There will be some files under
admin/includes/boxes/extra_boxes/
that you haven't removed all start with super_orders all end in dhtml.php
Printable View
There will be some files under
admin/includes/boxes/extra_boxes/
that you haven't removed all start with super_orders all end in dhtml.php
Quote:
Originally Posted by philip_clarke
got all of those already. still there
did you move your admin folder as recommended by the security guidelines ? If so they'll be under extra boxes in that directory.
no the admin folder is right in the default placeQuote:
Originally Posted by philip_clarke
sorry it's in your database you have to go to your configuration page to get the gID like this
http://somewhere.com/admin/configuration.php?gID=28
then when you have the correct gID you have to issue the SQL statement in tools > install SQL patches
and you should have moved the admin directory.Code:DELETE FROM configuration WHERE configuration_group_id = 28;
The bug in Super Orders where checking "Notify Customer" did not pass the notification along to the customer has been fixed; rev 47 is now available in the downloads area. BlindSide has confirmed that he is no longer supporting this module so feel free to add fixes yourself.
Thanks for the fix! :DQuote:
Originally Posted by swguy
How can we install this new version with the bug fix? I already have SO 2.0 installed. Do I need to copy all of the files in Rev 47 to the catalog and then reconfigure them as I did with the original install?
If you compare the files in this zip with the files in your cart, you'll see that only admin/super_orders.php has changed.
Hi all I just have a quick question that someone might be able to help me with.
I have installed the super orders module and find it very help full but I have a question regarding the payment side. I use paypal for customers to use as my main payment form.
Is there a way for this to be automatic rather than me putting the details in manually?
Any help/advise would be appreciated as I am new to this module.
I had originally taken an approach of grabbing the paypal transactions as they occurred and updating the SO data. Another user took the approach of including the paypal data into SO at the time the reports are made.
I haven't verified their solution, but I was thinking of trying it instead - only because I'm a little more comfortable reorganizing the data than I am at intercepting the transactions.
Search for paypal in this tread, here's a post to his solution:
http://www.zen-cart.com/forum/showth...pal#post697275
Hello, i couldnt find the solution /thread for the famous red X problem in super order,
can someone help me?
sorry, but what's the red X problem? - never mind- I see you started a new thread
Hi All. After spending a year in the hospital with a bunch of broken bones, I'm finally getting back to work!
I've installed a clean zc using 1.3.8a and went thru the mods and decided Super Orders might be a bug help in getting me back up to speed quickly - and NOW I read this post and find it's no longer supported! ughh!
I'm mostly looking for opinions on whether I should abandon SO and restore my default db n files?
Any replies appreciated - I'd also be interested in knowing the modules that you have success with! My shops tend to be for clients that offer things like shirts, shoes - stuff that usually have multiple attributes associated to one piece.
Best to all~
jo
:wacko:
Sorry, can someone tell me which version of Supers orders to use with Zencart 3.7?
Bug Reports/Fixes:
This is an old post but I ran into the same problem this week and couldn't find a reply. I noticed rev47 just came out with the same bug. The packing slip image is distorted because there is an error in the code around line 200 in super_packingslip.php that gives the incorrect order of SMALL_IMAGE WIDTH and SMALL_IMAGE_HEIGHT. (For those who want to know, the values of SMALL_IMAGE WIDTH and SMALL_IMAGE_HEIGHT in the packing slip thumbnails are set in Admin-->Configuration-->Images.)Quote:
Originally Posted by dealbyethan.com
old incorrect code in catalog/admin/super_packingslip.php:
echo ' <td class="dataTableContent" align="left">' . zen_image(DIR_WS_CATALOG . DIR_WS_IMAGES . $products->fields['products_image'] , $order->products[$i]['name'], SMALL_IMAGE_HEIGHT, SMALL_IMAGE_WIDTH) . '</a> </td>';
Code should be:
echo ' <td class="dataTableContent" align="left">' . zen_image(DIR_WS_CATALOG . DIR_WS_IMAGES . $products->fields['products_image'] , $order->products[$i]['name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT) . '</a> </td>';
Another potential problem -- catalog/admin/includes/super_stylesheet.CSS is missing # signs before a number of the color hex value assignments.
So has anyone been able to solve the issue with PayPal payments not being recorded in SO tables or being calculated in super_order.php?
I tried the solution posted Here but it had no effect. Nothing is going into so_payments unless I manually enter them. Looks like the code above should work at least to make the Balance Due accurate, but it never gets written anywhere.
Zen 1.3.8a, SO 2.0 rev47
I need help with invoice look.
My SuperOrders page looks good, but when I click Invoice, I don't have all the data I need.
I need invoice to look like this:
Product --> Model --> Tax --> Price (ex) --> Tax value --> Price (incl)
Also, when I go to Print Invoice, I would like the product rows to be colored.
Here is how it looks now:
SO page:
http://www.bali.hr/pic1.jpg
Invoice page:
http://www.bali.hr/pic2.jpg
why don't i have prices with and without tax, and why does my tax field say "nema!" (it means "no tax")
Topcat24,
Thanks! Looks like those links will get me there. I've been beating my head against the PHP for days. Dunno how I managed to miss those posts.:unsure:
Looks like the right way to go.
I solved my problem partially and now my invoice look like Product - Model - Price (ex) - Tax rate - Price (incl) - Total (ex) - Total (incl)
All i did was changed the admin/super_invoice.php like this:
original (at line 221):
to this:Code:<?php
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
echo ' <tr class="dataTableRow">' . "\n" .
' <td class="dataTableContent" valign="top" align="right">' . $order->products[$i]['qty'] . ' x</td>' . "\n" .
' <td class="dataTableContent" valign="top">' . $order->products[$i]['name'];
if (isset($order->products[$i]['attributes']) && (($k = sizeof($order->products[$i]['attributes'])) > 0)) {
for ($j = 0; $j < $k; $j++) {
echo '<br /><nobr><small> <i> - ' . $order->products[$i]['attributes'][$j]['option'] . ': ' . $order->products[$i]['attributes'][$j]['value'];
if ($order->products[$i]['attributes'][$j]['price'] != '0') echo ' (' . $order->products[$i]['attributes'][$j]['prefix'] . $currencies->format($order->products[$i]['attributes'][$j]['price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . ')';
if ($order->products[$i]['attributes'][$j]['product_attribute_is_free'] == '1' and $order->products[$i]['product_is_free'] == '1') echo TEXT_INFO_ATTRIBUTE_FREE;
echo '</i></small></nobr>';
}
}
echo ' </td>' . "\n" .
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n";
echo ' <td class="dataTableContent" align="right" valign="top">';
if ($display_tax) {
echo zen_display_tax_value($order->products[$i]['tax']) . '%';
}
else {
echo ENTRY_NO_TAX;
}
echo '</td>' . "\n" ;
if ($display_tax) {
echo ' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n";
echo ' </tr>' . "\n";
}
else {
echo ' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' </tr>' . "\n";
}
}
?>
NOTE: you will also need to change some lines above because i changed the order of elements.Code:<?php
for ($i = 0, $n = sizeof($order->products); $i < $n; $i++) {
echo ' <tr class="dataTableRow">' . "\n" .
