One of the frequent questions I get doing support for Cartweaver is "How do I make sure that all the items in a customer's cart are still available?" What happens is that a customer will place an item in the cart, and then leave the site. Another customer comes along and buys the product. The first customer comes back and tries to purchase the item, but cannot. Unfortunately, the customer doesn't find out until the order information is entered.

The following modification for the ColdFusion version will remove items from the cart that are no longer available, and show the customer a message that an item has been removed from the cart because it is no longer available.

Now, in CWIncFunctions.cfm, add the following section of code at line 399, right after this line:

Add the following code:

  
  SELECT c.cart_sku_ID, c.cart_sku_qty, s.SKU_Stock, c.cart_Line_ID
  FROM tbl_cart c
  INNER JOIN tbl_skus s
  ON c.cart_sku_ID = s.SKU_ID
  WHERE c.cart_custcart_ID =
  AND s.SKU_Stock < c.cart_sku_qty
  
  
  
  
    
      
      DELETE FROM tbl_cart
      WHERE cart_Line_ID =
      
    
      
      UPDATE tbl_cart SET cart_sku_qty =
      WHERE cart_Line_ID =
      
    
  
  

Now, when a user comes back to view his cart, any items that are no longer available are removed from the cart and a message is displayed to the customer, and items that have smaller quantities available than were available at the time of the cart creation have their values adjusted. This only affects carts where Allow Backorders is unchecked in the Cartweaver admin.

Update: 10/4/2009 Thanks to Alex in the CW support newsgroup for pointing out that the method does not consider quantities in the cart greater than available quantities. It was written for one situation, but I have now adjusted the code to work with all situations where a quantity is no longer available for a given item

One of the frequent questions I get doing support for Cartweaver is "How do I make sure that all the items in a customer's cart are still available?" What happens is that a customer will place an item in the cart, and then leave the site. Another customer comes along and buys the product. The first customer comes back and tries to purchase the item, but cannot. Unfortunately, the customer doesn't find out until the order information is entered.

The following modification for the PHP version will remove items from the cart that are no longer available, and show the customer a message that an item has been removed from the cart because it is no longer available.

In CWIncFunctions.php, add the following section of code at line 470, right after this line:

$Cart["Products"] = array();

Add the following code:

if(!$cartweaver->settings->allowBackOrders) {
  $query_rsCWCheckStock = sprintf("SELECT
  s.SKU_Stock,
  c.cart_Line_ID
  FROM tbl_cart c
  INNER JOIN tbl_skus s
  ON c.cart_sku_ID = s.SKU_ID
  WHERE c.cart_custcart_ID = '%s'
  AND s.SKU_Stock < c.cart_sku_qty",$cartID);
  $rsCWCheckStock = $cartweaver->db->executeQuery($query_rsCWCheckStock, "rsCWCheckStock");
  $rsCWCheckStock_recordCount = $cartweaver->db->recordCount;
  $row_rsCWCheckStock = $cartweaver->db->db_fetch_assoc($rsCWCheckStock);
  if($rsCWCheckStock_recordCount > 0) {
    $cartweaver->setCWError("Item Sold", "An item or items in your cart are no longer available or had quantities adjusted");
    do {
      if($row_rsCWCheckStock["SKU_Stock"] <= "0") {
        $query_rsCW = sprintf("DELETE FROM tbl_cart
        WHERE cart_Line_ID = %d",$row_rsCWCheckStock["cart_Line_ID"]);
        $rsCW = $cartweaver->db->executeQuery($query_rsCW, "rsCW");
      } else {
        $query_rsCW = sprintf("UPDATE tbl_cart SET cart_sku_qty = %d
        WHERE cart_Line_ID = %d",$row_rsCWCheckStock["SKU_Stock"], $row_rsCWCheckStock["cart_Line_ID"]);
        $rsCW = $cartweaver->db->executeQuery($query_rsCW, "rsCW");
      }
    } while ($row_rsCWCheckStock = $cartweaver->db->db_fetch_assoc($rsCWCheckStock));
  }
}

Now, when a user comes back to view his cart, any items that are no longer available are removed from the cart and a message is displayed to the customer. This only affects carts where Allow Backorders is unchecked in the Cartweaver admin.

