Jump to content

Archived

This topic is now archived and is closed to further replies.

211655

Bug in OSC stores - Can checkout by paying 0

Recommended Posts

Now i know there may be a way you can turn off multiple currency checkouts but if you add this / append this to the URL on ur site

 

&currency=eur

 

such as www.urstore.com/product_info.php?products_id=232&currency=eur

 

or

 

such as www.urstore.com/product_info.php?currency=eur&products_id=232

 

 

etc....

 

 

The price will become 0

 

you can now chekcout anything you want for 0.

 

Damm mee.....

Share this post


Link to post
Share on other sites

It doesn't do it in mine. I'll PM you my URL in case I am not doing exactly what you are doing...


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites

It does it in mine too, I dont think this will cause many problems for me, although a fix would be nice!

 

Mark


Lifes a bitch, then you marry one, then you die!

Share this post


Link to post
Share on other sites

Thanks to Burt:P

 

Open includes/Application_top.php

 

 

find

 

//currency

if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) {
   if (!tep_session_is_registered('currency')) tep_session_register('currency');

 

add following code above //currency

if (isset($HTTP_GET_VARS['currency'])) {
      $HTTP_GET_VARS['currency'] = strtoupper($HTTP_GET_VARS['currency']);
}

Share this post


Link to post
Share on other sites

I'm a little late it seems :)

 

or (alternative to the above, maybe it helps to find the cause):

 

change (inlcudes/funtions/general.php)

////
// Checks to see if the currency code exists as a currency
// TABLES: currencies
 function tep_currency_exists($code) {
   $code = tep_db_prepare_input($code);
   $currency_code = tep_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "'");
   if (tep_db_num_rows($currency_code)) {   
     return $code;
   } else {
     return false;
   }
 }

to

////
// Checks to see if the currency code exists as a currency
// TABLES: currencies
 function tep_currency_exists($code) {
   $code = tep_db_prepare_input($code);
   $currency_code = tep_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "'");
   if (tep_db_num_rows($currency_code)) {   
     return strtoupper($code);
   } else {
     return false;
   }
 }

it's allmost the same fix (as posted 1 post above): "return strtoupper($code);"

 

Don't understand why the lowercase is accepted as valid currency though, some how the db query seems case insensitive :huh:


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites

Very good spot Dan,

 

It would have affected mine too if I hadn't disabled multicurrency checkout.

Have you filed a bug report?

Share this post


Link to post
Share on other sites

Hi David,

It would have affected mine too if I hadn't disabled multicurrency checkout.

Could you please explain how multicurrency checkout can be disabled?


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites
by only having 1 currency.

I do have only one currency, and the bug was there (until I added strtoupper($code) ). On the other hand David's shop accepts multiple currencies but does not have this bug (or was the shop I saw already fixed? www.taichifinder.co.uk/catalog/ ).

:huh:


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites
I do have only one currency, and the bug was there (until I added strtoupper($code) ). On the other hand David's shop accepts multiple currencies but does not have this bug (or was the shop I saw already fixed? www.taichifinder.co.uk/catalog/ ).

:huh:

 

 

I have multi currency and I had the same bug.


Treasurer MFC

Share this post


Link to post
Share on other sites

I still don't understand what david ment with "disabled multicurrency checkout", having only one currency does not help :(

 

 

I do understand the cause of the bug now though :)

 

MySQL searches appear to be case insensitive by default, and so the currency check (in tep_currency_exists) does not check the case, and so it returns the $code weather it's the same case or not.

 

So it seems that, to do it right, the actual value should be checked (case sensitive) using PHP, or the the currency code column fields should be declared BINARY in the database. (or the currency could be made case insensitive for the calculations too of course)


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites

I will file the bug report but if someone is already doing or has done let me know so i wont do it then.

 

thanks to burt & paul for the code. I am using only USD and not even showing the currency options but as i was playing with it, it turned out to be wierd. so hopefully ppl should be able to fix it.

 

I am guessing that a lot of people would have this issue ...

Share this post


Link to post
Share on other sites
I will file the bug report but if someone is already doing or has done let me know so i wont do it then.

