E commerce solution- Code creators M.I.A.

minetree

Several years ago, I contracted the services of the people at the late "advanticsdevelopment.net" and purchased their ViperCart. They installed it, debugged it and were very nice people to deal with from a customer point of veiw. Shame they didn't stick around. Now I am left with a functional working cart that I know very little about, and it will certainly be the code list that I learn PHP from.

I dont know a great deal about coding, but I have figured out enough to know that I dont know. I know that is the sig of someone on these boards, so please take it as a compliment if you are he or she.

The other day I tried to integrate the "add to cart" feature into one of the pages on my website. I thought at first if I took an image file, in this case the "add to cart button" and linked it to the item in the store that all would be fine. Well strike one. Then I took the generated OID of the product I was trying to link to and added it to the source on the page. It worked well enough to steer you to the item and I knew there were other steps to take to get it to actually add it to the cart, but at this point I was satisfied that at leat it pointed the guest toward the item. Well.... That worked for a few hours, then all the hot link would do was point you to the storefront.

It was at this point I figured the the OID generated by PHP I am assuming, was a random OID with a shelf life. After a while, it wouldn't be good any more. A security feature I assume.

So really, what I am after is the best approach or at least a few suggestions on where to look in the PHP structure to find:
A way to link an image to an item that is in my store.
And even better. have that item be added to the cart if the person clicks on said image. I think now I have at least learned that trying to follow the generated OID is not the way to go.. Thanks.
Anyone who can help me resolve this gets a free lesson at the studio..
You can find out more about that at www.minewurx.com

Once again, thank you.. Michael
🙂

bpat1434

Can we see some code? That's the only way I can think we'd definately be able to help you out.

minetree

I just need to finf the most appropriate code to quote.. I'll get it here..

minetree

This is the initial source. Or at least the first layer of code called when you enter the store front. I had to put it in two posts...Linking to individual products in the store is the mission.. This post will self destruct in......

<?php
function buildNavigation($pageNum_Recordset1,$totalPages_Recordset1,$prev_Recordset1,$next_Recordset1,$separator=" | ",$max_links=10, $show_page=true)
{
GLOBAL $maxRows_Recordset2,$totalRows_Recordset2;
$pagesArray = ""; $firstArray = ""; $lastArray = "";
if($max_links<2)$max_links=2;
if($pageNum_Recordset1<=$totalPages_Recordset1 && $pageNum_Recordset1>=0)
{
if ($pageNum_Recordset1 > ceil($max_links/2))
{
$fgp = $pageNum_Recordset1 - ceil($max_links/2) > 0 ? $pageNum_Recordset1 - ceil($max_links/2) : 1;
$egp = $pageNum_Recordset1 + ceil($max_links/2);
if ($egp >= $totalPages_Recordset1)
{
$egp = $totalPages_Recordset1+1;
$fgp = $totalPages_Recordset1 - ($max_links-1) > 0 ? $totalPages_Recordset1 - ($max_links-1) : 1;
}
}
else {
$fgp = 0;
$egp = $totalPages_Recordset1 >= $max_links ? $max_links : $totalPages_Recordset1+1;
}
if($totalPages_Recordset1 >= 1) {

------------------------

Searching for $_GET vars

------------------------

$get_vars = '';
if(!empty($GET) || !empty($HTTP_GET_VARS)){
$GET = empty($GET) ? $HTTP_GET_VARS : $GET;
foreach ($GET as $get_name => $get_value) {
if ($get_name != "pageNum_Recordset2") {
$get_vars .= "&$get_name=$get_value";
}
}
}
$successivo = $pageNum_Recordset1+1;
$precedente = $pageNum_Recordset1-1;
$firstArray = ($pageNum_Recordset1 > 0) ? "<a href=\"$SERVER[PHP_SELF]?pageNum_Recordset2=$precedente$get_vars\">$prev_Recordset1</a>" : "$prev_Recordset1";

----------------------

page numbers

----------------------

for($a = $fgp+1; $a <= $egp; $a++){
$theNext = $a-1;
if($show_page)
{
$textLink = $a;
} else {
$min_l = (($a-1)$maxRows_Recordset2) + 1;
$max_l = ($a$maxRows_Recordset2 >= $totalRows_Recordset2) ? $totalRows_Recordset2 : ($a*$maxRows_Recordset2);
$textLink = "$min_l - $max_l";
}
$ss_k = floor($theNext/26);
if ($theNext != $pageNum_Recordset1)
{
$pagesArray .= "<a href=\"$SERVER[PHP_SELF]?pageNum_Recordset2=$theNext$get_vars\">";
$pagesArray .= "$textLink</a>" . ($theNext < $egp-1 ? $separator : "");
} else {
$pagesArray .= "$textLink" . ($theNext < $egp-1 ? $separator : "");
}
}
$theNext = $pageNum_Recordset1+1;
$offset_end = $totalPages_Recordset1;
$lastArray = ($pageNum_Recordset1 < $totalPages_Recordset1) ? "<a href=\"$SERVER[PHP_SELF]?pageNum_Recordset2=$successivo$get_vars\">$next_Recordset1</a>" : "$next_Recordset1";
}
}
return array($firstArray,$pagesArray,$lastArray);
}
ob_start();?>
<?php
session_start();
session_register("userid");
if (!isset($SESSION['userid'])) {
$SESSION['userid']= md5(uniqid(rand()));
} else {
$SESSION['userid'];
}
?>
<?php if(isset($HTTP_GET_VARS['oid'])){?>
<?php if($HTTP_SESSION_VARS['userid']!=$HTTP_GET_VARS['oid']){
header("Location: cart.php");
}
?>

This section has mods

-require once- section has been modified

<?php }?>
<?php require_once('XXXXXX'); ?>
<?php
$xsearch=$HTTP_GET_VARS['search'];
$ppg=$HTTP_GET_VARS['pageNum_Recordset2'];
$roid=$HTTP_GET_VARS['oid'];
$d2 = date("g")-2;
$cdate = date("m.d.y");
$boid = $HTTP_SESSION_VARS['userid'];
$currentPage = $HTTP_SERVER_VARS["PHP_SELF"];

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

minetree

if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form2")) {
$insertSQL = sprintf("INSERT INTO orders (cqty, cprod, cprice, cid, size, color, style, cdate, ctime, ship_rate, no_ship, prod_wt, xstatus) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($HTTP_POST_VARS['qty'], "int"),
GetSQLValueString($HTTP_POST_VARS['prod'], "text"),
GetSQLValueString($HTTP_POST_VARS['price'], "text"),
GetSQLValueString($HTTP_POST_VARS['orderid'], "text"),
GetSQLValueString($HTTP_POST_VARS['size'], "text"),
GetSQLValueString($HTTP_POST_VARS['color'], "text"),
GetSQLValueString($HTTP_POST_VARS['style'], "text"),
GetSQLValueString($HTTP_POST_VARS['date'], "text"),
GetSQLValueString($HTTP_POST_VARS['time'], "text"),
GetSQLValueString($HTTP_POST_VARS['shipping'], "double"),
GetSQLValueString($HTTP_POST_VARS['no_ship'], "text"),
GetSQLValueString($HTTP_POST_VARS['prod_wt'], "double"),
GetSQLValueString($HTTP_POST_VARS['xstatus'], "text"));

mysql_select_db($database_V3, $V3);
$Result1 = mysql_query($insertSQL, $V3) or die(mysql_error());

$insertGoTo = "inventory.php?oid=$boid";
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_V3, $V3);
$query_Recordset4 = "SELECT * FROM defcat";
$Recordset4 = mysql_query($query_Recordset4, $V3) or die(mysql_error());
$row_Recordset4 = mysql_fetch_assoc($Recordset4);
$totalRows_Recordset4 = mysql_num_rows($Recordset4);
$defcat=$row_Recordset4['cdef'];

mysql_select_db($database_V3, $V3);
$query_Recordset1 = "SELECT DISTINCT(ccat) FROM products ORDER BY ccat ASC";
$Recordset1 = mysql_query($query_Recordset1, $V3) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);

if (isset($HTTP_GET_VARS['pageNum_Recordset2'])) {
$pageNum_Recordset2 = $HTTP_GET_VARS['pageNum_Recordset2'];
}
$startRow_Recordset2 = $pageNum_Recordset2 * $maxRows_Recordset2;

