********************************************************************** Q-Shop: Version/Revision History (+): New feature or improvement (-): Bug fix All paths relative to shop root. ******************************************************************************************* v3.5.1 - 03/09/05 ----------------- - Corrected bug in details.asp when stock control was active an out of stock control message was displayed incorrectly as if there was not stock available. - Corrected bug in mail.asp which was displaying an error message even when the mail was sent successfully. - Fixed bug in inc/userlib.asp where clicking on the homepage link "(if you are not xxxx, click here)" would result in a runtime error. The link only appears on returning customers. - Fixed bug in admin/orderstatus.asp where the form was incorrectly submitting to orderstates.asp rather than orderstatus.asp. - Corrected minor problem in sitemap.asp causing a runtime error when a category was marked as having subcategories but didn't actually have any. - Updated procchkoutend.asp where links to external payment gateways weren't appearing. Improved messaging when an order would have a value of 0 because of a gift certificate and added code comments. - Fixed bug in inc/layoutlib.asp where the Criteria hidden input field in the quick serarch was missing causing a problem when searching for more than one word. - Fixed bugs in admin/manumgrcmd.asp and admin/catmgrcmd.asp that were not reloading the quick navigation drop-downs when modifying brands/manufacturers or categories. <<<<<<<<<<<<<<<<<<<<< + Modified seach.asp to set a default type of search (OR or AND) and to check it is valid, if not OR will be used (type is specified in the Criteria form field). + Modified inc/maillib.asp to a support character set setting in CDOSYS mails. + Added Option Explicit to sitemap.asp. + Added additional formatting to procchkout.asp and procchkoutend.asp. + Updated 2checkout integration to be compatible with version 2 (transitional). Updated transactions/2checkout/2checkout_link.asp and ext_confirmation_proc.asp. Added 2checkout_settings.asp and 2CO logos in transactions/2checkout. Added an icon rather than a link for payments and modified the text displayed to comply with new 2CO language guidelines. + Modified /ext_orderconfirmation.asp to support new 2checkout.com functionality. + Added inc/crypt/MD5.asp library to support MD5 checks on 2checkout.com return URL. + Updated manual to clarify 2checkout.asp integration configuration. + Added new functions to inc/errorlib.asp + Added sub Order_UpdateTransactionData to inc/catfunc.asp + Remove some redundant code in inc/carts.asp. v3.5 - 04/06/05 --------------- Note: Due to the high proportion of files that changed in this version we advise assuming all files have changed. - Moved database configuration from global.asa and inc/conx.asp to a new file inc/conn_config.asp so that there is a single configuration point. - Modified shopclosed.asp to link to shop.asp instead of default.htm and to pick up the logo from the settings. - Modified transactions/AuthorizeNet/author30.asp to correct a bug that was making preventing the detection of valid transactions. This was ocurring for all 3.0 revisions. - Modified transactions/authorizenet/author30.asp since when no CVV was provided a value was hardcoded. Since CVV is required by Authorize.Net it should fail the validation anyway so wouldn't have caused a problem. - Updated admin/secureconfigupdte.asp, admin/taxmgr.asp and admin/setcolour.asp so that the "Update secure domain settings" link is displayed when using a secure domain different to the normal one (when using a shared SSL certificate). - When a new user is created at order time the user discount is now set to 0. This wasn't created any problem. - Added additional logging and error handling in newuser.asp, procchkoutend.asp - Corrected error when a user typed an incorrect order id in My Account area. Modified inc/order.asp. - Modified ups/UPSfunctions.asp to correct a problem with tracking data. The old version was no longer working as expected. - Centralised most UPS configuration into inc/parameters.asp. Modified checkout.asp, forders.asp, procchkout.asp, inc/order.asp to use the configuration settings. + Re-labelled "My List" to "Wish List". Modified addtomylist.asp and renamed to addtowishlist.asp, cart.asp, checkout.asp, details.asp, help.asp, mylist.asp renamed to