Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Template Switch


paulm2003

Recommended Posts

Anyone interested in a BTS template switch?

 

It would enable you to develop a new layout for your (live) store on the server, but nobody else will see you are working on it. When you decide the new layout is ready you switch the template in admin to show it to the public.

 

It is quite easy to achieve, I have been testing it recently and it does work already. There are two thing left I need to know to make it ready for "daily use", and to include it in a BTS update.

 

1) I need to know how I can make osC remember a value i.e. "$templateSwitch" which is added for example at the end of the url (i.e. http://myshopurl/index.php?&templateSwitch=-newtemplate). This would be for testing the new template, before it is ready. I suppose it can be stored in the/a cookie somehow?

 

2) How would one create a switch in admin to set this same variable, once the new template is ready for public?

 

Don't need exact code, but some hints would be nice.

 

Paul

Link to comment
Share on other sites

I'll give my answers backwards, as I think that it is easier that way:

 

2. You can make it a admin > Configuration > My Store configuration variable with the following SQL:

INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Default Template', 'DEFAULT_TEMPLATE', 'templates', 'Directory that holds the template files for the default store template', '1', '22', now());

Note: 22 is available with a default install of MS2. You may have to change (increase) it in accordance with mods that you have made.

 

1. I would add to includes/application_top.php, the following code:

if (isset($HTTP_GET_VARS['templateSwitch']) && is_dir(DIR_FS_CATALOG . $HTTP_GET_VARS['templateSwitch'])) {
 $templateSwitch = $HTTP_GET_VARS['templateSwitch'];
 tep_session_register('templateSwitch');
} elseif (!tep_session_is_registered('templateSwitch')) {
 $templateSwitch = DEFAULT_TEMPLATE;
}

Now, it should use the value you set in My Store, unless you passed templateSwitch=whatever in the URL at some point. I.e. the logic is: if templateSwitch is passed in the URL, use that value and register it in the current session; otherwise, if it is registered in the session (meaning that it was passed in the URL previously) use the session value (happens automatically in pre-MS3 code); otherwise, use the default defined in admin.

 

Note: you have to add the code after it loads the configuration variables from the database. I would put it as soon before you start using it as possible. Possibly at the very end of the file.

 

Hth,

Matt

Edited by iiinetworks
Link to comment
Share on other sites

Hi Matt,

 

it is really amazing, it works! What would I do without you? Even though I didn't ask for exact code, you gave it anyway, and I am very happy with it! Doing it on my own, it probably would have taken me several days or more to make it work. Now it took me about one hour. Your solution is perfect.

And your note:

Note:  you have to add the code after it loads the configuration variables from the database. I would put it as soon before you start using it as possible.
also was very to the point.

I decided to create a new configuration file ("includes/template_settings.php")

<?php
if(isset($templateSwitch)) {
 define('DIR_WS_TEMPLATES', $templateSwitch . '/');
 }
else {
 define('DIR_WS_TEMPLATES', 'templates/');
 }
define('DIR_WS_CONTENT', DIR_WS_TEMPLATES . 'content/');
?>

which I included at the end of "includes/application_top.php". Not sure if it is the best solution but it was the fastest way for me to get it working at this moment. If you think this is the wrong approach, please let me know!

 

Now i will try to update the BTS with it, but it will require me to update/check some more files because I hardcoded some path's in the BTSv1-1 where I really should have used the defines :rolleyes: .

 

Thank you very much again Matt!

 

Paul

Link to comment
Share on other sites

BTS Templates Switcher test site up (on slow host):

http://www.eeweb.nl/osc-bts/

:)

 

Does anybody have a nice looking BTS template for me to test the Template Switcher?

(no changes to files other than the files in templates dir allowed)

 

Hope to upload new BTS version to contributions very soon.

Link to comment
Share on other sites

everytime I click to change template it gives me stream errors. Might want to look at the code again and see whats wrong there. I also have to wait till the session times out till I can revisit the page again.

Link to comment
Share on other sites

everytime I click to change template it gives me stream errors. Might want to look at the code again and see whats wrong there. I also have to wait till the session times out till I can revisit the page again.
:o Sorry there appears to be an error with the links! It should work fine now unless you have cookies disabled. Temporary switched of tep_href_link() function on these links.

 

The session ID is not being added right, so the URL looks like this:  http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709 with too many ?s.  It should be http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709

 

Note:  if you make that change in the URL manually, it may work thereafter

Hi Matt,

that's indeed the errror I made with the links to load the other templates

<a href="'.tep_href_link("index.php?tplDir=templates-lt").'">

I can see/understand that it is wrong now. Not sure about the best way to solve it at the moment since I have no idea yet how this tep_href_link function really works.

