Jump to content

tbirnseth's Content

There have been 459 items by tbirnseth (Search limited from 27-Jul 20)

Sort by                Order  

#338992 Csrf On Post Failure

Posted by tbirnseth on 04 May 2021 - 07:06 PM in Developers' Corner

Appreciate your help.  Will try to test it later today.

#338990 Csrf On Post Failure

Posted by tbirnseth on 04 May 2021 - 06:31 PM in Developers' Corner

Hmm, I see what you mean.  Seems like the proper place to put the opening form tag would be above the first capture.  I'll give it a try both ways and see what happens.


Always good to have new eyes!  Thanks.

#338954 Csrf On Post Failure

Posted by tbirnseth on 03 May 2021 - 06:41 PM in Developers' Corner

Form tag is as above.

Schema is being read.  I get access to the controller as Vendor.  If it wasn't, I'd be denied (vendor_multivendor.post.php).

Here's the code and it's the same model I use on many other addons. That's why I'm kind of stumped.


Sorry but the 'paste' removes tabs....

<!-- EZms ez_pos_settings/manage.tpl -->
{capture name="mainbox"}
{capture name="tabsbox"}
<form action="{""|fn_url}" method="post" class="form-horizontal" name="ez_pos_settings_form">
<div id="content_general">
{include file="common/subheader.tpl" title="{__("ez_pos_settings")}: General"}
<div class="control-group">
<label for="test_general_setting" class="control-label">Test General Setting Name</label>
<div class="controls">
<input id="test_general_setting" type="text" class="input-short" value="" />
{foreach from=$warehouses key="warehouse_id" item="name"}
<div id="content_warehouse_{$warehouse_id}" class="hidden">
{include file="common/subheader.tpl" title=__("ez_pos_settings")|cat:": ":$name}
{foreach from=$pos_settings.$warehouse_id item="setting_data"}
{*<pre>setting_data:{$setting_data|print_r:true}</pre> *}
<input type="hidden" name="pos_settings[{$warehouse_id}][{$setting_data.setting_name}][setting_id]" value="{$setting_data.setting_id}" />
{$tooltip = __($setting_data.tooltip)}
{if $tooltip|strpos:'_' === 0 }
{$tooltip = $setting_data.tooltip}
<div class="control-group" id="warehouse_{$warehouse_id}">
<label for="pos_setting_{$setting_data.setting_name}_{$warehouse_id}" 
<div class="controls" >
{if $tooltip}
{include file="common/tooltip.tpl" tooltip=$tooltip}
<input for="pos_setting_{$setting_data.setting_name}_{$warehouse_id}" 
value="{$setting_data.setting_value}" />
{/capture} {** tabsbox **}
{capture name="buttons"}
{include file="buttons/save.tpl" 
{/capture}  {** buttons **}
{include file="common/tabsbox.tpl" content=$smarty.capture.tabsbox group_name=$runtime.controller active_tab=$selected_section track=true}
{/capture} {** mainbox **}
{include file="common/mainbox.tpl"

#338935 Csrf On Post Failure

Posted by tbirnseth on 03 May 2021 - 03:23 AM in Developers' Corner

I'm sure I'm doing/not_doing something but for the life of me, can't find it.

I have an addon  where vendor_multivendor.post.php permissions are true for the controller.

When I try to post the form, it's generating the csrf error message and redirecting to the vendor.php page.


In inspecting with the browser, it is not passing a security_hash in the request data.  I'm not sure what JS triggers adding the security_hash to the POSTed data.  I've double checked and I'm doing things the same way I have in countless other addons.


The form has a total of about 20 variables.  The max_post_data is set to 150M and the max_input_vars is set to 10000.


I think I need a new set of eyes or suggestions on what to check.  Getting brain-fuzzy at this point.

#338728 No More Cart Demo?

Posted by tbirnseth on 22 April 2021 - 07:09 PM in General Questions

For confirming and reporting issues, it's always best to contact Customer Care via Help Desk. Previously, "it does work on the demo" was a quick way to verify that a problem might be related to custom code or third-party add-ons. However, that also meant that the client—who had already spent some time at the bug tracker to check and report the issue—wouldn't get the solution from the bug tracker, and would have to use resort to Help Desk anyway. So, in a way, it eliminates the extra step and the associated delays in investigating and solving the problem. In most cases, it should be our specialists' job to investigate the behavior on a clean installation.


Hmm, then why not fix the bug tracker to actually show the progress of defects through "the process" and with pointers to the actual solution(s)?  People have been asking for transparency for over 10 years to no avail.  Look at defect tracking/reporting for major software outlets (mozilla, etc.).  When you submit a defect report there, you see notification of all assignments/progress as it works itself through the process.


You rely too much on helpdesk and they in turn deflect issues they don't understand or that are design defects.