Update: 10/4/2009 Thanks to Alex in the CW support newsgroup for pointing out that the method does not consider quantities in the cart greater than available quantities. It was written for one situation for a customer, but I have now adjusted the code to work with all situations where a quantity is no longer available for a given item.

PHP 5.3.0 has been released, and contains many changes from previous PHP releases. Because of this, we have updated the Cartweaver code to work with this release, and will also allow the code to work on PHP 6.0 as well.

The full list of release notes can be found at http://us2.php.net/migration53.

The main reason for the updated code is the fact that the following functions are now all deprecated in PHP and will throw E_DEPRECATED error messages when used (E_DEPRECATED is a new error message level). The functions are removed in PHP 6:

Deprecated functions:

call_user_method() (use call_user_func() instead)
call_user_method_array() (use call_user_func_array() instead)
define_syslog_variables()
dl()
ereg() (use preg_match() instead)
ereg_replace() (use preg_replace() instead)
eregi() (use preg_match() with the 'i' modifier instead)
eregi_replace() (use preg_replace() with the 'i' modifier instead)
set_magic_quotes_runtime() and its alias, magic_quotes_runtime()
session_register() (use the $_SESSION superglobal instead)
session_unregister() (use the $_SESSION superglobal instead)
session_is_registered() (use the $_SESSION superglobal instead)
set_socket_blocking() (use stream_set_blocking() instead)
split() (use preg_split() instead)
spliti() (use preg_split() with the 'i' modifier instead)
sql_regcase()
mysql_db_query() (use mysql_select_db() and mysql_query() instead)
mysql_escape_string() (use mysql_real_escape_string() instead)
Passing locale category names as strings is now deprecated. Use the LC_* family of constants instead.
The is_dst parameter to mktime(). Use the new timezone handling functions instead.

The functions previously used by Cartweaver are ereg(), ereg_replace(), session_unregister(), and split().

There is also a new PHP site devoted to Windows installations at http://windows.php.net/

If anyone has a Cartweaver version pre-3.1.16, you will want to download the latest version and apply the fixes/changes. To download Cartweaver, go to http://www.cartweaver.com/customers and login as a customer. You should see your downloads. If you have not updated a Cartweaver installation, the easiest way is to simply replace the files in the /cw3 folder. If you have made changes to any of the files in your site, the UpdateNotesCW3PHP.htm file details each change to each file showing line numbers and code before/after. I've found Beyond Compare (http://www.scootersoftware.com/) to be a valuable tool for making line-by-line file changes, or comparing directories.

Update: 2009-09-08 6:47pm One thing I noticed on the PHP site is that the Windows ISAPI version of PHP is not supported any more. Hopefully the bugs have been addressed in the CGI versions, as previous versions of PHP were crash-prone when using the old CGI version. Supposedly the new FastCGI version is better.

Our new Customer Contact eNewsletter plugin allows you to send emails to customers and other contacts in your Cartweaver database. Sending email through a browser is a little different than using a service, if you have not done it before -- the execution time will vary depending on the speed of your server and number of emails you are creating. A list of 1000 emails might take 1-3 minutes to complete, and bigger lists can take proportionally longer. I used to send to lists of 50,000-100,000 for a large company, and the browser would be open for up to an hour. Sending personalized email can be a slow process.

As with anything, it's probably a good idea to test with smaller lists first, or lists consisting of your own email address, however there are a few things you can do if you are timing out or having other difficulties with larger lists:

For PHP:

1. make sure you have a valid file and/or email address in the CWError.php file. This can help track down problems
 
2. make sure that your php.ini setting for max_execution_time is set high enough for the large list. By default the maximum is 30 seconds, which can get you through a small list, but to send 1000 messages your maximum might need to be 100-200 seconds or more. Your page will take the full time to complete.
 
3. Make sure web server timeouts are large enough. Consult your web server documentation about page request timeouts.
 
For ColdFusion:

1. Make sure the ColdFusion setting for page execution is large enough, if it is enabled, or put a <cfsetting> tag in your cwcc_SendEmails.cfm file. This article talks about ColdFusion timeouts:
http://kb2.adobe.com/cps/194/tn_19438.html

2. Make sure web server timeouts are large enough. Consult your web server documentation about page request timeouts.

I started a series at Community MX about modifying and enhancing the Cartweaver admin using the configuration options and custom coding. The first article is about adding a low-stock warning to your admin home page.

