ZX AntiSpam [Support Thread]

[lat9]

There is also this kind of error in [ZC 1.5.8] (using Bootstrap template):

Code:

[13-Mar-2023 14:55:07 UTC] Request URI: /index.php?main_page=account_confirmation, IP address: 
--> PHP Fatal error: Uncaught Error: Call to a member function isMobile() on null in /httpd.www/includes/templates/template_default/templates/tpl_account_confirmation_default.php:16
Stack trace:
#0 /httpd.www/includes/templates/bootstrap/common/tpl_main_page.php(202): require()
#1 /httpd.www/index.php(94): require('/httpd.www/...')
#2 {main}
  thrown in /httpd.www/includes/templates/template_default/templates/tpl_account_confirmation_default.php on line 16.

Any ideas?

What plugin provided that account_confirmation page? It's not a standard Zen Cart page.

[zamzom]

What plugin provided that account_confirmation page? It's not a standard Zen Cart page.

It is the ZX AntiSpam plugin.
It is the page where the confirmation code is entered.
It worked fine when I have removed that line where IsMobile check is made, because I have recognized there is no such check on other similar template pages. This was the line:

PHP Code:

<?php 
  if (!isset($display_as_mobile)) $display_as_mobile = ($detect->isMobile() && !$detect->isTablet() || $_SESSION['layoutType'] == 'mobile' or  $detect->isTablet() || $_SESSION['layoutType'] == 'tablet'); 
?>

I have also made the rest look like the Bootstrap template way.
However there are many other issues with ZC 1.5.8.
To be continued to list them here...

[zamzom]

In customers_spam.php around line 860

PHP Code:

                <?php
                if ($error == true) {
                  if ($entry_country_error == true) {
                    echo zen_draw_pull_down_menu('entry_country_id', zen_get_countries_for_admin_pulldown(), $cInfo->entry_country_id, 'class="form-control"') . '&nbsp;' . ENTRY_COUNTRY_ERROR;
                  } else {
                    echo zen_get_country_name($cInfo->entry_country_id) . zen_draw_hidden_field('entry_country_id');
                  }
                } else {
                  echo zen_draw_pull_down_menu('entry_country_id', zen_get_countries_for_admin_pulldown(), $cInfo->entry_country_id, 'class="form-control"');
                }
                ?>

zen_get_countries() function is called. This invokes an error. It works fine if these are replaced by zen_get_countries_for_admin_pulldown() function as above.

[zamzom]

Has anyone actually been using this addon? There are some really strategical errors! Check this out:

In /includes/modules/pages/account_confirmation/header_php.php around line 97

PHP Code:

        $sql = "UPDATE " . TABLE_CUSTOMERS . "
              SET customers_default_address_id = '" . (int)$address_id . "'
              WHERE customers_id = '" . (int)$_SESSION['customer_id'] . "'";

        $db->Execute($sql);

        $sql = "INSERT INTO " . TABLE_CUSTOMERS_INFO . "
                          (customers_info_id, customers_info_number_of_logons,
                           customers_info_date_account_created, customers_info_date_of_last_logon)
              VALUES ('" . (int)$_SESSION['customer_id'] . "', '1', now(), now())";

        $db->Execute($sql); 


$sql variable used for db input string. However the same variable is used elsewhere for db output array(assigned around line 40 in the code), and around line 118 it is tried to be read again, of course after it is being corrupted:

PHP Code:

        $_SESSION['customer_first_name'] = $sql->fields['customers_firstname'];
        $_SESSION['customer_last_name'] = $sql->fields['customers_lastname'];
        $_SESSION['customer_default_address_id'] = $address_id;
        $_SESSION['customer_country_id'] = $sql->fields['entry_country_id'];
        $_SESSION['customer_zone_id'] = $sql->fields['entry_zone_id'];
        $_SESSION['customers_authorization'] = $sql->fields['customers_authorization']; 


Should have used some other string variable for the former, for example $sql_str

[zamzom]

Also includes/modules/pages/account_confirmation/header_php.php makes uses of variables such as EMAIL_GREET_MS etc. which are available to the standard create_account page. However in ZC 1.5.8 these are not loaded on every page.
Is there a neat way to load these variables on account_confirmation page?
Or do we have to redeclare them here again?

[zamzom]

Code:

#6  require(/httpd.www/includes/modules/pages/account_confirmation/header_php.php) called at [/httpd.www/index.php:35]
--> PHP Fatal error: 1292:Incorrect datetime value: '1-01200-' for column `mystore_com`.`db_customers`.`customers_dob` at row 1 :: INSERT INTO db_customers (customers_firstname, customers_lastname, customers_email_address, customers_nick, customers_telephone, customers_fax, customers_newsletter, customers_email_format, customers_default_address_id, customers_password, customers_authorization, customers_gender, customers_dob) VALUES (..., '1-01200-') ==> (as called by) /httpd.www/includes/modules/pages/account_confirmation/header_php.php on line 62 <== in /httpd.www/includes/classes/db/mysql/query_factory.php on line 667.

Customer's DOB is reversed, I think no need to call zen_date_raw here (around line 60 of header_php.php):

PHP Code:

        if (ACCOUNT_DOB == 'true')  $sql_data_array[] = array('fieldName'=>'customers_dob', 'value'=>empty($sql->fields['customers_dob']) || $sql->fields['customers_dob'] == '0001-01-01 00:00:00' ? zen_db_prepare_input('0001-01-01 00:00:00') : zen_date_raw($sql->fields['customers_dob']), 'type'=>'date'); 


[balihr]

[ZC 1.5.8][PHP 8.0][MySQL 10.3]

The bold part is where your problem lies. I haven't updated this plugin for 1.5.8 (nor php 8.x) and at the moment have no plans for it.

The plugin works fine on 1.5.7 (it was built on request by one of my clients and used by multiple) but needs a thorough code review for 1.5.8 because of all the changes introduced in that version.

[zamzom]

The bold part is where your problem lies. I haven't updated this plugin for 1.5.8 (nor php 8.x) and at the moment have no plans for it.

The plugin works fine on 1.5.7 (it was built on request by one of my clients and used by multiple) but needs a thorough code review for 1.5.8 because of all the changes introduced in that version.

I know. I am sharing all these so that they would guide you or the others who makes changes.
Btw, thanks for your efforts to share such a plugin. I think it was a big shortage for ZC. Nowadays, e-mail validation or even a phone number validation is a standard procedure for web-sites.

Note: My remarks on 14 Mar 2023, 08:50 PM #14 is independent of the ZC or PHP version though. I think it should be corrected for the current ZX AntiSpam version.

[zamzom]

Also includes/modules/pages/account_confirmation/header_php.php makes uses of variables such as EMAIL_GREET_MS etc. which are available to the standard create_account page. However in ZC 1.5.8 these are not loaded on every page.
Is there a neat way to load these variables on account_confirmation page?
Or do we have to redeclare them here again?

Checking from the documentation
https://docs.zen-cart.com/dev/code/158_language_files/

I have inserted the following in the beginning of header_php.php file after the require(DIR_WS_MODULES ... statement on line 14:

PHP Code:

 $filename = 'create_account.php';    // load extra language constants from create_account page
  $folder = '/';  // end with slash 
  $new_langfile = DIR_WS_LANGUAGES . $_SESSION['language'] . $folder .  'lang.' . $filename; 
  if (file_exists($new_langfile)) {
     global $languageLoader; 
     $languageLoader->loadExtraLanguageFiles(DIR_FS_CATALOG . DIR_WS_LANGUAGES,  $_SESSION['language'], $filename, $folder); 
  }