' <td class="dataTableContent" valign="top" align="right">' . $order->products[$i]['qty'] . ' x</td>' . "\n" .
' <td class="dataTableContent" valign="top">' . $order->products[$i]['name'];
if (isset($order->products[$i]['attributes']) && (($k = sizeof($order->products[$i]['attributes'])) > 0)) {
for ($j = 0; $j < $k; $j++) {
echo '<br /><nobr><small> <i> - ' . $order->products[$i]['attributes'][$j]['option'] . ': ' . $order->products[$i]['attributes'][$j]['value'];
if ($order->products[$i]['attributes'][$j]['price'] != '0') echo ' (' . $order->products[$i]['attributes'][$j]['prefix'] . $currencies->format($order->products[$i]['attributes'][$j]['price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . ')';
if ($order->products[$i]['attributes'][$j]['product_attribute_is_free'] == '1' and $order->products[$i]['product_is_free'] == '1') echo TEXT_INFO_ATTRIBUTE_FREE;
echo '</i></small></nobr>';
}
}
echo ' </td>' . "\n" .
' <td class="dataTableContent" valign="top">' . $order->products[$i]['model'] . '</td>' . "\n";
echo ' <td class="dataTableContent" align="right" valign="top"><b>' .
$currencies->format($order->products[$i]['final_price'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top">' . zen_display_tax_value($order->products[$i]['tax']) . '%</td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' .
$currencies->format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']), true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format($order->products[$i]['final_price'] * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n" .
' <td class="dataTableContent" align="right" valign="top"><strong>' . $currencies->format(zen_add_tax($order->products[$i]['final_price'], $order->products[$i]['tax']) * $order->products[$i]['qty'], true, $order->info['currency'], $order->info['currency_value']) . '</strong></td>' . "\n";
echo ' </tr>' . "\n";
}
?>
Change to something like this:
around line 207 change:
to this:Code:<td class="dataTableHeadingContent" colspan="2"><?php echo TABLE_HEADING_PRODUCTS; ?></td>
<td class="dataTableHeadingContent"><?php echo TABLE_HEADING_PRODUCTS_MODEL; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TAX; ?></td>
<?php if ($display_tax) { ?>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_EXCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_INCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_EXCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_INCLUDING_TAX; ?></td>
<?php }
else { ?>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_NO_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_NO_TAX; ?></td>
<?php } ?>
Code:<td class="dataTableHeadingContent" colspan="2"><?php echo TABLE_HEADING_PRODUCTS; ?></td>
<td class="dataTableHeadingContent"><?php echo TABLE_HEADING_PRODUCTS_MODEL; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_EXCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_PRICE_INCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_EXCLUDING_TAX; ?></td>
<td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_TOTAL_INCLUDING_TAX; ?></td>
I hope this helps. Maybe i copied something wrong here - if so, contact me and i can email you complete file.
IMPORTANT: I use only one tax rate and don't have untaxable goods so this works for me. I don't know if it will work with different or no tax rates!
Anyway, it works for me... :clap::clap::clap:
I have this very same issue, the op does not state what he did to solve the problemQuote:
I've now solved the problem, and the module appears to be working well. (My mistake was too dumb to mention here.)
Thanks so much for the contribution!
Quote:
Originally Posted by dkoehler View Post
I've run in to a problem trying to install the Super Orders module. I uploaded the Catalog files and (as far as I can tell) ran the SQL file. Super Orders does show up as entry under the Configuration menu in the Admin console, but when I went to install the Purchase Order module, it doesn't show up as an option under Modules / Payment. What did I do wrong?
dkoehler is offline
And now i am feeling really dumb, if it is a simple issue i have overlooked
can anyone help me with this
pk sorted it, uploaded files to incorrect directory, the readme in not 100% clear, plus i should have read it better
I've installed the security_patch_v138_20090619 yesterday and now when I try to modify Order Payment Data using the 'Modify'-button it sends me to the Admin homepage instead of displaying the actual payment details. "Remove" on the other hand does seem to work!?
Anyone else experience and maybe solved this? I seem to have missed one upgrade (using rev 46) so I'll upgrade as soon as possible to rev 47 to make sure it isn't related to that.
Super orders is not actively maintained and is full of security holes. There's at least one instance where 1.3.8 has stopped functions within it when you are searching for <= something as it strips out the < sign. My personal opinion is that it should be removed from the download section until a maintainer is found but I run more than 30 modules and apparently some of the features are going to be put into ZC 2.0 but it comes as no surprise that fixing a hole in ZC in general would wipe out function in super orders. Anyone is free to post an updated version if they solve the issues as the original maintainer has no further interest in it.
Greetings!
I'm using ZC 1.3.8a with PHP 5.2.9
I installed SuperOrders according to the directions, and when I go to Customers/Super Orders, it comes up with a blank page. In fact, every related page (except the configuration page) comes up blank. When I look at the source of the blank page all it says is:
<!-- SHTML Wrapper - 500 Server Error -->
The error logs provide no clues. We're using BlueHost as our web host, if that makes a difference.
Even if I make the very first line of code in super_orders.php 'print "Made it here!";' it doesn't do anything but give the error above.
The only other module I've installed is Export Shipping Information.
Any ideas? Thank you!
Emily
That is most likely to be that you have uploaded the files with the wrong permissions on them and the webserver either cannot read them or thinks the permissions are not strict enough. In your ftp program right click the files and see what it says, the ownership and permissions should be the same as your existing files that work. a 500 error is web server related not PHP based.
Thank you
Philip
Philip, thank you so much!! The problem was too much permissions. They came in the archive as rw-rw-r and when I set them to rw-r-r everything started working. I would never have figured that out, so thank you again!!Quote:
Originally Posted by philip_clarke
:clap: :clap: :smile:
Emily
Rev 47 will not correct the problem.Quote:
Originally Posted by davale
The new security patch file located in /youradminfolder/includes/init_includes is looking to see if you are using a 'get update', which the Modify Command uses. A quick work around until the problem is actually solved would be to remove ',update' from line 16 in the security file.
if (isset ( $_GET ['action'] ) && in_array ( $_GET ['action'], array ('save', 'layout_save', 'update', 'update_sort_order', 'update_confirm', 'copyconfirm', 'deleteconfirm', 'insert', 'move_category_confirm', 'delete_category_confirm', 'update_category_meta_tags', 'insert_category' ) ))
I realize that this defeats one purpose of the patch, but as I said, this is just a Quick Work Around. :shocking:
Please Please Please take over this module. Remove all of the keywords like "update" and the one that does <= and gets clobbered by 1.3.8's security
:frusty:
Thanx JTheed for this workaround. Tried it and indeed the function is restored. Still wondering if I should leave it out or let security prevail.Quote:
Originally Posted by JTheed
I am not a programmer Philip, I just try to figure out what causes a problem and where to fix it. You could change the word update to something else, but anyone looking at the code would do the same in their attack.Quote:
Originally Posted by philip_clarke
This particular security patch is for the Admin Area Only. Hopefully, your Admin area is secure so no one can get into it to begin with. Use common sense and have difficult passwords and change the name of the admin folder. If on Linux type servers, use the .htaccess to ask for a name and password before letting you login to the admin area.
