Notifier question

[hubert]

First I tried, my solution is not the solution, and I forget to tell that there also was another debug warning

Code:

mysqli_real_escape_string() expects parameter 2 to be string, array given in /home4/hubertbe/public_html/tst154/includes/classes/db/mysql/query_factory.php on line 115

Which is, technically speaking a warning, but I don't get any reward points shown nor calculated in my invoice totals.

What is strange it's these warning are about my custom module and not reward points. I don't get any message coming from reward points files.

I'm missing something here...

[hubert]

Thank you very much mc12345678, now I understand the new syntax.

I've solved a lot of my problems as only one debug file is still there (I had several before), I'm still getting

PHP Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /includes/classes/db/mysql/query_factory.php on line 115

And the message is not very precise as I don't get who is calling...

Let me check if all my files for Edit Orders are there...

[lat9]

Thank you very much mc12345678, now I understand the new syntax.

I've solved a lot of my problems as only one debug file is still there (I had several before), I'm still getting


And the message is not very precise as I don't get who is calling...

Let me check if all my files for Edit Orders are there...

Install the myDebug Backtrace plugin to get the highlighted information.

[hubert]

What a gem lat9 !

I'm getting

[02-Feb-2016 17:05:01 America/Chicago] Request URI: /tst154/index.php?main_page=checkout_success, IP address: xx.xx.xx.xx
#1 mysqli_real_escape_string() called at [/includes/classes/db/mysql/query_factory.php:115]
#2 queryFactory->prepare_input() called at [/includes/classes/db/mysql/query_factory.php:496]
#3 queryFactory->prepareInput() called at [/includes/functions/functions_general.php:904]
#4 zen_db_input() called at [/includes/classes/supertracker.php:183]
#5 supertracker->update() called at [/includes/templates/MYTEMPLATE/jscript/jscript_supertracker.php:15]
#6 require(/includes/templates/piccolo2/jscript/jscript_supertracker.php) called at [/includes/templates/template_default/common/html_header.php:129]
#7 require(/includes/templates/template_default/common/html_header.php) called at [/index.php:43]

[02-Feb-2016 17:05:01 America/Chicago] PHP Warning: mysqli_real_escape_string() expects parameter 2 to be string, array given in /includes/classes/db/mysql/query_factory.php on line 115

So my understanding is that I have to upgrade Supertracker, the problem is I already have the latest Supertracker 1.1, which says it is only compatible with 1.5.0 and not 1.5.4.

So I'm tracking.
Base ZC functions like prepare_input() or mysqli_real_escape_string(), can't be involved so, lines 1 to 3 can be forgotten.

Line 4, hmmm..., super tracker line 183, let's see,

Code:

      $db->Execute("UPDATE " . TABLE_SUPERTRACKER . "
                    SET last_click = NOW(),
                        exit_page='" . zen_db_input(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI']))) . "',
                        exit_page_name='" . $page_title . "',
                        num_clicks=num_clicks+1,
                        added_cart='" . zen_db_input($tracking_data->fields['added_cart']) . "',
                        categories_viewed='" . zen_db_input($categories_viewed) . "',
                        products_viewed='" . zen_db_input($tracking_data->fields['products_viewed']) . "',
                        customer_id='" . (int)$customer_id . "',
                        completed_purchase='" . zen_db_input($completed_purchase) . "',
                        cart_contents='" . zen_db_input($cart_contents) . "',
                        cart_total = '" . zen_db_input($cart_total) . "',
                        order_id = '" . (int)$order_id . "'
                    WHERE tracking_id='" . (int)$tracking_data->fields['tracking_id'] . "'");
          
      // SQL Injection Security Fix (Mathew Chan, 25 Feb 2009)
      // $db->prepareInput(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])))
      
      //$db->Execute("UPDATE " . TABLE_SUPERTRACKER . " SET last_click = NOW(), exit_page='" . zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])) . "', exit_page_name='" . $page_title . "', num_clicks=num_clicks+1, added_cart='" . $tracking_data->fields['added_cart'] . "', categories_viewed='" . $categories_viewed . "', products_viewed='" . $tracking_data->fields['products_viewed'] . "', customer_id='" . $customer_id . "', completed_purchase='" . $completed_purchase . "', cart_contents='" . $cart_contents . "', cart_total = '" . $cart_total . "', order_id = '" . $order_id . "' WHERE tracking_id='" . $tracking_data->fields['tracking_id'] . "'");

183 --- cart_contents='" . zen_db_input($cart_contents) . "'

This doesn't seem to have anything special.
Either I'm lost or it's again the beginning of the classe :

class supertracker {

function supertracker(){
}

Does using function __construct again will help ?
I'm a bit... Sorry I'm completely lost

[lat9]

That log implies that the $cart_contents variable is (as the debug message indicates) an array as opposed to a string. You could "stringify" the value using the PHP implode function.

