Changes since v1.1.0

[Jenius]

A number of major changes/improvements/security and bug fixes have been made on this forum since the last official release of cpCommerce which was v1.1.0 (and most of these changes were made by myself). Simply replace or add to the php files that are currently in v1.1.0 with the files from this zip here.

CHANGE LOG-

Security Fixes:

• Major security fix for the admin section (to prevent SQL injection).
• Minor security fix for the admin section and downloadable products.

NEW Feature:

• Demographic Statistics: Under the reports section of the admin panel; you can now see the age, gender and more of the average account holder.

Functionality improvements and other bug fixes:

• Numerous bug fixes and improvements to the Paypal payment method.
• Several improvements to the main display area.
• Error fixed with sub-products.
• Minor installation bug with MySQL 5.0 fixed.
• Bugged update function removed.
• Gender selection when viewing customer details is fixed.
• Minor bug in configuration.php and category.php is fixed.

[Tony_1]

hold on.  there are index files in directories that don't have them.  kinda of confusing

[Jenius]

there are index files in directories that don't have them.

That's actually the point, those folders should have index files in them but don't (this is a minor security fix). Just put the files in those folders.



PS- Here's a quick note on product names/IDs in paypal with this code:

Product Name-

If someone purchases more than 1 product, only the name of the last product (in alphabetical order) will show up.
Example- Someone buys products named "AAA" and "ZZZ"; only "ZZZ" will show as the name.


Product IDs-

For product IDs it's a bit more complicated (which is why I'm explaining this in the first place).

All products have there own URL.
Example- http://www.example.com/cpcommerce/product.php?id_product=9

The "9" at the end of the above example is an example of the product ID that I used in this code.

This code, as posted, can handle 5 different products and up to 3 of each of those 5 (but can easily be expanded if you know what you're doing) and each product is seperated by a period.
Example- Someone purchases 2 of product ID# 5 and 1 ID# 10. The output in paypal would look like "Product ID: 5.5.10.0.0.0" .

The zeros at the end are place holders if less than 5 different products are purchased; cpcommerce does not ever actually have a product ID# 0.

[Jenius]

Added the following fix to the .zip file:

Fix for purchase recording in mysql database when using Paypal.

Note: at this point in time I haven't tested this fix; but based on the code it looks like it should work.

[Jenius]

I’ve made a few changes to the zip file in the first post:


NEW Feature:
*Demographic Statistics: Under the reports section of the admin panel; you can now see age, gender and more of the average account holder.

Functionality improvements and other bug fixes:
*Error fixed with sub-products.
*Minor installation bug with MySQL 5.0 fixed.
*Bugged update function removed.



There are 3 reasons why I commented out the update function:
1- Since cpradio has been inactive on this project for over 5 months, I don't believe it's likely it will ever be updated.
2- The update function never worked properly in the first place.
3- Most importantly; if this website (cpradio.org) is down or not working for some reason, the admin section of cpCommerce on your own site cannot be opened. It will endlessly try to connect to this site to update but never actually finish loading; so you won't be able to use your own admin section until this site is back up or the update function is disabled.

In the last few weeks there have been a number of times when this site has been down for a few hours and I tried to use the admin section during one of these times. This is what alerted me to this bug in the first place and prompted me to do this.



Edit: I think this file now includes every fix that's been posted on the forum that wasn't already in v1.1.0; if anyone sees something I missed, post a link to it.

[Tony_1]

i'm getting this from your changes with the new demographics........

Demographic: Total Number: Percentage:
Total Number of all Customers: 4 100%
Females (defuault): 3 75%
Males: 1 25%
Do not receive Newletters (defuault): 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 118

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 119
0%
Receive Newletters: 4 100%
Don't have Hidden Information (defuault): 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 142

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 143
0%
Have Hidden Information: 4 100%
Do not receive Updates (defuault): 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 166

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 167
0%
Receive Updates: 4 100%
Do not wish to be Contacted (defuault): 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 190

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 191
0%
Can be Contacted: 4 100%
 
Age Group: Total Number: Percentage:
1 - 17 2 50%
18 - 25 -2 -50%
26 - 35 1 25%
36 - 45 1 25%
46+ 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 272

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 273
0%
Unknown 0
Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 284

Warning: Division by zero in C:\apache\users\etc\htdocs\abovethefirehouse\store\admin\reports\Demos\variables.php on line 285
0%
 
Average Customer Age: 17.5

[Jenius]

Thanks for reporting those errors. I've now corrected the file. Re-download it and replace your current   cpcommerce\admin\reports\Demos\variables.php   file with the new one. If you find any other errors with these files, please feel free to report them here and I'll atempt to correct them as best as I can.