Mine's already secure, I also run the ZC Worldpay module and 30+ modules for the UK's royal mail shipping modules (there's a lot of services) I only have time to point out the problems and try and quickly answer anything like the server 500 error above, which is why this module really needs a good hard look. On every site I've ever worked on I have recommended moving the admin folder and if the shop owner is capable then also .htaccess protecting it as well as using SSL but I have got to say that 90% of the sites that I visited (and I do about 30 sites a month for shipping updates) have not moved their admin folder nor removed the docs folder that has the instructions.
i installed this several times and i just can't figure out where i went wrong. when i click on super order, i get the 404 Not Found error
I'm thinking there's something else wrong because this error also comes up when i try to use the 'monthly sales' mod.
any idea what it could be? seems like i just can't get this to work.
I'm having a problem with Super Orders 2.0. It seems to have knocked out my direct Bank deposit payment modules.
I have tried removing and installing the modules to no avail ?
My guess it it might have something to do with the latest security update and renaming of the admin folder but I have searched the database for includes/admin and it came back with nothing ???
Any ideas ???
We do alot of business through Direct Credit so it needs to be working ASAP :(
Thanks in Advance
We use Zen V1.38 / Super Orders 2.0
Cheers
The main symptom of the bug that is caused by the latest security update is that the server redirects to the admin login page. You could get a 404 if it's not redirecting properly, likewise it could damage other modules.
The reason is that the security update requires that all forms in Admin (no matter what you call it,) have a secutiryToken hidden field added to them. You can check this by going into one of your payment modules and looking at the HTML source, and you should see SecuityToken as a hidden field somewhere. The Payment and Shippng modules in general work fine because they are built use PHP called zen_draw_form.
If super_orders is not completely built using zen draw form then it will not work unless it is modified to add the hidden field. This can be checked by gping to super_orders.php and looking for the securitytoken hidden field. I would not take long to add the field to the PHP pages if this is the main problem
Thank you
Philip.
I guess then that means that we'll just need to wait on this a little to see what happens?
Found the solution to my issue. Its not Super Orders but for some reason I virtual products don't have a Direct Credit option ??? Hmmmm ?
Turns out in my case it was setting the files' permission to mimic other files' permission level.
Thanks Philip!!
I absolutely love this contribution!!
Now i have another question, i noticed that all the invoices show 'balance due' even though the transaction has been settled. does this mean that from now on for every order i have to go in manually input the credit transaction record?
or is this only occuring in the past invoices because they weren't captured by the SO mod?
is there a way to hide the "purchase order" option from the payment method page when customers are checking out? i don't want it to be available, but in the readme.txt it said that it had to be installed.
regarding my last post, i still don't quite understand the workings of this mod. do i need to manually close each order up and enter "payment data" by hand every time?
i have over 700 past orders, that will take a long long time to update.. :(
Thanls!
I don't know much about the module itself as I no longer run a shop, just hammer the code instead.
Having said that I would think that one could "install" but not "activate" the purchase order method of payment so that it would not show to your customers but seuper orders could still reference it if necessary. e.g. change the setting to "false" so that in the payment modules section of ZC it comes up with an orange dot instead of green or red.
Philip.
Thanks Philip!!!
i was wondering about that, but wasn't sure if i would interrupt how the module works.
It's only a guess but at least the code would be available to the module if it needs it, if the payment module is installed, at least then the code is "in place" and so it should throw less errors in theory. The main problem with super orders is that it dates from 2005 in some cases and with later versions of ZC it does through some errors, the box that says "search is a payment is <=" doesn't work because security measures in recent versions of zencart have disabled it.
I keep on hoping for a volunteer to step up and upgrade this module but as you know, I maintain some already, so can only point out the more obvious errors.
Philip.
well it's amazing all the time you and others put in to help all of us out!
do you happen to know if there is a way where i don't have to go back and enter in all 700 some of the payment information?
they all say balance due $xxx even though payment has already been made through credit card or paypal through the system.
There would probably be a SQL update and I will look out for something over the next few days, best just to start using it and ignore everything below the line where payment isn't due.
Philip.
ok! i will use it as is and sit tight to see what comes up.
thanks!
You could try something like this - but backup first and verify afterwards! I recommend the backup module in the add-ons section - makes it really easy to backup - messup - restore - try again :wink:
Code:insert into zen_so_payments(orders_id, payment_amount)
select orders_id, value from zen_orders_total zot where zot.sort_order=999;
That was a good starting point for the code but it throws a couple of errorsQuote:
Originally Posted by carlvt88
(I STILL MULLING THIS OVER THOUGH)Code:
INSERT INTO so_payments ( orders_id, payment_amount ) select orders_id, value from orders_total zot where zot.sort_order=999
works in Install SQL patches because the previous code assumes that the tables are in default locations (whereas the patch program can alterthe table names to take into account different prefixes), the above code certainly populates the so_payments table but I am just trying to delve into super orders to check the exact criterea for the search that displays outstanding balances.
Philip.
I think carlvt88 is certainly along the correct lines, although I am not sure why the sort order is 999, but looking through some test data it does appear correct. I'd say that as a minimum the code should beQuote:
Originally Posted by philip_clarke
Which puts a space inbetween so_payments and the first bracket but leaves zen_orders_total as the default name, because I don't think the Install SQL patches box can add the correct table prefix to the second table in a sub-select query. Oh and one would need MySQL 4+ as the database backend in case anyone has joined this conversation late.Code:insert into so_payments (orders_id, payment_amount)
select orders_id, value from zen_orders_total zot where zot.sort_order=999;
For the newbie the above code adds all the payments from the table orders_total (default name is zen_orders_total), to the super orders payments table so_payments which may on your system have zen_ stuck in front of the table name. If there are any DB_prefix errors that turn up using the above code, try adding or removing zen_ in front of the table name. if you get this error
ERROR: Cannot execute because table zen_so_payments(orders_id, does not exist.
it's because there is not a space in between the word payments and the first bracket in carlvt88's otherwise excellent code.
Philip.
how do i add a link to the product info page?
Hi,
so Super Orders is now unsupported/a community project!
I only installed it last week and so the doubt enters as to whether this will become a blind alley, which would be a shame.
It seems a monster piece of code and I certainly am not a good enough coder (and never will have the time to be) to bring it up to the minute as it seems is necessary as a result of the latest admin patch and legacy code.
From the people who have delved into this code, and anyone else wth experience, do you think this is worth the investment in time and effort to continue using and fixing it/bringing it up to date? Is it just a matter of searching and changing certain function calls, I have no idea?
Or are there other, supported contributions that can accomplish the same funcionality and are better written/have no legacy code?
(No offence to Mr. Blindside, this module is a stunning achievement.)
