Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Blacklist


Jack_mcs

Recommended Posts

This is the support thread for this contribution, which allows the shop owner to "Blacklist" certain customers. They can be banned completely from logging on. Or, if allowed to logon, or if they create a new account, all entries in their address book will be monitored for usage upon checkout. If an address is used, the shop owner is notified via email.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 2 weeks later...

I've installed the blacklist contribution, great Contrib! But I have 2 little problems:

 

1. If a completly banned customer trys to login, it doesnt set the "attempted use" flag. But an empty email will be sent, with the infos in the title.

 

2. If a banned user do an order, no email with the informations will be sent, that a banned user has placed an order. (the normal email is sending)

 

Im only a beginner, and I tried many things, but nothing works, I dont know what the problem could be. Maybe someone can help me...

 

Many thanks,

Lukas Havranek

 

Shop: www.LED-Store.ch

Link to comment
Share on other sites

1 - There is an error in the code for login.php that is causing this behavior. Find this line in login.php

	 tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_order, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

and change to

tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

 

2 - I don't see a problem with this one. Try this: find

		 $blacklisted['entry_state']		  === $order->delivery['state'])
 {

in checkout_process.php and place this after it

echo 'found match<br>';

 

Please let me know the results.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Great Jack mcs, thank you very much, now everything seems to work. All mails will be sent, and with the body in it. :thumbsup:

 

The only thing is that the "attemptet use" Flag is still not setting, but that isnt very important for me, I get the mail that a user has tried.

Maybe there is an error too... (if I change in the database the 0 to 1, I can see the flag. Only automatic it doesnt work)

 

greetz lukas

Link to comment
Share on other sites

Another thing:

 

If you change in the checkout process the following:

 

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, STORE_NAME, STORE_OWNER_EMAIL_ADDRESS);

 

to

 

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

 

you get the mails "from the user", not from the shop itself. I think this is better, so you can see immediately whos placed the order.

 

lukas

Link to comment
Share on other sites

Where is the "command" to set the flag for attempted_use, when I search login.php or checkout-process.php, I cant find any word with attempted_use. I think it must be in the login.php, somewhere around,

 

if ($blacklisted['ban_customer'] == true)

{

$error = true;

$error_blacklisted = true;

 

but I cant find anything, and I dont know the command to set the flag. (I never learned php or sql, everything learning by doing... ;o)

Link to comment
Share on other sites

I have the code in my files here but it somehow failed to make it into the zip. After

$error_blacklisted = true;

insert

		tep_db_query("update " . TABLE_BLACKLIST . " set attempted_use = '1' where customers_id = '" . $check_customer['customers_id'] . "'");

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Hey, now I get this mail that a banned user has placed an order on every order!

 

I dont know if Im the only one with this problem, but Im going to uninstall this contrib until I couldnt fix it.

 

That problem with the "attempted_use" flag works now, maybe you can find the "last" problem with the email, i got this in my code:

 

// send emails to other people

if (SEND_EXTRA_ORDER_EMAILS_TO != '') {

tep_mail('', SEND_EXTRA_ORDER_EMAILS_TO, EMAIL_TEXT_SUBJECT, $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

}

 

//check for blacklisted address

$blacklist_query = tep_db_query("SELECT b.customers_id, b.ban_customer, b.description, b.entry_street_address, b.entry_suburb, b.entry_postcode, b.entry_city, b.entry_state FROM " . TABLE_BLACKLIST . " b ");

while($blacklisted = tep_db_fetch_array($blacklist_query))

{

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'] &&

$blacklisted['entry_suburb'] === $order->delivery['suburb'] &&

$blacklisted['entry_city'] === $order->delivery['city'] &&

$blacklisted['entry_postcode'] === $order->delivery['postcode'] &&

$blacklisted['entry_state'] === $order->delivery['state'])

echo 'found match<br>';

{

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

break;

}

}

 

 

This mail is now sending on every order to me, also when its a "free" user...

 

thanks,

lukas

Link to comment
Share on other sites

The reason you are getting the extra emails is becuase of this line

echo 'found match<br>';

You should either remove it or place it after the { so that it is

{
echo 'found match<br>';

 

Jack

Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

The same like before, with your changes:

 

1.)