#338683 Countdown Timer

Posted by tbirnseth on 21 April 2021 - 05:19 PM in General Questions

I did already look at that guide, but I can't seem to work out where I would put the javascript or JQuery in CS-Cart

You can put it in a scripts.post.tpl in my_changes.  The path would be
And the content would be something like:
  // your JS goes here
Note Ecom's comments about using the literal tags.  If an opening and closing squirley-braces are on the same line you should use literal tags.  I.e.
myObj = {literal}{};{/literal}
// whereas this is okay
myObj = {
  "property" : "value"
Note also that you can use template variable in JS by doing:
myVar = "{$tplData}";
// or
myVar = "{$product.amount}";
Good luck.

#338513 Cs-Cart T

Posted by tbirnseth on 15 April 2021 - 06:17 PM in General Questions

I can point you to several MVE sites that do NOT want to use Common Products mostly due to the number of addons they have which then do not function or because they sell individual works (mostly art sites, photography, etc.).


Again, they wouldn't break all their own and other's addons if they had common products utilize excluded fields rather than included fields.  It would still take modification of many addons that will not apply to common products such as Best Seller (and others) that use the Addon's tab but may not use columns of the products table.


Think what  product details page is going to look like when every addon has to have its own individual tab.


There is no good reason to have one addon of cs-cart break many 3rd party addons because they didn't want to do the work within their own addons to make them compatible.

#338512 Php Api Shipments

Posted by tbirnseth on 15 April 2021 - 06:07 PM in Hints & Modifications

I'm confused by your code.  Each product (unless this is all one package) may have different tracking info. So the $data_shipment should be inside the loop.  Each product is simply overwriting $item_id and $amount.


I'd recommend you do an die("<pre>obj:". print_r($obj,true)); After your json_decode() to see what your data is and then code from there.

#338489 Advanced Import Csv Extremely Slow

Posted by tbirnseth on 14 April 2021 - 08:04 PM in General Questions

My point was that if he has 100 columns in his data and is only using 5, reducing the number of columns COULD help performance.  It will certainly cut down on memory.  Yes, 180K rows will take a while no matter what.  But if you can reduce the memory requirement by 90% you might find that it actually runs faster.

#338488 Cs-Cart T

Posted by tbirnseth on 14 April 2021 - 08:00 PM in General Questions

Do you do addons for MVE where Common Products or Warehouses are used?  Where do you put your product configuration details for the product?  You can't even use the normal tab_content hooks after creating your  unique tab using these addons since they too are disabled.  You have to use the extra_tabs hook which then requires you to specify the form in the input fields. 


Historically, cs-cart used to care about addon developers and respected the investment they made in developing our mutual customer' solutions.  But now, someone creates an addon to solve customer problems and cs-cart comes up with a half-baked solution that solves part of it but makes the addon effectively pointless.  Hence investment wasted.  I've been doing custom and addon development in cs-cart for more than 12 years at this point and things have certainly changed.  There is near zero developer support other than from other 3rd party developers.

#338487 Php Api Shipments

Posted by tbirnseth on 14 April 2021 - 07:50 PM in Hints & Modifications

Not familiar with whatever wrapper you're using so I don't know what it's actually returning in $get_order.  But if you get a specific order via the api by using  "orders/123" and then json_decode() the result, you should have a 'products' array that contains the products from the order.  You can then look a that to see how to reference the product_id.


Note that casting an array to a StdClass kind of defeats the purpose of doing a json_decode($get_order,true).  (and make sure you use true as the 2nd argument to json_decode.)  Instead you should assume that $obj is an array().  But if you want to use it as an object, you will most likely have to cast your $obj->status to a string.

#338481 Keep getting product code error???

Posted by tbirnseth on 14 April 2021 - 03:50 PM in General Questions

I just posted this to the bugtracker.  Seems there are many problems that come back with the same error message:


#338480 Php Api Shipments

Posted by tbirnseth on 14 April 2021 - 03:49 PM in Hints & Modifications

You might have to use a multi call approach.  I.e. GET's to retrieve the products in an order and the PUTS/POST to create the shipments.

#338465 Advanced Import Csv Extremely Slow

Posted by tbirnseth on 13 April 2021 - 10:49 PM in General Questions

Does your csv only contain those columns?  Or are you providing all data and telling the mapping to only utilize certain fields?  If the latter, you might try getting rid of all the unnecessary columns and see if that helps.

#338464 Cs-Cart T

Posted by tbirnseth on 13 April 2021 - 10:45 PM in General Questions

But a large part is due to 3rd party developers as well. Cs-Cart has gotten scared of releasing fast, new, breaking changes, which is prohibiting them a lot in refactoring large parts of the codebase.


If developers agree, 4.14 can have as many breaking changes as cscart wants, we wont complain, it will be an amazing release.


