Jump to content



Photo
- - - - -

Upgrades


This topic has been archived. This means that you cannot reply to this topic.
17 replies to this topic

#1   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 25 April 2012 - 04:48

First off, let me say that I run OSC 2.2rc2a

I seethere is much discussion of 'upgrades' with the aim to render v2.x eventually obsolete.

I am a bookseller, and not a programmer.
I have spent untold hours customizing my site and getting it functional and in a form I like.
Other than minor changes here and there, it aint broke and I aint fixing it.

But... ifr the technology, such as PHP progresses to the point where my site does break, i do mean to be considering my options.

I took a look at 2.3 and dont like it.
And if I am going to go with the latest and greatest, which would be the eventual release of 3.0 (which I havent looked at) - my question becomes this:

If I *must* change my software : What particualar advantages does OSCommerce present or offer that ecommerce templates of Wordpress and Drupal do not?

Their 'new' versions seem to have better community support than newer versions of OSC (and nothing surpasses 2.2 in terms of the mass of contributions for it).

Their software is always updated, especially Wordpress for security issues.
The setup seems much easier.
And I have both running alongside OSC.
(Joomla was broken right out of the box).

OSC developers need to take note of this issue.
If OSC is going the CMS route, it will need to overcome the resistance of people like this:

http://kentuckywebsi...agement-systems

#2   DunWeb

DunWeb

    The Censored One

  • Members
  • 13,084 posts

Posted 25 April 2012 - 04:57

@kelagedart

I have just a couple of comments:

And if I am going to go with the latest and greatest, which would be the eventual release of 3.0 (which I havent looked at)


v3.x doesn't sound like it will be released until early 2013 maybe 2014 so, don't wait for it.

Your RC2a site was written for Php 5.2 and most hosting providers are updating to Php 5.3 with some even jumping ahead to Php 5.4. If your hosting provider updates to Php5.3 you can patch your current site. This contribution covers the core code updates for Rc2a. However, there is no update contribution to bring it to Php 5.4.

Their 'new' versions seem to have better community support than newer versions of OSC (and nothing surpasses 2.2 in terms of the mass of contributions for it).


The v2.2 series has been discontinued and support is fading as store owners update to v2.3.1. Most all of the v2.2 contributions are compatible with v2.3.1 with only minor code changes so many of them have not officially been updated for use with v2.3.1.

As for the forks of osCommerce that you mentioned, I won't comment on them as this forum is for osCommerce discussions only.



Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

#3   toyicebear

toyicebear
  • Community Sponsor
  • 6,410 posts

Posted 25 April 2012 - 06:42

Also it is possible to upgrade your 2.2 site up to 2.3.1 security and php/mysql compatibility wise .... But its a painstakingly manual process and you will get a "bastardized" version ... you can continue using 2.2 add-ons for it..but can not directly use 2.3.1 add-ons.

#4   14steve14

14steve14
  • Members
  • 3,577 posts

Posted 25 April 2012 - 07:05

Just my two penneth worth.

If your site is secure and working - stay with it. The old saying - if it aint broke- rings true.

I have just updated my 2.2 store to php 5.3 and it was relatively trouble free. The contribution mentioned was a great help with the changes needed for the base code. Using google to search for any other errors helped, and i found most of the errors had already been discussed as someone else had had the same problem. The only other thing i did was to ensure that i have upgraded some of the add ons to the latest versions. It did help that i had installed add ons that were still being upgraded and supported.

So dont panic as oscommerce will be running for years to come, even if the new version will not be released for years.

REMEMBER BACKUP, BACKUP AND BACKUP

Don't take life too seriously. no one gets out alive anyway.


#5   Juto

Juto
  • Members
  • 369 posts

Posted 25 April 2012 - 13:30

I have read what that refered "expert" has to say, and that person seems to have a been confused and thereby confusing others...

First of: CMS = Customer Management System, used by a CRM = Customer Relations Manager.

Thus a CMS is NOT a shopping cart system (SCS), and never will be.

WP is a blog system, not suitable as a SCS at all.

Secondly: A SCS can be complemented with a CMS and/or a blog and vice versa. It's just a matter of linking.

osC, as compared to other SCS's is by far the most used and have facilities you won't find elsewhere, and it's free.

