Jump to content
Sign in to follow this  
frankl

[Contribution] Step-By-Step Manual Order

Recommended Posts

Try to see this post :

http://forums.oscommerce.com/index.php?sho...=0entry277075

 

I guess the explanation is to be found here, however as you can see from my post in the same thread I'm a little unsecure as to whether the correction has to be made in general.php in admin or catalog. Furthermore, I do not know whether this fix corrects any inconsistencies in the database.

 

Mogens

Share this post


Link to post
Share on other sites

I just installed everything in MS2 but when I click on create order or account from the admin, it takes me to an error screen:

 

Fatal error: Cannot redeclare tep_db_connect() (previously declared in /home/designi/public_html/catalog/admin/includes/functions/database.php:13) in /home/designi/public_html/catalog/admin/includes/functions/database.php on line 13

 

Anybody know how to take care of this?

Share this post


Link to post
Share on other sites

I have installed this contrib but have an problem i cant see mentioned anywhere. when i create an order fill all details in and press update it looks like this:

 

screen.jpg

 

Note the extra totals boxes, after you have pressed update and go and look at the "orders" under the customer heading you get 2 seperate orders linked as one each showing the different final totals. Anyone know if i have done something wrong or if there is a way to solve this. I want to add some of the other bits in this thread but dont want to do it until i have sorted this.

 

Thx in advance

 

Carl

 

PS feel free to look at the admin as its only my test store http://www.themodhouse.co.uk/test/admin

Please dont alter settings as i try all contribs here b4 adding to my main store.

Share this post


Link to post
Share on other sites

When I create a customer order, no email is sent out. What could be the problem?

 

Also I have a suggestion for an upgrade. It would be neat if when I create an order, the contribution creates a product in a hidden category with the right price and shipping cost. Then the contribution emails the customer of the invoice and a link to pay. Is this possible?

Share this post


Link to post
Share on other sites

i've got the contribution running, but i have a question that hopefully someone could answer:

 

is there a way to manually create an account without having to enter an email address? if so, how would it be done? thanks

Share this post


Link to post
Share on other sites
If I create an account and create a manual order all the info is there and I can create an order, However if I goto veiw/edit the customer details even after I created the oder get these errors:

 

Warning: reset(): Passed variable is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 17

 

Warning: Variable passed to each() is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 18

 

and all the fields are empty on the customer edit page.

 

I can view and edit customers who created their own accounts through the web site.

 

also you can not login with the password that gets email from creating the account.

 

Thak you

Jeff

i'm having this problem, has anyone fixed it yet?

 

To all that read this:

 

This error has to do with the primary address for a customer not being updated in the database upon initial creation of their account, I've said this many times in many threads, but no one is comming up with a fix for this problem, I have a work around fix for this problem and it's all explained on my forum under my OSC, but it's not the fix I'm looking for, but it works for now, the disadvantage for my fix is that a customer can't have two address, just one address.

 

Many of us really would like to see a real fix for this problem. It shouldn't be that hard to do.

 

Im still waiting on a fix for this too. Anyone? :(

Share this post


Link to post
Share on other sites

I?m waiting too.

 

My small solution is to change "customers_default_address_id" to the same value "customers_id" in the database. Then it works.

 

Guntram

Share this post


Link to post
Share on other sites

Hey guys..

 

Here's what I did to fix the issue below:

 

Warning: reset(): Passed variable is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 17

 

Warning: Variable passed to each() is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 18

 

 

Edit create_account_process.php and after the following line:

 

tep_db_query("insert into " . TABLE_CUSTOMERS_INFO . " (customers_info_id, customers_info_number_of_logons, customers_info_date_account_created) values ('" . tep_db_input($customer_id) . "', '0', now())");

 

add these lines:

 

$address_fix_query = tep_db_query("SELECT address_book_id FROM address_book WHERE customers_id = '$customer_id'");

$address_fix = tep_db_fetch_array($address_fix_query);

$new_address_id = $address_fix['address_book_id'];

tep_db_query("UPDATE customers SET customers_default_address_id = '$new_address_id' WHERE customers_id = '$customer_id'");

Share this post


Link to post
Share on other sites

thanx tim,

 

that gets rid of the error and the problem with the address, however the password that is emailed out still doesnt work, the customer has no way of logging in, and I have no way of changing the password for them, except to edit directly through the database.

 

Ive checked out my db, and all passwords created on the catalog side show as encrypted, but the one created within admin, is in plain text, (exactly the same as the one in the email)....

 

If i change the line in admin/create_account_process.php to

 

'customers_password' => tep_encrypt_password($password));

 

as instructed in an earlier post, I get no luck, only an parse error telling me that its an undefined function.

 

Help! I really need this to work!!! :(

Share this post


Link to post
Share on other sites

The solution is here I guess, as I have pointed out in an earlier posting. However, I would be glad if someone could tell whether the corrections should be made in general.php in admin or in catalog.