[hubert]

I've just dug into the code and I found

Code:

 //Store away their cart contents
      //But, the cart is dumped at checkout, so we don't want to overwrite the stored cart contents
      //In this case
      $current_cart_contents = serialize($_SESSION['cart']->contents);
      if (strlen($current_cart_contents) > 6) {
        $cart_contents = $current_cart_contents;
        $cart_total = $_SESSION['cart']->show_total();
      }

So the cart content should already be serialized.
In the table I'm seeing, in former records

a:1:{s:36:"287:207793b2351645b00ef85f38194431f7";a:2:{s:3:"qty";d:1;s:10:"attrib utes";a:1:{i:22;s:3:"100";}}}

which is a serialized array, no ?

The if (strlen($current_cart_contents) > 6) means if the cart contains something as a serialized array would give at least "x:y:{}" which makes 6 chars.


So I don't see why the array is still an array...

[lat9]

Would you post (using the code-tags as you have previously) the contents of the supertracker-class function "leading up to" the error at line 183?

[hubert]

Here is the SuperTracker 1.1 class

Code:

class supertracker {

  function supertracker(){
  }

  function update() {
    global $db, $cPath, $cPath_array, $breadcrumb;
//// **** CONFIGURATION SECTION  **** ////

    @define('XTRACKING_EXCLUDED_IPS', '');
    @define('XTRACKING_EXCLUDED_UA', 'ServiceUptime.robot');
    @define('XTRACKING_EXCLUDE_BOTS', 'true');

    if (XTRACKING_EXCLUDED_IPS != '') {
      $ex_array = explode(',', str_replace(' ','', XTRACKING_EXCLUDED_IPS));
      foreach ($ex_array as $key => $ex_ip) {
        if ($_SERVER['REMOTE_ADDR'] == $ex_ip) return;
      }
    }

    if (XTRACKING_EXCLUDED_UA != '') {
      $ex_array = explode(',', XTRACKING_EXCLUDED_UA);
      foreach ($ex_array as $key => $ex_ua) {
        if (strpos($_SERVER['HTTP_USER_AGENT'], trim($ex_ua)) !== false) return;
      }
    }

    if(!isset($spider_flag)) {
      $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
      $spider_flag = false;
      if (zen_not_null($user_agent)) {
        $spiders = file(DIR_WS_INCLUDES . 'spiders.txt');
        for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
          if (zen_not_null($spiders[$i])) {
            if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
              $spider_flag = true;
              break;
            }
          }
        }
      } else {
        $spider_flag = true;
      }
    }

    if (XTRACKING_EXCLUDE_BOTS == 'true' && $spider_flag) return;

    $user_agent = zen_db_prepare_input($_SERVER['HTTP_USER_AGENT']);

    $existing_session = false;

    $thirty_mins_ago = date('Y-m-d H:i:s', (time() - (30*60)));
    //Find out if this user already appears in the supertracker db table

    //First thing to try is customer_id, if they are signed in
    if (isset($_SESSION['customer_id'])) {
      $tracking_data = $db->Execute("SELECT *
                              FROM " . TABLE_SUPERTRACKER . "
                              WHERE customer_id ='" . (int)$_SESSION['customer_id'] . "'
                                AND last_click > '" . $thirty_mins_ago . "'
                              LIMIT 1");
      if (!$tracking_data->EOF) {
        $existing_session = true;
      }
    }

    //Next, we try this: compare first 2 parts of the IP address (Class B), and the browser
    //Identification String, which give us a good chance of locating the details for a given user. I reckon
    //that the chances of having more than 1 user within a 30 minute window with identical values
    //is pretty small, so hopefully this will work and should be more reliable than using Session IDs....
    if (!$existing_session) {
      $ip_parts = explode ('.', $_SERVER['REMOTE_ADDR']);
      $tracking_data = $db->Execute("SELECT *
                              FROM " . TABLE_SUPERTRACKER . "
                              WHERE browser_string ='" . zen_db_input($user_agent) . "'
                                AND ip_address like '" . $ip_parts[0] . '.' . $ip_parts[1] . "%'
                                AND last_click > '" . $thirty_mins_ago . "'
                              LIMIT 1");
      if (!$tracking_data->EOF) {
        $existing_session = true;
      }
    }

