Jump to content
ugottasalsa

[Contribution] osC-PrintOrder with Store Logo v1.0

Recommended Posts

Is there already a working security fix so users can't see others orders by manipulation the URL?

 

Ralf

Share this post


Link to post
Share on other sites

I run my site with Register Globles set to OFF

And have installed the patch on the catalog to get it to work

but now i added this contribution i am getting this error:

 

Fatal error: Session variable payment_info is not globally defined

 

the reason i guess is the line:

'payment_info' => $GLOBALS['payment_info'],

in checkout_process.php

 

Anyone what i need to change it to for it to work ?

 

Simon

Share this post


Link to post
Share on other sites
I run my site with Register Globles set to OFF

And have installed the patch on the catalog to get it to work

but now i added this contribution i am getting this error:

 

Fatal error: Session variable payment_info is not globally defined

 

the reason i guess is the line:

'payment_info' => $GLOBALS['payment_info'],

in checkout_process.php

 

Anyone what i need to change it to for it to work ?

 

Simon

I get some similar error messages, only i got em after I installed an admin password contribution.

I also run my site with register globals set to off.

 

 

 

Fatal error: Session variable login_id is not globally defined

Fatal error: Session variable login_groups_id is not globally defined

Fatal error: Session variable login_first_name is not globally defined

 

Warning: Cannot modify header information - headers already sent by (output started at /xxxx/xxxx/xxxx/httpd.www/admin/includes/functions/sessions.php:235) in /xxxx/xxxx/xxxx/httpd.www/admin/includes/functions/general.php on line 86

Share this post


Link to post
Share on other sites

took a closer look at that register global contribution, and tryed the "careless code" now i dont get any error messages, but nothing happens when i enter the right password and username, it just clears out the username and password fields.

 

If i type in the wrong username or password i get an error message that says "ERROR: Wrong username or password!" so that part has worked all the time, but it doesnt seem to go any further when i enter the right username and password :-(.

 

 

if i switch back to the "paranoid code" on the register globals contribution i get the error messages

 

Fatal error: Session variable login_id is not globally defined

Fatal error: Session variable login_groups_id is not globally defined

Fatal error: Session variable login_first_name is not globally defined

 

i dont get thsoe with the "careless code" not sure if the careless code actually fixes this problem or doesnt bother printing the error messages. :blink:

Share this post


Link to post
Share on other sites

Okay I've installed this contrib. and most of it works but I'm still having two issues. The errors are mentioned on the first page of this post but I've changed my code to reflect what was posted and still no change happened. My two errors are that I get PRINT_ORDER_TITLE on any invoice or packing slip. These are defined properly in /admin/includes/languages/english/packingslip.php and invoice.php respectively. Second is that on the checkout_success.php page I'm getting a link that says Order Printable and when you click on it a new window pops up that takes you right back to /catalog. Below is my code in the orders.php file. I've been looking at this for too long and I think I'm going crosseyed. Please help me out.

 

Code at line 328:

<td colspan="2" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ORDERS_EDIT, 'oID=' . $HTTP_GET_VARS['oID']) . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a> <a href="javascript:popupWindow(\'' .  (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_INVOICE) . '?' . (tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a><a href="javascript:popupWindow(\'' .  (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_PACKINGSLIP) . '?' . (tep_get_all_get_params(array('oID')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERS_PACKINGSLIP) . '</a><a href="' . tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action'))) . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>

 

Code at line 419:

        $contents[] = array('align' => 'center', 'text' => '<a href="javascript:popupWindow(\'' .  (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_INVOICE) . '?' . (tep_get_all_get_params(array('oID', 'action')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_invoice.gif', IMAGE_ORDERS_INVOICE) . '</a><a href="javascript:popupWindow(\'' .  (HTTP_SERVER . DIR_WS_ADMIN . FILENAME_ORDERS_PACKINGSLIP) . '?' . (tep_get_all_get_params(array('oID')) . 'oID=' . $oInfo->orders_id) . '\')">' . tep_image_button('button_packingslip.gif', IMAGE_ORDERs_PACKINGSLIP) . '</a> <a href="' . tep_href_link(FILENAME_ORDERS_EDIT, 'oID=' . $oInfo->orders_id) . '">' . tep_image_button('button_edit.gif', IMAGE_EDIT) . '</a>');

 

Thanx,

Matt

Share this post


Link to post
Share on other sites

When enabling shared SSL the following problem develops with this contribution.

