Questions about integrating my own code

[DrByte]

Put your file in another folder. PHP scripts can be run from the root folder without those security restrictions. That would be a suitable place.

[solo_400]

Put your file in another folder. PHP scripts can be run from the root folder without those security restrictions. That would be a suitable place.

Regarding the user/password/table_name : It is possible reading from configure.php which is included in /include and protected by .htaccess ? I don't want to put this info in my php .

[DrByte]

Right. So, include() the file when you need it.

[solo_400]

Right. So, include() the file when you need it.

Thank you DOC , I think I did it !

I think is impossible load configure.php from root directory without adding "Allow from localhost_IP" in my includes/.htaccess .

<Files *.php>
Order Deny,Allow
Deny from all
Allow from localhost_IP
</Files>

Do you think could be a security problem ?

thx again

[DrByte]

I think is impossible load configure.php from root directory without adding "Allow from localhost_IP" in my includes/.htaccess .

<Files *.php>
Order Deny,Allow
Deny from all
Allow from localhost_IP
</Files>

Do you think could be a security problem ?

I would not do that. There should NOT be any reason to edit the /includes/.htaccess file.

Your extra scripts really need to handle security properly. Or load application_top.php to invoke Zen Cart's security handling systems. Loading configure.php directly is not advisable. I didn't mention that earlier because it sounded like you didn't care and all you wanted was just a quick dirty way of doing things without care for the proper approach.

If you want to do it properly, use the same approach that Zen Cart uses: load a primary script from the main directory, and have it load the required additional assets after invoking application_top.php. In the case of ajax, there are many things that will be absent from your stateless connection, so you will have to write numerous additional custom scripts to handle those.

I don't understand why you're doing all this just to send an email, nor why you're sending emails from product pages anyway. But, since you haven't explained anything about the business problem you're trying to solve by this approach, all we can do is blindly guess.

[solo_400]

"If you want to do it properly" .. My concern is security issue and is all around this .

This piece of code is not for sending email . Serve for having a check box on product_info page . By checking this you agree being notified by email ( crontab script ) when product will be on sale . I have a custom table on database where this info is being saved . Now this part is working properly but security is the most important here .

I have removed "Allow from localhost_IP" from configure.php and I loaded application_top.php on my php script. Seems everything working now .

[gjh42]

There is a built-in feature (sidebox) for "notify me of product updates" which you could simply change the text on and have the exact frontend function you want without further customization or fancy work. If you really needed it in the center column I expect it could be adapted. Then changing the internal function to send the notification on sale instead of update should not be difficult for you.