Some other past Community MX articles about Cartweaver are:

Integrating Cartweaver with a Page Design

Showing Results and Details on One Page Using AJAX

Using JumpStarts with Cartweaver, Featuring Minneapolis

I get a lot of questions about making an Add to Cart button for Cartweaver. This is not something that is available out of the box, but easily implemented. Cartweaver doesn't work like Paypal, where you need static add to cart buttons to make the cart work. CW is self-contained and database driven, where all products are stored in the database. However, an add to cart button is easily added. I have been using them for years on my own site www.tom-muck.com/extensions. The following can be added to the ProductForm.php file in the Cartweaver admin, right before the closing </div> tag on the Page 1 div. Find this code:

 </div>
 <div id="page2">

add this:

<p><a href="AddToCartButtons.php?prodId=<?php echo($row_rsCWGetProduct["product_ID"]);?>" target="_blank">Make Add To Cart Buttons</a></p>
 </div>
 <div id="page2">

Now, create a new page in the /cw3/admin folder called AddToCartButtons.php and put this code on it:

<?php
include("application.php");
$productId = isset($_GET["prodId"]) ? intval($_GET["prodId"]): 0;

/* Get Product Data */
$query_rsCWGetProduct = sprintf("SELECT DISTINCT product_ID,
product_Name,
product_Description,
s.SKU_ID,
s.SKU_MerchSKUID
FROM tbl_products p
INNER JOIN tbl_skus s
ON p.product_ID = s.SKU_ProductID
WHERE product_ID = %d
AND product_Archive = 0
AND product_OnWeb = 1
", $productId);
$rsCWGetProduct = $cartweaver->db->executeQuery($query_rsCWGetProduct, "rsCWGetProduct");
$rsCWGetProduct_recordCount = $cartweaver->db->recordCount;
$row_rsCWGetProduct = $cartweaver->db->db_fetch_assoc($rsCWGetProduct);

do {
?>
<h2><?php echo($row_rsCWGetProduct["product_Name"] .": skuid " . $row_rsCWGetProduct["SKU_MerchSKUID"]);?></h2>
<textarea cols="80" rows="10">

<form action="details.php?prodId=<?php echo($row_rsCWGetProduct["product_ID"]);?>" method="post" name="AddToCart">
 <input name="qty" type="hidden" value="1">
  <input name="skuid" type="hidden" value="<?php echo($row_rsCWGetProduct["SKU_ID"]);?>">
  <input name="prodId" type="hidden" value="<?php echo($row_rsCWGetProduct["product_ID"]);?>">
  <input name="submit" type="submit" class="formButton" value="Add to Cart">
</form></textarea>
<br/><br/><hr/>
<?php
} while ($row_rsCWGetProduct = $cartweaver->db->db_fetch_assoc($rsCWGetProduct));

That should do it. Now, when you click the link, the page populates with add to cart button code for each sku for that product.

The add to cart button code looks like this:

<form action="details.php?prodId=31" method="post" name="AddToCart">
 <input name="qty" type="hidden" value="1">
  <input name="skuid" type="hidden" value="59">
  <input name="prodId" type="hidden" value="31">
  <input name="submit" type="submit" class="formButton" value="Add to Cart">
</form>

I posted a new free article at Community MX, intended mostly for beginners with Cartweaver on integrating a page design with Cartweaver: http://www.communitymx.com/content/article.cfm?cid=52740.

The article shows how to use the standard Dreamweaver page layouts with Cartweaver, but is intended to show how any page design can be made to work with Cartweaver, and explains the include file concept that we use.

Be on the watch for new SQL injection attempts, coming from China, using an ascii-encoded binary string. Essentially, what it does is find a vulnerable database and append a string to the fields in every table. The string is a closing </title> tag with a script, followed by a comment to hide the rest of the page:

http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx

I put something like this in my application.cfm file to re-rout the attackers temporarily:

<cfif FindNoCase('user>0',cgi.query_string) OR findNoCase('declare',cgi.query_string)
OR findNoCase('EXEC(@',cgi.query_string)>
    <cflocation url="http://www.ftc.gov">
</cfif>