 

The button to the link that brings up a printable copy of your order does not work when the shared SSL is enabled. When you click on the link for a printable copy of your order you get the message "The page cannot be displayed" in the new window that pops up. (Note: The link works fine when the shared SSL in NOT enabled.)

 

When the shared SSL is NOT enabled the "Order Printable" button points to "printorder.php". When the shared SSL IS enabled the "Order Printable" button points to "comprintorder.php". The "comprintorder.php" file does not exist. Why, when the shared SSL is enabled does it add the letters "com" to the beginning of the "printorder.php" file?

 

Because it is adding the letters "com" to the beginning of the printorder.php file and creating a new file it appears the problem is in the code. However since I am a newbie I have no idea where to start looking.

 

Does anyone know which file is causing this error and how to correct the code?

 

 

Thanks in advance for your help!

Share this post


Link to post
Share on other sites

I have been using this contrib for some time now. It was quite problematic to implement, but I finally succeded. But I have just now discovered that for some reason it reads the printorder.php file from the default language despite that I have different language versions correctly placed under /includes/languages. Can anyone see the bug from the below code (modified printorder.php):

<?php
/*
 $Id: printorder.php,v 1.1 2003/01 xaglo
 
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2002 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');


 $customer_number_query = tep_db_query("select customers_id from " . TABLE_ORDERS . " where orders_id = '". tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['order_id'])) . "'");
 $customer_number = tep_db_fetch_array($customer_number_query);
/*
 if ($customer_number['customers_id'] != $customer_id) {
   tep_redirect(tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL'));
 }
*/  
 $payment_info_query = tep_db_query("select payment_info from " . TABLE_ORDERS . " where orders_id = '". tep_db_input(tep_db_prepare_input($HTTP_GET_VARS['order_id'])) . "'");
 $payment_info = tep_db_fetch_array($payment_info_query);
 $payment_info = $payment_info['payment_info'];

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ORDERS_PRINTABLE);

 require(DIR_WS_CLASSES . 'order.php');
 $order = new order($HTTP_GET_VARS['order_id']);

?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE . ' - ' . TITLE_PRINT_ORDER . ' #' . $HTTP_GET_VARS['order_id']; ?></title>
<base href="<?php echo (getenv('HTTPS') == 'on' ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="print.css">
</head>
<body marginwidth="10" marginheight="10" topmargin="10" bottommargin="10" leftmargin="10" rightmargin="10">