//check for blacklisted address

$blacklist_query = tep_db_query("SELECT b.customers_id, b.ban_customer, b.description, b.entry_street_address, b.entry_suburb, b.entry_postcode, b.entry_city, b.entry_state FROM " . TABLE_BLACKLIST . " b ");

while($blacklisted = tep_db_fetch_array($blacklist_query))

{

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'] &&

$blacklisted['entry_suburb'] === $order->delivery['suburb'] &&

$blacklisted['entry_city'] === $order->delivery['city'] &&

$blacklisted['entry_postcode'] === $order->delivery['postcode'] &&

$blacklisted['entry_state'] === $order->delivery['state'])

{

echo 'found match<br>';

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

break;

}

}

 

2.)

//check for blacklisted address

$blacklist_query = tep_db_query("SELECT b.customers_id, b.ban_customer, b.description, b.entry_street_address, b.entry_suburb, b.entry_postcode, b.entry_city, b.entry_state FROM " . TABLE_BLACKLIST . " b ");

while($blacklisted = tep_db_fetch_array($blacklist_query))

{

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'] &&

$blacklisted['entry_suburb'] === $order->delivery['suburb'] &&

$blacklisted['entry_city'] === $order->delivery['city'] &&

$blacklisted['entry_postcode'] === $order->delivery['postcode'] &&

$blacklisted['entry_state'] === $order->delivery['state'])

{

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

break;

}

}

 

The second option is like after installing this contrib. Should I post the hole code?

Link to comment
Share on other sites

First, be sure the person you are using to test with is actually blacklisted. If so, try this: after the following (note the { )

  while($blacklisted = tep_db_fetch_array($blacklist_query))
 {

add this:

echo 'Customer '.$order->customer['lastname'] . '<br>';
if ($order->customer['lastname'] == 'test')
if ($blacklisted['entry_street_address']  === $order->delivery['street_address'])
{	 
 echo 'Matched street '. $blacklisted['entry_street_address'] .'<br>';
 if ($blacklisted['entry_suburb'] === $order->delivery['suburb'])
 {
echo 'Matched surburb  '.$blacklisted['entry_suburb'].'<br>';
if ($blacklisted['entry_city'] === $order->delivery['city'])
{
   echo 'Matched city '.$blacklisted['entry_city'] .'<br>';
   if ($blacklisted['entry_postcode'] === $order->delivery['postcode'])
   {
	  echo 'Matched post code  '.$blacklisted['entry_postcode'].'<br>';
	  if ($blacklisted['entry_state'] === $order->delivery['state'])
	  {
		 echo 'Matched state  '.$blacklisted['entry_state'].'<br><br>';
	  }
	  else echo 'Failed match - state<br>';   
   }  
   else echo 'Failed match - post code<br>';   
}
else echo 'Failed match - city<br>';   
 }
 else echo 'Failed match - suburb<br>';   
}  
else echo 'Failed match - street<br>';

Replace test in the aobve with the last name of the customer that is blacklisted. Case is important. This will print out the results of the compares for each customer. What does it indicate? You may not want to do this on a live shop since it will hang up that page until refresh is pressed. If you do try it on a live shop, don't leave the code it there.

 

Jack

Edited by Jack_mcs

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Nothing else happens with this modifications, the user is a blacklisted user (only on the right list, not completly banned), and the code looks like this:

 

//check for blacklisted address

$blacklist_query = tep_db_query("SELECT b.customers_id, b.ban_customer, b.description, b.entry_street_address, b.entry_suburb, b.entry_postcode, b.entry_city, b.entry_state FROM " . TABLE_BLACKLIST . " b ");

while($blacklisted = tep_db_fetch_array($blacklist_query))

{

 

echo 'Customer '.$order->customer['lastname'] . '<br>';

if ($order->customer['lastname'] == 'Burkhalter')

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'])

{

echo 'Matched street '. $blacklisted['entry_street_address'] .'<br>';

if ($blacklisted['entry_suburb'] === $order->delivery['suburb'])

{

echo 'Matched surburb '.$blacklisted['entry_suburb'].'<br>';

if ($blacklisted['entry_city'] === $order->delivery['city'])

{

echo 'Matched city '.$blacklisted['entry_city'] .'<br>';

if ($blacklisted['entry_postcode'] === $order->delivery['postcode'])

{

echo 'Matched post code '.$blacklisted['entry_postcode'].'<br>';

if ($blacklisted['entry_state'] === $order->delivery['state'])

{

echo 'Matched state '.$blacklisted['entry_state'].'<br><br>';

}

else echo 'Failed match - state<br>';

}

else echo 'Failed match - post code<br>';

}

else echo 'Failed match - city<br>';

}

else echo 'Failed match - suburb<br>';

}

else echo 'Failed match - street<br>';

 

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'] &&

$blacklisted['entry_suburb'] === $order->delivery['suburb'] &&

$blacklisted['entry_city'] === $order->delivery['city'] &&

$blacklisted['entry_postcode'] === $order->delivery['postcode'] &&

$blacklisted['entry_state'] === $order->delivery['state'])

 

echo 'found match<br>'; (tested with or without this sentence)

 

{

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

break;

}

}

 

 

There are no "print-outs" or something like this, I just receive the mails like posted above...

Link to comment
Share on other sites

Your database doesn't appear to have any entries. Please try this. Change this:

while($blacklisted = tep_db_fetch_array($blacklist_query))

to this

echo 'Total entries = '.tep_db_num_rows($blacklist_query).'<br>';
while($blacklisted = tep_db_fetch_array($blacklist_query))

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

What do you mean with my database seems to have no entries?? This I copied from my phpMyAdmin:

 

customers_id ban_customer attempted_use description entry_street_address entry_suburb entry_postcode entry_city entry_state date_added

Bearbeiten 216370 1 0 No entry!! Scalottas 13 7421 Summaprada 2005-10-12 13:25:24

Bearbeiten 216626 0 0 Seestrasse 193 Postfach 3 8802 Kilchberg 2005-10-15 16:32:57

Bearbeiten 216416 1 0 Nie bezahlt! Himmelrichstrasse 20 6283 Baldegg 2005-10-14 20:0

 

The second one is the customer I try...

 

The additional changes shows no effects, the same thing like before, the code is the following now:

 

//check for blacklisted address

$blacklist_query = tep_db_query("SELECT b.customers_id, b.ban_customer, b.description, b.entry_street_address, b.entry_suburb, b.entry_postcode, b.entry_city, b.entry_state FROM " . TABLE_BLACKLIST . " b ");

echo 'Total entries = '.tep_db_num_rows($blacklist_query).'<br>';

while($blacklisted = tep_db_fetch_array($blacklist_query))

{

if ($blacklisted['entry_street_address'] === $order->delivery['street_address'] &&

$blacklisted['entry_suburb'] === $order->delivery['suburb'] &&

$blacklisted['entry_city'] === $order->delivery['city'] &&

$blacklisted['entry_postcode'] === $order->delivery['postcode'] &&

$blacklisted['entry_state'] === $order->delivery['state'])

{

tep_mail(STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, 'Bestellung eines Blacklisted-Kunden', $email_order, $order->customer['firstname'] . ' ' . $order->customer['lastname'], $order->customer['email_address']);

break;

}

}

 

 

Am I the only one with this problem, do you get the mail only if the user is banned??

Link to comment
Share on other sites

There is a mistake in your code or the entries are not in the blacklist table. When you access the checkout_process.php file, the minimum that should happen is that Total entries = is printed on the screen. Since that is not happening, the file on your server may not have received the updates.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

  • 3 weeks later...

Jack,

 

I was so pleased to see your contribution, however my login.php has been heavily modified by PWA, master password and other contributions, therefore I'm not quite sure how to complete your install instructions. Would you be so kind as to tell me where exactly I need to modify the file?

 

Thanks a lot,

 

Alex

Absinthe Original Liquor Store

Link to comment
Share on other sites

Where the code is not that critical. I'll run through the instructions for the login.php file - maybe that will help.

