jblemieux Posted June 10, 2011 Share Posted June 10, 2011 I am working on project to find the shipping string and return a variable. I've confirmed that the $shipping_method contains one of the shipping strings. Anyone see any issues with the logic below? Seems to work fine for the logic not bolded, but the second piece appears to be broken. $seek_first = "First"; $seek_media = "Media"; $service = "Unknown"; // look for first class $pos_first = strpos($shipping_method, $seek_first); if ($pos_first === FALSE) { } else { $service = "US-FC"; } // look for media $pos_media = strpos($shipping_method, $seek_media); if ($pos_media === FALSE) { } else { $service = "US-MM"; } Link to comment Share on other sites More sharing options...
Taipo Posted June 10, 2011 Share Posted June 10, 2011 What version of osCommerce are you working from, and which file are you working in? - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
jblemieux Posted June 10, 2011 Author Share Posted June 10, 2011 OSCommerce 2.2 Working in checkout_success.php Link to comment Share on other sites More sharing options...
Taipo Posted June 10, 2011 Share Posted June 10, 2011 Sorry, I cannot see $shipping_method anywhere in checkout_success.php. Is the code a part of an addon or amendment perhaps. Could you post the whole piece you are working with, in particular about the $shipping_method section. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
jblemieux Posted June 10, 2011 Author Share Posted June 10, 2011 Here is the code before it: // get the shipping method $method_orders_query = tep_db_query("select title from " . TABLE_ORDERS_TOTAL . " where class='ot_shipping' and orders_id = '" . (int)$orders['orders_id'] . "'"); $method_orders = tep_db_fetch_array($method_orders_query); $shipping_method = $method_orders['title']; // determine the text for the shipping_method $seek_first = "First"; $seek_media = "Media"; $service = "Unknown"; // look for first class $pos_first = strpos($shipping_method, $seek_first); if ($pos_first === FALSE) { } else { $service = "US-FC"; } // look for media $pos_media = strpos($shipping_method, $seek_media); if ($pos_media === FALSE) { } else { $service = "US-MM"; } Link to comment Share on other sites More sharing options...
Taipo Posted June 10, 2011 Share Posted June 10, 2011 Sorry ttadmin I am not able to find this code anywhere in checkout_success.php // get the shipping method $method_orders_query = tep_db_query("select title from " . TABLE_ORDERS_TOTAL . " where class='ot_shipping' and orders_id = '" . (int)$orders['orders_id'] . "'"); $method_orders = tep_db_fetch_array($method_orders_query); $shipping_method = $method_orders['title']; Can you paste the entire file content in here thanks, pop it between the [ code ] [ /code ] tags (in the editor its the <> backets). Here is the default checkout_success.php from 2.2RC1 <?php /* $Id: checkout_success.php,v 1.49 2003/06/09 23:03:53 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); // if the customer is not logged on, redirect them to the shopping cart page if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_SHOPPING_CART)); } if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'update')) { $notify_string = 'action=notify&'; $notify = $HTTP_POST_VARS['notify']; if (!is_array($notify)) $notify = array($notify); for ($i=0, $n=sizeof($notify); $i<$n; $i++) { $notify_string .= 'notify[]=' . $notify[$i] . '&'; } if (strlen($notify_string) > 0) $notify_string = substr($notify_string, 0, -1); tep_redirect(tep_href_link(FILENAME_DEFAULT, $notify_string)); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SUCCESS); $breadcrumb->add(NAVBAR_TITLE_1); $breadcrumb->add(NAVBAR_TITLE_2); $global_query = tep_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int)$customer_id . "'"); $global = tep_db_fetch_array($global_query); if ($global['global_product_notifications'] != '1') { $orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by date_purchased desc limit 1"); $orders = tep_db_fetch_array($orders_query); $products_array = array(); $products_query = tep_db_query("select products_id, products_name from " . TABLE_ORDERS_PRODUCTS . " where orders_id = '" . (int)$orders['orders_id'] . "' order by products_name"); while ($products = tep_db_fetch_array($products_query)) { $products_array[] = array('id' => $products['products_id'], 'text' => $products['products_name']); } } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="3" cellpadding="3"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('order', tep_href_link(FILENAME_CHECKOUT_SUCCESS, 'action=update', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" width="100%" cellspacing="4" cellpadding="2"> <tr> <td valign="top"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE); ?></td> <td valign="top" class="main"><?php echo tep_draw_separator('pixel_trans.gif', '1', '10'); ?><div align="center" class="pageHeading"><?php echo HEADING_TITLE; ?></div><br><?php echo TEXT_SUCCESS; ?><br><br> <?php if ($global['global_product_notifications'] != '1') { echo TEXT_NOTIFY_PRODUCTS . '<br><p class="productsNotifications">'; $products_displayed = array(); for ($i=0, $n=sizeof($products_array); $i<$n; $i++) { if (!in_array($products_array[$i]['id'], $products_displayed)) { echo tep_draw_checkbox_field('notify[]', $products_array[$i]['id']) . ' ' . $products_array[$i]['text'] . '<br>'; $products_displayed[] = $products_array[$i]['id']; } } echo '</p>'; } else { echo TEXT_SEE_ORDERS . '<br><br>' . TEXT_CONTACT_STORE_OWNER; } ?> <h3><?php echo TEXT_THANKS_FOR_SHOPPING; ?></h3></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td align="right" class="main"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%" align="right"><?php echo tep_draw_separator('pixel_silver.gif', '1', '5'); ?></td> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> </tr> </table></td> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="50%"><?php echo tep_image(DIR_WS_IMAGES . 'checkout_bullet.gif'); ?></td> </tr> </table></td> </tr> <tr> <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_DELIVERY; ?></td> <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_PAYMENT; ?></td> <td align="center" width="25%" class="checkoutBarFrom"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_FINISHED; ?></td> </tr> </table></td> </tr> <?php if (DOWNLOAD_ENABLED == 'true') include(DIR_WS_MODULES . 'downloads.php'); ?> </table></form></td> <!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.