Fixing Zen Cart’s Tax Miscalculation When Using a Coupon

I was recently alerted to an error in Zen Cart by a client where the tax was being miscalculated when using a coupon. Here’s the fix.

Around line 240 in /store/includes/modules/order_total/ot_coupon.php

Remove these lines:

//$od_amount[$tax_desc] += (($products[$j]['final_price'] * $products[$j]['quantity']) * $tax_rate)/100 * $ratio;
//$od_amount[$tax_desc] += round(((($products[$j]['final_price'] * $products[$j]['quantity']) * $tax_rate) + .5)/100 * $ratio, 2);

Replace with this:

//hack by Cameron P. to fix the coupon tax errors.
//for some reason the tax was off by the number of products in the cart times the tax (not quantity)
$od_amount[$tax_desc] += round(((($products[$j]['final_price'] * $products[$j]['quantity']) * $tax_rate) )/(100*sizeof($products)) * $ratio, 3);

I did a few things here:
* The tax was off by the tax total times the number of products in the cart (independent of quantity), so that’s why the sizeof() bit is in there
* Removed the + 0.5 addition to the total. Why that’s even in there to begin with, I don’t know. It was making some of my totals come out wrong by a few cents here and there. The new equation seems to work better without it.
* Extended the price to three significant figures. Probably not 100% necessary, but it seemed to help fix some of the issues where the total was off by a penny or two.

    Hope this helps!

    Clean file names using PHP preg_replace

    It’s always a good idea to protect yourself from all sorts of possible malicious attempts by users (or even mistakes by misinformed users). Here we look at taking a string of text (a filename) containing characters that are generally speaking unsafe.

    Here’s a simple way to clean-up filenames (or other text input) using PHP – leaving only alphanumeric characters, dashes, underscores, and periods. I’m not great with regular expressions, but it seems one should be able to use preg_replace() to replace every character that’s *not* within a defined range… but that’s not really the case

    I don’t want to assume too much, but it seems like /(![[:alnum:]_.-]*)/ should match all the baddies in the string. It doesn’t. The solution, rather, is to find all the baddies by replacing all the OK characters into a temporary variable that can be used to strip them from your string.


    $fname="Filename 123;".'"'."lal[a]*(/.jpg"; //yikes!
    $replace=""; //what you want to replace the bad characters with
    $pattern="/([[:alnum:]_.-]*)/"; //basically all the filename-safe characters
    $bad_chars=preg_replace($pattern,$replace,$fname); //leaves only the "bad" characters
    $bad_arr=str_split($bad_chars); //split them up into an array for the str_replace() func.
    $fname=str_replace($bad_arr,$replace,$fname); replace all instances of the bad chars with the replacement
    echo $fname; //just echo the name for your satisfaction

    Or just simply

    $fname="Filename 123;".'"'."lal[a]*(/.jpg";
    $replace="_";
    $pattern="/([[:alnum:]_.-]*)/";
    $fname=str_replace(str_split(preg_replace($pattern,$replace,$fname)),$replace,$fname);

    Conclusion:
    Though it might not seem like a big deal to replace spaces and the like with underscores, consider the possibility of a user injecting code and commands, that when the string is used in the right context, can compromise your site and its data:


    $fname="' OR super_top_secret=1;";
    $result=mysql_query("SELECT * FROM files where fname='$fname' LIMIT 1");

    And with that a malicious filename allows all of our top secret files to be visible when it should have only been just one. Granted, we should escape anything that goes into the DB query, but as far as I know, it is possible to upload a file with that exact name (or change the name if the online app allows it). So for now, we’ll just restrict it to only characters that play nice with the web server.

    Amberjack Media, RevealCMS

    It’s official – I’m now Amberjack Media (amberjackmedia.com). The papers from the city just arrived, but the process with officially registering the DBA with the county is not yet complete.

    I have the domain, but it’s not yet set-up with any hosting space just yet.

    On another note, I’ve named the CMS i’m working on: RevealCMS. Development has been really slow as of late due to long work hours (contract developer) and trying to balance a social life with web dev and learning how to trade the stock market. It’s a full plate… I know!