<!-- body_text //-->
<table width="600" border="0" align="center" cellpadding="2" cellspacing="0">
 <tr> 
   <td align="center" class="main"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="5">
     <tr> 
       <td valign="top" align="left" class="main"><script language="JavaScript">
 if (window.print) {
   document.write('<a href="javascript:;" onClick="javascript:window.print()" onMouseOut=document.imprim.src="<?php echo (DIR_WS_IMAGES . 'printimage.gif'); ?>" onMouseOver=document.imprim.src="<?php echo (DIR_WS_IMAGES . 'printimage_over.gif'); ?>"><img src="<?php echo (DIR_WS_IMAGES . 'printimage.gif'); ?>" width="43" height="28" align="absbottom" border="0" name="imprim">' + '<?php echo IMAGE_BUTTON_PRINT; ?></a></center>');
 }
 else document.write ('<h2><?php echo IMAGE_BUTTON_PRINT; ?></h2>')
       </script></td>
       <td align="right" valign="bottom" class="main"><p align="right" class="main"><a href="javascript:window.close();"><img src='images/X.jpg' border=0></a></p></td>
     </tr>
   </table></td>
 </tr>
 <tr align="left"> 
   <td class="titleHeading"><?php echo tep_draw_separator('pixel_trans.gif', '1', '25'); ?></td>
 </tr>
 <tr> 
   <td><table border="0" align="center" width="100%" cellspacing="0" cellpadding="0">
     <tr> 
       <td><table border="0" align="left" width="100%" cellspacing="0" cellpadding="0">
         <tr> 
           <td class="Main" align="left"><?php echo nl2br(STORE_NAME_ADDRESS); ?><p><p>
</td>
             <td class="Main" align="right"><?php echo tep_draw_separator('oscommerce.gif', '225', '75'); ?></td>
         </tr>
         <tr> 
           <td colspan="2" align="center" class="titleHeading"><b><?php echo TITLE_PRINT_ORDER . ' #' . $HTTP_GET_VARS['order_id']; ?></b></td>
         </tr>
         <tr align="left"> 
           <td colspan="2" class="titleHeading"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
         </tr>
       </table></td>
     </tr>
   </table></td>
 </tr>
 <tr>
   <td align="left" class="main"><table width="100%" border="0" cellspacing="0" cellpadding="2">
     <tr> 
       <td class="main"><?php echo '<b>' . ENTRY_PAYMENT_METHOD . '</b> ' . $order->info['payment_method']; ?></td>
     </tr>
     <tr> 
       <td class="main"><?php echo $payment_info; ?></td>
     </tr>
   </table></td>
 </tr>
 <tr> 
   <td align="center"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2">
     <tr> 
       <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="1" bgcolor=#000000>
         <tr> 
           <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2">
             <tr class="dataTableHeadingRow"> 
               <td class="dataTableHeadingContent"><b><?php echo ENTRY_SOLD_TO; ?></b></td>
             </tr>
             <tr class="dataTableRow"> 
               <td class="dataTableContent"><?php echo tep_address_format($order->customer['format_id'], $order->customer, 1, ' ', '<br>'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
       <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="1" bgcolor=#000000>
         <tr> 
           <td align="center" valign="top"><table align="center" width="100%" border="0" cellspacing="0" cellpadding="2">
             <tr class="dataTableHeadingRow"> 
               <td class="dataTableHeadingContent"><b><?php echo ENTRY_SHIP_TO; ?></b></td>
             </tr>
             <tr class="dataTableRow"> 
               <td class="dataTableContent"><?php echo tep_address_format($order->delivery['format_id'], $order->delivery, 1, ' ', '<br>'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
   </table></td>
 </tr>
 <tr> 
   <td><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?></td>
 </tr>
 <tr> 
   <td><table border="0" width="100%" cellspacing="0" cellpadding="1" bgcolor=#000000>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
         <tr class="dataTableHeadingRow"> 
           <td class="dataTableHeadingContent" colspan="2"><?php echo TABLE_HEADING_PRODUCTS; ?></td>
           <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_PRODUCTS_MODEL; ?></td>
           <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TAX; ?></td>
           <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_EXCLUDING_TAX; ?></td>
<!--            <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_EXCLUDING_TAX; ?></td> -->
           <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_INCLUDING_TAX; ?></td>
         </tr>
       <?php
   for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
     echo '      <tr class="dataTableRow">' . "\n" .
          '        <td class="dataTableContent" valign="top" align="right">' . $order->products[$i]['qty'] . ' x</td>' . "\n" .
          '        <td class="dataTableContent" valign="top">' . $order->products[$i]['name'] . '<br>';

   if ( (isset($order->products[$i]['attributes'])) && (sizeof($order->products[$i]['attributes']) > 0) ) {
     for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
       echo '<nobr><small> <i> - ' . $order->products[$i]['attributes'][$j]['option'] . ': ' . $order->products[$i]['attributes'][$j]['value'] . '</i><br></small></nobr>';
     }
   }
$bundleContents = '';
 $bundle_query = tep_db_query("SELECT pb.subproduct_id, pb.subproduct_qty, p.products_id, pd.products_name, pd.language_id FROM " . TABLE_PRODUCTS . " p LEFT JOIN products_bundles pb ON (pb.bundle_id=p.products_id) LEFT JOIN " . TABLE_PRODUCTS_DESCRIPTION . " pd ON (pd.products_id=pb.subproduct_id) WHERE p.products_model = '" . $order->products[$i]['model'] . "' AND pd.language_id = '" . (int)$languages_id . "'");
 while ($bundle = tep_db_fetch_array($bundle_query)) {
echo "<br>   <i>" . $bundle['subproduct_qty'] . " x " . $bundle['products_name'] . "</i>";
 }
     echo '        </td>' . "\n" .
          '        <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n";
     echo '        <td class="dataTableContent" align="right" valign="top">' . tep_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" .
          '        <td class="dataTableContent" align="right" valign="top">' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n" .
//          '        <td class="dataTableContent" align="right" valign="top">' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n" .
          '        <td class="dataTableContent" align="right" valign="top">' . $currencies->format(tep_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</td>' . "\n";
     echo '      </tr>' . "\n";
   }
?>
       </table></td>
     </tr>
   </table></td>
 </tr>
 <tr>
   <td align="right" colspan="7"><table border="0" cellspacing="0" cellpadding="2">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <?php
 for ($i = 0, $n = sizeof($order->totals); $i < $n; $i++) {
   echo '          <tr>' . "\n" .
        '            <td align="right" class="smallText">' . $order->totals[$i]['title'] . '</td>' . "\n" .
        '            <td align="right" class="smallText">' . $order->totals[$i]['text'] . '</td>' . "\n" .
        '          </tr>' . "\n";
 }
?>
       </table></td>
     </tr>
   </table></td>
 </tr>
</table>
<!-- body_text_eof //-->
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Thanks.