wishlist.asp, newuser.asp, inc/layoutlib.asp, inc/line.asp, inc/line_mult.asp, inc/userlib.asp, inc/parameters.asp, admin/usrmgr.asp. + Re-labelled Sections as Categories. Modified browse.asp, details.asp, help.asp, search.asp, shop.asp, showcat.asp, admin/admleft.asp, admin/catmgr.asp, admin/catmgrcmd.asp, admin/catmgrfrm.asp, admin/prodmgrcmd.asp, admin/prodmgrmenu.asp, admin/showcatlist.asp, admin/stocklist.asp, admin/updte_config.asp, admin/uploadfrm.asp, admin/addons/addon_reports.asp, admin/addons/reports_addon.asp, admin/inc/addcat.asp, admin/inc/addprod.asp, admin/inc/prodsections.asp, admin/inc/showcatdata.asp, admin/inc/showproddata.asp, admin/inc/showuserstats.asp, inc/header.asp, inc/updatelist.asp + Added parameter bShow_ShipAddressForm in inc/parameters.asp to control whether to show a shipment/delivery address. Also modified checkout.asp. + Added parameter bAllowAutoLogin in inc/parameters.asp to control whether to allow user auto-log in. Also modified checkout.asp, inc/userdata.asp, global.asa. + Removed option to display products front + back picture since the scrollable list offers better equivalent functionality. Modified details.asp, admin/inc/addprod.asp and admin/inc/showproddata.asp. + Updated ups/calcups.asp and inc/UPSfunctions to use the HTTP factory instead of AspTear directly to support MS XML as well as AspTear. MS XML 3.0 will now be the default option. + Modified inc/forders.asp to include UPS functions by default. Users upgrading from a previous version shouldn't need to update this. + Added javascript to disable submit button on the final checkout form to prevent it being pressed more than once. Modified procchkout.asp for this. + Modified inc/addons/content/clsProductList.asp to improve code comments (no functionality changes). + Added no cache options to admin/default.asp admin/admleft.htm + Added error display and logging routines to new file inc/errorlib.asp. Added reference to this file from inc/conx.asp + Modified layout of leftinc.asp. + Added new Site Map section. Added file: sitemap.asp and modified leftinc.asp. + Modified inc/updatemanulist.asp to label the brands/manufacturers drop-down in left-hand side menu as "Brands" rather than "Manufacturers". + Modified style.css and admin/style.css to support hidden elements in print styles and moved some styles into it. Modified checkout.asp, + Modified addtomylist.asp and mylist.asp for better/clearer messaging when adding products to My List. + Modified showcat.asp to add comments, change a link labels (show to view) and add option explicit to page. + Added Javascript error handling to provide alternative product image when it can't find the one defined in the database and some other minor improvements. Modified inc/line.asp, showcat.aspand and showbrands.asp. + Modified admin/execsql.asp to improve the error handling on failed queries. + Modified db_tools.asp to include login check. + Minor text changes, page title and formatting in fmail.asp. + Modified inc/maillib.asp and inc/cdoconstants.asp to move all CDO constants to inc/cdoconstants.asp. + Added an error logging library to write to disk errors with additional environmental information. Added inc/errorlib.asp. This file needs write permissions set on the temp folder. We recommend that you remove anonymous access from the temp folder. + Improved code in admin/inc/prodsections.asp to make it more robust. + Modified admin/inc/shopproddata.asp to include a link to the bottom of the page. + Modified global.asa to store the referrer URL parameter (ref) in session when present. + Improved SQL Injection parsing routine in inc/conx.asp + Improved SQL Injection prevention in admin/prodmgr.asp + Copied rndshqlogo95x22.gif to /admin/images from /images + Added Total Orders for user in order details page of control panel. Also changed the link from the user id to the user details since the previous orders are now linked from the total number field. + Added new checkout intermediate login page. Added checkout_login.asp. Modified checkout.asp, resetuser.asp, inc/getuserdata.asp, inc/carts.asp and head.inc. + Added new bUseSharedCert parameter in inc/parameters.asp to flag the use of a shared certificate. Modified inc/appdef.asp so that its execution depends on bUseSharedCert rather than including/exclucing the include file. Aslo wrapped the code into one sub. + Improvements to inc/catfunc.asp and moved code into functions from checkout.asp. Moved