Ceon Back In Stock Notifications 3.0.0

[HeathenMagic]

One of my clients has started getting spam signups on this too. I'm considering a few options - maybe limiting it to logged in customers only. I'll post back with notes on what I did.

Hello there, I am still struggling to figure this out too, it looks like I have a phantom product as I have a blank product with 657 subscribers when I look at all subscriptions. Or maybe the spam is finding another way in.

[DigitalShadow]

What is causing the constant to not be defined?

Code:

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_HEADER - assumed 'EMAIL_TEXT_HEADER' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 251.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_FROM - assumed 'EMAIL_TEXT_FROM' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 252.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_HEADER - assumed 'EMAIL_TEXT_HEADER' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 278.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_FROM - assumed 'EMAIL_TEXT_FROM' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 279.

[HeathenMagic]

I am not sure if this is causing the spam issue, it seems to be a php 7.2 warning:-

PHP Deprecated: Non-static method CeonEmailValidation::isHeaderInjection() should not be called statically in /chroot/***/html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 91.

also the same error for line 78 81 and 88.

[OldNGrey]

What is causing the constant to not be defined?

Code:

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_HEADER - assumed 'EMAIL_TEXT_HEADER' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 251.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_FROM - assumed 'EMAIL_TEXT_FROM' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 252.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_HEADER - assumed 'EMAIL_TEXT_HEADER' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 278.

[29-Sep-2020 06:03:22 Europe/London] Request URI: /back-in-stock-notification?products_id=34294&cPath=29150_7373_7741_7986_21569&, IP address: removed
#1  sendBackInStockNotificationSubscriptionEmail() called at [/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php:211]
#2  require(/home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php) called at [/home/store/public_html/index.php:36]
--> PHP Warning: Use of undefined constant EMAIL_TEXT_FROM - assumed 'EMAIL_TEXT_FROM' (this will throw an Error in a future version of PHP) in /home/store/public_html/includes/modules/pages/back_in_stock_notification_subscribe/header_php.php on line 279.

If you define the constants in /includes/languages/english/extra_definitions/back_in_stock_notifications.php

HTML Code:

define('EMAIL_TEXT_HEADER',' ');
define('EMAIL_TEXT_FROM',' ');

that warning will go away.
dev: php 7.4.9

[OldNGrey]

The spam issue on my production server started this week and is coming from a range of IP addresses which are probably that are even faking their host id.

As a quick band-aid fix I have disabled sending emails to any subscriber who is not a registered customer. The BIS notifications are still logged and I can delete the trash subscriptions via PHPMyAdmin.

====
prod env: zc 156a; Apache 2.4.29; PHP 7.2.24; MySQL 5.7.32

[OldNGrey]

A minor mistake in BIS is the time format for a subscription is incorrect.
Most admins would not notice this as the date displayed on the "List all subscription" page is in long format eg (DAY dd Month YYYY ) and minutes and seconds are not displayed. I am displaying my dates in universal date_time format eg (YYYY-MM-DD hh:mm:ss)

In ceon_back_in_stock_notifications
in \files\includes\modules\pages\back_in_stock_notification_subscribe
Line 175: change 'date_subscribed' => date('Y-m-d H:m:i', time()) TO 'date_subscribed' => date('Y-m-d H:i:s', time())
Line 202: change 'date_subscribed' => date('Y-m-d H:m:i', time()) TO 'date_subscribed' => date('Y-m-d H:i:s', time())

Just change the red bit to record minutes and seconds correctly

prod env: 156a
dev env: 157a

[davewest]

One of my clients has started getting spam signups on this too. I'm considering a few options - maybe limiting it to logged in customers only. I'll post back with notes on what I did.

in observers/class.back_in_stock_notificationsProductInfo.php you could add a product ID verification to stop false product creation.

For info, this is based on ZC1.5.7 and not been fully tested... added the red section

Code:

$already_to_be_notified_query = "
                    SELECT
                        id
                    FROM
                        " . TABLE_BACK_IN_STOCK_NOTIFICATION_SUBSCRIPTIONS . "
                    WHERE
                        product_id = '" . (int) $_GET['products_id'] . "'
                    AND
                        (
                            customer_id = '"  . (int) $_SESSION['customer_id'] . "'
                        OR
                            email_address = '" .
                                $customer_details->fields['customers_email_address'] . "'
                        );";
                
                $already_to_be_notified = $db->Execute($already_to_be_notified_query);
                
                 $productID = $_GET['products_id'];

                  if ($productID == '') {
                    //no product ID used die
                    $back_in_stock_notification_build_form = false;
                    
                    $product_back_in_stock_notification_form_link = 
                            BACK_IN_STOCK_NOTIFICATION_TEXT_ALREADY_SUBSCRIBED;
                } else if ($already_to_be_notified->RecordCount() > 0) {
                    // Customer is already subscribed to the notification list for this product

In ZC157a I could not create a record by adding a non-existing product ID, it just kicks out a can't find product message. However, I could create one with no product ID..

[nishajh]

Hi
How can I show Products_model also in the subscription emails?

Thank you

[swguy]

I'm going to add a switch to the configuration so that you can set this mod to work for logged in users only.

[swguy]

Submitted a bunch of fixes for 157 and PHP 7.