Magento is, by the way it's built, is known to be slow. osC is a lot faster, right out of the box.

I am both running and developing on a Rc2a base, upgraded of course, and I must say that there's is no problem to keep it up to date. You just have to understand the structure, the rest is standard code.

So, my recomendation is hang on to your osC, and upgrade.

Sara

#6   MrPhil

MrPhil
  • Members
  • 5,381 posts

Posted 25 April 2012 - 19:05

CMS (in this context) is a Content Management System, a unified framework for supporting multiple applications of different types on one site. Usually, the content is kept in a database and pages are generated from that, rather than using custom-built PHP pages. Well known examples are Drupal, Joomla, and (to an extent) Wordpress. All three have eCommerce shopping cart plug-ins.

#7   Juto

Juto
  • Members
  • 369 posts

Posted 25 April 2012 - 19:41

Hi Phil!
Thanks for the clarification /smile.png' class='bbc_emoticon' alt=':)' />

Sara

#8   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 26 April 2012 - 17:12

This is all something certainly reassuring.
Is there something in one place that shows how to comprehensively update an rc2 site, especially one that have been heavily modded.
For example, take security - how likely am I to break anything by renaming Admin? I guess I can dispose of the filemanager.
And I haven seen anything on clearly hiding or encrypting configure.php which seems the biggest target of all.

Last night I spent a few hours debugging a 403/404 error when anyone picked an author out of a java drop down menu .
I have a 17k .htaccess file and I had to remove a 'path' statement to fix the author box.

I like the power of OSC - its just the PHP behind it thats a bear to learn. I can deal with preg-ereg when the time comes as knowing a little about perl seems to help. On Hostgator I have access to both PHP 5.2 and 5.3 - which I presume wil last a while.

But as a bookseller there is one very important question that comes to mind: Exactly what do I recommend to my colleagues, particularly those who might need assistance in getting their databases connected (EZpopulate fails with us). I use a perl script, but that requires hacking into the MySQL database. Configurability is crucial, as most of these folk would not have the patience to change 'manufacturer' into 'Author' fields.

I dont take Magento, or any commercial system seriously - so I would need reasons, when challenged, as to why say, OSC2.3.x would be a 'better' option for an ecommerce site over redesigned templates usually offrered commercially that are little more than Wordpress or Drupal themes.

I spoke to Hostgator about possibly creating a basic template for booksellers out of OSC 2.3 (collectibles have *very* different requirements than new items) - who are interested at first, and then I never heard from them again.

If I write back, i would like to add some pretty strong arguments (which I may lack not being a programmer)...

#9   MrPhil

MrPhil
  • Members
  • 5,381 posts

Posted 26 April 2012 - 18:36

Changing Admin's directory name means changing the entry in the admin configure.php. There should not be any other hard coded uses of the directory name around, although it's possible that some old add-on was sloppy and did it. You'll find out soon enough. You also should password protect the <formerly admin> directory to reduce the chances of hackers getting into it. A changed admin directory is not foolproof security, but reduces the chance that a hacker will get in because they need to guess the name you used. Needless to say, you never publish your new admin name in public! Treat it like you would a password.

Remove the file_manager and define_language routines per instructions... they're engraved invitations to hackers.

What problems do you see with configure.php files being unhidden and unencrypted? They are not visible to the outside world via the Web. Do you have some concrete examples of being able to get to these files from the Web? If your host is seriously misconfigured, it might expose the code (offer the file for download), but then none of your site will work anyway. If you are on a shared server, it's possible that others might be able to read your files if they know your account name, so you may want to do something with file permissions (e.g., 640 permissions, if your site still functions with that). That's why you never give out your host account name in public.

If you know enough Perl to get around, or even better, are C proficient, you'll find PHP to be a breeze. Don't delay too long in bringing your site into PHP 5.3 compliance -- that day will be here before you know it. Some hosts are even jumping the gun and moving to PHP 5.4 (which breaks still more things)!

You say that EZPopulate fails for you. Have you tried its later release, Easy Populate? I don't see EZPopulate listed in the Add-ons, but I think it was the earlier version of Easy Populate. Maybe we're talking about the same add-on... Anyway, have you tried to get help on your EP problem? A lot of sites use it, so it should be pretty well shaken down. Or is there something about its general architecture that is a problem for you?

I doubt Hostgator is going to have any interest in developing an osC template for booksellers. It would take specific osC skills they probably don't have, and they would need to sell it for a fairly high price to recoup their investment (it's a small market). Have you considered joining up with some fellow booksellers and maybe some interested osC developers to build a bookseller theme or add-on? If it's big enough, you might start a discussion group forum on your site, and use SourceForge or GitHub to handle source code. I would strongly urge you to start with osC 2.3.1 as your base, rather than 2.2, as 2.2 is obsolete. Perhaps you and your group could document how you arrived at your new template, as a service to others wanting to develop specialized shops for collectibles, and/or offer paid services to develop such shops?

Best wishes and good luck with everything!

#10   Juto

Juto
  • Members
  • 369 posts

Posted 26 April 2012 - 20:02

Hi, I'd like to add this to Phil's good advice: Complement the admin's htaccess file with:

# Authentication
# check admissible IP-address
# Protect files and directories from prying eyes.
<FilesMatch "...">
Order deny,allow
Deny from all
# allow your ip address:
allow from 12.34.56.789
</FilesMatch>

Sara

#11   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 28 April 2012 - 09:14

There are ,amy things to address here, but I need to start:

Changing the admin dir ideed was not as difficult as it sounded, and works well.
But I'm not just sure yet if it broke anything.

Though things started acting strange.

But It might have been coincidental.

I noticed my 'Author' dropdown was giving me a 403/404 and it was soon uncovered that the 'path' in :
RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]

was causing that. OK removed the |path|

This seemed to coincide with an attack by spammers on my guest book.

Went to phpMyadmin and dropped the garbage right at the DB.

Then it seemed I lost my pics, or rather the backgrounds, headers, and formatting.
Naturally in trying to move 20,000 pics to troubleshoot, they somehow got deleted.
Still piecing them up, but it looks like the problem was in .htaccess still.

The same one that never gave any problems before.
# $Id$
#
# This is used with Apache WebServers
#
# For this to work, you must include the parameter 'Options' to
# the AllowOverride configuration
#
# Example:
#
# <Directory "/usr/local/apache/htdocs">
#   AllowOverride Options
# </Directory>
#
# 'All' with also work. (This configuration is in the
# apache/conf/httpd.conf file)
# The following makes adjustments to the SSL protocol for Internet
# Explorer browsers
<IfModule mod_setenvif.c>
  <IfDefine SSL>
    SetEnvIf User-Agent ".*MSIE.*" \
			 nokeepalive ssl-unclean-shutdown \
			 downgrade-1.0 force-response-1.0
  </IfDefine>
</IfModule>
# If Search Engine Friendly URLs do not work, try enabling the
# following Apache configuration parameter
AcceptPathInfo On
# Fix certain PHP values
# (commented out by default to prevent errors occuring on certain
# servers)
# php_value session.use_trans_sid 0
# php_value register_globals 1
# ===== snip =====
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
# this ruleset is to "stop" stupid attempts to use MS IIS expolits on us
# NIMDA
RewriteCond %{REQUEST_URI} /(cmd|root|shell)\.exe$[NC,OR]
RewriteCond %{REQUEST_URI} /(admin|httpodbc)\.dll$[NC]
RewriteRule .* /cgi-bin/nonimda.cmd [L,E=HTTP_USER_AGENT:NIMDA_EXPLOIT,T=application/x-httpd-cgi]
# CODERED
RewriteCond %{REQUEST_URI} /default\.(ida|idq)$[NC,OR]
RewriteCond %{REQUEST_URI} /.*\.printer$[NC]
RewriteRule .* /cgi-bin/nocode-r.cmd [L,E=HTTP_USER_AGENT:CODERED_EXPLOIT,T=application/x-httpd-cgi]
# this ruleset is for formmail script abusers...
RewriteCond %{REQUEST_URI} formmail\.(pl|cgi)$[NC,OR]
RewriteCond %{REQUEST_URI} mailto\.(exe|cgi)$[NC]
RewriteRule .* /cgi-bin/nofrmml.cmd [L,E=HTTP_USER_AGENT:FORMMAIL_EXPLOIT,T=application/x-httpd-cgi]
 
