How can we allow people to leave product reviews withour logging in or being annactual customer. Of course to fight spam, the approval setting would be on. Thank you.
How can we allow people to leave product reviews withour logging in or being annactual customer. Of course to fight spam, the approval setting would be on. Thank you.
If you insist:
Load the file
/includes/modules/pages/product_reviews_write/header.php into a text editor
Find this code:
Comment it out, like so:Code:if (!$_SESSION['customer_id']) { $_SESSION['navigation']->set_snapshot(); zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); }
Save the file.Code:// if (!$_SESSION['customer_id']) { // $_SESSION['navigation']->set_snapshot(); // zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); // }
Don't blame me if this comes back to bite you. With this code commented out, anyone can post anything. The zencart code *should* sanitize any 'dangerous' inputs, thus offering some degree of protection, and I suspect your biggest problem is going to be due to hackers and scammers hammering the server looking for a weakness that they can exploit.
Cheers
RodG
I'v seen this done where the merchant sends out an email 2 weeks after the order to get a review and then they are directed to place a review. The customer email is in the return URL, and then ZenCart looks up the customer number and the saves it in the $_SESSION['customer_id'] variable.
You would need to make sure your coding is SUPER SUPER sound, and can't be injected with this type of thing.
I'm not sure on the PCI implications of this...
Just wondering, Why would someone want to come to your site and leave a review of something they didnt purchase?
Zen cart PCI compliant Hosting
I followed the suggestion in this thread and I am now getting an Error Log every time someone goes the a product_review_write page, even if they don't write a review!!
I know it's because I commented out the above so guest can write a review, but is there a way to stop that error log from being generated?!Code:[16-Aug-2021 16:55:19 Australia/Sydney] Request URI: /index.php?main_page=product_reviews_write&cPath=1&products_id=20, IP address: 60. #1 require(/includes/modules/pages/product_reviews_write/header_php.php) called at [/index.php:35] --> PHP Notice: Undefined index: customer_id in /includes/modules/pages/product_reviews_write/header_php.php on line 40. [16-Aug-2021 16:55:20 Australia/Sydney] Request URI: /index.php?main_page=product_reviews_write&cPath=1&products_id=20, IP address: 60. #1 require(/includes/templates/responsive_classic/templates/tpl_product_reviews_write_default.php) called at [/includes/templates/responsive_classic/common/tpl_main_page.php:178] #2 require(/includes/templates/responsive_classic/common/tpl_main_page.php) called at [/index.php:94] --> PHP Notice: Undefined index: customers_firstname in /includes/templates/responsive_classic/templates/tpl_product_reviews_write_default.php on line 43. [16-Aug-2021 16:55:20 Australia/Sydney] Request URI: /index.php?main_page=product_reviews_write&cPath=1&products_id=20, IP address: 60. #1 require(/includes/templates/responsive_classic/templates/tpl_product_reviews_write_default.php) called at [/includes/templates/responsive_classic/common/tpl_main_page.php:178] #2 require(/includes/templates/responsive_classic/common/tpl_main_page.php) called at [/index.php:94] --> PHP Notice: Undefined index: customers_lastname in /includes/templates/responsive_classic/templates/tpl_product_reviews_write_default.php on line 43.
Thanking you in advance.
*Zen Cart eCommerce Solution - Putting the Dream of Owning an Online Business within reach of anyone!
Doing six year old code changes is hardly ever a good idea.
Are You Vulnerable for an Accessibility Lawsuit?
myZenCartHost.com - Zen Cart Certified, PCI Compatible Hosting by JEANDRET
Free SSL, Domain, and MagicThumb with semi-annual and longer hosting.
Bookmarks