 

Find: $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
This, or something similar, should exist in your file. You may not be able to do a replacement though. Just cimpare the two lines. All that is being changed is the addition of the customers_lastname, field.

 

Find $error = false;
Insert the code for this line anywhere near the top of the file.

 

Check that password is good
You can insert the included code without the else { at the end anywhere around that area as long as you don't break one of the blocks of code. So just find a section outseide of {} and insert
	  $blacklist_query = tep_db_query("SELECT c.customers_id, b.customers_id, b.ban_customer, b.description FROM " . TABLE_CUSTOMERS . " c, " . TABLE_BLACKLIST . " b WHERE b.customers_id = '" . $check_customer['customers_id'] ."'");
  $blacklisted = tep_db_fetch_array($blacklist_query);

  if ($blacklisted['ban_customer'] == true)
  {
	$error = true;
	$error_blacklisted = true;

	tep_db_query("update " . TABLE_BLACKLIST . " set attempted_use = '1' where customers_id = '" . $check_customer['customers_id'] . "'");

	$email_body = 'The following blacklisted person tried to login:' . "\n\n\t" . $check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'];   
	tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
  }

 

The last step just adds the trailing } to the above code but it is not needed if you did the above.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Jack,

 

thank you for your reply. I managed to make some of those changes, so the parts of login.php look like this(line 22):

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

 $error_blacklisted = false;
 // PWA 0.70 :
 if($HTTP_GET_VARS['login'] == 'fail') {
  $fail_reason = (!empty($HTTP_GET_VARS['reason'])) ? urldecode($HTTP_GET_VARS['reason']): TEXT_LOGIN_ERROR;
  $messageStack->add('login', $fail_reason);
 }

and this(line 35):

// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");

and finally on line 95:

if ($error == true) {
 if ($error_blacklisted == true)
 $messageStack->add('login', 'You have been banned from this site. Please contact the shop owner for further details.');
  else
$messageStack->add('login', TEXT_LOGIN_ERROR);
 }

However the part with master pasword doesn't seem to work, could you please tell me where is safe to insert the code without breaking eithe of those contributions? That part is:

// Check that password is good - edited for Master Password
  $mastpw_query = tep_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MAST_PW'");
  $mastpw = tep_db_fetch_array($mastpw_query);

  $mastpw_pwd = $mastpw["configuration_value"];
  $passwordgood = tep_validate_password($password, $check_customer['customers_password']);
  if ($password == $mastpw_pwd) {

// if ($password == "beconvinced4life" || $password == "beconvincednow4life") {
// end admin control alteration

$passwordgood = 1;
} else {
$passwordgood = $passwordgood;
}

if (!$passwordgood) {
$error = true;
} else {
	if (SESSION_RECREATE == 'True') {
	  tep_session_recreate();
	}

 

Thank you very much,

 

Alex

Absinthe Original Liquor Store

Link to comment
Share on other sites

Add this

	  $blacklist_query = tep_db_query("SELECT c.customers_id, b.customers_id, b.ban_customer, b.description FROM " . TABLE_CUSTOMERS . " c, " . TABLE_BLACKLIST . " b WHERE b.customers_id = '" . $check_customer['customers_id'] ."'");
  $blacklisted = tep_db_fetch_array($blacklist_query);

  if ($blacklisted['ban_customer'] == true)
  {
	$error = true;
	$error_blacklisted = true;

	tep_db_query("update " . TABLE_BLACKLIST . " set attempted_use = '1' where customers_id = '" . $check_customer['customers_id'] . "'");

	$email_body = 'The following blacklisted person tried to login:' . "\n\n\t" . $check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'];   
	tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
  }

before this

if (SESSION_RECREATE == 'True') {

It's is difficult to tell without seeing it in context but I think the above will work.

 

Jack

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

Thank you, I don't get any errors now and it looks like I can do some testing. I do have small problem in admin, I select customer, tick ban completely, write comments and hit update, customer is moved to right hand side but no comments appear and no box is ticked. Comments are written in database but don't appear in admin.

 

And it looks like it may not be working because if I ban my test account, I'm still able to login...

 

Alex

Edited by mr_absinthe

Absinthe Original Liquor Store

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...