Jump to content

tbirnseth's Content

There have been 459 items by tbirnseth (Search limited from 27-Jul 20)

Sort by                Order  

#329806 Security Warning

Posted by tbirnseth on 22 July 2020 - 06:22 PM in Third-Party Services

If valid, you should report this directly to helpdesk so they can escalate and investigate the issue.

#329805 Has This Changed For Anyone Else?

Posted by tbirnseth on 22 July 2020 - 05:54 PM in Developers' Corner

If there was a duplicate function name, I'd get a php error at runtime.
Here is the exact copy/paste from addon.xml.
  <item for="install">

Using the new object oriented addon style

What do yo mean by the above? Documentation link?

#329779 How To Check If User Purchased An Item On The Product Page

Posted by tbirnseth on 21 July 2020 - 06:31 PM in General Questions

Create a function in my_changes/func.php like:
function my_check_previous_order($product_id, $user_id) {
  if( empty($user_id) || empty($product_id) ) return false;
  return db_get_field("SELECT count(od.product_id) FROM ?:orders AS o LEFT JOIN ?:order_details AS od ON od.order_id=o.order_id AND od.product_id=?i WHERE o.user_id=?i", $product_id, $user_id);
And then in template:
{assign var="ordered_before" value=$oi.product_id|my_check_previous_order:$auth.user_id}
[if $ordered_before}
  verified order
I updated the db_query above to use db_get_field instead.

#329778 Limit Character Types In Profile Fields - I.e. First And Last Name

Posted by tbirnseth on 21 July 2020 - 06:19 PM in General Questions

Probably easiest way is to do something like this in app/addons/my_changes/controllers/common/profiles.pre.php

  $excluded_strings('http:', 'https:', 'ftp:', 'sftp:', 'ftps:');
  $exclude_fields('firstname', 'lastname');
  foreach($exclude_fields as $field) {
    if( !empty($_REQUEST[$field])  ) {
        foreach($excluded_strings as $str) {
          if( stripos($_REQUEST[$field], $str) !== false ) {
          die("Hacker go away!");

#329776 Posted Variable Values Being Stripped

Posted by tbirnseth on 21 July 2020 - 06:01 PM in Developers' Corner

I have a client who uses an addon from a different developer (not responding to their needs).  The addon is installed on 2 sites with the exact same version of cs-cart (including other addons and schemas).


On  site1 everything works fine.  There is a separate tab on the order.details page for shipping label info.  On this page there are form variables named like 'delivery_type', 'pkg_weight', etc. (not within a separate array container like my_shipping[delivery_type], my_shipping[pkg_weight]..  On site1, POSTed data comes through just fine with delivery_type=type1, pkg_weight=4.5.


However, on site2 the variable values are being stripped.    I.e. the variables are coming across, but empty.  I.e. delivery_type=, pkg_weight=


I had thought that maybe they were being stripped due to fn_trusted_vars() but there's no call to this on either site within this addon.  I also thought that a security issue would remove the variable and its value.


The schema tree of the two sites is the same.


Any pointers?

#329775 Has This Changed For Anyone Else?

Posted by tbirnseth on 21 July 2020 - 05:53 PM in Developers' Corner

I have in the past as well and it no longer seems to work on a client site (4.11.3).  I've added a mode for 'check_install' that will call it after the install, but seems like it should load func.php after the settings are created and that 'my_install_function' would be called....  Wish there were some kind of logging of installation issues other than what's reported as errors via notifications.

#329747 Mv Question: How To Have Vendor Shop Open In An Other Tab Automatically

Posted by tbirnseth on 20 July 2020 - 07:27 PM in Hints & Modifications

Thanks for the catch Ecom.  Path corrected in original post.

#329746 Speed Up Query

Posted by tbirnseth on 20 July 2020 - 07:24 PM in Issues & Troubleshooting

Well, there could be 10000 reasons why...  Cs-cart caches various things in its registry.  I.e. Settings, templates associated with a particular controller/mode as well as css and compiled templates themselves.


The most common source of slowness is failure to prune/truncate the cscart_logs table on a monthly or more frequent basis.  It can get pretty large and since it's updated by all sorts of areas, there can be quite a wait while the table is locked for update or read.  Alternately if your server ownerships/permissions are preventing the var/cache directory tree from being created, then you'll be regenerating everything from scratch on every page load.


You could also have 3rd party JS integrations that are blocking due to a variety of reasons.


Performance analysis can be very time consuming.  The first thing I would do is create a local_conf.php file something similar to:

if( $_SERVER['REMOTE_ADDR'] == [your ip address] ) {
  if( !defined('DEVELOPMENT') ) define('DEVELOPMENT', true);
  if( !defined('DEBUG']) define('DEBUG', true);
  ini_set('display_errors', true);

When you load a page you'll get a bug icon in the upper right of the screen.  Click it to open the debugger.  There's a lot there and too much to detail here, but that should get you started.  The SQL diags are actually pretty good.  But don't try to do import/exports with DEBUG enabled.  You'll run out of memory.


Is the backend slow as well?  Or just the frontend?

#329745 Has This Changed For Anyone Else?

Posted by tbirnseth on 20 July 2020 - 07:12 PM in Developers' Corner

Using a addon.xml section of:

  <item for="install">

No longer seems to work on a new install when my_install_function() is in func.php.  It used to work.


So how does one now call a private installation function when the addon is first installed?


And of course, there is no error indication at all.