Jump to content

Order number generator


WalterL48

Recommended Posts

A CubeCart version prior to CC608 had an experimental "Sequential Order Numbering" system. It is no longer part of CC608.

I don't find it in the Marketplace, but such a thing may be available elsewhere.

Changing the existing order numbering system would require also finding and editing the code that checks for a properly formatted order number.

Link to comment
Share on other sites

@WalterL48 I've been working on the manual upgrade to 6.0.8 today, and have not been able to figure out how to merge the Chuggyskins v5 Sequential Order Number mod with the relevant changes in 6.0.8 cubecart.class.php and order.class.php. I'm pretty sure the issue is with the new section of order.class.php:

	/**
	 * Validate order ID
	 *
	 * @param string $order_id
	 * @return bool
	 */
	public static function validOrderId($order_id) {
		if(preg_match('#^[0-9]{6}-[0-9]{6}-[0-9]{4}$#i', $order_id)) {
			return true;
		}
		return false;
	}

My numbers in 6.0.7 came out YYYY-2alphaletters-upto6digits (2015-EC-2039). If the preg_match line could be made to recognize that format I am guessing the Sequential mod would continue to work.

Link to comment
Share on other sites

Maybe we can have the mod:

  • contain instructions to edit this new function (now used in several places in the Cubecart class) such that instead of a hard-coded pattern, there would be a pattern from the mod's config
  • add to the mod's control panel the pattern to use that matches the desired numbering

The pattern that matches your description above is:

preg_match('#^[0-9]{4}-[A-Z]{2}-[0-9]{1,6}$#i', $order_id)

Four digits, a dash, two letters, a dash, from one to six digits, case-insensitive.

Does this mod add to the properties of the order, or does it replace the existing order_number value?

 

Link to comment
Share on other sites

As usual I don't know enough to be able to respond intelligently to your question.

I was, however, able to get a blend of 6.0.7 and 6.0.8 code to work by NOT including the Validate Order ID section in order.class.php and leaving out the test for pref_match in each applicable part of cubecart.class.php (this was Chuggyskin's work-around at some point in the past to keep me using his v5 mod).

eg:

		//	6.0.8 VERSION if (isset($_GET['cart_order_id']) && Order::validOrderId(trim($_GET['cart_order_id']))) {
	 	//ORIGINAL 6.0.7	if (isset($_GET['cart_order_id']) && preg_match('#^[0-9]{6}-[0-9]{6}-[0-9]{4}$#i', trim($_GET['cart_order_id']))) {
		//Sequential Order Number tweak for Lookup Order
   if (isset($_GET['cart_order_id'])){
//end Sequential Order Number tweak for Lookup Order

So now the question becomes - why was this test for valid order id added, and have I put myself at any security risk by not using it?

Link to comment
Share on other sites

"why was this test for valid order id added"

Actually, it was always there. The test was located at five different locations and had the actual pattern to match against - hard-coded. This change just "centralized" the test and now any code can test for the validity of a cart_order_id. Still, there needs to be a hook so that plugins can manipulate this test if necessary.

"and have I put myself at any security risk by not using it?"

The only answer I can give is, maybe. The value of $_GET['cart_order_id'] is sent through Sanitize::_safety() which just makes sure that only printable characters get through, then strips out anything between < and > including the angles (HTML markup tags). And that means the answer is not a definite no.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...