paulm2003 Posted December 21, 2003 Share Posted December 21, 2003 Anyone interested in a BTS template switch? It would enable you to develop a new layout for your (live) store on the server, but nobody else will see you are working on it. When you decide the new layout is ready you switch the template in admin to show it to the public. It is quite easy to achieve, I have been testing it recently and it does work already. There are two thing left I need to know to make it ready for "daily use", and to include it in a BTS update. 1) I need to know how I can make osC remember a value i.e. "$templateSwitch" which is added for example at the end of the url (i.e. http://myshopurl/index.php?&templateSwitch=-newtemplate). This would be for testing the new template, before it is ready. I suppose it can be stored in the/a cookie somehow? 2) How would one create a switch in admin to set this same variable, once the new template is ready for public? Don't need exact code, but some hints would be nice. Paul Quote Link to comment Share on other sites More sharing options...
sw45859 Posted December 21, 2003 Share Posted December 21, 2003 try storing the template value in the database and call it from there in the application_top.php then you can use it through the site as value['template'] Quote Link to comment Share on other sites More sharing options...
Guest Posted December 21, 2003 Share Posted December 21, 2003 (edited) I'll give my answers backwards, as I think that it is easier that way: 2. You can make it a admin > Configuration > My Store configuration variable with the following SQL: INSERT INTO configuration (configuration_title, configuration_key, configuration_value, configuration_description, configuration_group_id, sort_order, date_added) VALUES ('Default Template', 'DEFAULT_TEMPLATE', 'templates', 'Directory that holds the template files for the default store template', '1', '22', now()); Note: 22 is available with a default install of MS2. You may have to change (increase) it in accordance with mods that you have made. 1. I would add to includes/application_top.php, the following code: if (isset($HTTP_GET_VARS['templateSwitch']) && is_dir(DIR_FS_CATALOG . $HTTP_GET_VARS['templateSwitch'])) { $templateSwitch = $HTTP_GET_VARS['templateSwitch']; tep_session_register('templateSwitch'); } elseif (!tep_session_is_registered('templateSwitch')) { $templateSwitch = DEFAULT_TEMPLATE; } Now, it should use the value you set in My Store, unless you passed templateSwitch=whatever in the URL at some point. I.e. the logic is: if templateSwitch is passed in the URL, use that value and register it in the current session; otherwise, if it is registered in the session (meaning that it was passed in the URL previously) use the session value (happens automatically in pre-MS3 code); otherwise, use the default defined in admin. Note: you have to add the code after it loads the configuration variables from the database. I would put it as soon before you start using it as possible. Possibly at the very end of the file. Hth, Matt Edited December 21, 2003 by iiinetworks Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 22, 2003 Author Share Posted December 22, 2003 Hi Matt, it is really amazing, it works! What would I do without you? Even though I didn't ask for exact code, you gave it anyway, and I am very happy with it! Doing it on my own, it probably would have taken me several days or more to make it work. Now it took me about one hour. Your solution is perfect. And your note: Note: you have to add the code after it loads the configuration variables from the database. I would put it as soon before you start using it as possible.also was very to the point. I decided to create a new configuration file ("includes/template_settings.php") <?php if(isset($templateSwitch)) { define('DIR_WS_TEMPLATES', $templateSwitch . '/'); } else { define('DIR_WS_TEMPLATES', 'templates/'); } define('DIR_WS_CONTENT', DIR_WS_TEMPLATES . 'content/'); ?> which I included at the end of "includes/application_top.php". Not sure if it is the best solution but it was the fastest way for me to get it working at this moment. If you think this is the wrong approach, please let me know! Now i will try to update the BTS with it, but it will require me to update/check some more files because I hardcoded some path's in the BTSv1-1 where I really should have used the defines :rolleyes: . Thank you very much again Matt! Paul Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 22, 2003 Author Share Posted December 22, 2003 BTS Templates Switcher test site up (on slow host): http://www.eeweb.nl/osc-bts/ :) Does anybody have a nice looking BTS template for me to test the Template Switcher? (no changes to files other than the files in templates dir allowed) Hope to upload new BTS version to contributions very soon. Quote Link to comment Share on other sites More sharing options...
Chad Posted December 22, 2003 Share Posted December 22, 2003 everytime I click to change template it gives me stream errors. Might want to look at the code again and see whats wrong there. I also have to wait till the session times out till I can revisit the page again. Quote Link to comment Share on other sites More sharing options...
Guest Posted December 23, 2003 Share Posted December 23, 2003 The session ID is not being added right, so the URL looks like this: http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709 with too many ?s. It should be http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709 Note: if you make that change in the URL manually, it may work thereafter...at least it did for me. Hth, Matt Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 23, 2003 Author Share Posted December 23, 2003 everytime I click to change template it gives me stream errors. Might want to look at the code again and see whats wrong there. I also have to wait till the session times out till I can revisit the page again.:o Sorry there appears to be an error with the links! It should work fine now unless you have cookies disabled. Temporary switched of tep_href_link() function on these links. The session ID is not being added right, so the URL looks like this: http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709 with too many ?s. It should be http://www.eeweb.nl/osc-bts/index.php?tplD...d86a6d96c2f5709 Note: if you make that change in the URL manually, it may work thereafter Hi Matt, that's indeed the errror I made with the links to load the other templates <a href="'.tep_href_link("index.php?tplDir=templates-lt").'"> I can see/understand that it is wrong now. Not sure about the best way to solve it at the moment since I have no idea yet how this tep_href_link function really works. I also left out your "is_dir" check for testing, which I should (and will) have put back obviously!!! Paul Quote Link to comment Share on other sites More sharing options...