 

thanks to burt & paul for the code. I am using only USD and not even showing the currency options but as i was playing with it, it turned out to be wierd. so hopefully ppl should be able to fix it.

 

I am guessing that a lot of people would have this issue ...

 

Can you explain a bit more how to test for this ? Do I understand correctly you have to add '&currency=eur' to the URL while in your product_info page and than press add to cart ? If I do that the product just gets added to the cart with the normal price and I do have multiple currencies.

 

Thanks

Share this post


Link to post
Share on other sites

Howard - I am sorry, I just made a test order in your wheeloftime shop. "Test Testy". Check the price of the order...

 

Again, apologies for this - but at least now you know your Store has this problem!


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites
Thanks to Burt:P

 

Open includes/Application_top.php

find

 

//currency

if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) {
? ?if (!tep_session_is_registered('currency')) tep_session_register('currency');

 

add following code above //currency

if (isset($HTTP_GET_VARS['currency'])) {
? ? ? $HTTP_GET_VARS['currency'] = strtoupper($HTTP_GET_VARS['currency']);
}

 

When I did this I got the Unexpected T string error. Any Idea why? I just pasted it above the //currency as specified...


Quidquid latine dictum sit, profundum viditur.

Share this post


Link to post
Share on other sites
Howard - I am sorry, I just made a test order in your wheeloftime shop.  "Test Testy".  Check the price of the order...

 

Again, apologies for this - but at least now you know your Store has this problem!

 

Damn, damn, I thought this was my day :D :D

 

Burt, no problem ! I am glad you checked and so I see my shop does also suffer from this bug. But I still don't understand how to do it so any more specific direction of how to achieve this would be welcomed so I can try it myself also before applying one of the solutions.

Share this post


Link to post
Share on other sites

Howard just append ?currency=eur or &currency=eur to the url and hit ENTER, all the prices will change to 0, and the worst is the customer wil be able to check out and have it all for free!

 

(it does not seem to happen under all circumstances, but after a few tries it should)

 

like: www.yourstore.index.php?currency=eur

 

or: www.yourstore.index.php?wahtever=blabla&currency=eur

 

(eur may be any available currency, but using lowercase i.s.o. uppercase)


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites
Damn, damn, I thought this was my day  :D  :D

 

Burt, no problem ! I am glad you checked and so I see my shop does also suffer from this bug. But I still don't understand how to do it so any more specific direction of how to achieve this would be welcomed so I can try it myself also before applying one of the solutions.

 

 

 

go to your website:

 

www.your site.com/index.php

 

after index.php append this

 

?currecny = eur

 

so it will be like www.site.com/index.php?currecny = eur

 

 

see then

Share this post


Link to post
Share on other sites
When I did this I got the Unexpected T string error. Any Idea why?  I just pasted it above the //currency  as specified...

 

 

u sure that u didnt replace it. i just said to add it not replace.

 

make sure that u ahve the file as i told, open it and then look for

//currency

followed by rest of the info.

 

when u have found it, do what i have said, add the new line of code right after // currency

 

 

else try what another person has suggested. post ur url if u can

Share this post


Link to post
Share on other sites
go to your website:

 

www.your site.com/index.php

 

after index.php append this

 

?currecny = eur

 

so it will be like www.site.com/index.php?currecny = eur

see then

 

Thanks Dan, Paul ! Now I see the prices getting zero after hitting a few times Enter (one time wasn't enough as I tried before).

Going to apply the fix now...

Share this post


Link to post
Share on other sites
add following code above //currency
add the new line of code right after // currency

 

I tried pasting it below and above, and get the error: Parse error: parse error, unexpected T_STRING in includes/application_top.php on line 315

 

this line reads:

 

$HTTP_GET_VARS['currency'] = strtoupper($HTTP_GET_VARS['currency']);


Quidquid latine dictum sit, profundum viditur.

Share this post


Link to post
Share on other sites

Yes my shop was fixed earlier but also I have this extra line in my checkout_process.php and a couple of other files around the checkout:

 

after the line

 

include('includes/application_top.php');

 

  $currency = DEFAULT_CURRENCY;

So really it is a single currency store that allows you to browse in other currencies but only check out in GBP.

Share this post


Link to post
Share on other sites

×