Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Customer Testimonials v1.0


Rezolles_Net

Recommended Posts

Hello...

 

 

I've got a suggestion here...

 

I've tried Customer Testimonial Add-on contrib by oscUser092006 and its working perfectly.But,it would be nice if we admin were notified by email if there is a new testi submitted.So,anyone can get this done??

 

Thank you.

Edited by Rezolles_Net
Link to comment
Share on other sites

  • Replies 215
  • Created
  • Last Reply

Top Posters In This Topic

  • 2 weeks later...

All is well but when I try to add the step........

 

catolog/admin/includes/functions/general.php

 

I get massive errors, where am I supposed to paste the code?

http://www.oscommerce.com/forums/index.php?showtopic=231803

I tried asking here but so far no help. I think it might be something to do with my general.php code. If anyone could help that would be great!

 

Nigelman

Link to comment
Share on other sites

  • 1 month later...

Just a quick note on utilizing Embed Links w/SID in Description along with the Customer Testimonials contrib.

 

I did manage to be able to add links to the products listed in the testimonials utilizing the Embed Links contrib - the only problem I am having is with the links in the small testimonials infobox. Being that the script wants to only show a certain number of characters, and then have you click the link for the entire testimonial (which is great!) - if it decides to chop off the testimonial in the middle of a link then you have a problem.

 

So - 2 things - what I did and is there a fix besides showing the entire testimonial all the time?

 

In the catalog/customer_testimonials file

I changed this:

'testimonial' => $testimonials['testimonials_html_text'],

to this:

'testimonial' => embedded_href_replace($testimonials['testimonials_html_text']),

 

and in the includes/boxes/customer_testimonials file

I changed this:

$testimonial = substr($random_testimonial['testimonials_html_text'], 0, 100);

to this:

$testimonial = substr(embedded_href_replace($random_testimonial['testimonials_html_text']), 0, 200);

 

THIS ONLY WORKS IF YOU HAVE EMBED LINKS WITH SID IN DESCRIPTION CONTRIB INSTALLED AND HAVE SETUP LINKS IN YOUR TESTIMONIALS

 

Ok - now that we got that part down - would anybody please know how I can tell it that if it's cutting off the text it needs to check to see if it is inside of an <a href> tag and wait until the </a> to cut off the text, or cut off before the <a href> (preferably the wait until the </a>) ??

 

Thanks guys :thumbsup:

~Tracy
 

Link to comment
Share on other sites

The URL problem: if you go to my oscommerce lab site, http://perfectillusion.net/catalog/, you will see that I have installed this contribution. However, there is a problem on the URL format.

I have installed the SEO URLS, so I want to convert every links to the seo format. How can I make the url, such as http://perfectillusion.net/catalog/custome...estimonial_id=1, to like a static seo url format?

The other thing I want to mention is that, in the catalog/includes/boxes/customer_testimonials.php file, line 32, the "tep_get_all_get_params(array('language', 'currency'))" seems cause some problem on url too. If I add it, the url will always append the "$amp;testimonial_id=1" everytime I click the same url. After I delete it, this issue goes away.

 

Can anyone give me some information on this?

Link to comment
Share on other sites

  • 2 weeks later...

Hi there,

 

I am having a bit of a problem with this contribution.

 

I have followed the instructions religiously but to no avail. The box will not show up in the column I have specified.

 

It has appeared in admin fine (although the inactive button doesn't work) and I hav no errors.

 

Can anyone help?

Link to comment
Share on other sites

  • 1 month later...
  • 3 weeks later...

Vulnerability found.

I have modded my Testamonials contrib to only use the customers name and message, no other details are taken, so I'm not sure what other fields are vulnerable.

 

I've found that the following code, entered as the customers name, shows a messagebox within the admin page. If entered as the testamonial body, it causes the 'delete', 'edit' and 'add new' buttons not to be shown on the admin page, effectively causing a DOS. I had to log into Phpmyadmin to remove from the customer_testamonials table.

 

<script>alert(123);</ScRiPt>

 

Also, This line entered as the testamonial body causes the same DOS affect, but luckily does not seem to include the specified file:

 

<!--#include file=\"/etc/passwd\"-->

 

Therefore I propose that all fields entered by the customer are screened for such exploit attempts.

Read the forum rules...

