vBPurchase 1.0c.fl1

FULL RELEASE!

**ATTN**
USE THE FIX LIST ---> AND MAKE SURE YOU HAVE COMPLETED EACH STEP BEFORE INSTALLING. IF YOU HAVE ALREADY INSTALLED, JUST MAKE SURE YOU DO THEM SOON.

For those of you with other versions installed please upgrade using the upgrade_OLDVERSION_NEWVERSION.txt and everything will workfine.

READ ALL OF THIS BEFORE POSTING AND BEFORE DOWNLOADING:
This is not a beta anymore, but it is for capable, expirienced users only. This can be used as a final product, but it is not meant to be a final product. Users will proabably want to add some features for their own forum to meet their unique needs.

Overview:
This is a purchase/member area hack for vBulletin that is integrated with paypal. It comes with no warrantee, no installer, and limited support. It has been tested on all 3.0.x versions and is working (for the most part).

Bugs:
- I did not include admincp phrases
- There are problems when usernames contain '

Suggestions:
- Custom order fields

Notices:
- There is no support extension, but this hack does automatically add users to a new usergroup if you want it to, and therefore you can have a support forum for your users who have actually purchased items.

Quote:

Originally Posted by shah

For those that keep asking this, this is a store hack which is strikingly similar to the ones found at vbadvanced.com, vbcore.com, cinvin.com, go to their products.php page and you will see.

It let's you add licenses/services/products and lets you sell each. You set the price and description from the admin, and it automatically appears in the purchase.php page, from their the user has the option to buy the product and once he/she has paid the price, they will be redirected to the page where they can download the file/license that they have purchased. Hope this descritption helps a little.

Like he has mentioned, you need to know what your doing and you are required to have a paypal account to install this hack, if you don't have paypal, then you pretty much can't use it I guess, not sure.

Thanks shah

[WhisperPntr]

I finally got it verified. THE GEEK'S fix basically made the item number different than what was needed.

to fix it replace The Geek's original code

PHP Code:

//added by The Geek to remove the SQL injection security problems
globalize($_REQUEST,array('do'=>STR_NOHTML,'product'=>INT,'id'=>INT,'act'=>STR_NOHTML,'perf'=>STR_NOHTML,'tx'=>STR));
globalize($_POST,array('license','service','url'=>STR,'txn_id'=>STR,'custom'=>STR,'item_name'=>STR,'item_number'=>INT)); 


With the following

PHP Code:

//added by The Geek to remove the SQL injection security problems
$do = $_GET['do'];
if (($do != 'ipn')&&($do != 'debug')) {
    globalize($_REQUEST,array('do'=>STR_NOHTML,'product'=>INT,'id'=>INT,'act'=>STR_NOHTML,'perf'=>STR_NOHTML,'tx'=>STR));
    globalize($_POST,array('license','service','url'=>STR,'txn_id'=>STR,'custom'=>STR,'item_name'=>STR,'item_number'=>INT));
} 


Not eloquent but it works. Now on to solve why the item information won't be entered into the database

And for those who don't see the line, Basically this was an sql injection fix. Quite handy imho.

[WhisperPntr]

Well I have fixed the item information however it required rewriting most of the insert query in the do='ipn' section. Actually so much of purchase.php has now been rewritten that it's hard to explain or do a copy and replace anymore, especially since I plan on capturing a lot more information.

But if anyone still has issues with it I may be able to help.

And lastly if ron1n and WhSox21 don't mind I may endeavor to post a script based on their works in the future.

If anyone is interested it is basically an art (or design) based script that involves ordering, viewing and troubleshooting art commissions. It will also tie into coppermine.

Of course if they are discouraging the promotion of edited works based on their code I will continue working in secret

[Ron1n]

Quote:

And lastly if ron1n and WhSox21 don't mind I may endeavor to post a script based on their works in the future.

If you want to just tell me your plans and I'll see if its OK. I'll be releasing something similar to this in about a month that supports modules (payment options) and more types of products. I sorta rushed this thing into public development and in doing so looked over some things. I am slowly but surely hacking away at my other projects and will get back to this soon.

msn: ronin@elitecoders.org

[akanevsky]

Screenshots Please?

[EasyTarget]

Posts with screenshots:
https://vborg.vbsupport.ru/showpost....1&postcount=37
https://vborg.vbsupport.ru/showpost....4&postcount=89

[psalzmann]

Excellent hack. Will come in very handy for our product.

Quick question, during the script (do == "receipt")..

I noticed (when you go down a bit further in the code).. this:

PHP Code:

$DB_site->query("UPDATE user SET `membergroupids`='".$secondarygroups."' WHERE `userid`='".$user[0]."'"); 


What exactly is that doing? I'm aware it's doing something with the membergroupids, (usergroups) but what exactly is the purpose of this?

For example, I'm going though the code, making it to my own liking (ie: free products just insert the order info, and allows the user to download instantly, etc). But was just thinking:

-- I'm logged in as Admin, and I have full usergroup access. Hence the fact that I got a bit worried when I noticed your code is fetching existing groups and updating the user profile with custom ones.

Could you please confirm what this is doing exactly? Since I haven't seen anywhere in the admin section where this product/order system you created can "upgrade" a users group permissions after an order. I'm sure this is what is going on.. but if possible, please advise how it works.

If I wanted to make usergroup = 3 (non-customer) into usergroup 6 (valid customer) after the PAID order procees what should I be looking for?

Thanks in advance.

Regards,

Peter

[psalzmann]

Sorry, nevermind last post. It's in the Admin > Settings. Must have overlooked it somehow.

Thanks for the great script.

[paul41598]

Will this work with the paypal merchant account setup as well? Using credit cards to pay through paypal?


Also the sql queries arnt working, Im getting errors. These two queries actually look similiar and prob are causing the errors

Code:

INSERT INTO `ph_settings` VALUES ('', 0, '', '', 0, '', '', '', '');
        
-- 
-- Dumping data for table `ph_settings`
-- 

INSERT INTO `ph_settings` VALUES ('', 0, '', '', 0, '', '');

[paul41598]

I added some products, but nothing still shows up on this screen (screenshot)

[psalzmann]

Yes, there is some interesting coding for VBPurchase. One of the biggest problems was the SQL insert of new orders. The base of that problem is where the code uses both $product for the order and then right below it again is another $product containing another array of information about the order.

If you just make the 2nd $product = .. to something like $productinfo = .. then both your arrays of $product and $productinfo will work, and no sql input should be lost... works fine over here.

When the developer mentioned in his description this script should only be used by experienced coders, I believe he really meant it.

Peter