Jump to content

Archived

This topic is now archived and is closed to further replies.

211655

Bug in OSC stores - Can checkout by paying 0

Recommended Posts

I was just wondering if there were any security problems, etc.. with osc. Where can I find any other problems that need to be corrected with osc?

 

thanks.

Share this post


Link to post
Share on other sites

@david: thanks for the explantion, for a moment I thought I had overlooked some kind of "single currency checkout" setting in admin :)

 

@tom:

most probs can be found at the bug reports section: http://www.oscommerce.com/community/bugs

 

also: http://www.securityfocus.com/bid/vendor/ can be interesting/usefull sometimes


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites

Guys i cant repoduce the problem, does this mean that im ok? have tried it several times..

 

?currecny = eur

 

but to no avail..

 

i am only a single currency site.

 

Cheers in advance

Share this post


Link to post
Share on other sites
Guys i cant repoduce the problem, does this mean that im ok?  have tried it several times..

 

?currecny = eur

 

but to no avail..

 

i am only a single currency site.

it only happens with the available currencies in your store. So in your case that would mean that you append "?whatever=whatever&currency=gbp" or "?currency=gbp" to your url's.

 

And I tested the site but it's not ok!

(assuming it's www.wifigear.co.uk)


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites
it only happens with the available currencies in your store. So in your case that would mean that you append "?whatever=whatever&currency=gbp" or "?currency=gbp" to your url's.

 

And I tested the site but it's not ok!

(assuming it's www.wifigear.co.uk)

 

And now im patched, :thumbsup: thanks PandA.nl and to Bert for the code.

 

Will pass on the good news

Share this post


Link to post
Share on other sites

The posted fix stops the $0 checkout but does not fix the problem of having only 1 currency.

 

My default currency is USD so EUR should not be allowed yet it is.

 

Thanks for any advice

Share this post


Link to post
Share on other sites
The posted fix stops the $0 checkout but does not fix the problem of having only 1 currency.

 

My default currency is USD so EUR should not be allowed yet it is.

I don't understand what the problem exactly is, it does not seem related to this bug though.

 

Setting a currency as default is not to disable/disallow any other currency.


Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites
I don't understand what the problem exactly is, it does not seem related to this bug though.

 

Setting a currency as default is not to disable/disallow any other currency.

Yeah, setting a default currency doesn't actually remove the others. Go into your Admin>Localization>Currencies and remove all the currencies you don't use (Hi-light the currency, click delete). Or better yet, go into your database and delete them there. That's what I did, and don't seem to have this bug.


Stress is a luxury afforded to those of us that need it least.

Where lipstick is concerned, the important thing is not color, but to accept God's final word on where your lips end. --Jerry Seinfeld

If you pick up a starving dog, and make him prosperous, he will not bite you. This is the principal difference between a man and a dog. --Mark Twain

Share this post


Link to post
Share on other sites

The appropriate fix for this is on the database side, this is a MySQL feature. The column should have been created with the BINARY attribute. You can modify the column using the following statement:

 

alter table currencies modify code char(3) binary not null default '';

 

 

After that then MySQL will only do a binary comparison. See below...

 

http://dev.mysql.com/doc/mysql/en/case-sensitivity.html

Share this post


Link to post
Share on other sites
The appropriate fix for this is on the database side, this is a MySQL feature.  The column should have been created with the BINARY attribute.  You can modify the column using the following statement:

 

alter table currencies modify code char(3) binary not null default '';

After that then MySQL will only do a binary comparison.  See below...

 

http://dev.mysql.com/doc/mysql/en/case-sensitivity.html

 

Thanks wagnerch, worked perfectly :thumbsup:

Share this post


Link to post
Share on other sites
The appropriate fix for this is on the database side, this is a MySQL feature.  The column should have been created with the BINARY attribute.

funny, I read something like that before in this thread

 

or the the currency code column fields should be declared BINARY in the database.

:)

Please do not PM me for support, I will not respond anyway.

Share this post


Link to post
Share on other sites

Hi,

 

I just found another slant to this which I thought I'd post.

 

When I set up my store (on local PC) all my prices were coming up as zero even without the &currency= querystring component.

 

I applied all the fixes (set the code field to binary, added the code above //currency) still nothing. Then it hit me. I am using EUR and had deleted USD from the DB and added EUR, but I had not set EUR as default, therefore their was no default currency!

 

Set EUR to default and it works great!! and no matter what i do to the querystring it still works:)

 

Thanks,

 

Dave Grennan.

Share this post


Link to post
Share on other sites

Oh and another problem I found if you delete currencies from the DB and are stupid enough (like me) to fail to set a new default currency. If you then hit 'update currencies' then the currency is converted against the old default currency and your prices go mad!!!

 

BTW the reason I deleted direct from the DB was that when I tried to delete a currency the correct way All I got was a 'cancel' button and no 'delete' option. (Yes i know that not this bug, just explaining why I deleted via the DB.

 

So in short. If you delete currencies via the BD, dont forget to set a new default currency!!

 

Dave Grennan

Share this post


Link to post
Share on other sites

my problem is nearly the same

 

i have $ as the default currency and at 2 new ones

 

GBP and Euro after then i run in problems - because everytime i switch my site from german to english the $ shows up even if the GPB is the default currency

 

so now i did delete the usd $ currency but all the default GBP prices are show up as Zero if i switch to german and espanyol the prices are correct in ?.

 

the fix with oanda in the contributions doesnt work in this case and i stuck right now

 

anyone have another idea to point me in the right direction

 

Thank you very much


Guido

Share this post


Link to post
Share on other sites

a search in the forum was the solution - it works now thank you.


Guido

Share this post


Link to post
Share on other sites

to fix the default currency or a currency exist

 

 

i change the function tep_currency_exists (in general.php)

even somebody demand a curency ZZZ the prices are ok

(yourwebsite.xxx/xxxxx.xxx?language=en&currency=ZZZ)

 

remember to declare the default curency in the admin

and use uppercase code (EUR,FRF,FCH ...)

 

 

// Checks to see if the currency code exists as a currency

// TABLES: currencies

function tep_currency_exists($code) {

$code = tep_db_prepare_input($code);

$currency_code = tep_db_query("select currencies_id from " . TABLE_CURRENCIES . " where code = '" . tep_db_input($code) . "'");

if (tep_db_num_rows($currency_code)>0) {

return strtoupper($code);

} else {

$code = DEFAULT_CURRENCY ;

return strtoupper($code);

}

}

 

in application_top.php

add this line

 

$currency = tep_currency_exists($currency);

 

after

 

// currency

if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) {

if (!tep_session_is_registered('currency')) tep_session_register('currency');

 

if (isset($HTTP_GET_VARS['currency'])) {

$HTTP_GET_VARS['currency'] = strtoupper($HTTP_GET_VARS['currency']);

if (!$currency = tep_currency_exists($HTTP_GET_VARS['currency'])) $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;

} else {

$currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;

}

}

Share this post


Link to post
Share on other sites

×