Link to comment
Share on other sites

  • 2 weeks later...

can someone please assist me with this contribution?

 

1. This is on the infobox. I need the words Text REMITENTE to be deleted or changed to By. Also the name does not center.

Testimonials

 

 

My sister owns the greatest bakery!...

Read More

 

TEXT_REMITENTETara Hayman

 

2. When I make changes it copies the previous entry and makes it inactive. Is that supposed to happen?

3. When there are no testimonials, the box does not appear on the left column.

Link to comment
Share on other sites

I need to be able to customize the testimonials box a bit - we want it to be product specific - so for example, if I'm on a category page I want testimonials about products that are within that category and any/all of it's subcategories. If I'm on a Product page I want testimonials only for that specific product. If I'm on any other page then it can just be any random testimonial for any product.

 

any thoughts on how to accomplish this?

~Tracy
 

Link to comment
Share on other sites

  • 2 weeks later...
can someone please assist me with this contribution?

 

1. This is on the infobox. I need the words Text REMITENTE to be deleted or changed to By. Also the name does not center.

Testimonials

 

 

My sister owns the greatest bakery!...

Read More

 

TEXT_REMITENTETara Hayman

 

Ijust installed this contribution and get the above problem also, can someone tell me how to change this as requested above. Thanks in advance.

Link to comment
Share on other sites

  • 4 weeks later...
can someone please assist me with this contribution?

 

1. This is on the infobox. I need the words Text REMITENTE to be deleted or changed to By. Also the name does not center.

Testimonials

 

 

My sister owns the greatest bakery!...

Read More

 

TEXT_REMITENTETara Hayman

 

2. When I make changes it copies the previous entry and makes it inactive. Is that supposed to happen?

3. When there are no testimonials, the box does not appear on the left column.

to answer your first question, go to catalog/includes/languages/english.php

find

define('TEXT_TESTIM_BY', 'By:');

replace with

define('TEXT_REMITENTE', 'By:');

to answer your second question, well icant. i dont seem to have that problem, sorry

for your third comment...um, I think that was the point. why would you want a testimonials box with nothing in it? :-)

 

----

 

Okay, now maybe someone can help me, when i click on the read more link, i get File Not Found. Has anyone else had this problem? I am using STS v4.3.3. the link shows its going to the correct file, but even if i type in the exact url, it says no input file....whats goin on here???

Link to comment
Share on other sites

For those with the TEXT_REMITENTE problem, I just upload a new full version with the fix included for /catalog/includes/boxes/customer_testimonials.php

 

http://www.oscommerce.com/community/contributions,839

 

There is currently no testimonials on my site being built, but am sure once we go live 1 April there should be a few popping up very quickly, check it out here

Link to comment
Share on other sites

  • 1 month later...

if it can help anyone else, I've just added a mod

 

-------------------

Customer Testimonials v1.4 mariemeh 28 Apr 2007

 

Full Package

 

Please back up your files and use at your own risk. This is working on my site but I am not a pro and can't garantee perfect results on yours.

 

Made a few corrections:

- catalog/customer_testimonial.php was getting info from the boxes directory instead of the modules directory... you can again get the CLICK HERE TO VIEW ALL TESTIMONIALS

 

- wording in english files in both admin and catalog has been changed to make it more user friendly for those of us who cater to customers who are not as litterate as others.

 

- randomizing of the full list of testimonials has been included

 

All credits goes to those who created this contribution and added to it in the past.

 

 

http://www.oscommerce.com/community/contributions,839

 

___---------------------------------

 

Hoping that this will work for you.

Link to comment
Share on other sites

  • 2 weeks later...

Nice contribution - bit concerned about the earlier posts of exploits regarding this though - anyone come up with solutions or workarounds?

 

Also, we have tested it but do not know where the "SUBJECT" shows up - it doesn't show up on either the admin or catalog side??

 

Any suggestions?

 

I have our programmer working on a possible solution to exploit, will see.

 

Paul

Paul ------------

Link to comment
Share on other sites

Nice contribution - bit concerned about the earlier posts of exploits regarding this though - anyone come up with solutions or workarounds?

 

Also, we have tested it but do not know where the "SUBJECT" shows up - it doesn't show up on either the admin or catalog side??

 

Any suggestions?