Issue #33: December 16, 2003

 

osCommerce 2.2 Milestone 1 SQL Injection Vulnerability

Forum Searching

Development Progress

E-Commerce Regulations

 

osCommerce 2.2 Milestone 1 SQL Injection Vulnerability

 

An SQL injection vulnerability exists in osCommerce 2.2 Milestone 1, due to variable types not being checked which has been addressed in the 2.2 Milestone 2 release.

 

The reported vulnerability exists during the customer account creation procedure, specifically in the create_account_process.php file, with the user submited country value being used rawly in SQL queries.

 

The functions involved in processing the vulnerable SQL queries are defined in includes/functions/general.php, and are called tep_get_zone_name() and tep_get_countries().

 

It is strongly recommended for stores running on 2.2 Milestone 1 to download the update package, to read the documentation within, and to apply the updates appropriately.

 

Although only two functions are vulnerable in this report, other functions could also be affected due to variable types not being checked. A replacement for the includes/functions/general.php file is provided in the update package to minimize further injection possibilities from occuring.

 

Although no further SQL injection reports are known, and as variable checking was implemented in 2.2 Milestone 2, Milestone 1 will remain in the risk zone, and is therefore recommended to update the remaining SQL queries appropriately or to upgrade to Milestone 2. Further information is available in the update package.

 

The update package can be downloaded here:

 

http://www.oscommerce.com/ext/oscommerce-2...20031216.tar.gz

 

Forum Searching

 

The default searching algorithm for the forums has changed from an "or" based algorithm, to an "and" based algorithm.

 

This changes the results returned by returning posts containing all words searched for, instead of any words searched for.

 

Searches for "payment module" will now return posts containing both words, instead of either.

 

If the "or", or either, method is preferred, searching for "payment or module" is now required and will only return posts containing either words.

 

Development Progress

 

The following new classes have been implemented into CVS:

 

* osC_Customer

* osC_Session

* osC_Tax

 

All variables are now called in their respective scope, making the Catalog register_globals compatible, which includes using the new super global variables introduced in PHP 4.1.

 

Changes to the currencies class will be commited this week, which improves performance by querying the tax rate only when DISPLAY_PRICES_WITH_TAX is enabled.

 

The list of incompatibilities between Milestone 2 and Milestone 3 can be viewed on the Wiki site at the following address:

 

http://wiki.oscommerce.com/proposalMS2MS3Incompatibilities

 

Discussions regarding the progress of Milestone 3 are held in the following forum thread:

 

http://forums.oscommerce.com/index.php?showtopic=66462

 

E-Commerce Regulations

 

New parameters will be introduced to enable features legally needed in some countries, and to disable the same features where not needed.

 

The initial list of features that will be controlled via parameters can be seen on Workboard entry 69. The first feature of forcing the customer to accept the terms and conditions when proceeding through the checkout procedure has been implemented in CVS.

 

The second feature of forcing the customer to agree to the privacy notice when creating an account will be commited to CVS during the week.

 

Discussions regarding Workboard entry 69 are held in the following forum thread:

 

http://forums.oscommerce.com/index.php?showtopic=68739

 

 

--------------------

 

Harald Ponce de Leon

Realizing osCommerce

Share this post


Link to post
Share on other sites

Hi,

 

I'll try the things above. But I have a practical problem. My shop has about 100 customers and 50 customers ordered by fax. So I have to add them manually. It's very hard to find them in the scroll-down-List of the manual order. Has anyone an idee, to set this list in better way. My be a search function at this place is very helpful.

 

Guntram

Share this post


Link to post
Share on other sites

Howdy all :)

 

I've read through this entire thread. Added some changes, removed ones that didn't work (Shawn - awesome job!)

 

But alas, I still have an error.

 

I am running 2.2MS2. So according to the posts in this thread, I shouldn't have the same objects problems as were vunerable in MS1 and earlier releases. Or - not?

 

I get this error after creating an account manually:

 

Warning:  reset(): Passed variable is not an array or object in /home/tubbytabbygifts.com/html/admin/includes/classes/object_info.php on line 17

 

Warning:  Variable passed to each() is not an array or object in /home/tubbytabbygifts.com/html/admin/includes/classes/object_info.php on line 18

 

Look familiar? I thought it would. I mean, there are only like 12 other posts just like mine in this thread.

 

What I need is a fix. An explaination in plain, clear, english for the non-programmer that explains exactly what to do to fix the problem and in which files the patches should be applied.

 

As for the password problem, I'm at a loss.

 

Shawn, if you have this working on your store (I've installed your mods), and you are not getting these same errors and problems, could you please lend me a hand here? I'd really love to use this mod to take phone orders if at all possible.