N_BILLINGSTATUS_NEWORDER and constant N_STATUS_NEWORDER to inc/parameters.asp. + Added parameter bStoreCCDetails to set whether to store Credit Card details in the database. Modified inc/catfunc.asp and inc/parameters.asp. + Improvements to code in inc/updatelist.asp and inc/updatemanulist.asp. + Added an option to browse root sections accessible from the "Sections" link on the left-hand side menu. Modified leftinc.asp and showcat.asp. + Modified welcome message in shop.asp and added option explicit. + Modified inc/show_featured.asp to dim all variables. + Modified default.asp to do a permanent 301 redirect for search engines. + Added robots.txt to direct search engines not to spider personalised pages or without relevant content like add to wish list, checkout pages, cart, etc. + Improvements to admin/usrmgr.asp, admin/inc/showuserdata.asp and admin/inc/edituserdata.asp + Improvements to getpwd.asp + Modified admin/updte_config.asp so that \ or / is added when not included at the end of the shop URL, secure URL or temp path setting. + Featured products displayed in home page can be configured to have an "Add to cart" button. Products with options had variable width, which could break the layout of the page. Default is no button. Added parameter EnFeatCartAdd in inc/parameters.asp, updated admin/updte_config.asp and added new entry to Config_Table in DB: FieldName Content Type OrderNumber --------------- ------- ------- ----------- EnFeatCartAdd 0 0 8 + Modified transactions/worldpay/resultC.asp and resultY.asp so that the return URL includes the correct domain by picking it up from the shop settings. + Modified transactions/payflowlink/payflow_link.asp to use a new URL as required by Verisign Payflow Link. + Added new file inc/layoulib.asp for layout functions. + Added bread crumb style navigation for navigating sections. Modified browse.asp and showcat.asp. Additional functions added to inc/layout.asp. + Modified inc/errorlib.asp to rely on the style sheet to format error messages displayed using errorlib. + Updated inc/updatelist.asp and inc/updatemanulist.asp for better code encapsulation. + Improved the browsing paging number display. Updated browse.asp and search.asp. + Integrated management of My List into the mylist.asp page rather than separate pages. Updated mylist.asp and inc/line.asp, deleted userfavs.asp and inc/favlist.asp. + Modified inc/maillib.asp to dim undimmed variables. + Modified inc/mailorder.asp so that passwords are not sent by default to customers in order confirmations. + Added About Us page that needs to be personalised with your own information. Added about.asp. + Created new parameter in parameters.asp called shop_NotAvailImg to store the parameter NotAvailImg from the Application object. Modified inc/parameters, modline.asp and inc/line.asp. + Added onerror handling for images in modline.asp so that an alternative image is loaded if the image path is incorrect as in inc/line.asp. Modified modline.asp. + Modified imagezoom.asp for automatic resizing to fit the picture. + Improved layout and display of complementary products to make it clearer to customers. + Added tax support for new EU countries. Modified inc/taxes.asp. + Renamed labels for order state to order status in Control Panel. Renamed admin/orderstates.asp to orderstatus.asp and modified it. Modified admin/admleft.asp, ordermsgs.asp + Updated text in Order Billing Status page in Control Panel. Updated admin/billingstatus.asp. + Added support for generic definition of meta tags. Added the following parameters in inc/parameters.asp: shop_MetaKeywords, shop_MetaDescription, shop_shop_CharSet. Modified inc/layoutlib.asp and modified ALL .asp root files, admin/updte_config.asp. Modified table Products to add fields: Field Name Type --------------- ---------------------- MetaKeywords text(255)/nvarchar(255) MetaDescription text(255)/nvarchar(255) Modified browse.asp, admin/prodmgrcmd.asp, admin/inc/addprod.asp, admin/inc/showproddata.asp Added new settings to table Config_Table: FieldName Content Type OrderNumber --------------- --------------- ------- ----------- MetaKeywords 0 20 MetaDescription 0 21 CharSet ISO-8859-1 0 22 ShowNew 1 + Added new fields to Products table: Field Name Type Default Notes --------------- ----------- ------------------- ----------------------- DateAdded Date/Time Date()/GETDATE() Indexed with duplicates DateUpdated Date/Time Date()/GETDATE() Indexed