There is also the rumour of some of this functionality being available in Zen Cart 2.0, although I think this IS a rumour, I dont see any evidence of this in the details released so far: http://www.zen-cart.com/forum/showthread.php?t=116018
If it IS the best tool in the box and will continue to be so with ZC 2.0 (with compatibilty changes obviously) surely there would be interest in someone competent (hello Mr. Clarke) cleaning it up on one-off now for some renumeration/contributions which I think is perfectly reasonable. I imagine there are a lot of people using it and more who would if it was fixed.
What do people think? Are lots of people interested in keeping this alive or have they moved on already?
regards
Steve
In my experience Open Source is not really a business model. My royal mail modules have had more than 10,000 downloads over the last 3 years. I have never received a donation for them.
The worldpay module has given me about £100 in the last year. I was once offered some money to modify super orders and join it with the edit orders module. The client then moved the goal posts and expected more work.
I quoted for a 3 hour job to modify some of the shipping modules, once again the client moved the goalposts and requested 3 days of work beofre releasing any funds. The only reason to develop any modules would be to become more familiar with either PHP or Zen Cart if one wanted to work as a contractor. The realiity is that the people that use zen cart do so because it's free and are on these forums to get free advice.
I donated my time back to the community when I went from being the director of a 17 person development company to being housebound because of physical disability. Recently I updated a module for a web design company who told the website owner that I was cheap. I've found wed hosting companies charging £75 to install modules that I have written as an add on for bundled hosting and that is the GPL way and the reality of the situation, it's not a complaint, there is nothing to stop a company from doing this. If a person has money to pay for hosting and shop development the they don't turn up on these forums, their designers do.
Your statement
is really just a hope that someone would pay with no backing in my experience. I thnk super orders could make a good student project maybe someone would donate, but for the weeks of work required one would be working for either an alternative reason or for pennies an hour.Quote:
cleaning it up on one-off now for some renumeration/contributions which I think is perfectly reasonable. I imagine there are a lot of people using it and more who would if it was fixed.
Philip
I am having a problem with batch print out view in admin see attachment. I am wondering how the get the layout stacked below each other in stead of across.
Thank for your help
Sorry guys forgot to add the screen shotQuote:
Originally Posted by lextechs
Hard to tell from the thumbnail, but is the problem that some of the drop-down boxes are automatically sized to their data, and some of your fields are very large?
And to reply to Philip and Torvista, I can completely agree and appreciate Philip's experiences and views. I've also found a lot of value in SO and really like it. While I'm not a professional PHP coder, I enjoy digging in and figuring out a problem, and several times I've found answers or at least guidance on this forum. In fact, I'd say that to me, that's one of the strongest reasons to go with ZenCart is the community support found in the forum.
Maybe I wasn't paying attention, but I use SO, sales_report, and edit_orders, and haven't seen any problems since applying the patch. I'm now upgrading to 1.3.8.1 so I can't comment there.
Question: Is it necessary for one person to 'own' the addon, or can it go on as a community supported project? I try to offer assistance when I can, but I don't think I have the bandwidth or maybe even the depth of knowledge to take ownership.
Hi,
thanks for the comments Philip and carlvt88
It’s a pity no-one wants to pay for anything these days/value other peoples time.
I don’t have a problem paying for work but I have a big problem specifying what I want. I've ended up doing it all myself mainly because all the bits I wanted changing seemed so minor and the major bits I could not settle on yet.
I like to contribute when I can but I don’t have the skills to do what seems to be required to fix Super Orders and my interest is to whether it is necessary..
Calrvt88, would you mind explaining what do you use Super Orders for that Edit Orders does not do?
Thanks
Steve
In answer to recent posts, Super Orders doesn't need to be owned by any one person. However, in practise these big mods only really move forward when somebody does take responsibility for them for a period.
This is because it requires a focus and in-depth knowledge of how it all fits together, that you can't get or maintain by just dipping in and out occasionally.
Sadly, as Philip says, it's very difficult to make a living out of add-ons. The ones I release are usually spin-offs from commercial projects that I share as my way of giving back.
That was also the case for Super Orders which Bindside spun out of a requirement from a company with which he was working at the time. Had he not have invested personal time extending and bundling it, it's unlikely that we would have anything like it today. Blindside now has new business interests and the best of luck to him.
However, that does mean that until a new champion comes along, there's unlikely to be significant new development for this module.
A while back i was looking for a way to fix the OT calculations, such that the group discount is applied first, then calculate whether free shipping should be applied.
free shipping on orders over $75 (after any discounts or group discount)
I thought i had found a thread to help me fix that, and recently just noticed that free shipping is still being applied on orders the free shipping amount ($75) on orders that drop below $75 after the discount.
Could the super order module have affected it? or if anyone can point me in the right direction of how i can fix this.
Thanks!
How can the pop up windows be controlled so that they automatically adjust to open fully? Right now they open partially.
SO Super Upgrade Error 1146 payment_purchase_order doesn't exist
Was there something else in the mod to upload besides the super_upgrade and SQL?
I'm getting the following error in my website http://www.maternitystar.com.au
Fatal error: Call to undefined function zen_href_link() in /home/matern/public_html/includes/languages/english.php on line 539
What could be causing this? Thanks for any help on the matter. Please help me i am in big problem....
The function is defined in includes/functions/html_output.php. Do you know if that file is OK? Was your site working before you made a change somewhere? Do you have extra files in that directory that don't belong? Let us know how you make out...
In all likelihood they have been hacked and then the script kiddie has run riot since their admin folder is in the default place. Going to the admin folder results in problems with SEO too in the auto_load functions so I am guessing that it's a hack and then break the server to stop anyone else. A quick scan before my ip got blocked (that was ME not a bad guy) showed an odd port open on 2222 which is listed as a rootkit shell port but then it could just be SSH bein forwarded to a non obvious port.
http://www.google.co.uk/search?hl=en...t+2222+rootkit
lists quite a few rootkits there. I think they need professional help, and probably shouldn't be posting here either, more int he security section.
Philip.
Philip, you absolutely amaze me with the things you uncover. I love it.Quote:
Originally Posted by philip_clarke
What was the scan you did that showed the open port 2222?
Standard nmap scan, there seems to be some snort-like feature enabled on that server or a router further down the chain, as after the scan it then ceased communication with the ip address it was scanned from (not my web browser address) so I investigated further and found that the site is/ was a 1.3.7 as listed conveniently here:
http://www.maternitystar.com.au/docs/
a little more investigation now that the block has cleared show that port 2222 is a forwarded SSH port that you can try and log in on. It's also a Red Hat Enterprise Linux Server because helpfully it says so in the browser headers (you can read them in firefox)
HTTP/1.1 200 OK
Date: Fri, 07 Aug 2009 14:57:32 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.4 Perl/v5.8.8
Please note that at no point have I attempted to gain access to this machine or it's data. I am just giving a considered opinion that the server has been wrecked, in all likelihood by a script kiddie covering his/ her tracks by doing rm *.php after they've done their business. I saw this a lot about 3/ 4 weeks ago when a proof of concept exploit was published. Also it appears that modifications to morfeus and santy have already been done since requests for zen cart shops are now appearing much higher up the rank in some honey traps I have laid out.