 

Thank you in advance for your help,

 

Khim~


Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup :-)

Share this post


Link to post
Share on other sites

John:

 

I know :( But what about the whole "You can now send your purchases to other addresses"....

 

</defeatest>

 

I will try your fix. I've been putting it off because of the entire *breakage* to the address book thingy. My mother is going to be pissed :-) She has like the entire family in there :-)

 

::sigh::

 

Why can't anything ever be easy without strings?

 

Thanks, John. I'll give it a try and see what I can come up with.

 

You know? I've only been at this since Aug. I didn't know much HTML to begin with. This has been a great learning experience and all, but man I am tired :-) I think I'm just going to go get a small business loan and hire a programmer. I need my life back. My washing machine didn't even recognize me the last time I went to use it java script:emoticon(':blink:')

 

Khim~


Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup :-)

Share this post


Link to post
Share on other sites

John:

 

That didn't work.

 

The problem is in admin, not /catalog.

 

I don't have any troubles with the shop... I only get this error when I'm in admin trying to use the manual order mod.

 

Surely something in the mod itself is causing it, but I haven't a clue where to start looking.

 

I'm wondering if I need to create the setup in admin as an exact mirror the account creation process in catalog?

 

Surely not.

 

Anyone?

 

::wanders off to look for aspirin::

 

Khim~


Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup :-)

Share this post


Link to post
Share on other sites

Im not getting this to work either as youve probably noticed by a few of my posts.

Ive tried everything too Khim so you're not the only one.

I too am useing MS2.2 and no luck. All of the fixes mentioned dont work.

 

Thanks for explaining our problems in such good detail, (something i probably should have done) , hopefully someone php savvy can come to our rescue!

 

Help us!!!?!?!?!?!?! .... please :( .........someone?

Share this post


Link to post
Share on other sites

I was the original writer of this mod. Well, actually writer is a loose term, I cobbled this mod together out of existing mods and code and it is in no way 'standard' or complete.

 

I wrote it for the relatively ancient 2.2 release I am running my shop on, since then alot of changes have been made to the osCommerce code which have broken this mod. I wouldn't even know where to begin fixing the problems mentioned above. All I know is, this mod works pretty damn well for us here on our version of osC combined with the other mods we have installed.

 

We use it on a daily basis and it has been a godsend, BUT, we waited patiently for a long, long time for someone else to write a mod like this and it's probably testament to the pitfalls of a manual order mod that this is the only one that has been written (so far). Also reflecting the difficulty is that for use with MS2+ it is fatally flawed and may never work properly on later versions.

 

Of course, it anyone is brainy enough to fix the mod for MS2+, I encourage you to do so, you will earn a lot of people's admiration!

 

Good luck everyone with your shops, and Cheers from Down Under.


Let's make things easier for new osCommerce users http://forums.oscommerce.com/topic/402638-discussion-about-hard-coded-database-tables/?p=1718900  Getting there with osCommerce 2.4! :thumbsup:

Share this post


Link to post
Share on other sites
If I create an account and create a manual order all the info is there and I can create an order, However if I goto veiw/edit the customer details even after I created the oder get these errors:

 

Warning: reset(): Passed variable is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 17

 

Warning: Variable passed to each() is not an array or object in /web/public_html/catalog/admin/includes/classes/object_info.php on line 18

 

and all the fields are empty on the customer edit page.

 

I can view and edit customers who created their own accounts through the web site.

 

also you can not login with the password that gets email from creating the account.

 

Thak you

Jeff

i'm having this problem, has anyone fixed it yet?

Hi everyone, Well I have this contribution running great now after a couple days dealing with it. The error issue I was able to correct with a previous persons code and hacked it a little and added it to public_html/admin/customers.php just add the following lines to the bottom after the last </table> Then go into your database open the address_book and make sure customers_id default is set to 1, then go into the database and open customers and make sure the customers_default_address_id default is set to 1. And here is the code that I placed after the last </table> in admin/customers.php. Hope this helps I couldn't get this to work for the longest time. I had other issues too that I also fixed and will try to remember and post some info.

 

<?

######Query 1

$customersrecords = mysql_query("SELECT * FROM customers") or die ("Wha Happen??? Error 1");

while($customerrows = tep_db_fetch_array($customersrecords))

{

$e = mysql_query("SELECT * FROM address_book WHERE customers_id ='$customerrows[customers_id]'") or die ("Wha Happen??? Error 2");

$real = tep_db_fetch_array($e);

$updatedefaultaddress = mysql_query("UPDATE customers SET customers_default_address_id = '$real[address_book_id]' WHERE customers_id='$customerrows[customers_id]'") or die ("Wha Happen??? Error 3");

 

}

?>

 

 

 

 

 

Have a great night.

Mary Ann :D

Share this post


Link to post
Share on other sites

Mary Ann:

 

You're the best!

 

Thank you for this fix!!!

