Hi,

I have made two simple add-ons which Zen Cart site owners may find useful. Anyone interested, please reply to the thread and I'll give instructions. To see the forms live, see viaterra.net/store (almost finished).

1/ "your opinion" sidebox
It's a simple sidebox with a few pull-down menus and a submit button that feeds a MySQL database : see on the right column "your opinion". It allows my visitors to answer just what I want to know in just a few clicks. I think it's better than a long, off-site survey.

2/ "empty cart" feedback form
I also made a form so users can provide feedback when they empty the shopping cart. Try adding an article, and the remove it from the cart to get to the form. In this case, the data is sent to me by email.

I haven't posted a proper Module because :
- I created the MySQL database manually, and I am not good enough with SQL scripting
- each ecommerce site owner may want to customize the forms so suit his/her own needs

Regards,

Denis

Hi

I think both are great and I filled in the opinion side box.

I'd be really interested in these but totally clueless how to even start.

__________________

www.pupsandpets.co.uk

Details of how you achieved above would be great

__________________

and
Unusual and Special Gifts

Here's how I did it in 5 steps :

1- install a blank additional sidebox
http://www.zen-cart.com/index.php?ma...roducts_id=174

2- customize and add the following content to define_editable_sidebox_content.php
(or whatever you renamed it to)

<script type="text/javascript">
function clearText(thefield){
if (thefield.defaultValue==thefield.value)
thefield.value = ""
}
</script>
<!-------------begin form------------>
<div style="text-align: center;">
<FORM ACTION="http://<yourdomain.com/path>/surveyform.php" METHOD="POST" NAME="survey">
<select name="navigation" size="1" id="navigation" style="width:130px; color: #a9d8fa; background-color: #0e4b8d;">
<option value="">navigation :</option>
<option>1 - super easy</option>
<option>2 - no problem</option>
<option>3 - fonts too small</option>
<option>4 - too cluttered</option>
<option>5 - confusing</option>
</select><br>
<select name="colours" size="1" id="colours" style="width:130px; color: #a9d8fa; background-color: #0e4b8d;">
<option value="">colours :</option>
<option>1 - really cool</option>
<option>2 - just fine</option>
<option>3 - nothing special</option>
<option>4 - too dark</option>
<option>5 - blue is no good</option>
</select><br>
<select name="products" size="1" id="products" style="width:130px; color: #a9d8fa; background-color: #0e4b8d;">
<option value="">products :</option>
<option>1 - good choice & prices</option>
<option>2 - not enough options</option>
<option>3 - too many options</option>
<option>4 - too expensive</option>
<option>5 - not what I want</option>
</select><br>
<input type="text" style="width:125px; height:14px; background: #AFD3E0;" value="write suggestions" name="comments" id="comments "maxlength="50" onfocus="clearText(this);"><br>
<input type="submit" value="Submit" name="Submit" style="border: 2px outset #d7b9c9; background: #AFD3E0;" title="Only 1 submission allowed per visitor. Please use the contact form if you need to write more.">

</FORM>
</div>
<!-------------end form------------>

3- Create a database (refer to instructions of your hosting service) and name it storesurvey. In this database, create a table called user_data. Create the fields : customer_id, user_agent, navigation, colours, products, comments, date. Set the field customer_id to primary (that means the value, here the IP address, must be unique, and it prevents the same customer using the form more than once). All fields are type varchar except date which is ... date

4- create and save the file<yourdomain.com/path>/surveyform.php with the following content

<?php
$con = mysql_connect("localhost","DB_username","DB_passwo rd"); //MySQL DB Username and Password as defined when creating the DB
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("storesurvey", $con); //Replace with your MySQL DB Name
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$navigation=mysql_real_escape_string($_POST['navigation']);
$colours=mysql_real_escape_string($_POST['colours']);
$products=mysql_real_escape_string($_POST['products']);
$comments=mysql_real_escape_string($_POST['comments']);
$timeStamp=date("y.m.d");
$sql="INSERT INTO user_data (customer_id,user_agent,navigation,colours,product s,comments,date) VALUES ('$ip','$agent','$navigation','$colours','$product s','$comments','$timeStamp')"; //user_data is the name of the MySQL table where the form data will be saved.

if (!mysql_query($sql,$con)) {
// die('Error: ' . mysql_error());
die(header("Location: index.php"));
}
// the 3 lines above define what happens when there's an error, such as when a user submits twice the form, in this case, simply reload the homepage. You could also customize an error page.
mysql_close($con);
header("Location: index.php?main_page=contact_us&action=success");
// this line sends the user to the default "thank you for your submission" page
?>

5- test your form. While testing you may want to swap commented lines
die('Error: ' . mysql_error());
// die(header("Location: index.php"));
so that you can spot the error if any.