Huh?  Cs-cart breaks addons every release.  Variations, Common Products, Warehouses.  All of these break addons that have nothing to do with the functionality they provide only because they do not want to update their own addons to be compliant with their new changes (easy way out).  If they used an explicit "excluded" fields list in the schemas rather than an "included fields" list, many addons would survive their changes.  They would also have to "conditionalize" their own addons to use hooks appropriately so that the "Add-ons" tab would be what it is intended to be; a collection of add data inputs for products.  Instead, their choice it to remove the tab entirely requiring addon developers to create unique tabs for their addons.  Tab pollution is the result.


Suggest that people who really think cs-cart is cautious about addon developers actually product production addons and see what happens....

<off soapbox>

#338463 Countdown Timer

Posted by tbirnseth on 13 April 2021 - 10:36 PM in General Questions

Easiest is to just point you to a reference: https://www.w3school...s_countdown.asp
You'll need to create a block where you want the timer with html similar to:

<div id="my_timer">

and you would (using the javascript from the link) do:

 document.getElementById("demo").innerHTML = days + "d " + hours + "h "

Using jQuerey is probably easier and cleaner....

#338267 Add-On: Export Cs-Cart Add-Ons

Posted by tbirnseth on 06 April 2021 - 06:20 PM in Developers' Corner

Please contact me directly.  I sue it on 4.12.2 with no problems.  None of the directory structure has changed that it uses.

#338193 Conditional Script Loading In Checkout

Posted by tbirnseth on 04 April 2021 - 07:29 PM in Developers' Corner

Looks like this is being cached by the js/tygh/ajax.js and is using an internal 'promise' mechanism.

I'm not a JS expert by any means.  But I need to be able to prevent caching and (I'm assuming) it's adding a parameter to the end of the URL.  The script is self-checking an if it's not from an exact 'src=' that it expects, it will not allow execution.  Not clear why refreshing the page and having it load outside of the ajax request allows it to work properly.


I've  tried using $.getScript() but that is also overridden in tygh/ajax.js.  So I'm outside of my experience if anyone can help.  Possibly someone from cs-cart might chime in?

#338182 Conditional Script Loading In Checkout

Posted by tbirnseth on 03 April 2021 - 10:11 PM in Developers' Corner

I have a payment method that needs to load a

<script src="blahblah"....

I have it setup as

<script class="cm-ajax-force" data-no-defer src="blahblah"...

I have this inside of a div that is loaded when a payment processor is selected (other than the default).

However, the script tag is never loaded unless the page is refreshed when the payment method is selected.

The core is removing this tag and I need to know how to have it NOT do so.  


I had hoped the combination of class="cm-ajax-force" and data-no-defer would have had cs-cart leave this alone.


Is there an attribute or micro-class I can use to have it left alone?


I'd just load it at the top except that I need to look at the processor_params to see if it's production or sandbox mode to load the appropriate script. src.


Any help is greatly appreciated.  With scripts, there's so much that goes on behind the scenes, it's hard to keep track of.

#338124 Website Migrated - Admin Panel Throwing Http 500 Error

Posted by tbirnseth on 02 April 2021 - 03:54 AM in General Questions

And who wins the prize? :-) 

I.e. which of the solutions did the trick?

#338079 Managing Tabs Per Vendor On The Product Page

Posted by tbirnseth on 31 March 2021 - 05:55 PM in General Questions

Feel free to send those requirements via the get-a-quote link in my signature.  I can then give you a quote.

#338004 Latest Version Of Cs-Cart Not Working With Php 7.4

Posted by tbirnseth on 30 March 2021 - 03:04 AM in General Questions

Most likely there is an addon that has a piece of code or a statement that is not compatible.

#338003 Website Migrated - Admin Panel Throwing Http 500 Error

Posted by tbirnseth on 30 March 2021 - 03:03 AM in General Questions

What is the content of your app/schemas/storefronts directory?

If the file is there, then it's an ownerhship/permissions problem.  If it's not there, then the site was not copied properly and I wouldn't trust anything on that site.

#338002 How Get Vendor City Or State And Post It To Product List

Posted by tbirnseth on 30 March 2021 - 02:58 AM in Store Design & Templates

What are you going to do if it is a "Common Product" where there may be 20 vendors selling the same product?

#338001 Managing Tabs Per Vendor On The Product Page

Posted by tbirnseth on 30 March 2021 - 02:56 AM in General Questions

Not certain I understand your request so let me paraphrase it and then you can tell me if I got it or not.


You want 4 tabs (A, B, C, D) on your MVE frontend product page.  A&B are specific to each product and are updated via products.update.  C&D are specific to the vendor and the data could be stored/saved in the vendor profile.  Ie. the Company Description and the Shipping/Delivery Information.


It is certainly possible to do this.  It's a very simple addon if the Shipping/Delivery Information is already a separate column in the cscart_company_descriptions database table and related UI components on the Vendor's profile page.  If you need to create this and get your vendors to update it for their companies, then it's a bit more work.


If the above is your situation, it's not very complicated to do, it just takes time.


If you are using Common Products addon then you could have several vendors selling the same product.  Until the vendor is selected, that information would need to be stubbed out with something like "Select vendor first"!