Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Finding characters within the ot_shipping string


jblemieux

Recommended Posts

I am working on project to find the shipping string and return a variable. I've confirmed that the $shipping_method contains one of the shipping strings. Anyone see any issues with the logic below? Seems to work fine for the logic not bolded, but the second piece appears to be broken.

 

 

 

$seek_first = "First";

$seek_media = "Media";

$service = "Unknown";

// look for first class

$pos_first = strpos($shipping_method, $seek_first);

if ($pos_first === FALSE) {

} else {

$service = "US-FC";

}

 

// look for media

$pos_media = strpos($shipping_method, $seek_media);

if ($pos_media === FALSE) {

} else {

$service = "US-MM";

}

Link to comment
Share on other sites

What version of osCommerce are you working from, and which file are you working in?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Sorry, I cannot see $shipping_method anywhere in checkout_success.php. Is the code a part of an addon or amendment perhaps. Could you post the whole piece you are working with, in particular about the $shipping_method section.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Here is the code before it:

 

 

    // get the shipping method

    $method_orders_query = tep_db_query("select title from " . TABLE_ORDERS_TOTAL . " where class='ot_shipping' and orders_id = '" . (int)$orders['orders_id'] . "'");

    $method_orders = tep_db_fetch_array($method_orders_query);

    $shipping_method = $method_orders['title'];

 

    // determine the text for the shipping_method

    $seek_first = "First";

    $seek_media = "Media";

    $service = "Unknown";

    // look for first class

    $pos_first = strpos($shipping_method, $seek_first);

    if ($pos_first === FALSE) {

    } else {

        $service = "US-FC";

    }

 

    // look for media

    $pos_media = strpos($shipping_method, $seek_media);

    if ($pos_media === FALSE) {

    } else {

        $service = "US-MM";

    }

Link to comment
Share on other sites

Sorry ttadmin I am not able to find this code anywhere in checkout_success.php

 

   // get the shipping method
   $method_orders_query = tep_db_query("select title from " . TABLE_ORDERS_TOTAL . " where class='ot_shipping' and orders_id = '" . (int)$orders['orders_id'] . "'");
   $method_orders = tep_db_fetch_array($method_orders_query);
   $shipping_method = $method_orders['title'];

 

Can you paste the entire file content in here thanks, pop it between the [ code ] [ /code ] tags (in the editor its the <> backets).

 

Here is the default checkout_success.php from 2.2RC1

 

<?php
/*
 $Id: checkout_success.php,v 1.49 2003/06/09 23:03:53 hpdl Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

// if the customer is not logged on, redirect them to the shopping cart page
 if (!tep_session_is_registered('customer_id')) {
   tep_redirect(tep_href_link(FILENAME_SHOPPING_CART));
 }

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) {
   $notify_string = 'action=notify&';
   $notify = $HTTP_POST_VARS['notify'];
   if (!is_array($notify)) $notify = array($notify);
   for ($i=0, $n=sizeof($notify); $i<$n; $i++) {
     $notify_string .= 'notify[]=' . $notify[$i] . '&';
   }
   if (strlen($notify_string) > 0) $notify_string = substr($notify_string, 0, -1);

   tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string));
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SUCCESS);

 $breadcrumb->add(NAVBAR_TITLE_1);
 $breadcrumb->add(NAVBAR_TITLE_2);

 $global_query = tep_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int)$customer_id . "'");
 $global = tep_db_fetch_array($global_query);

 if ($global['global_product_notifications'] != '1') {
   $orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1");
   $orders = tep_db_fetch_array($orders_query);

   $products_array = array();
   $products_query = tep_db_query("select products_id, products_name from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$orders['orders_id'] . "' order by products_name");
   while ($products = tep_db_fetch_array($products_query)) {
     $products_array[] = array('id' => $products['products_id'],
                               'text' => $products['products_name']);
   }
 }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><?php echo tep_draw_form('order', tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'action=update', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" width="100%" cellspacing="4" cellpadding="2">
         <tr>
           <td valign="top"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE); ?></td>
           <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br>
<?php
 if ($global['global_product_notifications'] != '1') {
   echo TEXT_NOTIFY_PRODUCTS . '<br><p class="productsNotifications">';

   $products_displayed = array();
   for ($i=0, $n=sizeof($products_array); $i<$n; $i++) {
     if (!in_array($products_array[$i]['id'], $products_displayed)) {
       echo tep_draw_checkbox_field('notify[]', $products_array[$i]['id']) . ' ' . $products_array[$i]['text'] . '<br>';
       $products_displayed[] = $products_array[$i]['id'];
     }
   }

   echo '</p>';
 } else {
   echo TEXT_SEE_ORDERS . '<br><br>' . TEXT_CONTACT_STORE_OWNER;
 }
?>
           <h3><?php echo TEXT_THANKS_FOR_SHOPPING; ?></h3></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
             <tr>
               <td width="50%" align="right"><?php echo tep_draw_separator('pixel_silver.gif', '1', '5'); ?></td>
               <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
             </tr>
           </table></td>
           <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
           <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
           <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0">
             <tr>
               <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td>
               <td width="50%"><?php echo tep_image(DIR_WS_IMAGES . 'checkout_bullet.gif'); ?></td>
             </tr>
           </table></td>
         </tr>
         <tr>
           <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_DELIVERY; ?></td>
           <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_PAYMENT; ?></td>
           <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td>
           <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_FINISHED; ?></td>
         </tr>
       </table></td>
     </tr>
<?php if (DOWNLOAD_ENABLED == 'true') include(DIR_WS_MODULES . 'downloads.php'); ?>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...