I know it's very "manual" procedure and anyone with a better knowledge of SQL could easily write a script to create the DB. One could also make a Zen Cart module, but there's so much customizing according to each store owner's needs that I am not sure it would be easy to make something generic enough. Let me know if you encounter any problem (note that I won't be able to help with queries related to DB creation since that depends on your hosting service).

Denis

Useful resources :
http://dev.mysql.com/doc/
http://es2.php.net/
your own hosting service help files

Thank you very much for taking time to post details..

For anyone who does not feel able to create from your
instructions, can always use following mod from zencart forums
i.e.
http://www.zen-cart.com/index.php?ma...roducts_id=875
which goes with free account from
http://www.surveymonkey.com/Default.aspx

__________________

and
Unusual and Special Gifts

1- edit the file includes/languages/english/shopping_cart.php
and customize to your own taste the section below

define('TEXT_CART_EMPTY', '<strong>You have emptied your Shopping Cart.</strong><br /><br />
If you did not find the right article or if something made you change your mind, <br />please let us know by filling in the form below :<br /><br /><form action="http://<yourdomain.com>/cgi-bin/cgiemail/wwwdev/mymailtemplate/mailtempl2.txt" METHOD="POST" NAME="emptycart">
<input type="checkbox" name="testing" value="yes">&nbsp;I was just browsing and checking the shop
<br>
<input type="checkbox" name="product" value="yes">&nbsp;Products are not what I want after all
<br>
<input type="checkbox" name="price" value="yes">&nbsp;Prices are too high
<br>
<input type="checkbox" name="payment" value="yes">&nbsp;Payment modes are not suitable
<br>
<input type="checkbox" name="shipping" value="yes">&nbsp;Shipping costs are too high
<br><br>Other reasons / additional comments :<br>
<textarea name="emptycartmessage" rows="10" style="background: #AFD3E0; width:400px;" value="" id="emptycartmessage"></textarea><br>
<br>
You can provide your e-mail address if you expect a response to your feedback :<br>
<input name="email" style="width:165px; height:14px; background: #AFD3E0;"><br><br>
<input name="Submit" type="submit" value="SEND" style="border: 2px outset #d7b9c9; background: #AFD3E0;" title="">

<INPUT TYPE="hidden" NAME="success" VALUE="http://viaterra.net/store/index.php?main_page=contact_us&action=success">
</form>');

2- create and customize the mail template file mailtempl2.txt
which you save in <yourdomain.com>/cgi-bin/cgiemail/wwwdev/mymailtemplate/ (path may depend on your hosting service)

To: youremail@yourdomain.com
Subject: empty cart feedback

was just browsing and checking the shop = [testing]
Products are not what I want after all = [product]
Prices are too high = [price]
Payment modes are not suitable = [payment]
Shipping costs are too high = [shipping]
additional comments = [emptycartmessage]
email address = [email]
IP = [$REMOTE_ADDR]
Agent = [$HTTP_USER_AGENT]

3- test your form : add an item to your cart, remove it, fill in the form and check your email

Any questions, let me know.
Denis

Useful resources :
http://web.mit.edu/wwwdev/cgiemail/user.html

I had indeed considered this option. Just creating a small survey is simple enough. However, this solution sends the user off-site and because of the additional pages and additional clicks, in my opinion a customer might not bother. I think I spent less time putting together my little solution, than I would have spend with surveymonkey to customize the colour theme so it integrates with my site.

Denis

Oooooops,

I actually installed the "editable sidebox", not the "blank sidebox" module.
So step 1 is not correct.

should read :

1- install "editable sidebox"

http://www.zen-cart.com/index.php?ma...roducts_id=686


Sorry about that.

Denis

Thanks for posting correction...would make big difference
to coding...
As matter of interest, how/where are results viewed?

__________________

and
Unusual and Special Gifts

hi Dezina,

the rest of the coding is correct, it just applies to the "editable sidebox" mod and not to the "blank sidebox".

Results can be read in the MySQL database, but only manually (I am not good enough to write some code to make it easier). I just connect to PhPmyAdmin once in a while and browse the table.

Denis

you're having lots of problems with your site denis. The template is broken showing some kind of hot-linking image everywhere.

Anyways to comment on your code you should filter everything that comes in. When you are using a ready ecommerce package oscommerce, zen etc, there are built-in functions that can filter the queries properly. You don't want to have your forms unprotected and blindly insert stuff in the database now, do you?

