chkrootkit bindshell | grep "INFECTED\|Vulnerable"
Popularity: 1%
{ 0 comments }
Thursday, November 9, 2006
The ZenCart default reports are sufficient for most uses, but with many products pages of results are a pain to look through. Adding a search is pretty simple. The example below adds a search to the products purchased report:
Add the search box and form:
admin/stats_products_purchased.php Line ~#64
BEFORE:
AFTER:
</table></td>
</tr>
<tr>
<form action="stats_products_purchased.php" method="get">
<td align="right">
<b>Search</b>
<input type="text" name="search" value="<?php echo $_GET['search']; ?>"/>
<input type="submit" value="Go" />
</td>
</form>
</tr>
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
</tr>
<tr>
<form action="stats_products_purchased.php" method="get">
<td align="right">
<b>Search</b>
<input type="text" name="search" value="<?php echo $_GET['search']; ?>"/>
<input type="submit" value="Go" />
</td>
</form>
</tr>
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
Add the processing to the query:
admin/stats_products_purchased.php Line ~#84
BEFORE:
if (isset($_GET['page']) && ($_GET['page'] > 1)) $rows = $_GET['page'] * MAX_DISPLAY_SEARCH_RESULTS_REPORTS - MAX_DISPLAY_SEARCH_RESULTS_REPORTS;
// The following OLD query only considers the "products_ordered" value from the products table.
// Thus this older query is somewhat deprecated
$products_query_raw = "select p.products_id, p.products_ordered, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . $_SESSION['languages_id']. "' and p.products_ordered > 0 group by pd.products_id order by p.products_ordered DESC, pd.products_name";
// The following OLD query only considers the "products_ordered" value from the products table.
// Thus this older query is somewhat deprecated
$products_query_raw = "select p.products_id, p.products_ordered, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . $_SESSION['languages_id']. "' and p.products_ordered > 0 group by pd.products_id order by p.products_ordered DESC, pd.products_name";
AFTER:
if (isset($_GET['page']) && ($_GET['page'] > 1)) $rows = $_GET['page'] * MAX_DISPLAY_SEARCH_RESULTS_REPORTS - MAX_DISPLAY_SEARCH_RESULTS_REPORTS;
//11/03/06 21:40 damonp add search
if($_GET['search'] != '') {
$db_search = "AND (pd.products_id = '".$_GET['search']."' OR pd.products_name LIKE '%".$_GET['search']."%')";
}
// The following OLD query only considers the "products_ordered" value from the products table.
// Thus this older query is somewhat deprecated
$products_query_raw = "select p.products_id, p.products_ordered, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . $_SESSION['languages_id']. "' and p.products_ordered > 0 $db_search group by pd.products_id order by p.products_ordered DESC, pd.products_name";
//11/03/06 21:40 damonp add search
if($_GET['search'] != '') {
$db_search = "AND (pd.products_id = '".$_GET['search']."' OR pd.products_name LIKE '%".$_GET['search']."%')";
}
// The following OLD query only considers the "products_ordered" value from the products table.
// Thus this older query is somewhat deprecated
$products_query_raw = "select p.products_id, p.products_ordered, pd.products_name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where pd.products_id = p.products_id and pd.language_id = '" . $_SESSION['languages_id']. "' and p.products_ordered > 0 $db_search group by pd.products_id order by p.products_ordered DESC, pd.products_name";
This simple mod will search the products_id and products_name fields. Adding a search to the other reports is similar. One only needs to adjust the query to match the applicable fields for the report.
Popularity: 1%
{ 0 comments }