with duplicates Modified admin/prodmgrcmd.asp to update these fields. + Completely changed look. Changed some labels and text and improved layout: Added: inc/layoutlib.asp, inc/footer.asp, inc/header.asp, inc/footer.asp, folder themes and all its subfolders. Deleted: /style.css (now in the themes folders), leftinc.asp, foot.inc, head.inc, reset.asp, admin/colourpicker.asp Modified: style.css, global.asa, ALL .asp files in the root folder except: default.asp and return.asp. inc/show_featured.asp, inc/addons/content/clsProductTable.asp, inc/line.asp, inc/pricesearch.asp, inc/userlogin.asp, inc/addons/addon_API.asp, inc/addons/reviews/clsReviewUI.asp, inc/addons/reviews/clsReviewMgrUI.asp, inc/catfunc.asp inc/favlist.asp, inc/userdata.asp, inc/orderlist.asp, inc/order.asp, inc/showorders.asp, inc/mailorder.asp, inc/parameters.asp (removed color codes), inc/invoicecart.asp, inc/updatelist.asp, inc/updatemanulist.asp, inc/catfunc.asp, inc/resetuser.asp, inc/addons/reviews/clsReviewUI.asp admin/*.asp and admin/inc/*.asp global.asa Moved yell_point.gif and int.gif from /images to /admin/images. Modified admin/admleft.asp, admin/loginform.asp to access images from /admin/images and files changed from .htm to .asp. Created admin/inc/footer.asp and modified all admin/*.asp files to include a reference to it. Deleted unsed images in /images and moved others to the themes folders. Renamed and added security to xtractorders.htm to xtractordersfrm.asp, upload.htm to uploadfrm.asp, manumgr.htm to manumgfrm.asp, reports.htm to reportsfrm.asp, users.htm to usersfrm.asp, stockmgr.htm to stockmgr.asp, addons_reports.htm to addons_reports.asp Modified in /admin: catmgr.asp, catmgrcmd.asp, manumgr.asp, manumgrcmd.asp, usrfrm.asp, admmain.asp, inc/footer addons/reports_addon.asp, addons/prodlist_addon.asp, addons/prodlistmgr_addon.asp, addons/reviewmgr.asp, addons/reviewmgrmenu.asp, updte_config.asp, inc/showproddata.asp Added: admin/inc/addons_footer.asp. Deleted table ColourDefinitions. Added new parameters in inc/parameters.asp, updated admin/updte_config.asp and added new entries to Config_Table in DB: FieldName Content Type OrderNumber --------------- ------- ------- ----------- Theme default 6 5 DisplayThemeBox 1 6 6 TabControl 0 6 1 transactions\paybox\root files\pb_refuse.asp and pb_annule.asp + Added Tabs table to support new custom tab navigation: Field Name Type Default Notes --------------- ----------------------- --------------- ------------- TabID text(50)/varchar(50) n/a Primary key Name text(50)/varchar(50) n/a URL text(255)/varchar(255) n/a Show number-byte/tinyint 1 0: No, 1: Yes SortOrder number-integer/smallint 10 Indexed Added data to Tabs: TabID Name URL Show SortOrder --------------- --------------- ----------------------- ------- --------- home Home shop.asp 1 1 products Products showcat.asp 1 2 offers Sale! browse.asp?cat=ofer 1 3 featured Featured browse.asp?cat=feat 1 3 cart Cart cart.asp 0 4 search Search fsearch.asp 1 5 myaccount My Account users.asp 1 6 Add-ons / Pro Version: + Added "Packing slip" template for orders. Linked from order details. Added admin/addons/packingslip.asp, admin/addons/inc/packing_cart.asp and modified admin/vieworder.asp. + Added parameter IsProVersion in inc/parameters.asp + Modified shop.asp, details.asp to call Add-on functions only if IsProVersion is True. + Addon_API.asp no longer has shell functions/subs for lite version since this is now controlled using IsProVersion. + Modified inc/addons/content/clsProductList.asp to dim all variables. + Added support for gift certificates. Updated: inc/addons/addon_API.asp, checkout.asp, procchkout.asp, procchkoutend.asp, forders.asp, inc/order.asp, inc/catfnc.asp, inc/carts.asp, leftinc.asp admin/default.asp, inc/invoicecart.asp, invoice.asp, admin/vieworder.asp, admin/inc/showorder.asp. Added: inc/addons/giftcert/clsGiftCertificate.asp, inc/addons/giftcert/ clsGiftCertificateUI.asp, inc/addons/giftcert/test_GiftCert.asp, admin/admleft, admin/addons/giftcert_list.asp, admin/addons/giftcert_view.asp, admin/addons/giftcert_find.asp Modified Orders table: Field Name Type Default Notes --------------- ----------------------- --------------- ------------- GiftCertClaimCode text(50)/nvarchar(50) NULL Indexed GiftCertAmount Number-Double/money 0 Added GiftCertificates table: Field Name Type Default Notes --------------- ----------------------- --------------- ------------- Id Autonumber/int