Mogens

Share this post


Link to post
Share on other sites

Hi,

 

I'm having troubles getting this contribute to work.

When I click the button to print the order the pop-up shows up saying:

 

"Sorry. The Order Number that you have requested does not match the Order History we have on record. You will now be logged out."

 

This happens in both the checkout_succes and account_history.php files.

The admin side works great.

I'm using the STS contribution. Have this something to do with? I tried the suggestions from aresman but no luck.

 

Anybody?

 

Thanks

Share this post


Link to post
Share on other sites

Hi there!

I've got this contrib installed and working fine! Thank you for your work!

 

Is there a way to add the customer fax and order comments to printorder? I have modified this to act as a fax order form but need to insert the customer's fax number to the details. If there is a way to add the comments that would be awesome!

 

I tried:

<?php echo '?<b>Fax#</b>' . '<br>?' . $order->customer['fax']; ?>

But that didn't work.

 

Thanks!

Alane

Share this post


Link to post
Share on other sites

Hiya,

 

Firstly let me say, **great contribution**, the nicest layout of any of the invoice contributions.

 

I have this contribution working in my store, however am writing to revisit an age-old question on this particular contribution forum:

The current MS2.2 deployment utilises the following code in the checkout_success.php page:

 

// if the customer is not logged on, redirect them to the shopping cart page

if (!tep_session_is_registered('customer_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

}

 

Now I understand that this is to ensure the security of the printorder information being displayed.

Previously discussed on this forum has been to "comment out" this information: yes this removes the need for logging in, however also allows anyone to view anyone's invoices

 

I was under the impression that the above coding statement should ensure that the customer COULD view their information provided their session information was still registered in the db for their account? If this is the case, how come there is the need to log back in to retrieve their invoice information, when already secured in an SSL session?

 

Would really appreciate some guidance here, as I love this contribution, however cannot use it on my live store unless I can remove the re-login without compromising security.

Share this post


Link to post
Share on other sites

Hello All,

 

Just in regards to my above posting...

 

I uploaded the configured files to my LIVE Server which DOES have SSL Certificates, and guess what.. no need for logging in when viewing the PRINT INVOICE information.

 

So for all those questions on this forum, requesting the answer to eliminating the extra login for viewing the print invoice page..

1. The contribution works perfectly (even on my heavily modded site)

2. Do NOT delete the following information from the checkout_success.php page, this will cause invoice data to be viewable by anyone

// if the customer is not logged on, redirect them to the shopping cart page

if (!tep_session_is_registered('customer_id')) {

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

}

 

3. Simply make the configuration changes as specified in the contribution. Once loading the changes to a site with SSL certificate the re-login issue will disappear.

(I cannot comment on a Shared SSL Certificate)

 

AWESOME CONTRIBUTION THANKYOU

Share this post


Link to post
Share on other sites

Hello,

 

Where and what do I need to put in the invoice and packingslip file to have the print order button.

 

Thanks,

Eric


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites
I didn't include a Print Order button because, personally, my buttons look a bit different, and because there are so many button sets now available, thanks to "El Bavaro", its easy enough to open the button template file and create your own.

I hope that answers your questions.

Let me know if you have any further questions or issues.

-R

 

I'm trying to use the silver Miami button from El Bavaro but can't find a template anywhere. Any ideas on where this might be?

 

David

Share this post


Link to post
Share on other sites

Just to clarify. I have the empty button but how to add the text in the correct font?

Share this post


Link to post
Share on other sites

Hello i installed osC-PrintOrder with Store Logo v1.0 on a  oscommerce with version v2.2 RC2a i faced two problems on admin side i cannot see the newer orders and in frontend i cannot see the order history.

 

Please help me don't know where to look for..... any help will be appreciated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×