Guest Posted December 23, 2003 Share Posted December 23, 2003 <a href="'.tep_href_link('index.php', 'tplDir=templates-lt').'"> The second parameter to href_link is the parameters list (use ampersands, &, to separate pairs). Note: to comply with osCommerce coding practices, all strings should use ' unless using escape characters that work in " but not '. Exception: SQL strings, which contain ' of their own. One reason for this is that ' are more efficient, since PHP attempts less processing on them. Hth, Matt Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 23, 2003 Author Share Posted December 23, 2003 Hi Matt, Hope to update tonight. Thanks for the additional info to! Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 24, 2003 Author Share Posted December 24, 2003 Hi Matt, or other experts I decided to use (your sligtly modified) code as below: (added at the emd of application_top.php) // bof BTS v1.2 added 2003/12/23 // if not yet defined in database, define DIR_WS_TEMPLATES_DEFAULT now if (!(defined(DIR_WS_TEMPLATES_DEFAULT))) define (DIR_WS_TEMPLATES_DEFAULT, 'templates'); // the is_dir and the strstr are simple checks if tplDir really is an existing template directory if ((isset($HTTP_GET_VARS['tplDir'])) && is_dir(DIR_FS_CATALOG . $HTTP_GET_VARS['tplDir']) && (strstr($HTTP_GET_VARS['tplDir'],'template'))) { $tplDir = $HTTP_GET_VARS['tplDir']; tep_session_register('tplDir'); } elseif (!tep_session_is_registered('tplDir')) { $tplDir = DIR_WS_TEMPLATES_DEFAULT; } // include BTS template settings file added 2003/12/23 require('includes/configure_bts.php'); // eof BTS v1.2 So I made an extra check if the tplDir is likely to be a templates directory. But I am wondering if this would be enough for securety? If someone could manupilate the sessions info for example, filling in another value for tplDir ,could it become a security problem then? If there could be somekind of securety problem, I could create an extra admin switch to switch on and off (default) this url template switching for example. Paul Quote Link to comment Share on other sites More sharing options...
Guest Posted December 24, 2003 Share Posted December 24, 2003 The most secure way to do it would be to make the value passed in a handle for the actual template directory, which would be stored in the database. Then you would pass in something like template_id, which it would look up in the database to get a template directory. The database values would be set in admin. The insecure part about this is that the user can pass in a value in the URL. Putting the directory in a database entry means that only directories that are in the database can be used. Hth, Matt Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 25, 2003 Author Share Posted December 25, 2003 Putting the directory in a database entry means that only directories that are in the database can be used. I thought about that option, but it seems a bit to restrictive to me. I am considering to create a setting in the database which defines the beginning of the templates dir name. The default could be "template", this way you don't need to define the exact template dirs's in admin. Only tempalte dir's which start with "template" (or wathever is set in admin) would be valid. About the sessions, info not really needed to make it work, just being curious. Since they are stored on the server (or in the server's database), I assume nobody can mess with it (exept maybe from stealing somebody else's session?). Quote Link to comment Share on other sites More sharing options...
Guest Posted December 26, 2003 Share Posted December 26, 2003 I am considering to create a setting in the database which defines the beginning of the templates dir name. The default could be "template", this way you don't need to define the exact template dirs's in admin. Only tempalte dir's which start with "template" (or wathever is set in admin) would be valid.There are exploits that do something like template-whatever/../../../../use/my/replacement/directory that potentially would be available with that. You could get the same level of protection by specifying that all template directories share the same directory, e.g. includes/templates/template-CSS or whatever. Other than hijacking the session, it would be difficult to mess with the sessions. Also, if you did figure out how to do it, I would think that you would focus on cracking admin or at least the orders system rather than playing in the template directory. Note: same problem exists in the languages directory...it is also based on a session variable. You might want to check the code that handles that to see its solution. Hth, Matt Quote Link to comment Share on other sites More sharing options...
paulm2003 Posted December 27, 2003 Author Share Posted December 27, 2003 There are exploits that do something like template-whatever/../../../../use/my/replacement/directory that potentially would be available with that.I think will filter out all dots (and slashes?) from the $tdpDir var, just to be sure. May be even filter out all non alpha/numeric. You could get the same level of protection by specifying that all template directories share the same directory, e.g. includes/templates/template-CSS or whatever.Yes, that indeed looks more attractive to me now. I"ll move all templates to separate dir's (css, lt, osC) in the templates directory. It also can reduce the needed typing to switch dir's :) ("css" compared to "templates-css"). Paul Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.