ashras99 Posted July 5, 2007 Share Posted July 5, 2007 I have added a tell a friend link in the product_info page. But i have noticed anyone can change own email and name also on the tell a friend page, which is not at all good and anyone can use for sending spams. So, please tell me the way, so we can locked the editing of those 2 fields. I tried to remove those fields from page but on submission process page consider those 2 fields as empty and giving errors. So, any solution? Link to comment Share on other sites More sharing options...
Guest Posted July 6, 2007 Share Posted July 6, 2007 I have added a tell a friend link in the product_info page. But i have noticed anyone can change own email and name also on the tell a friend page, which is not at all good and anyone can use for sending spams. So, please tell me the way, so we can locked the editing of those 2 fields. I tried to remove those fields from page but on submission process page consider those 2 fields as empty and giving errors. So, any solution? If you simply want the error messages to go away, then around line 44 is where the php checks the document for error messages. You can simply comment out these condition statements to keep the document from giving you the errors. I don't know why you would want to send an email without those fields, but there is a plausible solution for you. Link to comment Share on other sites More sharing options...
ashras99 Posted July 6, 2007 Author Share Posted July 6, 2007 oh... i am not able to explain properly. When user tell a friend then definitely friend must know from where he is receiving a mail... but i want those fields must be locked for changing the name and address, otherwise users will send a spam through this by changing own email address and name. (Those fields already filled from the database name/username- then why need to allow changes there). Hope i made myself clear this time, btw if we remove the fields which i am thinking before then friend get a email from "unknown sender" which is bad. Link to comment Share on other sites More sharing options...
Guest Posted July 6, 2007 Share Posted July 6, 2007 in your catalog\tell_a_frind.php locate this code $email_subject = sprintf(TEXT_EMAIL_SUBJECT, $from_name, STORE_NAME); $email_body = sprintf(TEXT_EMAIL_INTRO, $to_name, $from_name, $product_info['products_name'], STORE_NAME) . "\n\n"; right above it add: $account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); $account = tep_db_fetch_array($account_query); $from_name = $account['customers_firstname'] . ' ' . $account['customers_lastname']; $from_email_address = $account['customers_email_address']; it will work as long as the tell a friend switch is set to send email for registered customers only. For the html page layout you could remove the from fields but in that case you need to also remove them from the process switch and there are few places you need to do that. If you leave them they shouldn't matter as the code fetches the registered customer's details Link to comment Share on other sites More sharing options...
ashras99 Posted July 6, 2007 Author Share Posted July 6, 2007 wonderful, thanks a lot this works absolutely fine. And leaving those fields now is the best way, so if anyone try to send the spam to anyone... user still know the right mailing address from database. Can you help me in solving other feature problem called "Ask a Question" here: http://www.oscommerce.com/forums/index.php?sho...=268526&hl= Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.