identity Primary Key ClaimCode text(50)/nvarchar(50) Indexed IssueDate datetime/datetime ExpiryDate datetime/datetime Amount number-double/money 0 AmountRemaining number-double/money 0 OrderId number-longinteger/int 0 Indexed UserId text(20)/nvarchar(20) Indexed ToName text(100)/nvarchar(100) ToEmail text(100)/nvarchar(100) FromName text(100)/nvarchar(100) FromEmail text(100)/nvarchar(100) RecipientUserId text(50)/nvarchar(50) Indexed Authorized yes-no/bit 0 Message text(255)/nvarchar(255) + Added the following parameters in inc/parameters.asp: GiftCertEnabled, GiftCertPreAuth, GiftCertMin, GiftCertMax and GiftCertExpMon. + Added the following parameters in Config_Table to configure gift certificates: FieldName Content Type OrderNumber ----------------------- ------- ------- ----------- GiftCertEnabled 1 3 10 GiftCertPreAuth 0 3 11 GiftCertMin 10 3 15 GiftCertMax 100 3 16 GiftCertExpMon 12 3 17 + Modified admin/updte_config.asp to support the new gift cert configuration parameters in Config_Table. + Deleted: admin/admleft.htm (replaced by admleft.asp) + Updated the procchkoutend.asp so that no external payment or link is processed when the total order is 0. + Added Special Offers table to the home page. Added file in/addons/content/ clsProductTable.asp and updated inc/addons/addon_API.asp. Added new parameter to Config_Table: FieldName Content Type OrderNumber ----------------------- ------- ------- ----------- ShowOffers 1 3 4 + Related products in cart are now shown as a table with pictures with Pro version. Modified cart.asp and updated inc/addons/addon_API.asp Upgrade scripts: + Added new SQL Server upgrade scripts for easier upgrade of SQL Server installations. + Added new Access queries to upgrade database in Access databases. v3.0 Rev D - 01/06/04 --------------------- - Corrected bug in browse.asp when listing by manufacturer. The listing wasn't populating the CatID field causing an error message when adding to the cart directly from the listing page. - Corrected debug error in procchoutend.asp where a debug setting was left on: bTestMode = True v3.0 Rev C - 27/03/04 --------------------- + Added printable version for product details. Modified details.asp, inc/catfunc.asp and images/printer.gif. + Added bookmark link in produdct details. Modified details.asp and added images/bookmark.gif. + Changed Paypal Pay now button with a larger one. + Added option to send emails in plain text format (now the default). Added inc/textlib.asp. Modified procchkoutend.asp, inc/mailorder.asp, inc/carts.asp, inc/parameters.asp (added param sMailFormat). + Enhaced functionality of mailing tool: optional HTML messages when using CDOSYS and option to send a test message to the shop admin only as test instead of all opted-in users. Modified admin/mailing.asp, admin/mailingview.asp, admin/mailingsend.asp, inc/maillib.asp. - Corrected bug in inc/conx.asp that preventing the Access database compact tool from working. - Corrected bug in the control panel's product list when listing hidden or on sale products where the filtering was lost when moving to another page. Products in multiple categories won't appear several times in the hidden and offer listings anynore. Modified admin/showprods.asp. - Fixed problem in Rev B affecting addition to cart in details.asp. - Fixed problem checking whether a product was already in "My List" preventing a user from adding it to his/her list when another user already had it. Modified addtomylist.asp. - Fixed bug in user administration where an empty discount would not update the user discount. Modified admin/usrmgrcmd.asp. - Fixed problem with scrolling images when two products with both scrolling images were complementary and displayed on the same details page. Modified details.asp. v3.0 Rev B - 27/02/04 --------------------- - Modified admin/orders.asp to fix a problem with Status and Billing Status filter being lost when moving through different pages or sorting by any of the fields. Fixed problem with losing UserID filter when using the sorting function. - Modified browse.asp to correct a problem where products on sale with a price equal or less than 1 would not appear in the Offers page. - Modified search.asp to correct a bug where the category ID wasn't populated causing an error when adding the product to the cart from the results page. Also added check so that only one instance is displayed when a product belongs to more than one category. v3.0 