Home » Forums » Ubercart » Support

Sanitized order numbers?

Submitted by torgosPizza on Thu, 09/20/2007 - 17:30
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

Hey guys,

Should be a quick one for you.

In the interest of keeping our order numbers with UC similar in format to our old system, I am reconfiguring how order numbers are configured. This is what I changed in uc_order.module:

<?php
$order->order_id = db_next_id('{uc_orders}_order_id');
?>

is now

<?php

$order->order_id = time()."-".rand(100,999);
?>

This creates an order number similar to this: 1188941520-578

To accommodate the change I also converted the MEDIUMINT values in the db to Varchar. So, I think that already rules itself out as the issue.

What's happening is when I create a new order (either as admin or a customer) the Order# shows up as everything up until the dash. I've tested to make sure the code isn't funky, and it's not (it's an incredibly small change anyway). So my guess is there is something sanitizing this data before it gets inserted, possibly removing anything beyond a certain length, or looking for non-numeric chars and truncating it.

If you could point me in a better direction than my searching the code is sending me in, I'd be much obliged. Thanks!

Erik

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com
permalink #1 Fri, 09/21/2007 - 07:39
Lyle

Posts: 2357
 Joined: 08/07/2007
AdministratoreLiTe!

Even though you changed the database table, all of the queries that insert the order id are inserting them as numbers. It's probably in the function uc_order_new(), and you should change the %d to '%s' (yes, with the quotes). See the API page for more info.

permalink #2 Fri, 09/21/2007 - 10:27
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

Exactly what I was looking for. Thanks, Lyle!

(Told you it'd be a quick one) Smiling

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #3 Fri, 09/21/2007 - 19:17
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

Hey Lyle,

I'd like to request your help again. After making the change you suggested, I ran into some issues. It turns out the generous usage of intval() breaks the system I proposed. Since UC is constantly validating numerical data by means of the intval() function, anything with a dash in it throws a FALSE.

So to cope with that, I reverted to using numerical values for order_id, leaving the references in the queries as %d and all that jazz. Now, when using just the current time() as an order number, it works fine. To give it a bit more randomness, we decided to add three zeros (instead of a dash) and then the random 3-digit number to the order_id (eg. 1190419369000571) with this bit of code:

<?php
$order->order_id = time()."000".rand(100,999);
?>

This is all within uc_order_new function in the uc_order module.

That formula seems to work perfectly fine when creating the number as an admin. But, try to create a new order as a customer, and you always get the value 2147483647. I did a google search and that appears to be the max value when trying to store a number that's really really large.

Any idea why this would happen as a customer, but not as an admin? Thanks again!

E

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #4 Thu, 09/27/2007 - 13:56
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

I am bumping this to see if anyone can help. I'm not in QUITE the same situation I was in the above post.

At this moment in time, I've switched all of the order_id table columns to BIGINT(15), and I am able to insert a NEW uc_order record directly into the database with a length such as "1190918241000149" - but something in the UberCart code is truncating anything greater than 2147483647, which is what integer values too large for PHP buffers default to when they have an overflow.

Uberdudes - any idea what functions might be getting called that would do this? I've run tests and I don't think it's any of the unserialize() functions; the only thing that seems to do it is intval() but, even after I have removed any instances of this function, the order_ids are still getting truncated.

This happens as an admin creating a new, blank order as well. Any ideas?

Any help is greatly, hugely appreciated!

Erik

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #5 Thu, 09/27/2007 - 14:02
Ryan

Posts: 5625
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

Not quite sure on that one... why don't you just make the numbers smaller? Smiling

<?php
  $order->order_id = substr((string)time(), -6) . rand(100,999);
?>

permalink #6 Thu, 09/27/2007 - 14:22
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

Thanks Ryan!

That's a good idea, but unfortunately, one I'd like to use as a last resort. We have almost a year's worth of previous orders that use longer numbers (with a dash) and would like to keep the new cart system using something similar to what we (and our customers) are used to. This isn't to say we're married strictly to that, but again, it's more of keeping everything in order.

We have a ton of previous orders and customers, so the consistency is a bit of a priority for us.

The interesting thing is, when I create an order with a long number as I mentioned - the "edit order" screen comes up and says "Order number 1100827393000456 created" .. but when you back out and go to the "view orders" screen, that number doesn't exist and is instead replaced with the Overflow number.

So it appears to be something in the middle of the process which saves the order to the database. As I mentioned I can create a new database record directly, but anything created to the cart is truncated.

This is going to drive me nuts ... and it's probably something simple and obvious. My new goal in life is to find out what's causing this and fix it! Smiling

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #7 Thu, 09/27/2007 - 14:50
Ryan

Posts: 5625
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

Might be the use of %d in db_query(). Try changing it to %f or %s and see what happens. Smiling

permalink #8 Thu, 09/27/2007 - 16:35
torgosPizza

Posts: 1377
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

I knew it was something simple. The odd thing was I've done that before but not in combination with the bigint data type for the table columns.

That worked! I hope that it doesn't break anything else. I successfully created new orders (long order_id value, but no dash, as that breaks other functions such as order_load) as an admin and a customer. Also, I'll have to be careful when you guys issue updates, because that'll mean changing %d to '%s' all over again. =/

Thanks for the help!

Erik

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com