

 

 

welll.....

 

thank you

Link to comment
Share on other sites

You should be able to pick out the code change that I made in checkout_process.php, and just miss out the randomisation.

 

...But this is off-topic, and I'm sure if you search the board you will find loads of references to this.

 

Rich.

 

 

i have searched all suport forum and dont find the same question of me...

Link to comment
Share on other sites

Warning: main(includes/functions/scrambled_order_num.php): failed to open stream: No such file or directory in /home/andesflo/public_html/tienda2/checkout_process.php on line 36

The error message is very simple - it can't find the file includes/functions/scrambled_order_num.php

 

Does the file includes/functions/scrambled_order_num.php exist ?

 

This is a new file and part of this contribution. Did you copy it from the contribution to the includes/functions/ directory ? If you did, then are the permissions correct so that the web server can read it ?

 

Rich.

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...