Results 1 to 2 of 2
  1. 12 Feb 2007, 02:34 AM #1
    huinca
    huinca is offline New Zenner
    Join Date
    Feb 2006
    Posts
    3
    Plugin Contributions
    0

    Default create_coupon_code() mistake

    Hello.

    In admin/includes/functions/general.php there's a little mistake in create_coupon_code(), it's present at least in version 1.3.7 and 1.3.0.1 (as it's shown in http://phpxref.com/xref/zencart/_fun...n_code.html.gz )

    Though it's hard to achieve, the error can lead to an infinite loop in certain cirsumstances: when the coupon_code already exists.

    I've attached a TXT with indented code, as long as this forum doesn't allow me preformatted text.


    Original code:

    ////
    // Create a Coupon Code. length may be between 1 and 16 Characters
    // $salt needs some thought.

    function create_coupon_code($salt="secret", $length=SECURITY_CODE_LENGTH) {
    global $db;
    $ccid = md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    srand((double)microtime()*1000000); // seed the random number generator
    $random_start = @rand(0, (128-$length));
    $good_result = 0;
    while ($good_result == 0) {
    $id1=substr($ccid, $random_start,$length);
    $query = $db->Execute("select coupon_code
    from " . TABLE_COUPONS . "
    where coupon_code = '" . $id1 . "'");

    if ($query->RecordCount() < 1 ) $good_result = 1;
    }
    return $id1;
    }




    Proposed corrected code:

    ////
    // Create a Coupon Code. length may be between 1 and 16 Characters
    // $salt needs some thought.

    function create_coupon_code($salt="secret", $length=SECURITY_CODE_LENGTH) {
    global $db;
    $ccid = md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    $ccid .= md5(uniqid("","salt"));
    srand((double)microtime()*1000000); // seed the random number generator
    $good_result = 0;
    while ($good_result == 0) {
    $random_start = @rand(0, (128-$length));
    $id1=substr($ccid, $random_start,$length);
    $query = $db->Execute("select coupon_code
    from " . TABLE_COUPONS . "
    where coupon_code = '" . $id1 . "'");

    if ($query->RecordCount() < 1 ) $good_result = 1;
    }
    return $id1;
    }




    Hoping this would be useful,

    Juan Pablo Gil,
    Working in weekends from Chile.
  2. 12 Feb 2007, 02:35 AM #2
    huinca
    huinca is offline New Zenner
    Join Date
    Feb 2006
    Posts
    3
    Plugin Contributions
    0

    Default Re: create_coupon_code() mistake

    Sorry... I forgot the attachment. Here it is.
    Attached Files Attached Files
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. A silly Mistake...!
    By vishalon in forum Templates, Stylesheets, Page Layout
    Replies: 2
    Last Post: 28 Feb 2010, 06:58 AM
  2. overwritten by mistake
    By g_force in forum Templates, Stylesheets, Page Layout
    Replies: 5
    Last Post: 3 Mar 2009, 04:28 AM
  3. Stupid mistake
    By soba in forum General Questions
    Replies: 4
    Last Post: 2 May 2008, 10:15 PM
  4. Overwrite by mistake
    By redche in forum General Questions
    Replies: 0
    Last Post: 9 Aug 2007, 06:53 PM
  5. Category Mistake
    By VainStudios in forum Setting Up Categories, Products, Attributes
    Replies: 3
    Last Post: 3 Jul 2006, 09:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Content and Graphics Copyright (c) 2003 - 2026 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC