I have been able to get the order_id and the total order value to process them on the success page in OpenCart (v. 1.5.4) by applying the very helpful suggestions of Shadyyx (thank you!) in Opencart successful order ID and Total from JavaScript. However, I have been unable to get the email address of the (registered or guest) customer across, i.e.:
If I insert $this->data['email'] = $this->session->data ['email']; in success.php before $this->cart->clear();
I get an Undefined Index error in success.php when submitting an order.
If I insert $this->data['email'] = $this->cart->getEmail();
instead, I avoid the Undefined Index error, but still the email address does not load in the html form via the input tag (this does, however, work for the order_id and the total) as follows:
<?php if(!empty($email)): ?>
<input name="email" type="hidden" value="<?php echo $email ?>">
<?php endif; ?>
To do this properly you need to open /catalog/controller/checkout/success.php and find this line of code
if (isset($this->session->data['order_id'])) {
After it, add the following
$this->load->model('account/order');
$order = $this->model_account_order->getOrder($this->session->data['order_id']);
if($order) {
$this->data['email'] = $order['email'];
}
In your template /catalog/view/theme/your-theme-name/template/common/success.tpl you need to put
<?php if(!empty($email)) echo $email; ?>
Wherever you want to see the e-mail address
$this->customer->getEmail(); - this will get you logged in customer's email id.
In catalog/controller/checkout/success.php, insert the below code between
if (isset($this->session->data['order_id'])) {
and
$this->cart->clear();
Code to add:
if (isset($this->session->data['guest'])) {
$this->data['customer_email'] = $this->session->data['guest']['email']; // Guest user's email
} elseif($this->customer->isLogged()) {
$this->data['customer_email'] = $this->customer->getEmail(); // Customer's email
}
Then in success.tpl, add:
<?php if(isset($customer_email)){ ?>
<input name="email" type="hidden" value="<?php echo $customer_email ?>">
<?php } ?>
Related
When customer enters the details in the form fields and enter submit button then the Order email should send customer's email immediately and also Order should be created in Backend as well. Once its submitted(After email sent & order created), the success message will display on same current product page.
For this, I haved added my Custom order form on my theme's product detailed page. Form contains the fields like Name, Email, Quantity, Product Name and Price(Current Product Name & Price when customer Visits).
How to send email and create order programmatically on Product page custom form?
Any help mostly appreciated.
You would need to create a block class for your template ( there are many resources on how to create a controller for Magento 2, you can reference them).
There you can have a method that gets the product URL for adding the order:
public function getAddProductUrl($product, $additional = [])
{
return $this->_cartHelper->getAddUrl($product, $additional);
}
Then in your phtml template file add the following html form and javascript or somethng similar to this:
<script type="text/x-magento-init">
{
"[data-role=tocart-form]": {
"catalogAddToCart": {}
}
}
</script>
<div class="product-add-form">
<?php $product = $block->getProduct(); ?>
<form data-product-sku="<?= /* #NoEscape */ $product->getSku() ?>"
action="<?= /* #NoEscape */ $block->getAddProductUrl($product) ?>" method="post" data-role="tocart-form">
<input type="hidden" name="product" value="<?= /* #escapeNotVerified */ $product->getId() ?>" />
<?= $block->getBlockHtml('formkey') ?>
<button type="submit" title="<?php echo /* #escapeNotVerified */ __('Add to Cart'); ?>" class="action primary tocart">
<span><?php echo /* #escapeNotVerified */ __('Add to Cart'); ?></span>
</button>
</form>
</div>
I have some problem with XSS scan on sitelock. They said that some of URL from html input form is vulnerable. They said each parameters which I sent through the form was vulnerable. In this case the vulnerability is from Paypal input form. I build my website with Paypal redirect so the user will input their own data into the form and the system will send it to paypal. This is the example of my form code:
<div class="col-md-5">
<input type="text" class="form-control" name="L_PAYMENTREQUEST_FIRSTNAME" id="L_PAYMENTREQUEST_FIRSTNAME" value="<?=$_SESSION['post_value']['shipping_first_name']?>" readonly="readonly">
</div>
<input type="hidden" name="billing_first_name" value="<?=$_POST['billing_first_name']?>">
<input type="hidden" name="billing_last_name" value="<?=$_POST['billing_last_name']?>">
<input type="hidden" name="billing_email" value="<?=$_POST['billing_email']?>">
<input type="hidden" name="billing_phone" value="<?=$_POST['billing_phone']?>">
<input type="hidden" name="billing_address" value="<?=$_POST['billing_address']?>">
<input type="hidden" name="billing_city" value="<?=$_POST['billing_city']?>">
<input type="hidden" name="billing_postcode" value="<?=$_POST['billing_postcode']?>">
<input type="hidden" name="billing_state" value="<?=$_POST['billing_state']?>">
That is some part of my form. What I want to know is whats wrong with that form and how to prevent Sitelock to scan XSS vulnerability ? Please anyone knows could help me.
