vb.org Archive
Page 13 of 17 « First 31112 13 1415 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.0 Full Releases (https://vborg.vbsupport.ru/forumdisplay.php?f=33)
-   -   vBPurchase 1.0c.fl1 (https://vborg.vbsupport.ru/showthread.php?t=83231)

WhisperPntr 07-24-2005 11:48 PM
I finally got it verified. THE GEEK'S fix basically made the item number different than what was needed.

to fix it replace The Geek's original code
PHP Code:
//added by The Geek to remove the SQL injection security problems
globalize($_REQUEST,array('do'=>STR_NOHTML,'product'=>INT,'id'=>INT,'act'=>STR_NOHTML,'perf'=>STR_NOHTML,'tx'=>STR));
globalize($_POST,array('license','service','url'=>STR,'txn_id'=>STR,'custom'=>STR,'item_name'=>STR,'item_number'=>INT)); 
With the following
PHP Code:
//added by The Geek to remove the SQL injection security problems
$do $_GET['do'];
if (($do != 'ipn')&&($do != 'debug')) {
    globalize($_REQUEST,array('do'=>STR_NOHTML,'product'=>INT,'id'=>INT,'act'=>STR_NOHTML,'perf'=>STR_NOHTML,'tx'=>STR));
    globalize($_POST,array('license','service','url'=>STR,'txn_id'=>STR,'custom'=>STR,'item_name'=>STR,'item_number'=>INT));

Not eloquent but it works. Now on to solve why the item information won't be entered into the database

And for those who don't see the line, Basically this was an sql injection fix. Quite handy imho.

WhisperPntr 07-25-2005 02:24 AM
Well I have fixed the item information however it required rewriting most of the insert query in the do='ipn' section. Actually so much of purchase.php has now been rewritten that it's hard to explain or do a copy and replace anymore, especially since I plan on capturing a lot more information.

But if anyone still has issues with it I may be able to help.

And lastly if ron1n and WhSox21 don't mind I may endeavor to post a script based on their works in the future.

If anyone is interested it is basically an art (or design) based script that involves ordering, viewing and troubleshooting art commissions. It will also tie into coppermine.

Of course if they are discouraging the promotion of edited works based on their code I will continue working in secret :)

Ron1n 07-28-2005 11:46 PM
Quote:
And lastly if ron1n and WhSox21 don't mind I may endeavor to post a script based on their works in the future.
If you want to just tell me your plans and I'll see if its OK. I'll be releasing something similar to this in about a month that supports modules (payment options) and more types of products. I sorta rushed this thing into public development and in doing so looked over some things. I am slowly but surely hacking away at my other projects and will get back to this soon.

msn: ronin@elitecoders.org

akanevsky 08-01-2005 12:25 PM
Screenshots Please?

EasyTarget 08-01-2005 10:13 PM
Posts with screenshots:
https://vborg.vbsupport.ru/showpost....1&postcount=37
https://vborg.vbsupport.ru/showpost....4&postcount=89

psalzmann 08-05-2005 06:41 PM
Excellent hack. Will come in very handy for our product.

Quick question, during the script (do == "receipt")..

I noticed (when you go down a bit further in the code).. this:

PHP Code:
$DB_site->query("UPDATE user SET `membergroupids`='".$secondarygroups."' WHERE `userid`='".$user[0]."'"); 
What exactly is that doing? I'm aware it's doing something with the membergroupids, (usergroups) but what exactly is the purpose of this?

For example, I'm going though the code, making it to my own liking (ie: free products just insert the order info, and allows the user to download instantly, etc). But was just thinking:

-- I'm logged in as Admin, and I have full usergroup access. Hence the fact that I got a bit worried when I noticed your code is fetching existing groups and updating the user profile with custom ones.

Could you please confirm what this is doing exactly? Since I haven't seen anywhere in the admin section where this product/order system you created can "upgrade" a users group permissions after an order. I'm sure this is what is going on.. but if possible, please advise how it works.

If I wanted to make usergroup = 3 (non-customer) into usergroup 6 (valid customer) after the PAID order procees what should I be looking for?

Thanks in advance.

Regards,

Peter

psalzmann 08-06-2005 04:17 AM
Sorry, nevermind last post. It's in the Admin > Settings. Must have overlooked it somehow.

Thanks for the great script. ;)

paul41598 08-09-2005 11:23 AM
Will this work with the paypal merchant account setup as well? Using credit cards to pay through paypal?


Also the sql queries arnt working, Im getting errors. These two queries actually look similiar and prob are causing the errors

Code:
INSERT INTO `ph_settings` VALUES ('', 0, '', '', 0, '', '', '', '');
       
--
-- Dumping data for table `ph_settings`
--

INSERT INTO `ph_settings` VALUES ('', 0, '', '', 0, '', '');

paul41598 08-09-2005 04:08 PM
I added some products, but nothing still shows up on this screen (screenshot)

psalzmann 08-09-2005 05:52 PM
Yes, there is some interesting coding for VBPurchase. One of the biggest problems was the SQL insert of new orders. The base of that problem is where the code uses both $product for the order and then right below it again is another $product containing another array of information about the order.

If you just make the 2nd $product = .. to something like $productinfo = .. then both your arrays of $product and $productinfo will work, and no sql input should be lost... works fine over here.

When the developer mentioned in his description this script should only be used by experienced coders, I believe he really meant it. :)

Peter


All times are GMT. The time now is 05:21 PM.
Page 13 of 17 « First 31112 13 1415 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01178 seconds
  • Memory Usage 1,759KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (3)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete