Jump to content
Latest News: (loading..)
Jack_mcs

Gift Vouchers Secure

Recommended Posts

This is a new version of the long-standing Gift Vouchers addon.  It is named "secure" because the previous versions, at least the ones I am familiar with, have a large number of security holes in them. All of those have been plugged in this version and other changes made to further the security.

This version also has features other versions don't have. Here are some of the major points of this version:

 

  • Apply to specific customers.
  • Apply to specific products.
  • Apply to specific categories.
  • Apply to specific manufacturers.
  • Include or Exclude options for products, categories and manufacturers.
  • Date is set by jquery date picker so it doesn't expire.
  • Show only certain coupons in admin display.
  • Sortable columns in admin display.

This can be used to replace existing installations but not directly. There are some changes that are needed beyond a normal installation. I have documented those as much as I can but due to the number of versions of Gift Vouchers, I can't cover them all.

This version is mainly written for the CE version with the modular checkout addon by @raiwainstalled. It will work in other versions but the instructions are not complete, though using a compare program should work.

Share this post


Link to post
Share on other sites
Posted (edited)

Hi, 

I have just installed this and have found this error popping up in the Coupon Admin Section, and when trying to confirm the coupon:

I am not code savvy in any way so best to bring it to your attention.

 

Cheers!

coupon.PNG

Edited by nedragdnuos
add extra info

Share this post


Link to post
Share on other sites
Posted (edited)

coupon 2.PNG

 

Just found the above error and this as well when trying to email the coupon:

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''_DESCRIPTION where coupon_id = '1' and language_id = '1'' at line 1

select coupon_name from coupons'_DESCRIPTION where coupon_id = '1' and language_id = '1'

Edited by nedragdnuos
extra info

Share this post


Link to post
Share on other sites
Posted (edited)

@nedragdnuosThank you for reporting the problems. For the first one, please edit the admin/includes/languages/coupon_admin.php file and add this line at the bottom:

define('COUPON_BUTTON_PREVIEW', 'Preview');

For the second error, find this line in admin/coupon_admin.php (line 61)

    $coupon_name_query = tep_db_query("select coupon_name from coupons'_DESCRIPTION where coupon_id = '" . tep_db_input($_GET['cid']) . "' and language_id = '" . (int)$languages_id . "'");

and change it to

    $coupon_name_query = tep_db_query("select coupon_name from coupons_description where coupon_id = '" . tep_db_input($_GET['cid']) . "' and language_id = '" . (int)$languages_id . "'");

Also, in admin/coupon_admin.php, find and remove the following:

echo 'man '.$manu_details.'<br>';

I do apologize for the bother the mistakes caused. Please let me know if you find any others.

Edited by Jack_mcs

Share this post


Link to post
Share on other sites

Hi, thanks for that Jack, that fixed the first 2 errors, the data base error is still there when trying to email the newly created coupon.:

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''_DESCRIPTION where coupon_id = '1' and language_id = '1'' at line 1

select coupon_name from coupons'_DESCRIPTION where coupon_id = '1' and language_id = '1'

 

Found this error at the top of send gift voucher form on the customer side:

Warning: Use of undefined constant GV_SEND - assumed 'GV_SEND' (this will throw an Error in a future version of PHP) in D:\XAMP\htdocs\catalog\gv_send.php on line 93

 

And finally this was at the bottom of the Voucher FAQ page (none of the links to the faq are working):

Warning: Use of undefined constant FILENAME_DEFAULT - assumed 'FILENAME_DEFAULT' (this will throw an Error in a future version of PHP) in D:\XAMP\htdocs\catalog\gv_faq.php on line 53

 

Cheers!

Share this post


Link to post
Share on other sites
1 hour ago, nedragdnuos said:

Hi, thanks for that Jack, that fixed the first 2 errors, the data base error is still there when trying to email the newly created coupon.:

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''_DESCRIPTION where coupon_id = '1' and language_id = '1'' at line 1

select coupon_name from coupons'_DESCRIPTION where coupon_id = '1' and language_id = '1'

 

Found this error at the top of send gift voucher form on the customer side:

Warning: Use of undefined constant GV_SEND - assumed 'GV_SEND' (this will throw an Error in a future version of PHP) in D:\XAMP\htdocs\catalog\gv_send.php on line 93

 

And finally this was at the bottom of the Voucher FAQ page (none of the links to the faq are working):

Warning: Use of undefined constant FILENAME_DEFAULT - assumed 'FILENAME_DEFAULT' (this will throw an Error in a future version of PHP) in D:\XAMP\htdocs\catalog\gv_faq.php on line 53

 

Cheers!

Hello, Jack can correct me if I am wrong but on mine I corrected :

1) For your 1064 be sure in your database that the table is named "coupons_description" and that you corrected the file as Jack stated.