I would also recommend using the HTTP header.
X-XSS-Protection: 1; mode=block
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
you probably dont check/nullify the data you are getting in the input fields
and by typing <script>alert('hacked')</script> in billing_address field
on next page where you print the billing_address you will get a popup window calling hacked
On the page that process your form you should validate that input fields doesn't have any javascript code.
for example
<?php
// define variables and set to empty values
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = test_input($_POST["name"]);
$email = test_input($_POST["email"]);
$website = test_input($_POST["website"]);
$comment = test_input($_POST["comment"]);
$gender = test_input($_POST["gender"]);
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
you need to create a function like test_input and run for all your input fields
I want a help in my Contact form. I want that when a user inputs his email id in input field & if it is wrong i.e without # the input box should shake (which depicts an error) & when user enters correct email Id, it should accept it.
The problem in my current code is, when user enters correct email Id, even then the input field shakes. Need to validate the input field for correct Email.
Any help would be appreciated.
Thanks in advance.
<form id="form_id" method="post" action="<?php $_SERVER['PHP_SELF'] ?>" onsubmit="javascript:return validate('form_id','email');" novalidate>
<input type="text" id="email" name="email" value="<?php if (isset($_POST["email"])) {echo $ema;} ?>" class="error"/>
<br><br>
<button type="submit" name="submit" class="getaccess-btn">Get Access </button>
</form>
The js for the same is:
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script language="javascript">
function validate(form_id,email) {
var reg = /^([A-Za-z0-9_\-\.])+\#([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
var address = document.forms[form_id].elements[email].value;
if(reg.test(address) == false) {
$(document).ready(function(){
$("button").click(function(){
$("#email").delay(0).animate({"left": "-=30px"}, 80).animate({"left": "+=60px"}, 80).animate({"left": "-=60px"}, 80).animate({"left": "+=60px"}, 80).animate({"left": "-=30px"}, 80);
});
});
return false;
}}
</script>
this php code
<?php
$your_email = "youremailid#gmail.com"; // email address to which the form data will be sent
$subject = "Contact Message"; // subject of the email that is sent
$thanks_page = "thank-you.html"; // path to the thank you page following successful form submission
// Nothing needs to be modified below this line
if (isset($_POST["submit"])) {
$ema = trim($_POST["email"]);
if (get_magic_quotes_gpc()) {
$ema = stripslashes($ema);
}
$error_msg=array();
if (empty($ema) || !filter_var($ema, FILTER_VALIDATE_EMAIL)) {
$error_msg[] = "Your email must have a valid format, such as name#mailhost.com";
}
$email_body =
"Email of sender: $ema\n\n" .
"$com" ;
// Assuming there's no error, send the email and redirect to Thank You page
if (!$error_msg) {
mail ($your_email, $subject, $email_body, "From: $nam <$ema>" . "\r\n" . "Reply-To:");
header ("Location: $thanks_page");
exit();
}
}
?>
The css for the same is:
.error{height:auto;width:100px;position:absolute;}
I can't understand your issue properly, but if you are working with email validation then there is no need of javascript. You can simply use email as input type in HTML5:
for ex, you can write as following:
<form>
<input type="email" name="email" required>
<input type="submit">
</form>
this will automatically validate input field for # and ..
fiddle is here
For security reasons I need to disable the possibility in form the user to change his email. Once set it can't be change. How can I do this?
I have found :
http://www.magentocommerce.com/boards/viewthread/8622/
Maybe usefull for someone ...
