I installed the cart yesterday on my site, and am in the middle of customizing it now. It just occurred to me that it may be challenging to find a way to fulfill one of my needs, but I'm hoping there's an easy answer:

When we need to send a replacement product for a customer, or to send free samples to retailers, or any other time we need to send a product without charging anybody, our old cart solution had a way to enter the order through a special admin page such that we simply supplied the quantity and shipping information. The inventory was automatically deducted and our distributor received it looking to them just like a regular order.

Is there a way to do this in SquirrelCart?

Thanks,
Marshall

Hi Marshall,

There is no way to do this in the cart. You might be able to send someone a link to order the item, and change the base price, like so:

http://YOURSITE.com/store.php?add_to_cart=1&prod_name=Free_Sample&base_price=0&quantity=1&show_cart=1&prod_rn=172

You would need to specify the item's record number at the end, after the "prod_rn=" part. If you charge shipping, you would probably also want to create a shipping rule that does not charge shipping for orders totaling 0 dollars.

Thanks,
Jamie

Hmmm...

Does that imply that a less-than-scrupulous shopper could visit a SquirrelCart and change the base price of any item by passing a special URL?

How does one secure against that?

Thanks,
Marshall

The way I would go about this... me being a 1 person business though... is not use Squirrelcart as an all in one program. It works great for what it does, but I do not use it for invoicing or to keep track of my inventory. I use quickbooks for that. If I was to send a packing slip to someone else (or an order with no charges) I would create an invoice in quickbooks.

Melissa

The way I would go about this... is not use Squirrelcart as an all in one program. It works great for what it does, but I do not use it for invoicing or to keep track of my inventory.

Yes, I think I'm going to have to modify my existing inventory control program to integrate with SquirrelCart. No big deal, but it would've been nice to avoid.

My biggest concern now, though, is the above post regarding how to make an item ship for free. Following similar directions, could a random shopper pass a special URL to receive products for free? If so, that's a major security concern. How is it addressed? It's enough of a problem that it will keep me from being able to use the cart. All of our systems are fully automated right now - there's no human check to verify that people are paying the right amounts because the system we use won't allow them to pay anything else. I don't want to have to introduce a human element both because of cost and because of the delay that it might create.

Hi,

Does that imply that a less-than-scrupulous shopper could visit a SquirrelCart and change the base price of any item by passing a special URL?


Normally, the cart has something in place that checks the referring page. If the referring page was not on your site, then you would get an error message. I just tested this, and came across a bug. We made a change to this functionality because sometimes when you are using a secure URL, a referrer isn't passed by your browser. As a result of this change, it seems as though the cart will now allow you to add via URL regardless of referring address. This will be fixed in the next version.

To apply a workaround so this does not happen on your site, open the file "squirrelcart/functions/check_referer.func" and change this line:

if(!$HTTP_REFERER) return 1;

to:

//if(!$HTTP_REFERER) return 1;

After you do this, please test and make sure you can still add to your cart. Then, try to add manually as I described by entering the appropriate URL, and you should get an access denied message.

Regarding inventory control, you can also manually adjust your inventory by changing the "number in stock" field for any given product.

Thanks,
Jamie

change this line: if(!$HTTP_REFERER) return 1; to: if(!$HTTP_REFERER) return 1;

Thanks for the reply. I've looked at those two lines until my eyes crossed, and can't spot the difference. Is the second one supposed to return 0?

And will this change break the cart for browsers that fail to pass a referrer?

Thanks,
Marshall

Hi Marshall,

:oops:

Check my example again. I fixed the second replacement line of code. Then change basically remarks out that line, via a PHP remark:

//


And will this change break the cart for browsers that fail to pass a referrer?

Yes, it will. This does not happen very often. I have seen it once in a while if you are adding to the cart from a page using SSL and have IE 6.0. Most people do not add to cart from a secure URL, so you should be OK. We will fix this in the future by storing the prior page in the SESSION variable. This should get around the problem.

Thanks,
Jamie