With any luck that site could be restores quite easily depending on the damage the kiddie has done naturally. I'd start by sweeping for backdoors though. The wrecking was probably to cover tracks, professional hackers tend to go quietly in and leave things untouched to the outside eye, (hence the port scan to see if there was any indication of an IRC controlled bot). The more skilled professional hacker tends to be of the opinion that there is no point in hacking a server to reap credit cards, join a bot net, send out spam, store illegal files etc... if the website's owner is going to take down the website because it's been trashed.
I reckon one of two causes. a) big hard drive failure leading to large sections of the drive being unreadable (but not "that" likely as the main directory structure of the site looks intact.
b) script kiddie
Naturally I have only looked from the outside bit like shining a torch on a car wreck, as going in would be covered by the "computer misuse act" in the UK and I haven't been invited.
Philip.
It is always good to know your enemy. I did the search as per your previous post and started reading the madirish blog (IIRC) and a few others. Amazing stuff. While I don't ever expect to catch up, I can only hope my site is interesting enough not to be hacked. Otherwise I will erect a sign saying "This site is protected by extreme poverty". Thanks for the heads up.
http://news.bbc.co.uk/1/hi/world/eur...es/8123450.stm
is an interesting article about "quiet" hackers as I call them, note that they aim was not money when they took over the website, also the Swiss police did not arrest the website owner which is unusual.
OK - question related to the mod. I have got a set of customers (about 200) who have bought some particular item. I'd like to send an email to just those customers - is this possible within the interface (or with a simple mod) or do I need to start fiddling around generating huge sql queries and extracting emails that way? I'm using the latest version.
Thanks,
Richard
Zen Cart has the newsletter feature built in, not this, that kind of email would also fall foul of the USA spam (and probably our) rules if they were given the chance to opt into a newletter and you just went an ignored it even if it were limited to one item, and apart from that it's fiddling time.
Philip.
Check out the query factory. This uses the zencart newsletter feature and allows you to build in a custom list for distribution. So, you can specify a query that will select the users who bought that particular item.
a.k.a. query builder. I don't know if there's a good interface into it, but I've used the query_builder table in the database, added a query, and used it for custom newsletter addressing.
Hello, right i've tried to do an upgrade of an older version of super orders. I followed the instructions to install super orders then did the instructions of the upgrade.txt
When i ran the sql patch i got this error:
Then when i went to run the upgrade.phpPHP Code:1062 Duplicate entry 'CA' for key 2
in:
[INSERT INTO so_payment_types VALUES (NULL, 1, 'CA', 'Cash');]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.
We only use super orders to do the follow:PHP Code:1146 Table 'db_name.payment_purchase_order' doesn't exist
in:
[select * from payment_purchase_order]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.
- batch processing
- and to ammend shipping addresses once orders have been placed.
as far as i can tell the site is still working.
The reason we needed to upgrade was when clicking on the buttons within super orders it would cause tables to lock up. The way round this was not to click directly on the buttons but to click somewhere within the block element, however people in this office can't always remeber to do that so they asked me to fix it.
Any ideas?
regards
Andy.
Yes, i just did a new install (on localhost test machine) and got a similar error when running the sql.
("db_name" is not my real dB prefix)Quote:
SQL query:
-- EDIT EXISTING TABLES
ALTER TABLE orders ADD date_completed datetime default NULL ;
MySQL said: Documentation
#1146 - Table 'db_name.orders' doesn't exist
What does it all mean?
Cheers
id you install the patch using your shop admin ? because in all likelihood the table is called zen_orders and won't run through a mysql console.Quote:
Originally Posted by remoteone
Philip.
To add on: hence why you got the error that the table doesn't exist. (db_name.orders should be db_name.zen_orders)Quote:
Originally Posted by philip_clarke
So you can either manually edit the SQL to correct the table names (not advised) OR take Phillips excellent advice and run the script using the Zen Cart admin SQL update tool (the admin tool makes the correction for you as it runs the SQL script)
Hello,
Thanks for advice and fast reply. By "Zen Cart admin SQL update tool " you mean "SQL Query Executor" under "install SQL patches".
Looking at the INSTRUCTIONS, I see it clearly states to:
For those the likes of myself, perhaps it should say:Quote:
3. Run the super_orders_sql.sql file on your database. Will work with
the "SQL Query Executor" tool in the Admin (Tools > Install SQL Patches).
Since most Mod's Ive installed seem to prefer the cut-n-paste code method, I default to using it to install SQL script by cut-n-paste the code using phpMyAdmin. Assuming the Mod's script has been written to be compatible, and not need correction.Quote:
3. Upload the super_orders_sql.sql file on your database. Will ONLY reliably work with
the "SQL Query Executor" tool in the Admin (Tools > Install SQL Patches) by UPLOADing the .sql file.
So Upload the .sql file (as instructed) I now get this error:
Which I hope is ok. I guess it just means that the table already exists from my previous attempts.Quote:
1062 Duplicate entry 'CA' for key 2
in:
[INSERT INTO db_name_so_payment_types VALUES (NULL, 1, 'CA', 'Cash');]
If you were entering information, ..blah blah blah....
So it should work now ???
cheers
yes. (this message needs 7 characters)
Ok that was step 3.
Step 4. ...theres no "Store Phone" or "Store Fax" showing under [Config> My Store]. (Apache restarted and Cache cleared)
Maybe I need to restore my previous SQL table and start again.
It would be better to remove the lines that give you problems in the Install SQL patches. The sequence of sql is probably falling over at the first error.Quote:
Originally Posted by remoteone
I restored previous sql database and Uploaded the super_orders_sql.sql file. Got this error:
Still no "Store Phone" or "Store Fax".Quote:
1366 Incorrect integer value: '' for column 'configuration_id' at row 1
in:
[INSERT INTO mydBprefix_configuration VALUES ('', 'Store Fax', 'STORE_FAX', '', 'Enter the fax number for your store.
You can call upon this by using the define STORE_FAX.', 1, 4, now(), now(), NULL, NULL);]
If you were entering information, etc etc...
Thanks Philip,Quote:
It would be better to remove the lines that give you problems in the Install SQL patches. The sequence of sql is probably falling over at the first error.
Well I'm not sure where to start with that, but I do want to be able to define "Store Phone" separately to the Store Address.
As it stands there is currently no STORE_FAX nor STORE_PHONE [configuration_key] after uploading the .sql.
Cheers
If you put the mouse over the menu that drops down when you are admin configuration, you'll see all these group_ids and configuration ids. These are how ZC would file the store_name, phone configuration bits. Somehow yours have gone wonky. The SQL should be able to bite into the correct menu from doing a lookup in your database, it should fill in the numbers (those missing integer values) and it should the execute the SQL. Would could run the sql manually through phpMyAdmin if your could get the correct numbers. Can't tell you what the numbers are, because with each installation of modules they change around a bit. I think yours are certainly well into the "changed" bit, so I couldn't guess.Quote:
Originally Posted by remoteone
Philip.