    //If that didn't work, and we have something in the cart, we can use that to try and find the
    //record instead. Obviously, people with things in their cart don't just appear from nowhere!
    if (!$existing_session) {
      if ($_SESSION['cart']->count_contents()>0) {
        $tracking_data = $db->Execute("SELECT *
                                FROM " . TABLE_SUPERTRACKER . "
                                WHERE cart_total ='" . $_SESSION['cart']->show_total() . "'
                                  AND last_click > '" . $thirty_mins_ago . "'
                                LIMIT 1");
        if (!$tracking_data->EOF) {
          $existing_session = true;
        }
      }
    }

    //Having worked out if we have a new or existing user session lets record some details....!
    if ($existing_session) {
      //Existing tracked session, so just update relevant existing details
      $completed_purchase = $tracking_data->fields['completed_purchase'];
      $categories_viewed = unserialize($tracking_data->fields['categories_viewed']);
      $cart_contents = unserialize($tracking_data->fields['cart_contents']);
      $cart_total = $tracking_data->fields['cart_total'];
      $order_id = $tracking_data->fields['order_id'];
      if (isset($_SESSION['customer_id']))
        $customer_id = (int)$_SESSION['customer_id'];
      else
        $customer_id = (int)$tracking_data->fields['customer_id'];

      //Find out if the customer has added something to their cart for the first time
      if ($_SESSION['cart']->count_contents() > 0) $tracking_data->fields['added_cart'] = 'true';

      //Has a purchase just been completed?
      if (($_GET['main_page'] == FILENAME_CHECKOUT_SUCCESS) && ($completed_purchase != 'true')) {
        $completed_purchase = 'true';
        $order_result = $db->Execute("SELECT orders_id
                                      FROM " . TABLE_ORDERS . "
                                      WHERE customers_id = '" . $customer_id . "'
                                      ORDER BY date_purchased DESC");
        if (!$order_result->EOF) {
          $order_id = $order_result->fields['orders_id'];
        }
      }

      //If customer is looking at a product, add it to the list of products viewed
      if ($_GET['main_page'] == 'product_info' || $_GET['main_page'] == 'document_info') {

        if (!strstr($tracking_data->fields['products_viewed'], '*' . (int)$_GET['products_id'] . '?')) {
          //Product hasn't been previously recorded as viewed
          $tracking_data->fields['products_viewed'] .= '*' . (int)$_GET['products_id'] . '?';
        }
      }

      //Store away their cart contents
      //But, the cart is dumped at checkout, so we don't want to overwrite the stored cart contents
      //In this case
      $current_cart_contents = serialize($_SESSION['cart']->contents);
      if (strlen($current_cart_contents) > 6) {
        $cart_contents = $current_cart_contents;
        $cart_total = $_SESSION['cart']->show_total();
      }

      //If we are on index.php, but looking at category results, make sure we record which category
      if ($_GET['main_page'] == FILENAME_DEFAULT) {
        if (isset($_GET['cPath'])) {
          $cat_id = zen_db_prepare_input($_GET['cPath']);
          $cat_id_array = explode('_',$cat_id);
          $cat_id = $cat_id_array[sizeof($cat_id_array)-1];
          $categories_viewed[$cat_id] = 1;
        }
      }
//var_dump($tracking_data->fields);echo '<br />';
      $categories_viewed = serialize($categories_viewed);

      $page_title = zen_db_input($breadcrumb->last() . (isset($_GET['page']) ? ' (' . sprintf(PREVNEXT_TITLE_PAGE_NO, $_GET['page']) . ')' : ''));

      $db->Execute("UPDATE " . TABLE_SUPERTRACKER . "
                    SET last_click = NOW(),
                        exit_page='" . zen_db_input(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI']))) . "',
                        exit_page_name='" . $page_title . "',
                        num_clicks=num_clicks+1,
                        added_cart='" . zen_db_input($tracking_data->fields['added_cart']) . "',
                        categories_viewed='" . zen_db_input($categories_viewed) . "',
                        products_viewed='" . zen_db_input($tracking_data->fields['products_viewed']) . "',
                        customer_id='" . (int)$customer_id . "',
                        completed_purchase='" . zen_db_input($completed_purchase) . "',
                        cart_contents='" . zen_db_input($cart_contents) . "',
                        cart_total = '" . zen_db_input($cart_total) . "',
                        order_id = '" . (int)$order_id . "'
                    WHERE tracking_id='" . (int)$tracking_data->fields['tracking_id'] . "'");
          
      // SQL Injection Security Fix (Mathew Chan, 25 Feb 2009)
      // $db->prepareInput(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])))
      