$maxRows_Recordset2 = 4;
$pageNum_Recordset2 = 0;
if (isset($HTTP_GET_VARS['pageNum_Recordset2'])) {
$pageNum_Recordset2 = $HTTP_GET_VARS['pageNum_Recordset2'];
}
$startRow_Recordset2 = $pageNum_Recordset2 * $maxRows_Recordset2;

if(!isset($HTTP_GET_VARS['search']) OR $HTTP_GET_VARS['search']==""){
$colname_Recordset2 = "1";
if (isset($HTTP_GET_VARS['CatId'])) {
$colname_Recordset2 = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['CatId'] : addslashes($HTTP_GET_VARS['CatId']);
}
if (!isset($HTTP_GET_VARS['CatId'])) {
$colname_Recordset2 = (get_magic_quotes_gpc()) ? $defcat : addslashes($defcat);
}
mysql_select_db($database_V3, $V3);
$query_Recordset2 = sprintf("SELECT * FROM products WHERE ccat = '%s' AND show_hide = 'yes' AND cinv <> '0' ORDER BY cprice ASC", $colname_Recordset2);
$query_limit_Recordset2 = sprintf("%s LIMIT %d, %d", $query_Recordset2, $startRow_Recordset2, $maxRows_Recordset2);
$Recordset2 = mysql_query($query_limit_Recordset2, $V3) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
}

if(isset($HTTP_GET_VARS['search']) AND $HTTP_GET_VARS['search']!=""){
$colname_Recordset2 = "1";
if (isset($HTTP_GET_VARS['search'])) {
$colname_Recordset2 = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['search'] : addslashes($HTTP_GET_VARS['search']);
}
mysql_select_db($database_V3, $V3);
$query_Recordset2 = sprintf("SELECT * FROM products WHERE xkey LIKE '%%%s%%' AND show_hide = 'yes' AND cinv <> '0' ORDER BY cprice ASC", $colname_Recordset2);
$query_limit_Recordset2 = sprintf("%s LIMIT %d, %d", $query_Recordset2, $startRow_Recordset2, $maxRows_Recordset2);
$Recordset2 = mysql_query($query_limit_Recordset2, $V3) or die(mysql_error());
$row_Recordset2 = mysql_fetch_assoc($Recordset2);
}

if (isset($HTTP_GET_VARS['totalRows_Recordset2'])) {
$totalRows_Recordset2 = $HTTP_GET_VARS['totalRows_Recordset2'];
} else {
$all_Recordset2 = mysql_query($query_Recordset2);
$totalRows_Recordset2 = mysql_num_rows($all_Recordset2);
}
$totalPages_Recordset2 = ceil($totalRows_Recordset2/$maxRows_Recordset2)-1;

$maxRows_Recordset3 = 10;
$pageNum_Recordset3 = 0;
if (isset($HTTP_GET_VARS['pageNum_Recordset3'])) {
$pageNum_Recordset3 = $HTTP_GET_VARS['pageNum_Recordset3'];
}
$startRow_Recordset3 = $pageNum_Recordset3 * $maxRows_Recordset3;

$MMColParam_Recordset3 = "1";
if (isset($HTTP_GET_VARS['CatId'])) {
$MMColParam_Recordset3 = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['CatId'] : addslashes($HTTP_GET_VARS['CatId']);
}
$MMColPara_Recordset3 = "1";
if (isset($yes)) {
$MMColPara_Recordset3 = (get_magic_quotes_gpc()) ? "yes" : addslashes("yes");
}
mysql_select_db($database_V3, $V3);
$query_Recordset3 = sprintf("SELECT * FROM products WHERE ccat = '%s' AND show_hide = '%s' ORDER BY cprice ASC", $MMColParam_Recordset3,$MMColPara_Recordset3);
$query_limit_Recordset3 = sprintf("%s LIMIT %d, %d", $query_Recordset3, $startRow_Recordset3, $maxRows_Recordset3);
$Recordset3 = mysql_query($query_limit_Recordset3, $V3) or die(mysql_error());
$row_Recordset3 = mysql_fetch_assoc($Recordset3);

if (isset($HTTP_GET_VARS['totalRows_Recordset3'])) {
$totalRows_Recordset3 = $HTTP_GET_VARS['totalRows_Recordset3'];
} else {
$all_Recordset3 = mysql_query($query_Recordset3);
$totalRows_Recordset3 = mysql_num_rows($all_Recordset3);
}
$totalPages_Recordset3 = ceil($totalRows_Recordset3/$maxRows_Recordset3)-1;

$colname_Recordset_order = "1";
if (isset($HTTP_GET_VARS['oid'])) {
$colname_Recordset_order = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['oid'] : addslashes($HTTP_GET_VARS['oid']);
}
mysql_select_db($database_V3, $V3);
$query_Recordset_order = sprintf("SELECT * FROM orders WHERE cid = '%s'", $colname_Recordset_order);
$Recordset_order = mysql_query($query_Recordset_order, $V3) or die(mysql_error());
$row_Recordset_order = mysql_fetch_assoc($Recordset_order);
$totalRows_Recordset_order = mysql_num_rows($Recordset_order);

