It is the ZX AntiSpam plugin.
It is the page where the confirmation code is entered.
It worked fine when I have removed that line where IsMobile check is made, because I have recognized there is no such check on other similar template pages. This was the line:
I have also made the rest look like the Bootstrap template way.PHP Code:
<?php
if (!isset($display_as_mobile)) $display_as_mobile = ($detect->isMobile() && !$detect->isTablet() || $_SESSION['layoutType'] == 'mobile' or $detect->isTablet() || $_SESSION['layoutType'] == 'tablet');
?>
However there are many other issues with ZC 1.5.8.
To be continued to list them here...
Last edited by zamzom; 14 Mar 2023 at 12:19 PM.
In customers_spam.php around line 860
zen_get_countries() function is called. This invokes an error. It works fine if these are replaced by zen_get_countries_for_admin_pulldown() function as above.PHP Code:
<?php
if ($error == true) {
if ($entry_country_error == true) {
echo zen_draw_pull_down_menu('entry_country_id', zen_get_countries_for_admin_pulldown(), $cInfo->entry_country_id, 'class="form-control"') . ' ' . ENTRY_COUNTRY_ERROR;
} else {
echo zen_get_country_name($cInfo->entry_country_id) . zen_draw_hidden_field('entry_country_id');
}
} else {
echo zen_draw_pull_down_menu('entry_country_id', zen_get_countries_for_admin_pulldown(), $cInfo->entry_country_id, 'class="form-control"');
}
?>
Has anyone actually been using this addon? There are some really strategical errors! Check this out:
In /includes/modules/pages/account_confirmation/header_php.php around line 97
$sql variable used for db input string. However the same variable is used elsewhere for db output array(assigned around line 40 in the code), and around line 118 it is tried to be read again, of course after it is being corrupted:PHP Code:
$sql = "UPDATE " . TABLE_CUSTOMERS . "
SET customers_default_address_id = '" . (int)$address_id . "'
WHERE customers_id = '" . (int)$_SESSION['customer_id'] . "'";
$db->Execute($sql);
$sql = "INSERT INTO " . TABLE_CUSTOMERS_INFO . "
(customers_info_id, customers_info_number_of_logons,
customers_info_date_account_created, customers_info_date_of_last_logon)
VALUES ('" . (int)$_SESSION['customer_id'] . "', '1', now(), now())";
$db->Execute($sql);
Should have used some other string variable for the former, for example $sql_strPHP Code:
$_SESSION['customer_first_name'] = $sql->fields['customers_firstname'];
$_SESSION['customer_last_name'] = $sql->fields['customers_lastname'];
$_SESSION['customer_default_address_id'] = $address_id;
$_SESSION['customer_country_id'] = $sql->fields['entry_country_id'];
$_SESSION['customer_zone_id'] = $sql->fields['entry_zone_id'];
$_SESSION['customers_authorization'] = $sql->fields['customers_authorization'];
Also includes/modules/pages/account_confirmation/header_php.php makes uses of variables such as EMAIL_GREET_MS etc. which are available to the standard create_account page. However in ZC 1.5.8 these are not loaded on every page.
Is there a neat way to load these variables on account_confirmation page?
Or do we have to redeclare them here again?
Customer's DOB is reversed, I think no need to call zen_date_raw here (around line 60 of header_php.php):Code:#6 require(/httpd.www/includes/modules/pages/account_confirmation/header_php.php) called at [/httpd.www/index.php:35] --> PHP Fatal error: 1292:Incorrect datetime value: '1-01200-' for column `mystore_com`.`db_customers`.`customers_dob` at row 1 :: INSERT INTO db_customers (customers_firstname, customers_lastname, customers_email_address, customers_nick, customers_telephone, customers_fax, customers_newsletter, customers_email_format, customers_default_address_id, customers_password, customers_authorization, customers_gender, customers_dob) VALUES (..., '1-01200-') ==> (as called by) /httpd.www/includes/modules/pages/account_confirmation/header_php.php on line 62 <== in /httpd.www/includes/classes/db/mysql/query_factory.php on line 667.
PHP Code:
if (ACCOUNT_DOB == 'true') $sql_data_array[] = array('fieldName'=>'customers_dob', 'value'=>empty($sql->fields['customers_dob']) || $sql->fields['customers_dob'] == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($sql->fields['customers_dob']), 'type'=>'date');
Last edited by zamzom; 15 Mar 2023 at 12:21 PM.
The bold part is where your problem lies. I haven't updated this plugin for 1.5.8 (nor php 8.x) and at the moment have no plans for it.
The plugin works fine on 1.5.7 (it was built on request by one of my clients and used by multiple) but needs a thorough code review for 1.5.8 because of all the changes introduced in that version.
I know. I am sharing all these so that they would guide you or the others who makes changes.
Btw, thanks for your efforts to share such a plugin. I think it was a big shortage for ZC. Nowadays, e-mail validation or even a phone number validation is a standard procedure for web-sites.
Note: My remarks on 14 Mar 2023, 08:50 PM #14 is independent of the ZC or PHP version though. I think it should be corrected for the current ZX AntiSpam version.
Last edited by zamzom; 16 Mar 2023 at 10:27 AM.
Checking from the documentation
https://docs.zen-cart.com/dev/code/158_language_files/
I have inserted the following in the beginning of header_php.php file after the require(DIR_WS_MODULES ... statement on line 14:
PHP Code:
$filename = 'create_account.php'; // load extra language constants from create_account page
$folder = '/'; // end with slash
$new_langfile = DIR_WS_LANGUAGES . $_SESSION['language'] . $folder . 'lang.' . $filename;
if (file_exists($new_langfile)) {
global $languageLoader;
$languageLoader->loadExtraLanguageFiles(DIR_FS_CATALOG . DIR_WS_LANGUAGES, $_SESSION['language'], $filename, $folder);
}
Bookmarks