Shopping cart - Page 18 Shopping cart - Page 18
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Shopping cart

Started by Stramm, June 04, 2006, 09:02:32 AM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Stramm

An internal server error usually is what it claims to be, a server error while the server doesn't know a better message than that 'internal'.

To track down the culprit you should check your error logs. If you do not have access to the error logs, you'll have to ask your host to do so.

It may help to reupload the file that's making the troubles.

GuidoR13

#341
Thank you, the problem was a user without email address, which leads to a forbidden action on the server resulting in the internal server error - took some time to find...

GuidoR13

Hello, some of my galleries are registered only, nevertheless I find you shop more than convient.

I've to add the following line to deny access by URL to: photo_shop_cart.php, photo_shop_checkout.php, photo_shop_myorders.php, photo_shop_register.php
if (!USER_ID && $CONFIG['allow_unlogged_access'] == 0) cpg_die(ERROR, $lang_errors['access_denied'], __FILE__, __LINE__);

A change to photshop_user_menu() in the codebase.php just after the global declaration inhibits the menu:
    if (!USER_ID && $CONFIG['allow_unlogged_access'] == 0) return $html;

G.

Swieb

Hi,

Hope this is the right topic for my question.
Looking for gallery software with shopping cart support I decided to go for CPG. During the test I've been doing for the last few days it turned out to have almost everything I hoped for.
The 'almost' is the reason for my post here.

I would like to add an additional service for my customers so they receive an Update e-mail when the order status changes.
(when payment is received and when the order is shipped)

Being a CPG newb I've been staring myself blind on the photo_shop_checkout.php and photo_shop_admin.php code to figure out a way to get my change working. So far no luck. The only result is a Critical error when I try to send the email.

While executing query "SELECT *,  AS user_name,
AS user_email,
AS user_regdate,
AS user_location,
AS user_website
FROM   WHERE  = '1'" on

mySQL error: You have an error in your SQL syntax near 'AS user_name, ' at line 1


I see the table is missing but that's as far as I get.

FYI
I inserted a photoshop_email_the_user() call in the Switch dowhat_item section (case "mark_payed") of photo_shop_admin.php.
My Quick and dirty attempt to put a copy of functions photoshop_email_the_user() and photoshop_user_details() in photo_shop_admin.php didn't do the trick and to be honest I don't have a clue what to try next.

Has anybody tried to implement similar functionality (and got it working) or can somebody point me in the right direction to get this working?

Any help is appreciated.

Stramm

you can set a single item as paid -> within the check if all pics of an order have been paid you call the mail function.
There's altready a query for the status... get the uid (user id of the user who did the actual order) too.
You'll have to modify the function photoshop_email_the_user() as well as it out of the box only is able to email the admin or the logged in user. But in the step before you grabbed the uid. That you can use to query for the user details in function photoshop_email_the_user()

Swieb

Thanks for pointing me in the right direction Stramm!

I've got both parts (sending a notification when payment is received and when the order is shipped) working now.
I left out the price in the notification since I didn't feel like re-coding the calculation of items, discounts and shipping. Perhaps later...

Had some problems getting the mail template in de lang file to work, but finaly figured out not to put de additional mailcontent in the
if (defined('PHOTOSHOP_ORDER_PHP')) conditional.

Also adding require('include/mailer.inc.php'); helped ;)

Again thanks for your help!

Swieb

Hi Stramm,
Since you where so helpful a few post above perhaps you can answer this question too  ;D.

It's about different pricing used for some galleries.
I've set the default pricing for a 10 x 15 print to 2 Euro.
For one specific gallery I've set it to 3 Euro

When I log in as a regular user, put a photo in the cart and go to "My orders", I see the order with the non-default price.
So far so good.

The thing that imho is confusing is that the pricelist below the order overview shows the default pricing, and not the gallery specific pricing.
For now I removed the pricelist, but it would be nicer to have the pricelist back with correct gallery specific pricing.