Rev A - 21/02/04 --------------------- - Fixed bug in ouputfile.asp preventing the upload of files. See http://quadcomm.mykb.com/Article_69D5D.aspx. - Fixed bug in prochkoutend.asp so that, when enabled, the terms and condition check box will also be checked when selecting "Cash on delivery". - Fixed bug in inc/show_featured.asp whereby when a featured product was in more than ones category it would be displayed multiple times in the home page. - Fixed bug in browse.asp whereby when a featured product was in more than one category it would be displayed multiple times. - Fixed "Cannot call BinaryRead" problem uploading files when executing outputfile.asp. Changed file admin/security.asp. v3.0 - 16/02/04 --------------------- + Q-Shop now REQUIRES VBScript 5.0 or greater to support VBScript classes. + Added a script to check what components ae installed. Added manual/servercheck.asp. + Modified inc/conx.asp and inc/closeconx.asp to move opening and closing connection code into their own respective methods. + Modified inc/orderslist.asp for increased performance. + Deleted default.htm, left.htm and main.htm and created new default.asp that redirects to shop.asp. Shop.asp is now the home page without intermediate pages. - Modified admin/prodmgr.asp and admin/progmgrcmd.asp to correct error when using "Add another product" checkbox when adding a new product. + Added support to display terms and conditions during checkout. The user must accept them when display is enabled. Modified procchkout.asp, procchkoutend.ap, added terms.txt. + Added credit card encryption. Added inc/crypt/rc4.asp. Modified admin/vieworder.asp, inc/catfunc.asp. See migration script manual/update/Encrypt_CCDetails.asp required. (N)(NC) + Added en/decrypt tool to the admin site. Added admin/encrypt_tools.asp. (N) + Changed length of database field Orders.CCNumber to 40 characters and Orders.CCExpDate to 14 so that it can store encrypted data (double the size). - Corrected minor bug whereby when an error happened in procchkoutend.asp, it could be reported more than once in the page although it may not be the case. Err.Clear used after error reporting. Added extra flexibility in the display of error messages. + Modified procchkout.asp to use the system-defined color for the table displaying customer addresses. + Modified admin/showuserlist.asp so that searching users also includes the name. + Changed variable name lnComplimentary to lnComplementary, changed form name complimentary to complementary. Changed in files: admin/prodmgrcmd.asp, admin/inc/addprod.asp, admin/inc/showproddata.asp, admin/inc/field_size_constants.asp - Added response buffering to checkout.asp, corrects an HTTP headers error in sites with buffering disabled. - Modified details.asp so that when using a scrollable list of images for a product with only 1 image defined, the list doesn't display. Also, small layout change for the product options. + Modified admin/inc/addprod.asp and admin/inc/shoproddata.asp to display remaining characters available for product descriptions as users type in. + Modified admin/vieworder.asp to request confirmation before deleting an order in control panel. - Modified procchkout.asp to avoid an error when one of the state/province fields were removed and the customer didn't type anything in the remaining. + Modified transactions/authorizeNet/author30.asp and procchkout.asp to support Authorize.Net 3.1 including CVV verification and Transact-Secure authentication. Removed author.asp. - Modified procchkoutend.asp to not include author30.asp (Authorize.Net) by default. + Added PayPal IPN support. Added transactions/paypal/paypal_ipn.asp and transactions/paypal/paypal_settings.asp. Modified transactions/paypal/paypal_link to move the settings into a separate file. Added testipn.htm to test the IPN system. (N) + Added support for 2checkout.com payments. Added transactions/2checkout/2checkout_link.asp and transactions/2checkout/ext_confirmation_proc.asp. Modified ext_confirmation.asp to support 2checkout.com. (N) + Added support for Verisign Payflow Link. Added transactions/payflowlink/payflow_link.asp, transactions/payflowlink/payflow_link_callback.asp, transactions/payflowlink/PF_USR_cancel_msg.txt. (N) + Modified ext_orderconfirmation.asp to support Payflow Link. + Improved support of WorldPay. Modified worldpay_callback.asp and added wp_USER_cancel_msg.txt, resulC.asp and resultY.asp in /transactions/worldpay.asp. - Modified