And you will likely have the same kinds of problems with other mods doing this.. If you haven't consider yourself lucky.. Most of the SQL written for these mods would have NO IDEA what table prefix you've used when you created your database (you do NOT have to use "zen_"). From my understanding, the "Install SQL Patches" tool would make sure that the correct table prefix is used so that these SQL patches so that the correct tables are created or amended. If you are proficient with SQL, you could edit the SQL statements yourself and continue to use your phpMyAdmin..Quote:
Originally Posted by remoteone
I'm not entirely sure what you mean Philip, but attached are a couple of screenshots. I think the sql upload is failing, and stopping at the firstQuote:
Originally Posted by philip_clarke
at line 88, which means there's a whole bunch of other configuration VALUES not inserted.Quote:
INSERT INTO configuration VALUES ('', 'Store Fax', 'STORE_FAX', '', 'Enter the fax number for your store.......
If by "correct numbers" you mean the dBase Table _id numbers, I'm guessing this Mod' just will not work with a ZC that has other mod's already installed.
With my limited knowledge of SQL, I'm stumped.
Hmm, I'm getting that old osCommerce sinking feeling again.Quote:
Originally Posted by DivaVocals
I have in the past had to change the prefix to get the sql script to run correctly.
To begin, while this app may have it's roots in OS Commerce, that's where the simialrity ENDS.. This is NOTHING like OS Commerce ,and you seemed to have missed my point.. So let me try again.. :smile:Quote:
Originally Posted by remoteone
IF you use the Zen Admin tools for uploading SQL patches for your mods, you WILL NOT have issues with table prefixes.. However if you DO NOT want to use the Admin SQL tool, you will have to manually review and edit any mod's SQL files to make sure that the correct table prefix for YOUR store is in place..
Philip, Thanks for your help,Quote:
Originally Posted by DivaVocals
yep I got that, loud n clear a few posts back.
I started again with my pre-SuperOrders dB backup, then ran (uploaded) the .sql file using [Admin >>Install SQL patches] (SQL Query Executor).. .. It still does not show a row for STORE_FAX nor STORE_PHONE under [Configuration>>Mystore]. I'm just taking one step at a time. This step isnt working, I can only assume the other functionality may be in question.
Cheers
I still have the exact same problems as i stated before.
regards
Andy.
Check your DB (using phpMyAdmin). If the other rows for the configuration table are there, the rows for the phone number and fax should show as well. If they don't simply add those fields yourself.. Not sure why they wouldn't be there.. I've never had any issues with the fields not being created when I run the Super Orders script.. Sometimes strange things happen..:lookarounQuote:
Originally Posted by remoteone
Other aspects of this add-on work just fine.. There's a few functional feature enhancements I would request for this add-on, but otherwise I believe it's a highly useful add-on.. I started out using it for my test store to run it through it's paces. Now I install it for all of my clients.. My only suggestion is to make the changes necessary to correct the truncated short shipping display. These posts will help with that..Quote:
Originally Posted by remoteone
http://www.zen-cart.com/forum/showpo...&postcount=777
http://www.zen-cart.com/forum/showpo...&postcount=720
http://www.zen-cart.com/forum/showpo...&postcount=853
http://www.zen-cart.com/forum/showpo...postcount=1115
Good luck..:smile:
Especially since I got banned from OsCommerce for reporting security flaws, whereas here they were fixed, big difference in attitudes.Quote:
Originally Posted by DivaVocals
Philip.
DivaVocals had a good idea, there the store phone or name or whatever it is called, find that in you phpMyAdmin database and slot the missing numbers (and db_prefix) into the query, that should then magically appear the missing bits int he right place without me have to try and explain thingys.Quote:
Originally Posted by remoteone
Actually the very last part of the Super Orders SQL contains all of the insert statements to add the data into the configuration table.. If the other values from the Super Orders SQL are in the configuration table, then the names phone number and fax data should be there as well as these insert statements precede the others.. (see below)Quote:
Originally Posted by philip_clarke
Code:-- Store Phone and Fax numbers
INSERT INTO configuration VALUES ('', 'Store Fax', 'STORE_FAX', '', 'Enter the fax number for your store.<br>You can call upon this by using the define <strong>STORE_FAX</strong>.', 1, 4, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES ('', 'Store Phone', 'STORE_PHONE', '', 'Enter the phone number for your store.<br>You can call upon this by using the define <strong>STORE_PHONE</strong>.', 1, 4, now(), now(), NULL, NULL);
-- Purchase Order payment module configs
INSERT INTO configuration VALUES (NULL, 'Enable Purchase Order Module', 'MODULE_PAYMENT_PURCHASE_ORDER_STATUS', 'True', 'Do you want to accept Purchase Order payments?', 6, 1, now(), now(), NULL, 'zen_cfg_select_option(array(\'True\', \'False\'), ');
INSERT INTO configuration VALUES (NULL, 'Make payable to:', 'MODULE_PAYMENT_PURCHASE_ORDER_PAYTO', 'Destination ImagiNation, Inc.', 'Who should payments be made payable to?', 6, 2, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Sort order of display.', 'MODULE_PAYMENT_PURCHASE_ORDER_SORT_ORDER', '0', 'Sort order of display. Lowest is displayed first.', 6, 4, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Payment Zone', 'MODULE_PAYMENT_PURCHASE_ORDER_ZONE', '0', 'If a zone is selected, only enable this payment method for that zone.', 6, 5, now(), now(), 'zen_get_zone_class_title', 'zen_cfg_pull_down_zone_classes(');
INSERT INTO configuration VALUES (NULL, 'Set Order Status', 'MODULE_PAYMENT_PURCHASE_ORDER_ORDER_STATUS_ID', '2', 'Set the status of orders made with this payment module to this value', 6, 6, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
-- Super Orders configuration group
INSERT INTO configuration_group VALUES (28, 'Super Orders', 'Settings for Super Order features', 100, 1);
-- Super Orders configs (Admin > Configuration > Super Orders)
-- Automatic Status Updating
INSERT INTO configuration VALUES (NULL, 'Auto Status - Purchase Order', 'AUTO_STATUS_PO', '2', 'Number of the status assigned to an order when a purchase order is added to the payment data.', 28, 11, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Auto Status - Payment', 'AUTO_STATUS_PAYMENT', '2', 'Number of the order status assigned when a payment (<B>not</B> attached to a purchase order) is added to the payment data.', 28, 10, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Auto Status - P.O. Payment', 'AUTO_STATUS_PO_PAYMENT', '2', 'Number of the order status assigned when a payment <B>attached to a purchase order</B> is added to the payment data.', 28, 10, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Auto Status - Refund', 'AUTO_STATUS_REFUND', '2', 'Number of the order status assigned when a refund is added to the payment data.', 28, 13, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Auto Comments - Payment', 'AUTO_COMMENTS_PAYMENT', 'Payment received in our office. Payment ID: %s', 'You''ll have the option of adding these pre-configured comments to an order when a payment is entered. You can attach the payment number to the comments by typing <strong>%s</strong>.', 28, 14, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Auto Comments - P.O. Payment', 'AUTO_COMMENTS_PO_PAYMENT', 'Payment on purchase order received in our office. Payment ID: %s', 'You will have the option of adding these pre-configured comments to an order when a purchase order payment is entered. You can attach the payment number to the comments by typing <strong>%s</strong>.', 28, 14, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Auto Comments - Purchase Order', 'AUTO_COMMENTS_PO', 'Purchase Order #%s received in our office', 'You will have the option of adding these pre-configured comments to an order when a purchase order is entered. You can attach the payment number to the comments by typing <strong>%s</strong>.', 28, 15, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Auto Comments - Refund', 'AUTO_COMMENTS_REFUND', 'Refund #%s has been issued from our office.', 'You will have the option of adding these pre-configured comments to an order when a refund is entered. You can attach the refund number to the comments by typing <strong>%s</strong>.', 28, 17, now(), now(), NULL, NULL);
