OLD Super Orders 2.0 (See v3.0 thread instead)

[philip_clarke]

Sorry I've been off due to repeated illness and this is not "my module" (the original developers disappeared quite sometime back).

The only issues with combining the modules are 1) the orders.php used as a basis for super orders dates back to about 2007 and so sometimes it doesn't work on later versions. 2) super_orders or edit_orders both use window.back() in their links to go backwards through results which can mean repeated clicks through to the wrong places. 3) bad totalling of discounts or order re-totalling.

I'd solved quite a few of the problems certainly 1 and 2, but 3 remained an issue. Until I sorted some of the other issues with my own modules (and got healthier) I'll not be looking at this module's totalling up problems. I agree it was quite easy to just put them up on the same zen-cart shop but over time they don't play nicely together and the totalling and re-totalling appears to move further from the desired or correct values.

Philip.

[tuncay]

voltage great thanks a lot i did what you say yes it is working. only not working part is when you edit with edit orders the balance due isn't updating automaticly . however if i go edit order totals (under super orders) click and at the next window click on submit then it updates do you have any fix for that too if you have it is going to be great.

thanks again for the great job

[tuncay]

batch status update batch form print for values < less then and equal is giving below error

1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''250' ORDER BY o.orders_id DESC' at line 4
in:
[SELECT o.orders_id, o.customers_id, o.customers_name, o.payment_method, o.date_purchased, o.order_total, s.orders_status_name FROM zen_orders o LEFT JOIN zen_orders_status s ON o.orders_status = s.orders_status_id WHERE s.language_id = '1' AND o.order_total '250' ORDER BY o.orders_id DESC]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields

is this a bug for php 5.xx
thank you

[philip_clarke]

No that is a SQL error missing an = sign before the '250'

[tuncay]

can you open it up a little where i need to look to fix.
you mean there is a a problem at my database.

[philip_clarke]

batch status update batch form print for values < less then and equal is giving below error

1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''250' ORDER BY o.orders_id DESC' at line 4
in:
[SELECT o.orders_id, o.customers_id, o.customers_name, o.payment_method, o.date_purchased, o.order_total, s.orders_status_name FROM zen_orders o LEFT JOIN zen_orders_status s ON o.orders_status = s.orders_status_id WHERE s.language_id = '1' AND o.order_total '250' ORDER BY o.orders_id DESC]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields

is this a bug for php 5.xx
thank you

The most I can open it up is that the PHP should have read o.order_total = '250' which is why you got the error, since I do not know what

"batch status update batch form print for values < less then and equal is giving below error"

means.

It means no PHP 5 problem, no problem with the database, it means wherever you are there is a problem with the code sending information through to the database. If you can repeat the exact steps to get the error, probably I can find where to put the = sign in the code.

[philip_clarke]

What you mean is "when I goto the page super_batch_forms.php and type in 250 into the order total box and select < (less than) then I get this error".

At which point I look through the code and go "oh dear". I am going through the code, there is a tremendous amount of SQL insertion problems, although as it is inside admin it should only be affected by authorised users.

There is a problem, it's nothing to do with the PHP version, or the database, it's a coding issue and may not even be anything to do with super orders and so far has required eliminating quite a few pages for coding errors and may take some more time, and there's no point in explaining it, because it would be an explantion in PHP which you probably would not understand.

[philip_clarke]

In admin/includes/init_includes/init_general_funcs.php there is this at the bottom of the page:

Code:

if (isset($_GET) & sizeof($_GET) > 0 ) {
  foreach ($_GET as $key=>$value) {
    $_GET[$key] = strip_tags($value);
  }
}

and if you change the one line to

Code:

//    $_GET[$key] = strip_tags($value);

then super_batch_forms.php will work when using the less than function for the order total.

BUT this is not recommended at all

The strip_tags code is in Zen Cart as a security measure to stop XSS attacks. Super orders needs re-coding because it submits <= to the page and Zen Cart strips it out because the strip_tags function thinks it is a HTML tag. Super orders is full of SQL Insertion security holes and possible XSS attacks and the Zen cart code is there to try and stop them. At the moment the only solution to the bug is to open up more security holes in your system although if the admin folder has been moved as recommended in the general security guidelines, it's not a really big hole.

Philip.

[tuncay]

thank you for your reply but i mixed up more.
what is the problem. exactly a security hole or not .

the admin folder has been moved as recommended in the general security guidelines, it's not a really big hole.

you mean by that ssl secured admin area .
thank you

[tuncay]

also this isn't working if i choose equal, but it is worknig if i chose more then. may be the answer is looking more then and imitating that for less then and equal.

but i amn't an expert i don't know how to code. i am thinking simple. may be possible or may be not.
thank you