checkout.asp, procchkout.asp and procchkoutend.asp to always expire the HTML pages and avoid problems with caching. - Updated inc/updatelist.asp to prevent an error creating the section drop-down list when there are no sections in the database. + Modified users.asp, checkout.asp and inc/userlib.asp to add protection against SQL injection attacks. - Modified inc/userdata.asp to update session details when a user updates his/her personal details. - Modified inc/catfunc.asp to correct an incorrect query when the OrderID value can't be retrieved as it should in a normal installation. + Modified admin/outputfile.asp to limit the file extensions that can be uploaded. + Modified admin/prodmgr.asp and admin/showprods.asp to add new product listing options: hidden and special offers. - Updated head.inc to Dim variable strNav and cart.asp to avoid dimensioning it again. + Updated admin/execsql.asp to increase the size of the query box. + Added new manufacturer options: (NC) - New files: showbrands.asp, admin/inc/manu_size_constants.asp (N) - Updated files: leftinc.asp, admin/manumgr.asp, admin/manumgrcmd.asp, admin/inc/showmanudata.asp, admin/inc/addmanu.asp, admin/upload.htm. - Updated table Manufacturer with new fields (see manual for scripts): (N) - Thumbnail: Access text(50), SQL Server nvarchar(50) - Description: Access text(255), SQL Server nvarchar(255) - Modifed users.asp to correct a couple of messages, and add OPTION EXPLICIT. + Modified mail.asp to avoid a problem where when a user typed an invalid email the notification mail would not be sent to the shop admin in the feedback form. This corrects a problem with CDONTS. + The TempPath parameter in inc/mailorder is now configured using the shop_TempPath parameter in the inc/conx.asp file. Both files have changed. - Modified details.asp and admin/inc/showproddata.asp to correct a rare problem when Products.PicPath is stored as Null causing a runtime error. - Modified admin/showprods.asp to URL encode product links with "+" at the end of the product Id causing the product not be found. + Updated admin/prodmgrmenu.asp to allow selection of option clicking on the description. + Added support of MSXML2.ServerXMLHTTP instead of AspTear via a factory method and common interface. Added inc/HTTPfactory.asp, inc/clsASPTearWrapper.asp and inc/clsMSXMLHTTPWrapper.asp. Modified transactions/authorizeNet/author30.asp. It requires VBScript 5.0 or higher. (N) + Added admin/admmain.asp to replace admmain.htm adding new summary data and quick links, admin/inc/ordersummary.asp and modified admin/admleft.htm. (N) + Modified admin/inc/addprod.asp to sort the manufacturer drop down alphabetically. + Modified admin/prodmgrcmd.asp to include a link to add a new product after adding one and a link to the product on the shop after adding or updating a product. - Modifed leftinc.asp so that it doesn't throw and error when there are no sections defined. + Added admin/reset_DB.asp and modified db_tools.asp to provide a method to reset all dynamic data in the database (sections, products, orders, etc). This can be used when setting a new store and it is required to delete all the demo products. - Modified admin/inc/showproddata.asp to correct a runtime error when a product didn't have a description. + Added a long description field modifying the files: admin/inc/field_size_constants.asp, admin/inc/addprod.asp, admin/inc/showproddata.asp, admin/prodmgrcmd.asp and details.asp. (NC) + Modified database: - Added field in Products table "LongDesctiption, (Access: MEMO, SQL Server: TEXT) + Modified mylist.asp to remove DISTINCT in query as there are fields of type Memo/Text in the query. + Modified addtomylist.asp to automatically redirect users to their list after successfully adding a product to the list. + Modified details.asp to define the width and height of the zoom image pop-up window in variables. - Modified admin/mailingview.asp to HTMLEncode the body of the mail message to avoid problems when using HTML inside the body. + Modified admin/security.asp to add an additional security check on the control panel. + A number of settings are now changed using the control panel rather than hardcoded. Modified: contact.asp, invoice.asp, inc/ShopContactDetails.asp, admin/admleft.htm, admin/updte_config.asp, inc/show_featured.asp Added: inc/parameters.asp Modified database: - Added field in Config_Table "OrderNumber", numeric, default 