__________________
Professional E-Commerce Integration and Services. PM for details or visit
Asymmetric Software

I did configure .htaccess to prevent my photos being used outside my site, and I am surprised it interferes with the store in that way for a few people.

You are the second person out of a few 100s who looked at my store so far to mention this problem. Everyone else has no such problem. Are you viewing the site within an external frame ? are you using an antivirus software (I read that might be one cause) ? Please try again, the other one person who experienced the same said he could not reproduce the problem.

The database fed by my "your opinion" form is separate from the Zen Cart database so there are no risks for the store data. But you are right, I should set up a filter so that only text is accepted. Do you know who to do that ?

Thank,

Denis

No I am not using anything out of the ordinary. I used Firefox and opened a new window. I understand what you're doing you're checking the referrer field to see if it contains the site. The problem with the referrer is that it can be altered in anyway the client wants. It is not something to rely upon. Also spiders do not set the referrer for pages typically. Here is an example from the google cache:

http://209.85.229.132/search?q=cache...gl=uk&ie=UTF-8

on how one of your pages looks so they must be quite a few that see the site like this. When you open a new browser window by default the referrer is blank/empty. I also block the referrer and UA when I surf. UA is blocked because I don't want the server to know the version of browser I use (obviously by having the real UA exposed you have a risk surfing as the server may know a weakness of the browser version and attempt to exploit it). I also block the referrer because I do not want you, or anyone else to know where I come from or where I go to. Scripts, Cookies are typically blocked unless I trust the site.

If you want to protect your images my suggestion is to use a watermark. There are addons at least for osc that I know of and presumably for zen too that do just that.

Another method is cold-linking where the images are located outside the web-space then you have a php script that analyzes the request and if it is acceptable it presents the right thumbnail by loading and resizing the image. It is more advanced and there is no way the original can be accessed via the web directly and can be used in conjunction with watermarks. You can identify the ISP from the IP and act accordingly. For instance IPs coming from hosts or sites are highly questionable for hotlinking. So watermarks can protect your images, cold-linking can preserve your server's bandwidth.

I believe zen has the zen_db_prepare_input and zen_db_input functions while osc has the tep_db_prepare_input and tep_db_input functions to filter the data before inserting them in the database or send them back to the client. If you expect an integer just the (int) cast should do but to insert strings the pair of functions mentioned should take place. The first of the pair should take care against data filtering the 2nd should take care against db injections (it includes the mysql_real_escape_string).

__________________
Professional E-Commerce Integration and Services. PM for details or visit
Asymmetric Software

Thanks enigma1 for your comments.

I think only people with technical knowledge, and only a few set their browser the way you do. There are however more people who display my images in their blogs.

I did not know about the solution called "cold-linking". It does sound much better than looking at the referrer with htaccess and I will look into that.

I don't think I will use the zen_db_prepare_input and zen_db_input functions to filter the form data. My idea is to come up with a form which is useful not only for stores but for any other site as well.

I found this page about filtering :
http://myphpform.com/validating-forms.php
and I'll try to adapt it to my needs.

Thanks again for your help.

Denis

Hi all,

improvements on my earlier code submissions on the way. For the "your opinion" form, I am working on an alternative to the database which is writing into a csv file.

enigma1, could you tell me about any possible security issues with the following code ?

<?php

/* Prevent duplicate submissions */
if (isset($_COOKIE['FormSubmitted']))
{
die(header("Location: index.php"));
}
$ip = $_SERVER['REMOTE_ADDR'];
$agent = $_SERVER['HTTP_USER_AGENT'];
$navigation = $_POST['navigation'];
$colours = $_POST['colours'];
$products = $_POST['products'];
$comments = stripslashes($_POST['comments']);
$comments = htmlspecialchars($comments);
$timeStamp=date("y.m.d");

$csv_file = 'survey_results.csv';
if (is_writable($csv_file)) {
if (!$csv_handle = fopen($csv_file,'a')) {
// this line is for troubleshooting
// echo "<p>Cannot open file $csv_file</p>";
exit;
}
}

$csv_item = "\"$ip\",\"$agent\",\"$navigation\",\"$colours\",\ "$products\",\"$comments\",\"$timeStamp\"\n";

if (is_writable($csv_file)) {
if (fwrite($csv_handle, $csv_item) === FALSE) {
// this line is for troubleshooting
// echo "Cannot write to file";
exit; }
}
fclose($csv_handle);

/* Set a cookie to prevent duplicate submissions */
setcookie('FormSubmitted', '1');

// this line : uncomment if not troubleshooting
header("Location: index.php?main_page=contact_us&action=success");
?>

Permissions on the csv file are set to allow Group to write, but not World.

Thanks for advice,

Denis