Contributions

The current solution allows anyone to view any order on the system by simply modifying the link parameters. The admin invoice being used was never setup to verify user access. As well, the invoice was not displayed using SSL if your system is configured that way. The following text file describes some simple standard code to add to ensure invoices are only viewed by proper users.

The problem is, if you are using Password Protect Directories for your admin folder, your customers will receive a dialog box asking for username/password.

There are two reasons for this, both found in the included invoice.php:

1.
require('admin/includes/languages/english/invoice.php');

2. href="admin/includes/stylesheet.css"

Here we have two calls to files in the admin directory. Its a simple fix, really.

1. change to includes/languages/english/invoice.php

2. Copy admin/includes/stylesheet.ccs into catalog/invoice_stylesheet.ccs and change line to:
href="invoice_stylesheet.css"

tar.gz Format
OK guys this is my first osc contribution. It works great on my site and one of my customers as well.

This contribution will place the invoice button from admin
on checkout_success.php along wih order # and a message of instruction.
the invoice.php that pops up from this button will be located in
catalog/ and has Print Invoice Links top and bottom.

My only warning is that I only am using English with US Currency!
Not sure if that will matter.

invoice.php for catalog/ is included
file modification are in the Readme and
corresponding .txt files in the appropriate folders as well as button_invoice.gif

Hope this is Helpful!

Enjoy

"To the man who only has a hammer in his tool box, every
problem is a nail!"

Russ McCabe
russmcduck osc Forums
russmc@twrol.com
Sorry if I lack support on this, I am out of town allot.
Any help would be awsome!