 

I have our programmer working on a possible solution to exploit, will see.

 

Paul

 

I'm curious... which version did you download because I was sure I had removed the question to the customer and limited them to entering their name, the name of the product and the link to the product... are any of those vulnerable?

 

and when you say "Anyone could effectively issue a script command and control your server or site?..." can you explain a bit more?

 

As for the subject not showing... I just uploaded a corrected version.

Edited by mariemeh
Link to comment
Share on other sites

I'm curious... which version did you download because I was sure I had removed the question to the customer and limited them to entering their name, the name of the product and the link to the product... are any of those vulnerable?

 

and when you say "Anyone could effectively issue a script command and control your server or site?..." can you explain a bit more?

 

As for the subject not showing... I just uploaded a corrected version.

 

I downloaded the most current version. Install it and issue the command I specify in name, city state and description. Go into admin and try to click on the newly posted testimonial and it will execute the script!! Dangerous.

 

A cleanup per Hade who uncovered it (If I can cleanup the code, I will upload a sanitized version):

 

I simply used the tep_db_prepare_input function to sanitise the values.

For example, replace:

 

$testimonials_id = $HTTP_POST_VARS['testimonials_id'];

 

With:

 

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

 

And do the same with the other HTTP_POST_VARS lines.

This turns the inputs safe, preventing code being injected.

Paul ------------

Link to comment
Share on other sites

I downloaded the most current version. Install it and issue the command I specify in name, city state and description. Go into admin and try to click on the newly posted testimonial and it will execute the script!! Dangerous.

 

A cleanup per Hade who uncovered it (If I can cleanup the code, I will upload a sanitized version):

 

I simply used the tep_db_prepare_input function to sanitise the values.

For example, replace:

 

$testimonials_id = $HTTP_POST_VARS['testimonials_id'];

 

With:

 

$testimonials_id = tep_db_prepare_input($HTTP_POST_VARS['testimonials_id']);

 

And do the same with the other HTTP_POST_VARS lines.

This turns the inputs safe, preventing code being injected.

 

ok I did as you suggested and uploaded a version with those lines changed... but I did notice you mentionned a field for the city and state, again I was sure I had removed all of those and kept it to "name" only. Please if you can point me in the right direction if I forgot something regarding this, I would appreciate it.

 

As well as if you can offer some info as to why if it was this easy to make those fields safer, why didn't anyone make the correction before? Or does it still need some work to make it really safe and this is just a patch while waiting for a better code?

 

I apologize in advance if my questions are dumb... as I mentionned before... I am a very green beginner at this php stuff.

 

Thanks for your help

Link to comment
Share on other sites

ok I did as you suggested and uploaded a version with those lines changed... but I did notice you mentionned a field for the city and state, again I was sure I had removed all of those and kept it to "name" only. Please if you can point me in the right direction if I forgot something regarding this, I would appreciate it.

 

As well as if you can offer some info as to why if it was this easy to make those fields safer, why didn't anyone make the correction before? Or does it still need some work to make it really safe and this is just a patch while waiting for a better code?

 

I apologize in advance if my questions are dumb... as I mentionned before... I am a very green beginner at this php stuff.

 

Thanks for your help

 

I have made the changes as well, but am doing them as per the post that I received by IM. I believe the city state were previous fields, not sure? Would like to see those fields added as an option, so customers can (at least) add their country and put a "pin in" for their hometown/state.

 

Would love to see this contribution have functionality where the customer can select from a row of bizrate type images to add to their post, happy, really happy, etc and have the admin be able to select or modify which to display.

 

This is a great contribution for those of us with multiple (very busy) sites.

 

If I knew more about the programming part of it, I would tweak and remod alot of the mods.

 

ALSO, not sure if you noticed but there are two errors in the catalog side of things. In the testimonials file, you are calling buttonyellow.gif and continueyellow.gif (something like that). These need to be changed to /button_submit.gif and button_continue.gif or the /customer_testimonials.php page will show image errors.

 

 

Regards,

 

:-"

Edited by EthosPaul

Paul ------------

Link to comment
Share on other sites

I have made the changes as well, but am doing them as per the post that I received by IM. I believe the city state were previous fields, not sure? Would like to see those fields added as an option, so customers can (at least) add their country and put a "pin in" for their hometown/state.

