seite7 Posted August 18, 2004 Share Posted August 18, 2004 Is there already a working security fix so users can't see others orders by manipulation the URL? Ralf Quote Link to comment Share on other sites More sharing options...
webshark Posted August 18, 2004 Share Posted August 18, 2004 I run my site with Register Globles set to OFF And have installed the patch on the catalog to get it to work but now i added this contribution i am getting this error: Fatal error: Session variable payment_info is not globally defined the reason i guess is the line: 'payment_info' => $GLOBALS['payment_info'], in checkout_process.php Anyone what i need to change it to for it to work ? Simon Quote Link to comment Share on other sites More sharing options...
Guest Posted August 24, 2004 Share Posted August 24, 2004 I run my site with Register Globles set to OFFAnd have installed the patch on the catalog to get it to work but now i added this contribution i am getting this error: Fatal error: Session variable payment_info is not globally defined the reason i guess is the line: 'payment_info' => $GLOBALS['payment_info'], in checkout_process.php Anyone what i need to change it to for it to work ? Simon I get some similar error messages, only i got em after I installed an admin password contribution. I also run my site with register globals set to off. Fatal error: Session variable login_id is not globally defined Fatal error: Session variable login_groups_id is not globally defined Fatal error: Session variable login_first_name is not globally defined Warning: Cannot modify header information - headers already sent by (output started at /xxxx/xxxx/xxxx/httpd.www/admin/includes/functions/sessions.php:235) in /xxxx/xxxx/xxxx/httpd.www/admin/includes/functions/general.php on line 86 Quote Link to comment Share on other sites More sharing options...
Guest Posted August 26, 2004 Share Posted August 26, 2004 took a closer look at that register global contribution, and tryed the "careless code" now i dont get any error messages, but nothing happens when i enter the right password and username, it just clears out the username and password fields. If i type in the wrong username or password i get an error message that says "ERROR: Wrong username or password!" so that part has worked all the time, but it doesnt seem to go any further when i enter the right username and password :-(. if i switch back to the "paranoid code" on the register globals contribution i get the error messages Fatal error: Session variable login_id is not globally defined Fatal error: Session variable login_groups_id is not globally defined Fatal error: Session variable login_first_name is not globally defined i dont get thsoe with the "careless code" not sure if the careless code actually fixes this problem or doesnt bother printing the error messages. :blink: Quote Link to comment Share on other sites More sharing options...
mattyb Posted January 14, 2005 Share Posted January 14, 2005 Okay I've installed this contrib. and most of it works but I'm still having two issues. The errors are mentioned on the first page of this post but I've changed my code to reflect what was posted and still no change happened. My two errors are that I get PRINT_ORDER_TITLE on any invoice or packing slip. These are defined properly in /admin/includes/languages/english/packingslip.php and invoice.php respectively. Second is that on the checkout_success.php page I'm getting a link that says Order Printable and when you click on it a new window pops up that takes you right back to /catalog. Below is my code in the orders.php file. I've been looking at this for too long and I think I'm going crosseyed. Please help me out. Code at line 328: <td colspan="2" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS_EDIT, 'oID=' . $HTTP_GET_VARS['oID']) . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="javascript:popupWindow(\'' . (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_INVOICE) . '?' . (tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a><a href="javascript:popupWindow(\'' . (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_PACKINGSLIP) . '?' . (tep_get_all_get_params(array('oID')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERS_PACKINGSLIP) . '</a><a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td> Code at line 419: $contents[] = array('align' => 'center', 'text' => '<a href="javascript:popupWindow(\'' . (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_INVOICE) . '?' . (tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a><a href="javascript:popupWindow(\'' . (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_PACKINGSLIP) . '?' . (tep_get_all_get_params(array('oID')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERs_PACKINGSLIP) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS_EDIT, 'oID=' . $oInfo->orders_id) . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a>'); Thanx, Matt Quote Link to comment Share on other sites More sharing options...