INSERT INTO configuration VALUES (NULL, 'Federal Tax Exempt Number', 'FED_TAX_ID_NUMBER', '00-000000', 'If your tax exempt, then you should have a federal tax ID number. Enter the number here and the tax columns will not appear on the invoice. The number will also be displayed at the top of the invoice.', 28, 50, now(), now(), NULL , NULL);
INSERT INTO configuration VALUES (NULL, 'Closed Status - "Cancelled"', 'STATUS_ORDER_CANCELLED', '0', 'Insert the order status ID # you would like to assign to an order when you press the special "Cancelled!" button on super_orders.php.<p>If you do not have a "cancel" status, or do not want assign one automatically, choose <B>default</B> and this option will be ignored.<p><strong>You cannot attach comments or notify the customer using this option.</strong>', 28, 30, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Closed Status - "Completed"', 'STATUS_ORDER_COMPLETED', '0', 'Insert the order status ID # you would like to assign to an order when you press the special "Completed!" button on super_orders.php.<p>If you do not have a "complete" status, or do not want assign one automatically, choose <B>default</B> and this option will be ignored.<p><strong>You cannot attach comments or notify the customer using this option.</strong>', 28, 30, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
INSERT INTO configuration VALUES (NULL, 'Closed Status - "Reopened"', 'STATUS_ORDER_REOPEN', '0', 'Insert the order status ID # you would like to assign to an order when you undo the cancelled/completed status of an order.<p>If you do not have a "reopened" status, or do not want assign one automatically, choose <B>default</B> and this option will be ignored.<p><strong>You cannot attach comments or notify the customer using this option.</strong>', 28, 30, now(), now(), 'zen_get_order_status_name', 'zen_cfg_pull_down_order_statuses(');
-- Following is for a future release
-- Bar code display
--INSERT INTO configuration VALUES (NULL, 'Display bar codes', 'BC_ENABLE', 'true', 'If enabled, a bar code of the order number will appear on invoices and packing slips.', 28, 99, now(), now(), NULL, 'zen_cfg_select_option(array(''true'', ''false''),');
--INSERT INTO configuration VALUES (NULL, 'Bar Code Height', 'BC_HEIGHT', '60', 'Height of image in pixels.', 28, 99, now(), now(), NULL, NULL);
--INSERT INTO configuration VALUES (NULL, 'Bar Code Width', 'BC_WIDTH', '300', 'Width of image in pixels. The image MUST be wide enough to handle the length of the given value. The default value will probably be able to display about 11 digits. If you get an error message, make it wider!', 28, 99, now(), now(), NULL, NULL);
--INSERT INTO configuration VALUES (NULL, 'Bar Code Quality', 'BC_QUALITY', '100', 'For JPEG only: ranges from 0-100.', 28, 99, now(), now(), NULL, NULL);
--INSERT INTO configuration VALUES (NULL, 'Bar Code Output Format', 'BC_OUTTYPE', 'PNG', 'The graphic format for the barcode.<br />TIP: JPEG is usually the best option. PNG normally dosen''t print well, and GIF is very low-res.', 28, 99, now(), now(), NULL, 'zen_cfg_select_option(array(\'JPEG\', \'PNG\', \'GIF\'),');
--INSERT INTO configuration VALUES (NULL, 'Display text of bar code contents', 'BC_TEXTSHOW', 'true', 'To disable text below barcode = 0. To enable text below barcode = 1.', 28, 99, now(), now(), NULL, 'zen_cfg_select_option(array(\'true\', \'false\'),');
Somewhere you would have an install SQL file for new users, grab the CREATE TABLE statement from that and paste it into the Install SQL Patches but of your ZC configuration., then run the upgrade.Quote:
Originally Posted by Andy_GS
:no: I promised I would not help with this damn module again, it's rubbish, parts date from 2005 it's security sucks and I've never been able to find anyone with the time to fix it even as a project for a kid.
No-one thought to see what would happen if they put the word NULL instead of '' like all the SQL statements that follow ? Just an idea ?Quote:
Originally Posted by DivaVocals
Code:INSERT INTO configuration VALUES (NULL, 'Enable Purchase Order Module', 'MODULE_PAYMENT_PURCHASE_ORDER_STATUS', 'True', 'Do you want to accept Purchase Order payments?', 6, 1, now(), now(), NULL, 'zen_cfg_select_option(array(\'True\', \'False\'), ');
:laugh: I just noticed this.. Wow.. After doing some thinking I realized that I might have added these values to my configuration table manually..Quote:
Originally Posted by philip_clarke
It's been a minute since I've done a full manual install.. I have a fully loaded version of Zen that I install for clients and the script for this full install is complete already..
I don't agree that it's complete rubbish Phillip..:smile: Super Orders provides improved functionality that store owners want/need for improved order management.. This add-on improves on the stock orders.php, but from my perspective I would submit that there are some usability/functional features I'd like to see improved out the box.. For example:Quote:
Originally Posted by philip_clarke
- The order display, packing list, and invoice all truncate the shipping method. Now I don't know WHY the abbreviated shipping method would be an out the box feature, but IMO all of these areas should display the full shipping method. If there is a need for showing the short description of the shipping method, it should be an admin configurable feature and not hard coded into the app..
- For orders paid with Paypal, Authorize.net (and probably Linkpoint as well) the store owner should not be required to manually enter the payment in Super Orders. Super Orders should display the updated payment information for all of these methods.
- Edit orders needs to be re-worked. It does not correctly re-calculate the "master order" of the new order created.
- For fully paid orders, the edit orders function should bring forward the payment information from the "master order" or indicate that the payment was applied to the "master order" when splitting off items to a new order or the best solution would be if it just re-calculated BOTH orders when an order is split (paid or not).
- Split order packing list needs to be re-worked. It should only display when an order has been split -- otherwise it should NOT display.. (Currently it displays when the order includes multiple items) Currently it shows each item on the order flagged as "Product(s) will ship separately". I think it should show the FULL original order and flag only those items on the split order with the "Product(s) will ship separately" flag
- Under "Close Order": When clicking the "Completed" button the order status should also update to a status that indicates the order is complete. Currently the store owner must first update the status, then mark the order complete. IMO, this should be ONE step.
- Under "Close Order": When clicking the "Cancelled" button the order status should also update to a status that indicates the order is cancelled. Currently the store owner must first update the status, then mark the order cancelled. IMO, this should be ONE step.
