Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Forums / Cotonti / Extensions / Support / Module main page blocking js?

lukgoh
#1 2012-12-14 00:03

This problem is driving me insane trying to solve it. I will try my best to explain. 

I am trying to build a shopping cart. Categories and products are built with php and each item has an "add to cart" button. I have a single hidden form and js to submit the form. This method works really well for the shopping cart or shop.cart.php (for updating quantities or deleting items) but for some reason it doesn't work at all on shop.main.php it only redirects me to index.php?productid=1&command=add when trying to add items. I have tried everything I can think of. 

$js = 'function addtocart(pid){';
$js .= 'document.form1.productid.value=pid;';
$js .= 'document.form1.command.value="add";';
$js .= 'document.form1.submit();';
$js .= '}';

cot_rc_embed($js);


if($_REQUEST['command']=='add' && $_REQUEST['productid']>0){
		$pid=$_REQUEST['productid'];
		addtocart($pid,1);
		cot_redirect(cot_url('shop', 'm=cart', '', true));
		exit();
	}

'PRODUCT_ADD' => cot_inputbox('button', '', 'Add to Cart', array('onclick' => 'addtocart('.$rowproducts['product_id'].')'))

That is a snippet of my shop.main.php but its the only part that isn't working properly. 

<form name="form1">
	<input type="hidden" name="productid" />
    <input type="hidden" name="command" />
</form>

from the tpl.

 

Any help would be much appreciated! 

Luke.

tensh
#2 2012-12-14 07:26

The addtocart() function is a javascript function, and I think you're trying to invoke it from PHP? This won't work as far as I know. Unless that addtocart() function is also a PHP function :)

Also I don't see the method in form, shouldn't it be <form action="(someurl)" name="form1" method="post">? It seems like it goes as a method="get" by default. I don't know where the adding to cart happens, but if outside the plugin then the form action="" would have to point to the script where the magic happens (in your case the shopping cart plugin).

By the way, you don't guard the productid value (dunno how about inside the addtocart() function)- it can be potentially dangerous. You should be using cot_import() function IMO.

I will upload my script today for you, you will see how I solved it (without javascript).

lukgoh
#3 2012-12-14 08:17

I can do it fine without javascript, this is simply a learning experience. The addtocart() function is both a javascript function and php function as seen in my code above. the java script just works the form. This way I only need one form to handle any item rather than needing a form per item.

Anyway the issue is the onclick directs back to index.php with the form results like this: index.php?productid=1&command=add and I dont know why.

Trustmaster
#4 2012-12-14 09:53

The form is missing action and as tensh mentioned it uses GET method. addtocart() should compose a proper action attribute for the form before submitting it. And it would better use POST rather than GET.

May the Source be with you!
lukgoh
#5 2012-12-14 09:58

Yeah you guys are completely right. I was being dumb. Thanks.

Kingsley
#6 2012-12-14 19:58
#36538 lukgoh:

Yeah you guys are completely right. I was being dumb. Thanks.

learning..

 

lukgoh
#7 2012-12-14 23:13

Yeah thanks Kingsley but I should of payed more attention to tensh's reply, it was just super early and I didn't read it properly. 

Anyhow, like I said to you the shop module is coming on nicely. Nearly all the basic features are working, including Paypal. Just working on the frontend now, adding stuff like sliders for the featured items.

Trustmaster
#8 2012-12-15 10:57

Cool! Don't forget to pay attention to another part tensh's reply:

By the way, you don't guard the productid value (dunno how about inside the addtocart() function)- it can be potentially dangerous. You should be using cot_import() function IMO.

It is important to sanitize user input (see Validation and Messages) and make sure that unescaped strings are not used in SQL queries (I should probably write in detail about it too).

May the Source be with you!
lukgoh
#9 2012-12-15 11:44

Yeah thanks, I always do this just didnt show in code.

Added 7 hours later:

By they way for anyone interested in a shop module (with Paypal) you can check out my progress here: http://battle-box.net/dev/index.php?e=shop

You need to be logged in to see it:

username: guest

password: welcome


This post was edited by lukgoh (2012-12-15 19:04, 7 years ago)
Kingsley
#10 2012-12-16 02:04

Looks good.. As a guest you see Manage Categories and Manage Products

lukgoh
#11 2012-12-16 03:59

On what page(s)?

Added 5 minutes later:

nevermind I see it. Thank you for the report. 

Added 14 hours later:

This is strange behaviour I think:

if ($usr['isadmin'] == true)
			{
				
				$t->assign(array(
						'CATEGORY_LINK' => cot_url('shop', 'm=category'),
						'PRODUCT_LINK' => cot_url('shop', 'm=product')
					));
					
			}

 

and in the tpl file:

<!-- IF {CATEGORY_LINK} -->
		<li><a href="{CATEGORY_LINK}">Manage Categories</a></li>
        <li><a href="{PRODUCT_LINK}">Manage Products</a></li>
		<!-- ENDIF -->

and yet it not only displays the links when not logged in, but the links are incorrect. 


This post was edited by lukgoh (2012-12-16 20:46, 7 years ago)
Samuel Sloth Andersen
#12 2013-05-15 00:18

Can you please post the full:
 

<form name="form1">
    <input type="hidden" name="productid" />
    <input type="hidden" name="command" />
</form>
I'm not entirely sure I got the whole idea behind, what you had to put where.
Sorry
lukgoh
#13 2013-05-15 03:26

Can you please post the full:
 

<form name="form1">
    <input type="hidden" name="productid" />
    <input type="hidden" name="command" />
</form>
I'm not entirely sure I got the whole idea behind, what you had to put where.

Sorry

 I don't understand what you are trying to do?