Re: Ceon Back In Stock Notifications 3.0.0 - mysql_affected_rows

Originally Posted by
swguy
One of my clients has started getting spam signups on this too. I'm considering a few options - maybe limiting it to logged in customers only. I'll post back with notes on what I did.
in observers/class.back_in_stock_notificationsProductInfo.php you could add a product ID verification to stop false product creation.
For info, this is based on ZC1.5.7 and not been fully tested... added the red section
Code:
$already_to_be_notified_query = "
SELECT
id
FROM
" . TABLE_BACK_IN_STOCK_NOTIFICATION_SUBSCRIPTIONS . "
WHERE
product_id = '" . (int) $_GET['products_id'] . "'
AND
(
customer_id = '" . (int) $_SESSION['customer_id'] . "'
OR
email_address = '" .
$customer_details->fields['customers_email_address'] . "'
);";
$already_to_be_notified = $db->Execute($already_to_be_notified_query);
$productID = $_GET['products_id'];
if ($productID == '') {
//no product ID used die
$back_in_stock_notification_build_form = false;
$product_back_in_stock_notification_form_link =
BACK_IN_STOCK_NOTIFICATION_TEXT_ALREADY_SUBSCRIBED;
} else if ($already_to_be_notified->RecordCount() > 0) {
// Customer is already subscribed to the notification list for this product
In ZC157a I could not create a record by adding a non-existing product ID, it just kicks out a can't find product message. However, I could create one with no product ID..
Dave
Always forward thinking... Lost my mind!
Bookmarks