    I hope to have a demo of the CMS running a live site within the next couple months. The one I have in mind doesn’t have a huge amount of traffic, but it does get roughly 30k hits/month. I’ve spent a lot of time making sure the code is pretty optimized so we don’t have to worry about a lot of overhead spent going back and forth with the database or file I/O. Reveal will also have a caching system built-in, though it won’t be very mature in the initial release. I think one of the best features for developers is simple add-on development: plugins, page modules, and site-wide templates.

    Cool Exposé trick in Mac OS X

    When pressing F10 (or Ctrl-F10) to show a program’s open windows, you can press Cmd-Tab to cycle through all running apps, showing the icons across the screen as the normal Cmd-Tab does. You can also scroll through running apps in Exposé by pressing Cmd-` (back tick), but without the icons. Apparently this will also switch you from all windows Exposé to only one app at a time (the F10 effect).

    __CMS milestone

    I still haven’t decided on a name for my CMS, though I have a couple of good ideas that I’m going to think about in the next couple days/weeks. On the same note I’m also considering a name for my company. My First/Last name works well enough, but I’d like something a bit more formal sounding, and since my San Diego business tax is going to be due soon, now is a good time to decide on something official.

    On to the milestone: The CMS is finally at a point where the content management works all on its own. New pages and content can all be edited/added/deleted from within the CMS itself. There are still several major things required on the backend, but a significant number of those items should take a very small amount of time to fix/implement (for example, only displaying navigation links to pages a user has privileges for).
    Continue reading “__CMS milestone”

    My company name?

    Now that I’m officially an independent contractor/developer, I thought it would be good to have a company name – something that sounds like a good Web 2.0 outfit. Likewise my CMS will need one as well, though I already have a few ideas…

    If you have a good idea, let me know. If I like it enough I’ll do something nice for you.

    Drop me a line!

    Smart template plugins with Smarty

    Smarty is becoming more and more popular in the PHP community lately, especially as developers are moving away from mixing business and display logic in the same scripts and towards a cleaner MVC design pattern implementations.

    If you’ve followed my blog for any amount of time, you’ll know that I’m currently working on my own CMS/Framework, to be completed hopefully in early 2007. I don’t know what it was – maybe procrastination – but something make me take a look back at my plugin implementation for the CMS.

    Previously I took a rather odd, round-about way of including custom functions and plugin templates into my main pages:
    Step 1: include the plugin template
    Step 2: The plugin template called the template FUNCTION
    Step 3: The function does a lot of business and assigns data to template variables
    Step 4: the rest of the template is rendered with the newly-found data from the function
    That’s a little too awkward, even for me!
    Continue reading “Smart template plugins with Smarty”

    I venture towards Ruby on Rails

    I now own my own Ruby on Rails book, a kind gift from my good friend Doug. I can’t get started on it right away due to certain looming deadlines called a content management system, written in PHP. I am, by the way, trying to come-up with name for it, if you have any ideas!

    A couple things I’ve thought about since receiving this book:
    1) The RoR people have it pretty good – the framework has already been built and pretty much standardized.
    2) The PHP folks have a really strong, broad community, but it’s too bad there is no de-facto framework like Rails.
    3) I’m still going to keep PHP as my primary language for some time, as I don’t see widespread RoR adoption in the near future. This is usually due to shared hosting being a couple years behind on their software updates. I’d like any software I plan on distributing needs to meet the lowest common denominator (at this point I’m pretty sure PHP5 adoption is still beyond RoR adoption rates)
    4) I’m actually kinda excited to see what this stuff is all about. Now that I’m a professional developer I better start acting like one, right? I think it’ll be fun to give the “other side” a try!

    And with this post, a new blog tag: RubyOnRails.

    I never finish anyth

    One of the latest tees from ThinkGeek is probably one of my favorites so far. White text on a black shirt says “I Never Finish Anyth”. Product page can be found here.

    You gotta admit this is pretty funny – especially if you’re somebody like me with a lot of interests, but never the time to dedicate enough energy to all of them. Well, usually in hobby land, at least. Work is another story.

    Hey there! Come check out all-new content at my new mistercameron.com!