$colname_total = "1";
if (isset($HTTP_GET_VARS['oid'])) {
$colname_total = (get_magic_quotes_gpc()) ? $HTTP_GET_VARS['oid'] : addslashes($HTTP_GET_VARS['oid']);
}
mysql_select_db($database_V3, $V3);
$query_total = sprintf("SELECT SUM(cqty*cprice) FROM orders WHERE cid = '%s'", $colname_total);
$total = mysql_query($query_total, $V3) or die(mysql_error());
$row_total = mysql_fetch_assoc($total);
$totalRows_total = mysql_num_rows($total);

$queryString_Recordset2 = "";
if (!empty($HTTP_SERVER_VARS['QUERY_STRING'])) {
$params = explode("&", $HTTP_SERVER_VARS['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset2") == false &&
stristr($param, "totalRows_Recordset2") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset2 = "&" . implode("&", $newParams);
}
}
$queryString_Recordset2 = sprintf("&totalRows_Recordset2=%d%s", $totalRows_Recordset2, $queryString_Recordset2);

$queryString_Recordset3 = "";
if (!empty($HTTP_SERVER_VARS['QUERY_STRING'])) {
$params = explode("&", $HTTP_SERVER_VARS['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_Recordset3") == false &&
stristr($param, "totalRows_Recordset3") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_Recordset3 = "&" . implode("&", $newParams);
}
}
$queryString_Recordset3 = sprintf("&totalRows_Recordset3=%d%s", $totalRows_Recordset3, $queryString_Recordset3);

$colname_Recordsetda2 = "1";
if (isset($d2)) {
$colname_Recordsetda2 = (get_magic_quotes_gpc()) ? $d2 : addslashes($d2);
}
mysql_select_db($database_V3, $V3);
$query_Recordsetda2 = sprintf("DELETE FROM orders WHERE xstamp < '%s' AND xstatus = 'temp'", $colname_Recordsetda2);
$Recordsetda2 = mysql_query($query_Recordsetda2, $V3) or die(mysql_error());

$colname1_Recordsetda2 = "1";
if (isset($cdate)) {
$colname1_Recordsetda2 = (get_magic_quotes_gpc()) ? $cdate : addslashes($cdate);
}
mysql_select_db($database_V3, $V3);
$query_Recordsetda2 = sprintf("DELETE FROM orders WHERE cdate < '%s' AND xstatus = 'temp'", $colname1_Recordsetda2);
$Recordsetda2 = mysql_query($query_Recordsetda2, $V3) or die(mysql_error());

if ((isset($HTTP_POST_VARS['pid'])) && ($HTTP_POST_VARS['pid'] != "")) {
$xccat=$HTTP_POST_VARS['catid'];
$xxc=$HTTP_POST_VARS['oid'];
$deleteSQL = sprintf("DELETE FROM orders WHERE id=%s",
GetSQLValueString($HTTP_POST_VARS['pid'], "int"));

mysql_select_db($database_V3, $V3);
$Result1 = mysql_query($deleteSQL, $V3) or die(mysql_error());
if($HTTP_POST_VARS['search']==""){
header("Location: cart.php?CatId=$xccat&oid=$xxc&pageNum_Recordset2=$ppg");
}
if($HTTP_POST_VARS['search']!=""){
header("Location: cart.php?search=$xsearch&oid=$xxc&pageNum_Recordset2=$ppg");
}
}

bpat1434

Okay, so run a few tests here:

Using the below code (found in the second post), I can guess that oid is the cid in the database. So using that, see if you can create a link that says:

<a href="http://www.domain.com/stores/cart.php?CatId=catID_of_oid&oid=your_oID">Add to Cart</a>

I'm guessing something like that should work.

I will suggest something that may not be possible: switch to a different shopping cart. osCommerce is Open Source and has plenty of support (not to mention they're not going anywhere). ViperCart has been OOD (out of Development) since 2003. I sincerely doubt it's kept up with security and PHP changes (like $HTTP_POST_VARS is now $_POST).

minetree

It took me a minute. I'll let you know how it goes...
As for osCommerce, I tried it once and that is what led me to Viper. {I do like the interface of osC but when time is in demand and you have something that works.... Thank you for the help.