Is there a simple solution to this "problem"?
And if so, where can this be 'fixed'

Stramm

I haven't add the 'per album prices' to the pricelist (as it can grow really huge with that).
Atm it shows the standard prices and the shipping (all shipping)
This data is stored in an array and you can easily read it. To get the additional data you'll need to do a db query (with a join to get the album name)

Just have a look at the function photoshop_pricelist() (plugins/photo_shop/include/functions.inc.php)
Before the echo you'll need to add the query (table shop_prices join albums). In the prices table aid is the album ID and gid the item id.

Swieb

Thanks for your reply.

I now get the point.

I was thinking about listing only album specific prices, and when not set: list defaults.
Since I'm still testing on a local server I didn't keep in mind that actual customers would possibly order from more than one gallery at once.
My change would list all pricing for each gallery they had made selections from.
I now see that it would not be wise to implement this feature.

If album specific pricing is to be listed than the best place would be inside each gallery (but not in the shopping cart screens).



DesMas

#349
Heya, Im on startup to use this great mod for a project where a shop system for picures is needet.

ATM I have 2 problems with the system, one is very simple, the other one might need more explanation

1) I found that there are some points in the language file (english & german) missing so the table in the mail has no header description.
fixed this by adding the following line to the $lang_photoshop array:

german.php:
  'item_id_checkout' => 'Item ID',
  'type_chckout' => 'Format',
  'amount_checkout' => 'Anzahl',
  'total_checkout' => 'Preis',


english.php:
  'item_id_checkout' => 'item ID',
  'type_chckout' => 'dimension',
  'amount_checkout' => 'count',
  'total_checkout' => 'price',


the 2. problem might be a little more complicated:
- the coppermine system is integrated with a special bridge from mehdi (http://www.mehdiplugins.com/misc/index.htm) into a joomlaa 1.0.12 cms
- in the joomla cms i've installed the "User Extended" Component to integrate more user field on registration (like adress and so on)

the problem I now have, that by this plugin, a registration in the gallery (redirected to the cms) will stop at the point where the cms is generating an email.
the solution in this original mod, that the user wil be automatically "activated" and directed back to its basked wont work (deactivated by the bridge).

Does anyone have an idea how this could be reimplemented by using the bridged system?


Another problem i have is, when an unregistered user wants to check out, the system redirects him to the register form.
Well with the bridge he will be directly redirected to the user_extended registration form of the cms. But i need another redirection so he has before to accept the "system rules" (AGB).
I think this could be done by a manipulation of the following lines in the phptoshop_register.php:


//if user isn't logged in redirect to shop register/login page
if(!USER_ID) {
    photoshop_refresh($_SERVER['PHP_SELF'].'?file=photo_shop/photo_shop_register');
exit;
}

Dont know, but will try out :)


EDIT

well I found another thing, that relies on the usage of the bridged mode:
If the user logs out with a filles shopping cart this one will stay active for the guest...

But the most worst thing is:
If i want to change the amount of pictures in the shopping cart, i get the error Message:
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
And I dont know where this comes from

Live site to check this: http://www.pferdefotos-sh.de/coppermine

DesMas

#350
Quote from: DesMas on July 26, 2007, 01:16:44 PM
If the user logs out with a filled shopping cart this one will stay active for the guest...
-->cookie problem???

Stramm

I do not know Joomla or the bridge so I can't help you much there. You could just disable the redirection to the photo_shop login/ register site and instead display a message 'To finish your order you need to log in' or similar. That'll solve your problem 1+2.

That message
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
I guess it's from Joomla... you need to search there

QuoteIf the user logs out with a filled shopping cart this one will stay active for the guest...
This is expected behaviour.

The not logged in user can add items to his basket. If he logs in, the items will stay in the basket. If the browser crashes or he logs out and later comes back, the items still will be active.

Probably you mean the items will now show for all not logged in users??? No, that's not the case. Only for the user with the cookie saved on his computer.

And thanks for spotting the missing lang file entries.

DesMas

#352
Thx for your answers

well the fact that the cookie stays acrive on browser reload and saves by this the basket helps with the registration thing on the bridged system.

- ATM i changed the redirection at check out from login to a static content item.
- there the guest has to accept the rules (AGB)
- then gets forwarded to the registration.

By the fact that this is a modded joomla registration, ill need to mod the mod, if i want to skip the email for shop users.
well this would be the not so heavy thing i hope :P

with the other error...h,, maybe i find where the joomla code forces this Illegal variable error....
Interesting is:
- I can delete an item in the basked via the X
- but cannot change the values

How are these 2 things implemented?
GET or POST ? special things?

EDIT:
I found the code snipped that forces this error in joomla:

globals.php
/**
* Adds an array to the GLOBALS array and checks that the GLOBALS variable is
* not being attacked
* @param array
* @param boolean True if the array is to be added to the GLOBALS
*/
function checkInputArray( &$array, $globalise=false ) {
static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' );

foreach ($array as $key => $value) {
$intval = intval( $key );
// PHP GLOBALS injection bug
$failed = in_array( strtolower( $key ), $banned );
// PHP Zend_Hash_Del_Key_Or_Index bug
$failed |= is_numeric( $key );
if ($failed) {
die( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
}
if ($globalise) {
$GLOBALS[$key] = $value;
}
}
}

/**
* Emulates register globals = off
*/
function unregisterGlobals () {
checkInputArray( $_FILES );
checkInputArray( $_ENV );
checkInputArray( $_GET );
checkInputArray( $_POST );
checkInputArray( $_COOKIE );
checkInputArray( $_SERVER );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION );
}

$REQUEST = $_REQUEST;
$GET = $_GET;
$POST = $_POST;
$COOKIE = $_COOKIE;
if (isset ( $_SESSION )) {
$SESSION = $_SESSION;
}
$FILES = $_FILES;
$ENV = $_ENV;
$SERVER = $_SERVER;
foreach ($GLOBALS as $key => $value) {
if ( $key != 'GLOBALS' ) {
unset ( $GLOBALS [ $key ] );
}
}
$_REQUEST = $REQUEST;
$_GET = $GET;
$_POST = $POST;
$_COOKIE = $COOKIE;
if (isset ( $SESSION )) {
$_SESSION = $SESSION;
}
$_FILES = $FILES;
$_ENV = $ENV;
$_SERVER = $SERVER;
}

/**
* Emulates register globals = on
*/
function registerGlobals() {
checkInputArray( $_FILES, true );
checkInputArray( $_ENV, true );
checkInputArray( $_GET, true );
checkInputArray( $_POST, true );
checkInputArray( $_COOKIE, true );
checkInputArray( $_SERVER, true );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION, true );
}

foreach ($_FILES as $key => $value){
$GLOBALS[$key] = $_FILES[$key]['tmp_name'];
foreach ($value as $ext => $value2){
$key2 = $key . '_' . $ext;
$GLOBALS[$key2] = $value2;
}
}
}

if (RG_EMULATION == 0) {
// force register_globals = off
unregisterGlobals();
} else if (ini_get('register_globals') == 0) {
// php.ini has register_globals = off and emulate = on
registerGlobals();
} else {
// php.ini has register_globals = on and emulate = on
// just check for spoofing
checkInputArray( $_FILES );
checkInputArray( $_ENV );
checkInputArray( $_GET );
checkInputArray( $_POST );
checkInputArray( $_COOKIE );
checkInputArray( $_SERVER );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION );
}
}


wel now i need to find out why/how the post variable from the shop forces this error....narf

Stramm

just check the code...
photo_shop_cart.php, the first lines

empty basket and apply modifications (changing the item numbers) -> POST
delete item -> REQUEST

when I search the web for your 'error message' I get some joomla threads.. maybe it's woth to read them ... tells to use the 'new' globals.php