0. - Updated all entries in Config_Table to have a numeric "OrderNumber" value. - Added records in ConfigTable with FieldName values: Shop_Address1, Shop_Address2, Shop_City, Shop_ZIP, Shop_State, Shop_Country, Shop_Telephone, Shop_Fax, SECUREURL, TempPath, LogoURL, smLogoURL, NotAvailImg, FeatProdsNumber, ShowTerms. + Created a separate parameters file (inc/parameters.asp) that contains values of constants to be manually edited or loaded automatically. (N) + Modified pages to support parameters.asp inc/conx.asp, procchout.asp, procchkoutend.asp, browse.asp, admin/orders.asp, admin/search.asp, admin/showmanu.asp, admin/showcatlist.asp, admin/showprods.asp, admin/stocklist.asp, admin/showuserlist.asp. + Added support for CDOSYS (replaces CDONTS in XP, also available on Windows 2000). Updated inc/maillib.asp and updated inc/cdoconstants.asp. + Products can now belong to several sections/categories: Updated database with table: ProductToCategory: - Id Autonumeric / integer - identity - ProdID text(20) / nvarchar(20) - CatID numeric long integer / integer - IsMain numeric byte / Byte Updated files in /: browse.asp, details.asp, mylist.asp, fsearch.asp, search.asp, leftinc.asp showcat.asp. Updated files in inc/: line.asp, favlist.asp, catfunc.asp. Updated files in admin/: catmgrcmd.asp, showprods.asp, stocklist.asp, prodmgrcmd.asp. Updated files in admin/inc: showproddata.asp, addprod.asp. Added file admin/inc/prodsections.asp. - Modified browse.asp to prevent SQL injection attack on ManuID field. - Modified search.asp to prevent SQL injection attack on CATS field. - Modified details.asp to prevent SQL injection attack on prodid field. - Modified showcat.asp to prevent SQL injection attack on catid field. - Modified addtomylist.asp to prevent SQL injection attack on prodId and cat fields. - Modified modline.asp to prevent SQL injection attack on ID field. - Modified imagezoom.asp to filter PicPath parameter to avoid potential cross site scripting vulnerability. - Modified recommend.asp to filter HTML in the message body to prevent a cross site scripting vulnerability. - Modified cart.asp to prevent SQL injection attack. - Modified newuser.asp to prevent SQL injection attack on userid field. - Modified admin/outputfile.asp to prevent upload of files without being logged in. + Changed browse.asp and showcat.asp to display section title in the page title for better search engine indexing. + Modifid browse.asp to display category and manufacturer text description. + Changed admin/users.htm, admin/inc/showuserdata.asp, admin/inc/showuserstats.asp to allow searching by surname. + Modified inc/cdoconstants.asp, inc/maillib.asp and admin/updte_config.asp to allow option SMTP authentication on CDOSYS mails. These settings are set up in the control panel. Add on package: + Updated admin/updte_config.asp to support new Add-ons section. + Added inc/addons/addon_API.asp for all installations, for versions without add-ons this will contain empty functions only. (N) + Added User Reviews for products. Added files in /inc/addons/reviews/: clsReviewDAL.asp, clsReviewMgrUI.asp, clsReviewUI.asp, reviews.asp. Modified details.asp. Modified control panel with new options in admin/admleft.htm and added files in admin/addons/reviewmgr.asp and reviewmgrmenu.asp. (N) + Added extra reports. Added files in /admin/addons/: addon_reports.htm, reports_addon.asp. (N) + Added graphs module. Added: /inc/addons/graph.asp (N) + Added Top 10 List module. Added files in /admin/addons/: prodlist_addon.asp, prodlistmgr_addon.asp. (N) Added files in /inc/content/: clsProductList.asp. (N) + Added records in ConfigTable with FieldName values: ShowTop10Center, ShowTop10Right, UserReviews. Upgrade Scripts: + Added manual/Update/Encrypt_CCDetails.asp to encrypt all credit card numbers in a databases from versions earlier to 2.6. If you don't run this script the shop will continue working but existing data won't be encrypted and you won't be able to read it using the web interface. DO BACKUP ALL DATA AND FILES BEFORE UPGRADING TO THIS VERSION. (N) + Added manual/Update/Updte_Categories.asp to copy the CatID info from Products table into the new ProductToCategory table. This script should only be run on databases previous to version 3.0! DO BACKUP ALL DATA AND FILES BEFORE UPGRADING TO THIS VERSION. (N) ********************************************************************** © Copyright QuadComm Inc. 2005. All rights reserved