# Cyveillance is a spybot that scours the web for copyright violations and “damaging information” on
# behalf of clients such as the RIAA and MPAA. Their robot spoofs its User-Agent to look like Internet
# Explorer, and it completely ignores robots.txt. I have
# banned it by IP address.
RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$"
RewriteRule .* - [F]
# There is another email harvester which always claims to be referred from http://www.iaea.org/.
# You may have seen this in your own referrer pages.
# I have banned it by referrer.
RewriteCond %{HTTP_REFERER} iaea\.org[NC]
RewriteRule .* - [F]
# NameProtect peddles their “online brand monitoring” to unsuspecting and gullible companies
# looking for people to sue. Despite the claims on their robot information page, they do not
# respect robots.txt; in fact, they spoof their User-Agent in multiple ways to avoid detection.
# I have banned them by User-Agent and IP address.
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{HTTP_USER_AGENT} NPBot[NC]
RewriteRule .* - [F]

RewriteCond %{HTTP_USER_AGENT} ^Web.?(Auto|Cop|dup|Fetch|Filter|Gather|Go|Leach|Mine|Mirror|Pix|QL|RACE|Sauger) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.?(site.?(eXtractor|Quester)|Snake|ster|Strip|Suck|vac|walk|Whacker|ZIP) [NC,OR]