 

Would love to see this contribution have functionality where the customer can select from a row of bizrate type images to add to their post, happy, really happy, etc and have the admin be able to select or modify which to display.

 

This is a great contribution for those of us with multiple (very busy) sites.

 

If I knew more about the programming part of it, I would tweak and remod alot of the mods.

 

ALSO, not sure if you noticed but there are two errors in the catalog side of things. In the testimonials file, you are calling buttonyellow.gif and continueyellow.gif (something like that). These need to be changed to /button_submit.gif and button_continue.gif or the /customer_testimonials.php page will show image errors.

Regards,

 

:-"

 

I think the city, state fields would be easy enough to do... just check on the order.php file how it gets that info for shipping and such... and that should tell you what code to use. Or better yet... go change your text file to have the "Your Name" look something like " Your name and location" and they would know to enter it... the "," caracter is accepted by the field and doesn't seem to cause any issues. Just a thought.

 

For the happy and less happy... I think I can do something... I will let you know if it works.

Link to comment
Share on other sites

I think the city, state fields would be easy enough to do... just check on the order.php file how it gets that info for shipping and such... and that should tell you what code to use. Or better yet... go change your text file to have the "Your Name" look something like " Your name and location" and they would know to enter it... the "," caracter is accepted by the field and doesn't seem to cause any issues. Just a thought.

 

For the happy and less happy... I think I can do something... I will let you know if it works.

 

ok forget what I said about the city thing... it's not as I thought it would be but I think I've figured it out.

Link to comment
Share on other sites

Would like to see those fields added as an option, so customers can (at least) add their country and put a "pin in" for their hometown/state.

 

Would love to see this contribution have functionality where the customer can select from a row of bizrate type images to add to their post, happy, really happy, etc and have the admin be able to select or modify which to display.

 

ok i just added on the contribution page a version that will ask for "state, country" and will make that info appear in both the shop and admin side. You can decide to edit your language file to have it say City, State... that would be your choice. The SQL had to be modified so I changed the original one and added a "testimonial_update_to_v2" file to avoid loosing the testimonials you already have.

 

For the "rating", I've looked into and it reminded me why I chose to use Customer Testimonials instead of the Reviews system that comes with OsC... Testimonials allow a customer to say everything they want including a compliment directed to a person on your staff or a compliment for your general customer service etc... which is what I need more then reviews.

 

The Reviews system is for specific products and probably is more what you need if you need to rate per product. I am sure it would be doable to add ratings on this one but I don't think it would be worth it since it wouldn't take in account the other ratings for the same product... however I think Reviews does... at least some of the contributions that work that way.

 

Have a look at Complete Reviews System and Golder Review Stars, you might find those more helpful for that part.

Link to comment
Share on other sites

Customer Testimonials v2

 

Full Package

 

Please back up your files and use at your own risk. This is working on my site but I am not a pro and can't garantee perfect results on yours.

 

 

CAREFUL: *** if you are updating from an older version use the testimonial_update_to_v2.sql file to make sure you do not affect the testimonials that are already in your database.

 

Made a few corrections (from v.1.4):

- catalog/customer_testimonial.php was getting info from the boxes directory instead of the modules directory... you can again get the CLICK HERE TO VIEW ALL TESTIMONIALS

 

- wording in english files in both admin and catalog has been changed to make it more user friendly for those of us who cater to customers who are not as litterate as others.

 

- randomizing of the full list of testimonials has been included

 

 

(From v1.4.1)

Subject now showing on both shop and admin sides.

 

(from v1.4.2)

changed HTTPS_POST_VARS for tep_db_prepare_input($HTTP_POST_VARS to make the input fields safer as recommended by Hayden and Paul.

 

 

** Additional Modifications:

 

- Corrected the 2 buttons on the catalog/customer_testimonials.php (sorry..my bad)

 

- Added a field to get State and Country from customer and have it show in both shop and admin. (You can change this to City or whatever you choose by simply editing the catalog/includes/languages/english/customer_testimonials.php and catalog/admin/includes/languages/english/testimonial_manager.php files to suit your needs.)

 

All credits goes to those who created this contribution added to it in the past.

 

http://www.oscommerce.com/community/contributions,839

 

 

Hoping that aren't anymore errors.. ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...