OLD Super Orders 2.0 (See v3.0 thread instead)

Quote:

---

Originally Posted by philip_clarke

Please Please Please take over this module. Remove all of the keywords like "update" and the one that does <= and gets clobbered by 1.3.8's security

:frusty:

---

I am not a programmer Philip, I just try to figure out what causes a problem and where to fix it. You could change the word update to something else, but anyone looking at the code would do the same in their attack.

This particular security patch is for the Admin Area Only. Hopefully, your Admin area is secure so no one can get into it to begin with. Use common sense and have difficult passwords and change the name of the admin folder. If on Linux type servers, use the .htaccess to ask for a name and password before letting you login to the admin area.

Mine's already secure, I also run the ZC Worldpay module and 30+ modules for the UK's royal mail shipping modules (there's a lot of services) I only have time to point out the problems and try and quickly answer anything like the server 500 error above, which is why this module really needs a good hard look. On every site I've ever worked on I have recommended moving the admin folder and if the shop owner is capable then also .htaccess protecting it as well as using SSL but I have got to say that 90% of the sites that I visited (and I do about 30 sites a month for shipping updates) have not moved their admin folder nor removed the docs folder that has the instructions.

i installed this several times and i just can't figure out where i went wrong. when i click on super order, i get the 404 Not Found error

I'm thinking there's something else wrong because this error also comes up when i try to use the 'monthly sales' mod.

any idea what it could be? seems like i just can't get this to work.

I'm having a problem with Super Orders 2.0. It seems to have knocked out my direct Bank deposit payment modules.

I have tried removing and installing the modules to no avail ?

My guess it it might have something to do with the latest security update and renaming of the admin folder but I have searched the database for includes/admin and it came back with nothing ???

Any ideas ???

We do alot of business through Direct Credit so it needs to be working ASAP :(

Thanks in Advance

We use Zen V1.38 / Super Orders 2.0

Cheers

The main symptom of the bug that is caused by the latest security update is that the server redirects to the admin login page. You could get a 404 if it's not redirecting properly, likewise it could damage other modules.

The reason is that the security update requires that all forms in Admin (no matter what you call it,) have a secutiryToken hidden field added to them. You can check this by going into one of your payment modules and looking at the HTML source, and you should see SecuityToken as a hidden field somewhere. The Payment and Shippng modules in general work fine because they are built use PHP called zen_draw_form.

If super_orders is not completely built using zen draw form then it will not work unless it is modified to add the hidden field. This can be checked by gping to super_orders.php and looking for the securitytoken hidden field. I would not take long to add the field to the PHP pages if this is the main problem

Thank you
Philip.

I guess then that means that we'll just need to wait on this a little to see what happens?

Found the solution to my issue. Its not Super Orders but for some reason I virtual products don't have a Direct Credit option ??? Hmmmm ?

Turns out in my case it was setting the files' permission to mimic other files' permission level.

Thanks Philip!!

I absolutely love this contribution!!

Now i have another question, i noticed that all the invoices show 'balance due' even though the transaction has been settled. does this mean that from now on for every order i have to go in manually input the credit transaction record?

or is this only occuring in the past invoices because they weren't captured by the SO mod?

is there a way to hide the "purchase order" option from the payment method page when customers are checking out? i don't want it to be available, but in the readme.txt it said that it had to be installed.



regarding my last post, i still don't quite understand the workings of this mod. do i need to manually close each order up and enter "payment data" by hand every time?
i have over 700 past orders, that will take a long long time to update.. :(


Thanls!

I don't know much about the module itself as I no longer run a shop, just hammer the code instead.

Having said that I would think that one could "install" but not "activate" the purchase order method of payment so that it would not show to your customers but seuper orders could still reference it if necessary. e.g. change the setting to "false" so that in the payment modules section of ZC it comes up with an orange dot instead of green or red.

Philip.