 

I also left out your "is_dir" check for testing, which I should (and will) have put back obviously!!!

 

Paul

Link to comment
Share on other sites

<a href="'.tep_href_link('index.php', 'tplDir=templates-lt').'">

The second parameter to href_link is the parameters list (use ampersands, &, to separate pairs). Note: to comply with osCommerce coding practices, all strings should use ' unless using escape characters that work in " but not '. Exception: SQL strings, which contain ' of their own. One reason for this is that ' are more efficient, since PHP attempts less processing on them.

 

Hth,

Matt

Link to comment
Share on other sites

Hi Matt,

or other experts

 

I decided to use (your sligtly modified) code as below:

(added at the emd of application_top.php)

// bof BTS v1.2 added 2003/12/23
// if not yet defined in database, define DIR_WS_TEMPLATES_DEFAULT now
if (!(defined(DIR_WS_TEMPLATES_DEFAULT))) define (DIR_WS_TEMPLATES_DEFAULT, 'templates');
// the is_dir and the strstr are simple checks if tplDir really is an existing template directory
if ((isset($HTTP_GET_VARS['tplDir'])) && is_dir(DIR_FS_CATALOG . $HTTP_GET_VARS['tplDir']) && (strstr($HTTP_GET_VARS['tplDir'],'template')))
 {
 $tplDir = $HTTP_GET_VARS['tplDir'];
 tep_session_register('tplDir');
 }
elseif (!tep_session_is_registered('tplDir'))
 {
 $tplDir = DIR_WS_TEMPLATES_DEFAULT;
 }
// include BTS template settings file added 2003/12/23
require('includes/configure_bts.php');
// eof BTS v1.2

So I made an extra check if the tplDir is likely to be a templates directory. But I am wondering if this would be enough for securety? If someone could manupilate the sessions info for example, filling in another value for tplDir ,could it become a security problem then?

If there could be somekind of securety problem, I could create an extra admin switch to switch on and off (default) this url template switching for example.

 

Paul

Link to comment
Share on other sites

The most secure way to do it would be to make the value passed in a handle for the actual template directory, which would be stored in the database. Then you would pass in something like template_id, which it would look up in the database to get a template directory. The database values would be set in admin.

 

The insecure part about this is that the user can pass in a value in the URL. Putting the directory in a database entry means that only directories that are in the database can be used.

 

Hth,

Matt

Link to comment
Share on other sites

Putting the directory in a database entry means that only directories that are in the database can be used.

I thought about that option, but it seems a bit to restrictive to me.

I am considering to create a setting in the database which defines the beginning of the templates dir name. The default could be "template", this way you don't need to define the exact template dirs's in admin. Only tempalte dir's which start with "template" (or wathever is set in admin) would be valid.

 

About the sessions, info not really needed to make it work, just being curious. Since they are stored on the server (or in the server's database), I assume nobody can mess with it (exept maybe from stealing somebody else's session?).

Link to comment
Share on other sites

I am considering to create a setting in the database which defines the beginning of the templates dir name. The default could be "template", this way you don't need to define the exact template dirs's in admin. Only tempalte dir's which start with "template" (or wathever is set in admin) would be valid.
There are exploits that do something like template-whatever/../../../../use/my/replacement/directory that potentially would be available with that. You could get the same level of protection by specifying that all template directories share the same directory, e.g. includes/templates/template-CSS or whatever.

 

Other than hijacking the session, it would be difficult to mess with the sessions. Also, if you did figure out how to do it, I would think that you would focus on cracking admin or at least the orders system rather than playing in the template directory. Note: same problem exists in the languages directory...it is also based on a session variable. You might want to check the code that handles that to see its solution.

 

Hth,

Matt

Link to comment
Share on other sites

There are exploits that do something like template-whatever/../../../../use/my/replacement/directory that potentially would be available with that.
I think will filter out all dots (and slashes?) from the $tdpDir var, just to be sure. May be even filter out all non alpha/numeric.

 

You could get the same level of protection by specifying that all template directories share the same directory, e.g. includes/templates/template-CSS or whatever.
Yes, that indeed looks more attractive to me now. I"ll move all templates to separate dir's (css, lt, osC) in the templates directory. It also can reduce the needed typing to switch dir's :) ("css" compared to "templates-css").

 

Paul

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...