 

Phone orders.. here I come!!!

 

Khim~


Do not meddle in the affairs of Dragons, for you are crunchy and good with ketchup :-)

Share this post


Link to post
Share on other sites

MARY ANN !!!!!!!!!

 

You're da best!!!!!!!

 

I just found out that it indeed didn't work ...

AND NOW IT'S WORKING!!!

 

Big hug from me!~ ;)

 

Greetz.

RattleSn@ke

Edited by RattleSn@ke

Share this post


Link to post
Share on other sites

MaryAnn,

 

You did such a great job of fixing this in the admin, could you also fix it in the create_account.php please, I believe this is where the error is originated from, the primary address doesn't get updated with the rest of the info.

 

Thanks


Best Regards

Share this post


Link to post
Share on other sites
Hi,

 

I'll try the things above. But I have a practical problem. My shop has about 100 customers and 50 customers ordered by fax. So I have to add them manually.  It's very hard to find them in the scroll-down-List of the manual order. Has anyone an idee, to set this list  in better way. My be a search function at this place is very helpful.

 

Guntram

Hi Guntram,

 

I build-in in my shop just the thing you're looking for! (I hope ... :rolleyes: )

I don't (yet) have as much customers as you, but i'm someone that looks forward ...

 

First you have to prevent that the drop-down box automaticly picks the first customer.

To do that, edit the code around line 26

	if (tep_db_num_rows($result) > 0)
{
 // Query Successful
 $SelectCustomerBox = "<select name='Customer'>\n";
 while($db_Row = tep_db_fetch_array($result))
 { $SelectCustomerBox .= "<option value='" . $db_Row["customers_id"] . "'";

Replace this with

	if (tep_db_num_rows($result) > 0)
{
 // Query Successful
 $SelectCustomerBox = "<select name='Customer'><option value=''>Choose Customer</option>\n";
 while($db_Row = tep_db_fetch_array($result))
 { $SelectCustomerBox .= "<option value='" . $db_Row["customers_id"] . "'";

 

Then replace this (around line 39):

	if(IsSet($HTTP_GET_VARS['Customer']))
{
 $account_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $HTTP_GET_VARS['Customer'] . "'");
 $account = tep_db_fetch_array($account_query);
 $customer = $account['customers_id'];
 $address_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $HTTP_GET_VARS['Customer'] . "'");
 $address = tep_db_fetch_array($address_query);
 //$customer = $account['customers_id'];
}

with this:

	if(IsSet($HTTP_GET_VARS['Customer']))
{
 $account_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $HTTP_GET_VARS['Customer'] . "'");
 $account = tep_db_fetch_array($account_query);
 $customer = $account['customers_id'];
 $address_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $HTTP_GET_VARS['Customer'] . "'");
 $address = tep_db_fetch_array($address_query);
 //$customer = $account['customers_id'];
} elseif (IsSet($HTTP_GET_VARS['Customer_nr']))
{
 $account_query = tep_db_query("select * from " . TABLE_CUSTOMERS . " where customers_id = '" . $HTTP_GET_VARS['Customer_nr'] . "'");
 $account = tep_db_fetch_array($account_query);
 $customer = $account['customers_id'];
 $address_query = tep_db_query("select * from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $HTTP_GET_VARS['Customer_nr'] . "'");
 $address = tep_db_fetch_array($address_query);
 //$customer = $account['customers_id'];
}

 

To display the extra search box under the drop-down box to search customers on their ID, place the following code UNDER the code for the drop-down box.

(around line 102: The code-block of the drop-down box is almost the same as the one below)

 

<?php
print "<form action='$PHP_SELF' method='GET'>\n";
print "<table border='0'>\n";
print "<tr>\n";
print "<td><font class=main><b>or by customer ID:</b></font><br><input type=text name='Customer_nr'></td>\n";
print "<td valign='bottom'><input type='submit' value=\"Select customer\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "</form>\n";
?>

so the resulting code looks like this::

<?php
print "<form action='$PHP_SELF' method='GET'>\n";
print "<table border='0'>\n";
print "<tr>\n";
print "<td><font class=main><b>Select Customer to Create an Order for:</b></font><br>$SelectCustomerBox</td>\n";
print "<td valign='bottom'><input type='submit' value=\"Select Customer\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "</form>\n";
?>
<?php
print "<form action='$PHP_SELF' method='GET'>\n";
print "<table border='0'>\n";
print "<tr>\n";
print "<td><font class=main><b>or by customer ID:</b></font><br><input type=text name='Customer_nr'></td>\n";
print "<td valign='bottom'><input type='submit' value=\"Select customer\"></td>\n";
print "</tr>\n";
print "</table>\n";
print "</form>\n";
?>

 

Now you can search by name OR by customer ID (don't use them both)

 

Please let me know if you could use this.

 

Greetz.

RattleSn@ke

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×