PS- Please be sure to use the link marked "this zip here" in the top post. Do not use the zip attached to the bottom of that post because it is out of date, but I can't update it now that this post is in the announcements section and I'm not a moderator.

[Tony_1]

hmmmm i'm not finding it.

Thanks for reporting those errors. I've now corrected the file. Re-download it and replace your current   cpcommerce\admin\reports\Demos\variables.php   file with the new one. If you find any other errors with these files, please feel free to report them here and I'll atempt to correct them as best as I can.

PS- Please be sure to use the link marked "this zip here" in the top post. Do not use the zip attached to the bottom of that post because it is out of date, but I can't update it now that this post is in the announcements section and I'm not a moderator.

[softnow]

hmmmm i'm not finding it.

It is the blue writing on the third line. Click on it as it is the link

By the way I have replaced the old cpcchanges.zip file on the top post with the new file

[Tony_1]

boy i'm glad i updated my glasses. heheh got the file and will try the new one...

[Jenius]

Product IDs-

For product IDs it's a bit more complicated (which is why I'm explaining this in the first place).

All products have there own URL.
Example- http://www.example.com/cpcommerce/product.php?id_product=9

The "9" at the end of the above example is an example of the product ID that I used in this code.

This code, as posted, can handle 5 different products and up to 3 of each of those 5 (but can easily be expanded if you know what you're doing) and each product is seperated by a period.
Example- Someone purchases 2 of product ID# 5 and 1 ID# 10. The output in paypal would look like "Product ID: 5.5.10.0.0.0" .

The zeros at the end are place holders if less than 5 different products are purchased; cpcommerce does not ever actually have a product ID# 0.

I've modified the code so that it no longer has the trailing 0s and it can handle as many IDs as PayPal allows (which should be up to 255 characters worth).

Simply replace your old cpcommerce/payment/paypal/ files with the new ones from the zip. Please be sure to use the link marked "this zip here" in the top post as the download link at the bottom of that post is out of date again.

Also make sure you don't use any punctuation in any of your product names or you may get an error in PayPal.


On a completely different subject:
If you are not currently already using cpCommerce, I would highly recommend that you don’t. Seeing as cpradio has discontinued active work on this project and no one (including myself) is taking up his role; it is only a matter of time before the codebase becomes obsolete through security issues, lack of features and/or incompatibility. Anyone who doesn’t already have a lot invested in cpCommerce would most likely be better off using another solution. But, of course, if you are invested in it or don’t have another option for various reasons; make sure to use this update.

[Jenius]

A new version is up. This version fixed a minor bug in configuration.php and category.php.



Known unresolved issues:

• Javascript execution security vulnerability.
• PayPal does not respond back to cpCommerce or send email notices of purchases.
• The 'Sort By' function in each category only works for names.

*All other issues are resolved, unknown to this forum at this time, or a problem that only exists with someone's own personal copy.


Please be sure to use the link marked "this zip here" in the top post as the download link at the bottom of that post is out of date.


This is mostly likely the last version I will be putting out.

[Kingangelo]

The zip file link at the top only leads me to a login screen, can anyone host this file up or post a new link?

[Tony_1]

The zip file link at the top only leads me to a login screen, can anyone host this file up or post a new link?

you click the zip from the first message in this thread?  i did and it works.

[cpradio]

Jenius, I removed the attachment to help avoid confusion.  I hope you don't mind.  Contact me if you want to be able to merge your changes into the SVN repository.

Thanks,
Matt