Guest Posted June 13, 2005 Share Posted June 13, 2005 Does anyone have a working file for PWA (purchase without account) Danny Quote Link to comment Share on other sites More sharing options...
jask Posted July 21, 2005 Share Posted July 21, 2005 When enabling shared SSL the following problem develops with this contribution. The button to the link that brings up a printable copy of your order does not work when the shared SSL is enabled. When you click on the link for a printable copy of your order you get the message "The page cannot be displayed" in the new window that pops up. (Note: The link works fine when the shared SSL in NOT enabled.) When the shared SSL is NOT enabled the "Order Printable" button points to "printorder.php". When the shared SSL IS enabled the "Order Printable" button points to "comprintorder.php". The "comprintorder.php" file does not exist. Why, when the shared SSL is enabled does it add the letters "com" to the beginning of the "printorder.php" file? Because it is adding the letters "com" to the beginning of the printorder.php file and creating a new file it appears the problem is in the code. However since I am a newbie I have no idea where to start looking. Does anyone know which file is causing this error and how to correct the code? Thanks in advance for your help! Quote Link to comment Share on other sites More sharing options...
MLu Posted September 12, 2005 Share Posted September 12, 2005 I have been using this contrib for some time now. It was quite problematic to implement, but I finally succeded. But I have just now discovered that for some reason it reads the printorder.php file from the default language despite that I have different language versions correctly placed under /includes/languages. Can anyone see the bug from the below code (modified printorder.php): <?php /* $Id: printorder.php,v 1.1 2003/01 xaglo osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2002 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); $customer_number_query = tep_db_query("select customers_id from " . TABLE_ORDERS . " where orders_id = '". tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['order_id'])) . "'"); $customer_number = tep_db_fetch_array($customer_number_query); /* if ($customer_number['customers_id'] != $customer_id) { tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL')); } */ $payment_info_query = tep_db_query("select payment_info from " . TABLE_ORDERS . " where orders_id = '". tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['order_id'])) . "'"); $payment_info = tep_db_fetch_array($payment_info_query); $payment_info = $payment_info['payment_info']; require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ORDERS_PRINTABLE); require(DIR_WS_CLASSES . 'order.php'); $order = new order($HTTP_GET_VARS['order_id']); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE . ' - ' . TITLE_PRINT_ORDER . ' #' . $HTTP_GET_VARS['order_id']; ?></title> <base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="print.css"> </head> <body marginwidth="10" marginheight="10" topmargin="10" bottommargin="10" leftmargin="10" rightmargin="10"> <!-- body_text //--> <table width="600" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <td align="center" class="main"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="5"> <tr> <td valign="top" align="left" class="main"><script language="JavaScript"> if (window.print) { document.write('<a href="javascript:;" onClick="javascript:window.print()" onMouseOut=document.imprim.src="<?php echo (DIR_WS_IMAGES . 'printimage.gif'); ?>" onMouseOver=document.imprim.src="<?php echo (DIR_WS_IMAGES . 'printimage_over.gif'); ?>"><img src="<?php echo (DIR_WS_IMAGES . 'printimage.gif'); ?>" width="43" height="28" align="absbottom" border="0" name="imprim">' + '<?php echo IMAGE_BUTTON_PRINT; ?></a></center>'); } else document.write ('<h2><?php echo IMAGE_BUTTON_PRINT; ?></h2>') </script></td> <td align="right" valign="bottom" class="main"><p align="right" class="main"><a href="javascript:window.close();"><img src='images/X.jpg' border=0></a></p></td> </tr> </table></td> </tr> <tr align="left"> <td class="titleHeading"><?php echo tep_draw_separator('pixel_trans.gif', '1', '25'); ?></td> </tr> <tr> <td><table border="0" align="center" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" align="left" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="Main" align="left"><?php echo nl2br(STORE_NAME_ADDRESS); ?><p><p> </td> <td class="Main" align="right"><?php echo tep_draw_separator('oscommerce.gif', '225', '75'); ?></td> </tr> <tr> <td colspan="2" align="center" class="titleHeading"><b><?php echo TITLE_PRINT_ORDER . ' #' . $HTTP_GET_VARS['order_id']; ?></b></td> </tr> <tr align="left"> <td colspan="2" class="titleHeading"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td align="left" class="main"><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main"><?php echo '<b>' . ENTRY_PAYMENT_METHOD . '</b> ' . $order->info['payment_method']; ?></td> </tr> <tr> <td class="main"><?php echo $payment_info; ?></td> </tr> </table></td> </tr> <tr> <td align="center"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="1" bgcolor=#000000> <tr> <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow"> <td class="dataTableHeadingContent"><b><?php echo ENTRY_SOLD_TO; ?></b></td> </tr> <tr class="dataTableRow"> <td class="dataTableContent"><?php echo tep_address_format($order->customer['format_id'], $order->customer, 1, ' ', '<br>'); ?></td> </tr> </table></td> </tr> </table></td> <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="1" bgcolor=#000000> <tr> <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow"> <td class="dataTableHeadingContent"><b><?php echo ENTRY_SHIP_TO; ?></b></td> </tr> <tr class="dataTableRow"> <td class="dataTableContent"><?php echo tep_address_format($order->delivery['format_id'], $order->delivery, 1, ' ', '<br>'); ?></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="1" bgcolor=#000000> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr class="dataTableHeadingRow"> <td class="dataTableHeadingContent" colspan="2"><?php echo TABLE_HEADING_PRODUCTS; ?></td> <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_PRODUCTS_MODEL; ?></td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TAX; ?></td> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_EXCLUDING_TAX; ?></td> <!-- <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_EXCLUDING_TAX; ?></td> --> <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_INCLUDING_TAX; ?></td> </tr> <?php for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) { echo ' <tr class="dataTableRow">' . "\n" . ' <td class="dataTableContent" valign="top" align="right">' . $order->products[$i]['qty'] . ' x</td>' . "\n" . ' <td class="dataTableContent" valign="top">' . $order->products[$i]['name'] . '<br>'; if ( (isset($order->products[$i]['attributes'])) && (sizeof($order->products[$i]['attributes']) > 0) ) { for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) { echo '<nobr><small> <i> - ' . $order->products[$i]['attributes'][$j]['option'] . ': ' . $order->products[$i]['attributes'][$j]['value'] . '</i><br></small></nobr>'; } } $bundleContents = ''; $bundle_query = tep_db_query("SELECT pb.subproduct_id, pb.subproduct_qty, p.products_id, pd.products_name, pd.language_id FROM " . TABLE_PRODUCTS . " p LEFT JOIN products_bundles pb ON (pb.bundle_id=p.products_id) LEFT JOIN " . TABLE_PRODUCTS_DESCRIPTION . " pd ON (pd.products_id=pb.subproduct_id) WHERE p.products_model = '" . $order->products[$i]['model'] . "' AND pd.language_id = '" . (int)$languages_id . "'"); while ($bundle = tep_db_fetch_array($bundle_query)) { echo "<br> <i>" . $bundle['subproduct_qty'] . " x " . $bundle['products_name'] . "</i>"; } echo ' </td>' . "\n" . ' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n"; echo ' <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" . ' <td class="dataTableContent" align="right" valign="top">' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n" . // ' <td class="dataTableContent" align="right" valign="top">' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n" . ' <td class="dataTableContent" align="right" valign="top">' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n"; echo ' </tr>' . "\n"; } ?> </table></td> </tr> </table></td> </tr> <tr> <td align="right" colspan="7"><table border="0" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <?php for ($i = 0, $n = sizeof($order->totals); $i < $n; $i++) { echo ' <tr>' . "\n" . ' <td align="right" class="smallText">' . $order->totals[$i]['title'] . '</td>' . "\n" . ' <td align="right" class="smallText">' . $order->totals[$i]['text'] . '</td>' . "\n" . ' </tr>' . "\n"; } ?> </table></td> </tr> </table></td> </tr> </table> <!-- body_text_eof //--> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Thanks. Mogens Quote Link to comment Share on other sites More sharing options...
meules Posted December 14, 2005 Share Posted December 14, 2005 Hi, I'm having troubles getting this contribute to work. When I click the button to print the order the pop-up shows up saying: "Sorry. The Order Number that you have requested does not match the Order History we have on record. You will now be logged out." This happens in both the checkout_succes and account_history.php files. The admin side works great. I'm using the STS contribution. Have this something to do with? I tried the suggestions from aresman but no luck. Anybody? Thanks Quote Link to comment Share on other sites More sharing options...
