Add product to Cart URL?

[aire]

I had Zencart 1.3.8a with a jquery code that throw to "index.php?main_page=product_info&cPath=18&products_id=910&action=add_produc t" a post form with all the variables and text attributes and the shopping cart recieved the data and added it correctly.

Now I'm trying to migrate to Zencart 1.5.1 and I've modified the jquery code with the securityToken, something that before wasn't needed, to do the same add a product through URL "index.php?main_page=product_info&cPath=18&products_id=910&number_of_uploads=0&a ction=add_product".
But now it doesn't work the variables are sent, but the shopping cart tells that there's no product in the basket.

And the question are: Can be done what I'm trying in Zencart 1.5.1?
I'm using these fields of the form:
<input type="hidden" name="securityToken" value="444444"></input>
<input type="hidden" name="id[TEXT_PREFIX9]" value="Text"></input>
<input type="hidden" name="id[TEXT_PREFIX5]" value="_-_-_-_-_-_-_-_-_-_-"></input>
<input type="hidden" name="id[6]" value="22"></input>
<input type="hidden" name="id[8]" value="68"></input>
<input type="hidden" name="id[7]" value="67"></input>
<input type="hidden" name="cart_quantity" value="1"></input>
<input type="hidden" name="products_id" value="286"></input>

Am I missing any field?

[mprough]

Not a field, but rather a active session I think... without an active session and cookie set things cannot be added to the cart.

[gjh42]

Someone (kuroi or DrByte, I forget) posted code a year or two ago that does exactly that, open Zen Cart with a specific product in the cart, so it should be possible.

[aire]

@gjh42 I thing you are pointing to this threat: http://www.zen-cart.com/showthread.p...-via-URL/page2
I've read and using the info in it but it doesn't work in ZC 1.5.1.

@mprough You're right. If I take the security token generated by ZC 1.5.1 of a product, and I paste it in a form of a HTML file like this:

Code:

<form action="http://localhost:8888/zc15/index.php?main_page=product_info&cPath=18&products_id=910&number_of_uploads=0&action=add_product" method="post" enctype="multipart/form-data" name="cart_quantity" id="cart_quantity">
<input type="hidden" name="securityToken" value="6f64e3a15e24fa6d55e1813bc6cf99ec"></input>	
<input type="hidden" name="id[TEXT_PREFIX9]" value="Text"></input>
<input type="hidden" name="id[TEXT_PREFIX5]" value="_-_-_-_-_-_-_-_-_-_-"></input>
<input type="hidden" name="id[6]" value="22"></input>
<input type="hidden" name="id[8]" value="68"></input>
<input type="hidden" name="id[7]" value="67"></input>
<input type="hidden" name="cart_quantity" value="1"></input>
<input type="hidden" name="products_id" value="910"></input>

<input name="" type="submit" value="submit"></input>

If I submit that form after pasted the security token in the same browser, ZC 1.5.1 take the product and add it to the cart perfectly.

The problem is related to the relationship between the security token and the cookie.

[aire]

All right!

Problem solved. I was passing more attributes to ZC 1.5.1 than the attributes the product has.

Solution was:

Include with the ZC 1.5.1 function

Code:

zen_draw_hidden_field('securityToken', $_SESSION['securityToken'])

the value of securityToken in the form.

Code:

<form action="http://localhost:8888/zc15/index.php?main_page=product_info&cPath=18&products_id=910&number_of_uploads=0&action=add_product" method="post" enctype="multipart/form-data" name="cart_quantity" id="cart_quantity">
<input type="hidden" name="securityToken" value="6f64e3a15e24fa6d55e1813bc6cf99ec"></input>	
<input type="hidden" name="id[TEXT_PREFIX9]" value="Text"></input>
<input type="hidden" name="id[TEXT_PREFIX5]" value="_-_-_-_-_-_-_-_-_-_-"></input>
<input type="hidden" name="cart_quantity" value="1"></input>
<input type="hidden" name="products_id" value="910"></input>

<input name="" type="submit" value="submit"></input>

Make sure you send the correct attributes of the product.

Think, that using the securityToken you can embed swf that send product to the cart.

Enjoy!

THREAT SOLVED!!

[lat9]

... or you could have created the form using the function zen_draw_form and it would have added the hidden field for the securityToken as part of its processing.