- "Edit Status History" IMO should be completely different. If you are going to allow store owners to edit previously entered comments they should be limited to store admin comments that were NOT sent/copied to the customer.
- Enter Payment function - If you check the "Notify the customer?" checkbox, the customer is notified, but the "Status History" for the order indicates that the customer was not.
- Enter Purchase Order function - Same issue as item 6.
- When no orders are selected for Batch Printing function, the error message should be a user friendly on-screen error message versus the very unfriendly message it shows now (which scares end-users:laugh:): "Warning: Invalid argument supplied for foreach() in /home/content/o/v/e/overthehill/html/testsite.overthehillweb.com/zentest1/admin/super_batch_forms.php on line 341
Error: No orders selected!"- Batch Status Updating throws errors when you search for orders using the following options:
= (equals)
< (less than)
"1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''50' ORDER BY o.orders_id DESC' at line 4
in:
[SELECT o.orders_id, o.customers_id, o.customers_name, o.payment_method, o.date_purchased, o.order_total, s.orders_status_name FROM zen_orders o LEFT JOIN zen_orders_status s ON o.orders_status = s.orders_status_id WHERE s.language_id = '1' AND o.order_total '50' ORDER BY o.orders_id DESC]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields."
"1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '== '13' ORDER BY o.orders_id DESC' at line 4
in:
[SELECT o.orders_id, o.customers_id, o.customers_name, o.payment_method, o.date_purchased, o.order_total, s.orders_status_name FROM zen_orders o LEFT JOIN zen_orders_status s ON o.orders_status = s.orders_status_id WHERE s.language_id = '1' AND o.order_total == '13' ORDER BY o.orders_id DESC]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields."
Now for a few of these items, there are workarounds/corrections posted in this thread. I use most if not all of them (the shipping method truncation for SURE I use)
For items 6-8, very few of my clients use the batch print or update features, but I fully disclose the issues (especially items 6 & 7). For item #8 in particular, I explain how the error occurs and train the heck out of my clients so they never see it..:smile:
For Item 9, I only recently discovered this issue, and will just remove the order total search elements from the super_batch_status.php page. (It's not an entirely NEED TO HAVE feature IMO..)
But Phillip is right... This is largely an abandoned add-on and apparently we all choose to use it at our own risk..:smile: (I guess for many of us the benefits outweigh the risks.. For me the issues and shortcomings have lots of workarounds to still make this app worthwhile..
I have paid for Zencart mods and fixes before.. Frankly for someone like me who knows HTML, and not PHP, I need to outsource work which requires PHP knowledge.. I am giving some very serious thought into paying to get my list of observations/issues with Super Orders addressed..
Phillip -- I have read you talk about the security issues with Super Orders, and I just did a search to see what those might be.. I can't find any threads which cover the full detail list of security issues with this mod. Would you be willing to share your observations of security issues with this mod.. and if you could explain it to me as a non programming end user of the app.. (to quote a line from the movie Philadelphia "Explain it to me like I'm a 3 year old!":laugh:)
Glad I decided to do a tiptoe through this thread.. I asked how to fix this about a year ago.. I have bookmarked this post and will update my stock Zen install to incorporate these changes.. Anyway.. thanks!:smile:Quote:
Originally Posted by mmsim
Number 12 on your list, is something I mentioned before. What happened is that once upon a time the creators of super orders decided that they wouldn't filter any data going into the database so on a batch they would go "SHOW ORDERS WITH A VALUE <= 200" and they have in that select box "<=".
HTML code begins with < and in my particular field of knowledge
http://www.theregister.co.uk/2009/08...mail_xss_flaw/
you can do seriously dangerous things with unfiltered data and a <script> tag. One of the version of zencart 1.3.7 (I think), DrByte put in some cod that translates anything coming through as "<=" into html "<=" to protect from having malicious code injected into the website. That broke that part of super orders. A lot of the data in zencart is filtered now, but super orders doesn't so for exampled <script src="badguy.com" /> could be put into an address field, the website administrator would look at the order and not see anything because browsers don't display HTML tags to the user. The bad guy could then steal user data, in theory hijack the adminsitrators session, go in change the password and lock them out and steall all the credit card details and inject code into the database that would display pronorgraphic adverts (that's very very easy). All because the design of super orders is old "rubbish".
The ZC team have done an excellent job in filtering data all over the place, but the fundamental code underneath super orders is very flawed. The security problems are all over the whole set of pages, too many to list. But not only are there the XSS problems (that's what I just described) but there is also the possiblity that a malicious customer could inject code into the database from something like the payment details field combined with another module, because super orders does not do any filtering of the data it looks for in the database. Which would be the same result as described above, if the adminisitrators session was hijacked.
ZC does have additional security measures in place to stop session hijacking, they filter a lot of the data, if not all of the input. But they still can't do anything about porrly written add-ons from the days when attacks were theoretical rather than everyday. I'm not actually a hacker, I spend some time in the forums and I know some techniques, but most of the time I am repairing the damage done by 15 year old vandals who hijack a server and then don't know what to do with it.
The batch processing code in super_orders is really quite unusual someone had a strange idea that may be on the far edge of genius (seriously) because to get it to work is stunning as it uses insane code that is preposterous, it's also really dangerous to explore the possibility of being able to include a batch file a hundred times to do a job, because if some hijacked of altered that file then you have a page that could launch a denial of service attack that your clients wouldn't even know about.
There are just so many things wrong with the module that it needs a total rewrite, I just don't have the time what with the other modules and work to do.
Philip.
Thanks Phillip I'll make a note of this post.. When I am ready to go to my developer resources for a bid on updating Super Orders I want to be able to provide them with a thorough and complete specification document. This will help..Quote:
Originally Posted by philip_clarke
You SURE you don't want to send me a bid too??:laugh: I know.. I know.. "bugger off" :laugh:
A 15 year old could sanitize the data, it's not a complex job - so should be cheap. The batch thing needs a look at though as it's just plain weird, but sanitizing it needs nothing more than converting ' " / < > and & to html entities (not using the php function html_entities as it doesn't do all the characters. With regards to point 12, all that is need is a switch statement or "If else" statment and then turing the <= into predefined sql that is run through a mysql_escape_string function first (there's one built into zen cart.
Tops, you are looking at $50 for a couple of hours to clean and secure it by a kid, anything else is a rip off and that's way way below what I charge.
I figured as much.. I know (for someone who knows what they are doing) that most of the items on my list are not complex things.. That said, it still doesn't mean I could tackle 'em myself.. :laugh::laugh::laugh: So I totally appreciate your input..Quote:
Originally Posted by philip_clarke
Are ya SURE you don't wanna PM me a bid to do this work???:smile: I know that the generally accepted guiding principal for most folks on open source forums is to pay for nothing, but since I work on a software dev team in my day job, my perspective very is different..
No, the last thing on earth I want to do is to get stuck with yet another module. The results would be GPL'd I'd get even more questions, I don't even know why I hang around this thread anyway. Then I'd feel obligated to do it properly, change the SQL, and your $50 would result in me spending $10,000 in man hours.
now bugger off.