2) change gv_send.php line 93   $breadcrumb->add(NAVBAR_TITLE, tep_href_link(GV_SEND));
to:   $breadcrumb->add(NAVBAR_TITLE, tep_href_link('gv_send.php'));

3) In gv_faq change line 53 to:

   <span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', tep_href_link('index.php')); ?></span>

4) Also changed in faq.php line 21 to:

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link('gv_faq.php'));

5) In gv_send.php changed line 22 to:

      tep_redirect(tep_href_link('login.php', '', 'SSL'));

6) line 104 to:

        <td><div class="buttonSet"><span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', tep_href_link('index.php')); ?></span></div></td>

7) In gv_redeem.php change line 86 to:

            <td align="right"><span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', tep_href_link('index.php')); ?></span></td>

 

Think I got them all. For reference whenever you get a "FILENAME_XXX" error you need to replace it with the hard coded name like "index.php'

Hope this helps

-Barbie
 

 

 

Share this post


Link to post
Share on other sites

@artfulwebThank you for posting all of the fixes. I did a search of all of the files and there aren't any others using definitions that I can find so I think it is all set. I'll try to get a new version upload within a week so others won't have to bother with these fixes.

Share this post


Link to post
Share on other sites
2 minutes ago, Jack_mcs said:

@artfulwebThank you for posting all of the fixes. I did a search of all of the files and there aren't any others using definitions that I can find so I think it is all set. I'll try to get a new version upload within a week so others won't have to bother with these fixes.

Glad I could help, you do so much for us all.

Barbie

Share this post


Link to post
Share on other sites
4 hours ago, joe122joe said:

before I install the addon, It will possible that the  customers can buy  the Gift Voucher if yes  how ?

Yes, it is possible. When you add a product, set its model number to GIFT_xx, where the xx can be anything you like, like GIFT_100 for a $100 gift voucher. The weight should be set to 0. When that is ordered, it shows up in admin in the queue section. You have to release it to make it available in the customers account. They can then use it themselves or send the code to someone else. In the case of the latter, when that  person visits the site, the coupon will be assigned to their account.

Share this post


Link to post
Share on other sites

@nedragdnuos

Many of the 'warnings' you are getting is because PHP v7.2 is MUCH more strict that prior versions.

I think you are going to find that many (if not most) add-ons are not PHP v7.2 ready. And, even the 'Frozen' version of osC has some PHP v7.2 issues. So, unless you are running the latest 'Edge' version of osC, it may be better to fall back to PHP v7.0 (or maybe even v7.1), and these warnings should go away.

M


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Frozen" release here

Share this post


Link to post
Share on other sites
3 hours ago, nedragdnuos said:

And one more after gift vouchers is installed

As Malcolm mentioned, it is due to the error reporting level. I tested it here under 7.1 without any problems but that is because I have strict mode turned off. You can ask your host to see if they will turn it off - some will, some won't. You can also try making this change. In admin/includes/application_top.php, find the line starting with error_reporting (near the top) and replace it with

  error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED & ~E_STRICT & ~E_USER_DEPRECATED);
  ini_set('display_errors','0');

Check that you don't have the second line already in. It won't hurt to have two but you should delete one of them and the remaining one should have the 0, as shown.

What you are seeing are warnings, not errors. The warnings are usually not useful to a shop owner and can, usually, be ignored.

Share this post


Link to post
Share on other sites

Thank you for your  help Jack and to everyone else, it is greatly appreciated, I finally got it working, its great that there is support to help out us code ignorant shop owners!

Share this post


Link to post
Share on other sites

A new version has been uploaded with the following changes:

  • Added missing definition for a button in admin. Found by member @nedragdnuos.
  • Added changed files for the 2.3.4 version.
  • Changed many references using definitions. Supplied by member @artfulweb.
  • Changed language code for checkout success to make it more understandable.
  • Changed the database installer to copy the values of the welcome values and then delete the old entries.
  • Fixed code that contained an invalid table name. Found by member @nedragdnuos.
  • Fixed the next page code in admin for the coupons.
  • Fixed the used count in the column heading of the listing page to show the correct number.
  • Renamed the database installer file to match the instructions.

Share this post


Link to post
Share on other sites
3 hours ago, joe122joe said:

  is there any documente for install  this version without the modular checkout addon by @raiwainstalled.

No, I'm sorry but I haven't had the time to do that yet. But you should be able to use the instructions in the Version_RC2 directory. Ignore the changes for admin. You might also be able to ignore the account.php file, depending upon your version of oscommerce. Or, you can use a compare program like WinMerge, which is free,  to compare the files in the Version_2.3.4 directory with yours.

Share this post


Link to post
Share on other sites

I am getting this error when I click "Coupon Admin":

 

1054 - Unknown column 'c.restrict_to_manufacturers' in 'field list'

select c.coupon_id, c.coupon_code, c.coupon_amount, c.coupon_type, c.coupon_start_date, c.coupon_expire_date, c.uses_per_user, c.uses_per_coupon, c.restrict_to_products, c.restrict_to_categories, c.restrict_to_manufacturers, c.apply_method_products, c.apply_method_categories, c.apply_method_manufacturers, c.date_created, c.date_modified, cd.coupon_name, UNIX_TIMESTAMP(c.coupon_expire_date) as tmp_date from coupons c left join coupons_description cd on c.coupon_id = cd.coupon_id order by cd.coupon_name DESC limit 0, 24

 

Share this post


Link to post
Share on other sites

okay I fixed that by manually adding those rows to the "coupons" table.  I've installed all the rest of it, and now my question is.... Where do customers enter the discount code?  Shouldn't there be a textbox on the checkout page?

Share this post


Link to post
Share on other sites
1 hour ago, dreaminggates said:

Shouldn't there be a textbox on the checkout page?

You need to enable the discount coupon module in Order Totals.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×