      //$db->Execute("UPDATE " . TABLE_SUPERTRACKER . " SET last_click = NOW(), exit_page='" . zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])) . "', exit_page_name='" . $page_title . "', num_clicks=num_clicks+1, added_cart='" . $tracking_data->fields['added_cart'] . "', categories_viewed='" . $categories_viewed . "', products_viewed='" . $tracking_data->fields['products_viewed'] . "', customer_id='" . $customer_id . "', completed_purchase='" . $completed_purchase . "', cart_contents='" . $cart_contents . "', cart_total = '" . $cart_total . "', order_id = '" . $order_id . "' WHERE tracking_id='" . $tracking_data->fields['tracking_id'] . "'");

    } else {
      //New vistor, so record referrer, etc
      //Next line defines pages on which a new visitor should definitely not be recorded
      $prohibited_pages = 'login,checkout_shipping,checkout_payment,checkout_process,checkout_confirmation,checkout_success';
      $prohibited_pages = '';
      if (!strpos($prohibited_pages, $_GET['main_page'])) {
        if(isset($_SERVER['HTTP_REFERER'])) {
          $refer_data = zen_db_prepare_input(urldecode($_SERVER['HTTP_REFERER']));
          $refer_url_array = parse_url($refer_data);
          $referrer = $refer_url_array['scheme'] . '://' . $refer_url_array['host'] . $refer_url_array['path'];
          $referrer_query_string = $refer_url_array['query'];
        } else {
          $referrer = '';
          $referrer_query_string = '';
        }

        if(is_file(DIR_WS_INCLUDES . "GeoIP.dat")) {
          include(DIR_WS_INCLUDES . "geoip.inc");
          $gi = geoip_open(DIR_WS_INCLUDES . "GeoIP.dat", GEOIP_STANDARD);
          $country_code = strtolower(geoip_country_code_by_addr($gi, $_SERVER['REMOTE_ADDR']));
          geoip_close($gi);
        } else {
          $country_code = '--';
        }

        $this_page = zen_db_input(zen_db_prepare_input(urldecode($_SERVER['REQUEST_URI'])));

        $page_title = zen_db_input($breadcrumb->last() . (isset($_GET['page']) ? ' (' . sprintf(PREVNEXT_TITLE_PAGE_NO, $_GET['page']) . ')' : ''));

        $products_viewed = '';
        //If customer is looking at a product, add it to the list of products viewed
        if ($_GET['main_page'] == 'product_info' || $_GET['main_page'] == 'document_info') {
          if (!strstr($tracking_data->fields['products_viewed'], '*' . (int)$_GET['products_id'] . '?')) {
            //Product hasn't been previously recorded as viewed
            $products_viewed .= '*' . (int)$_GET['products_id'] . '?';
          }
        }

        $db->Execute("INSERT INTO " . TABLE_SUPERTRACKER . " (ip_address, browser_string, country_code, referrer, referrer_query_string, landing_page, landing_page_name, exit_page, exit_page_name, time_arrived, last_click, products_viewed) VALUES ('" . zen_db_input($_SERVER['REMOTE_ADDR']) . "', '" . zen_db_input($user_agent) . "', '" . $country_code . "', '" . zen_db_input($referrer) . "', '" . zen_db_input($referrer_query_string) . "', '" . $this_page . "', '" . $page_title . "', '" . $this_page . "', '" . $page_title . "', NOW(), NOW(), '" . zen_db_input($products_viewed) . "')");

      }//end if for prohibited pages
    }//end else

  }//End function update

}//End Class

?>

The strange thing is that SuperTracker which is meant to record every visit on the site in details is running fine, and I doubt its warning has anything to do with my problem with reward points.

If you have a few minutes to take a look it would be kind. I'm sure, at least I will learn something.

Thanks

Hubert

[lat9]

Er, if that class is intended to be an observer-class item it's got a couple of issues:

• The class doesn't extend the base class.
• The class constructor doesn't attach itself to a notifier
• The update class doesn't have the necessary input parameters

Other than that ...

[hubert]

Er, if that class is intended to be an observer-class item it's got a couple of issues:

• The class doesn't extend the base class.
• The class constructor doesn't attach itself to a notifier
• The update class doesn't have the necessary input parameters

Other than that ...

LOL

If I understand it's not supposed to work, so it's even stranger that it works, it maintains a kind of access.log in the database with products seen, added, referral site, time spent...

And even, in the plugin section it's said to be 1.5.0 compliant !
If I hear you, it is meant to be completely rewritten.

But one think seems for sure, a warning from this module is not the culprit for another module to not appear on checkout confirmation page.
My problem there is that I don't even have any debug message about this rebate (reward points) not appearing...

Let's close this thread, we've been from the notifier question to here, the title is no more relevant and will mislead other readers.
I'll start a new thread for my reward points problem or post on reward points support thread.

Thanks you very much for your help