AlaneinHilo Posted January 11, 2006 Share Posted January 11, 2006 Hi there! I've got this contrib installed and working fine! Thank you for your work! Is there a way to add the customer fax and order comments to printorder? I have modified this to act as a fax order form but need to insert the customer's fax number to the details. If there is a way to add the comments that would be awesome! I tried: <?php echo '?<b>Fax#</b>' . '<br>?' . $order->customer['fax']; ?> But that didn't work. Thanks! Alane Quote www.luminousgifts.com Link to comment Share on other sites More sharing options...
wavemonkey Posted March 1, 2006 Share Posted March 1, 2006 Hiya, Firstly let me say, **great contribution**, the nicest layout of any of the invoice contributions. I have this contribution working in my store, however am writing to revisit an age-old question on this particular contribution forum: The current MS2.2 deployment utilises the following code in the checkout_success.php page: // if the customer is not logged on, redirect them to the shopping cart page if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } Now I understand that this is to ensure the security of the printorder information being displayed. Previously discussed on this forum has been to "comment out" this information: yes this removes the need for logging in, however also allows anyone to view anyone's invoices I was under the impression that the above coding statement should ensure that the customer COULD view their information provided their session information was still registered in the db for their account? If this is the case, how come there is the need to log back in to retrieve their invoice information, when already secured in an SSL session? Would really appreciate some guidance here, as I love this contribution, however cannot use it on my live store unless I can remove the re-login without compromising security. Quote Link to comment Share on other sites More sharing options...
wavemonkey Posted March 1, 2006 Share Posted March 1, 2006 Hello All, Just in regards to my above posting... I uploaded the configured files to my LIVE Server which DOES have SSL Certificates, and guess what.. no need for logging in when viewing the PRINT INVOICE information. So for all those questions on this forum, requesting the answer to eliminating the extra login for viewing the print invoice page.. 1. The contribution works perfectly (even on my heavily modded site) 2. Do NOT delete the following information from the checkout_success.php page, this will cause invoice data to be viewable by anyone // if the customer is not logged on, redirect them to the shopping cart page if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } 3. Simply make the configuration changes as specified in the contribution. Once loading the changes to a site with SSL certificate the re-login issue will disappear. (I cannot comment on a Shared SSL Certificate) AWESOME CONTRIBUTION THANKYOU Quote Link to comment Share on other sites More sharing options...
matrix2223 Posted August 28, 2006 Share Posted August 28, 2006 Hello, Where and what do I need to put in the invoice and packingslip file to have the print order button. Thanks, Eric Quote Link to comment Share on other sites More sharing options...
radders Posted June 22, 2007 Share Posted June 22, 2007 I didn't include a Print Order button because, personally, my buttons look a bit different, and because there are so many button sets now available, thanks to "El Bavaro", its easy enough to open the button template file and create your own.I hope that answers your questions. Let me know if you have any further questions or issues. -R I'm trying to use the silver Miami button from El Bavaro but can't find a template anywhere. Any ideas on where this might be? David Quote Link to comment Share on other sites More sharing options...
radders Posted June 22, 2007 Share Posted June 22, 2007 Just to clarify. I have the empty button but how to add the text in the correct font? Quote Link to comment Share on other sites More sharing options...
mersini Posted November 20, 2014 Share Posted November 20, 2014 Hello i installed osC-PrintOrder with Store Logo v1.0 on a oscommerce with version v2.2 RC2a i faced two problems on admin side i cannot see the newer orders and in frontend i cannot see the order history. Please help me don't know where to look for..... any help will be appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.