And if you do not want the cookie... then don't save it. The shop uses both, sessions and cookies.
codebase.php -> function photoshop_add_item()

DesMas

yea found them also, the problem is as far as i could read out, the thing that numeric values are in the post array:

Array
(
    [file] => photo_shop/photo_shop_cart
)

Array
(
    [item_id] => Array
        (
            [0] => 0
        )

    [0] => 1
    [box] => photo
    [apply_modifs] => Speichere neue Anzahl
)



// PHP Zend_Hash_Del_Key_Or_Index bug
$failed |= is_numeric( $key );


and thy are not allowed...

well I could now comment the is_numeric check out but more likely I would change the shopping basked code :P

Stramm

then why not recode the shop?? Make the number of items and the item id non numeric, add a letter to it, like 'n' or 'r', later you have to remove that again.

Some work

or... REQUEST isn't banned in globals.php... change POST to REQUEST

DesMas

ok I managed it bay adding a text part to the element:
for those others who might be searching for a solution for the error
Illegal variable _files or _env or _get or _post or _cookie or _server or _session or globals passed to script.
when modifing the amount of items:

photo_shop_cart.php
search:
$_SESSION['photoshop']['cart'][$item_id]['amount'] = $_POST[$item_id];
replace:
$_SESSION['photoshop']['cart'][$item_id]['amount'] = $_POST['count'.$item_id];

search:
<input type="text" class="textinput" maxlength="5" style="width: 20px" name="{$key}" value="{$amount}"/>
replace:
<input type="text" class="textinput" maxlength="5" style="width: 20px" name="count{$key}" value="{$amount}"/>

DesMas

Stramm, 2 questions:

in my test system I have a list of the following orders:
(https://coppermine-gallery.com/forum/proxy.php?request=http%3A%2F%2Fwww.vmm-is.de%2Ffiles%2Fphoto_cart.jpg&hash=2e52d123ccd65e5777d1ec02239af20ab255f3ba)
well this looks nice at first but what confuses me:

There are User ID's listet of 62 and 65 but the highest key in the DB's user table ist 6 on this system  ???
codearea ~428 in photo_shop_admin.php
<div class="smallfont">
<span style="float:right;"><a href="index.php?file=photo_shop/photo_shop_zip&oid={$oid[$k]}">{$lang_photoshop_admin['download_zip']}</a></span><br>
<span style="float:right;"><a href="mailto:{$user_email[$k]}">{$user_email[$k]}</a></span>
<span style="cursor:pointer" onclick="window.location='index.php?file=photo_shop/photo_shop_admin&amp;oid={$oid[$k]}&amp;box={$box}';">{$lang_photoshop_admin['order_id']}: {$oid[$k]}&nbsp;&nbsp;- &nbsp;&nbsp;{$lang_photoshop_admin['user_id']}: {$uid_tmp[$k]}</span>
</div>


it seems for me like the uid gets mixed up while an order is getting stored into the shop table, right or did i miss something?

photo_shop_checkout.php -> photoshop_add_data() around 357ff
$results = cpg_db_query ("INSERT INTO `{$CONFIG['TABLE_SHOP']}` (`oid`, `uid`, `pid`, `quantity`, `size`, `price`, `otime`) VALUES ('$order_id', '".USER_ID."', '$pid', '$amount', '$size', '$price', '$otime')");
Hmm how can USER_ID get mixed up here.....

Stramm

In that gray table cell you'll usually see the user name (clickable -> profile). I assume there'S a problem with your joonla bridge. With a standard install (standalone, smf) I wasn't able to reproduce your problems.

pyrosteve

Quick question, which I expect has been asked and answered before so sorry in advance :) I did have a search around and browsed this thread but couldnt see anything..

With the shopping cart plugin can you define which albums photos can be bought from? I have several albums which I would like to be able to sell photos from, but I also have several albums which I do not wish to sell photos from. I want all the albums to be viewable by any user group etc so cant just restrict it that way somehow..

Thanks!