Make the following changes:
In template/customer/account/dashboard/info.phtml
<div class="inner-head">
<h5><?php echo $this->__('Contact Information') ?></h5>
Edit
</div>
<p>
<?php echo $this->htmlEscape($this->getCustomer()->getFirstname()) ?>
<?php echo $this->htmlEscape($this->getCustomer()->getLastname()) ?><br />
<?php echo $this->htmlEscape($this->getCustomer()->getEmail()) ?><br />
<?php echo $this->__('Change Password') ?>
</p>
and Replace with:
<div class="inner-head">
<h5><?php echo $this->__('Contact Information') ?></h5><br />
</div>
<p>
<?php echo $this->htmlEscape($this->getCustomer()->getFirstname()) ?>
<?php echo $this->htmlEscape($this->getCustomer()->getLastname()) ?><br />
<?php echo $this->__('Change Password') ?>
</p>
Extracted and adapted from the magento community forums.
The problem was that we had an extension that override the user model/controller/view, example: social login, and because we decided not to use it we Disable it in the advanced settings.
Because it was disable, the list of users was not showing in the back-end, but I could create a new customer, yet in the New customer view the Addresses were not showing either.
So, we activated all the extensions again and suddenly the customers list appears. So like this we found out which extension was breaking and fixed it.
In file :
app\code\core\Mage\Customer\controllers\AccountController.php
/**
* Change customer password action
*/
public function editPostAction()
{
if (!$this->_validateFormKey()) {
return $this->_redirect('*/*/edit');
}
if ($this->getRequest()->isPost()) {
$customer = Mage::getModel('customer/customer')
->setId($this->_getSession()->getCustomerId())
->setWebsiteId($this->_getSession()->getCustomer()->getWebsiteId());
$fields = Mage::getConfig()->getFieldset('customer_account');
$data = $this->_filterPostData($this->getRequest()->getPost());
//=========
// ADD THAT // customer cannot change his email // Le customer ne peut pas modifier son email
if(isset($data['email'])){
$data['email'] = $this->_getSession()->getCustomer()->getData('email');
}
//========END
foreach ($fields as $code=>$node) {
if ($node->is('update') && isset($data[$code])) {
$customer->setData($code, $data[$code]);
}
}
$errors = $customer->validate();
if (!is_array($errors)) {
$errors = array();
}
I'm getting to grips with Zend_Form and can create a form to add/edit a single database record, but now I'm trying to create a form to edit multiple records on a single page. For example, if I had a table of sports teams, and another table of players assigned to them teams I would want to be able to click on a team on my site and have all the players listed as rows with inputs to edit their names, date of births etc., with one submit button at the bottom to save any changes.
One thing to note is that there are a variable number of records that could be edited on a page; it is not a set amount.
Any pointers/help would be very much appreciated.
Thanks.
I use the code below to delete multiple items from the database.
On the index page (list of my database records):
<form method="post" action="<?php echo $this->baseUrl().'/admin/pages/deleteMultiple'; ?>">
<td class="checkboxTable"><input name="remove[<?php echo $data[$row]->id; ?>]" type="checkbox" id="checkbox[]" value="<?php echo $data[$row]->id; ?>"/></td>
<input class="deleteMultipleButtonBottom" name="deleteMultiple" type="submit" id="deleteMultiple" value="<?php echo $this->translate('Delete selected'); ?>">
</form>
The user sees a confirmation page:
<form method="post">
<input type="hidden" name="removeId" value="<?php echo implode($_POST['remove'], ','); ?>" />
<input class="deleteYes" type="submit" name="deleteMultiple" value="Yes" />
<input class="deleteNo" type="submit" name="deleteMultiple" value="No" />
</form>
And my action looks like this:
if($this->getRequest()->isPost())
{
if($this->getRequest()->isPost('remove'))
{
$this->view->pages = $this->pagesService->GetPages($this->getRequest()->getPost('remove'));
if($this->getRequest()->getPost('deleteMultiple') == 'Yes')
{
$this->pagesService->DeleteMultiplePages($this->getRequest()->getPost('removeId'), $this->view->user->username, $this->getRequest()->getPost('countedItems'));
}
elseif($this->getRequest()->getPost('deleteMultiple') == 'No')
{
$this->_helper->flashMessenger(array('message' => $this->view->translate('The pages were <u>not</u> deleted'), 'status' => 'notice'));
$this->_helper->redirectToIndex();
}
}
}
And in my service page:
public function DeleteMultiplePages($id)
{
$this->pages->delete('id IN (' . $id . ')');
}
This approach should work for updating values.