# this ruleset is for unwanted useragents... possibly email harvesters
RewriteCond %{HTTP_USER_AGENT} ^[A-Z]+$[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Browse\s[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Eval[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Surf [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Harvest [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack [NC,OR]
# RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*LWP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*prospector[NC,OR]
RewriteCond %{HTTP_USER_AGENT} AsiaNetBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ASSORT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} attache [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ATHENS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} autohttp [NC,OR]
RewriteCond %{HTTP_USER_AGENT} bew [NC,OR]
RewriteCond %{HTTP_USER_AGENT} BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Bot\ mailto:craftbot@yahoo.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Bullseye [NC,OR]
RewriteCond %{HTTP_USER_AGENT} CherryPicker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ChinaClaw[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Crescent [NC,OR]
RewriteCond %{HTTP_USER_AGENT} curl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} devsoft's\ http\ component [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Deweb[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Digimarc [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Digger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} digout4uagent[NC,OR]
RewriteCond %{HTTP_USER_AGENT} DIIbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} DISCo[NC,OR]
RewriteCond %{HTTP_USER_AGENT} dloader(NaverRobot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Download\ Demon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} eCatch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ecollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Educate\ Search [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EirGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailCollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailWolf[NC,OR]
RewriteCond %{HTTP_USER_AGENT} EO\ Browse [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Express\ WebPictures[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EyeNetIE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fastlwspider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} FEZhead[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Fetch[NC,OR]
RewriteCond %{HTTP_USER_AGENT} FlashGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Franklin\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Full\ Web\ Bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Getleft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetRight [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetURL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetWebPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Go!Zilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Gozilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} go-ahead-got-it [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GrabNet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Grafula [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HMView [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTML\ Works [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
# RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} IBM_Planetwide [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Image\ Stripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Image\ Sucker[NC,OR]
RewriteCond %{HTTP_USER_AGENT} IncyWincy[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Industry\ Program[NC,OR]
RewriteCond %{HTTP_USER_AGENT} InterGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Internet\ Explore\ 5\.x [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Internet\ Ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} InternetSeer.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Irvine [NC,OR]
RewriteCond %{HTTP_USER_AGENT} JetCar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} JOC\ Web\ Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} KWebGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} larbin [NC,OR]
RewriteCond %{HTTP_USER_AGENT} leech[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mass\ Downloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MCspider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mechanize [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MIDown\ tool [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mirror [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Missauga\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mister\ PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Monster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla.*NEWT[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla\/3\.0\.\+Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla\/3.Mozilla\/2\.01 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozzilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MSIECrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Navroad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NearSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetAnts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} netattache [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetCarta [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetSpider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Net\ Vampire [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NICErsPRO[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Octopus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Offline\ Explorer[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Offline\ Navigator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} OpaL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openfind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} OpenTextSiteCrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PackRat [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PageGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Papa\ Foto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} pavuk[NC,OR]
RewriteCond %{HTTP_USER_AGENT} pcBrowser[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Plucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Production\ Bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Program\ Shareware [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PushSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} RealDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ReGet[NC,OR]
RewriteCond %{HTTP_USER_AGENT} RepoMonkey [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Rover[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Rsync[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Siphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ScoutAbout [NC,OR]
RewriteCond %{HTTP_USER_AGENT} searchterms\.it [NC,OR]
RewriteCond %{HTTP_USER_AGENT} semanticdiscovery[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Shai [NC,OR]
RewriteCond %{HTTP_USER_AGENT} sitecheck[NC,OR]
RewriteCond %{HTTP_USER_AGENT} SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SmartDownload[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Spegla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SpiderBot[NC,OR]
RewriteCond %{HTTP_USER_AGENT} SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SuperHTTP[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Surfbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SurfWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} tAkeOut [NC,OR]
RewriteCond %{HTTP_USER_AGENT} tarspider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Teleport\ Pro[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Telesoft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Templeton[NC,OR]
RewriteCond %{HTTP_USER_AGENT} UtilMind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} VoidEYE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} w3mir[NC,OR]
RewriteCond %{HTTP_USER_AGENT} web.by.mail [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebBandit[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopier[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebEMailExtrac [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Web\ Image\ Collector[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopier[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebMiner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebReaper[NC,OR]
# RewriteCond %{HTTP_USER_AGENT} wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WhosTalking [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Widow[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WUMPUS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} www\.pl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Xaldon\ WebSpider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} XGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Yandex [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Zeus.*Webster[NC]
#RewriteCond %{HTTP_USER_AGENT} test[NC]
RewriteCond %{REQUEST_URI}!^/badUA\.html [NC]
RewriteRule .* /badUA.html [L,E=HTTP_USER_AGENT:BAD_USER_AGENT]
# this ruleset is to stop blank user agents with blank referrers
RewriteCond %{HTTP_REFERER} ^-?$
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* /cgi-bin/noagent.cmd [L,T=application/x-httpd-cgi]
# ===== snip =====
# Address harvesters
RewriteCond %{HTTP_USER_AGENT} ^(autoemailspider|ExtractorPro) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^E?Mail.?(Collect|Harvest|Magnet|Reaper|Siphon|Sweeper|Wolf) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (DTS.?Agent|Email.?Extrac) [NC,OR]
RewriteCond %{HTTP_REFERER} iaea\.org [NC,OR]
# Download managers
RewriteCond %{HTTP_USER_AGENT} ^(Alligator|DA.?[0-9]|DC\-Sakura|Download.?(Demon|Express|Master|Wonder)|FileHound) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Flash|Leech)Get [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Fresh|Lightning|Mass|Real|Smart|Speed|Star).?Download(er)? [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Gamespy|Go!Zilla|iGetter|JetCar|Net(Ants|Pumper)|SiteSnagger|Teleport.?Pro|WebReaper) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(My)?GetRight [NC,OR]
# Image-grabbers
RewriteCond %{HTTP_USER_AGENT} ^(AcoiRobot|FlickBot|webcollage) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Express|Mister|Web).?(Web|Pix|Image).?(Pictures|Collector)? [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image.?(fetch|Stripper|Sucker) [NC,OR]
# "Gray-hats"
RewriteCond %{HTTP_USER_AGENT} ^(Atomz|BlackWidow|BlogBot|EasyDL|Marketwave|Sqworm|SurveyBot|Webclipping\.com) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (girafa\.com|gossamer\-threads\.com|grub\-client|Netcraft|Nutch) [NC,OR]
# Site-grabbers
RewriteCond %{HTTP_USER_AGENT} ^(eCatch|(Get|Super)Bot|Kapere|HTTrack|JOC|Offline|UtilMind|Xaldon) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.?(Auto|Cop|dup|Fetch|Filter|Gather|Go|Leach|Mine|Mirror|Pix|QL|RACE|Sauger) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.?(site.?(eXtractor|Quester)|Snake|ster|Strip|Suck|vac|walk|Whacker|ZIP) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCapture [NC,OR]
# Tools
RewriteCond %{HTTP_USER_AGENT} ^(curl|Dart.?Communications|Enfish|htdig|Java|larbin) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (FrontPage|Indy.?Library|RPT\-HTTPClient) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(libwww|lwp|PHP|Python|www\.thatrobotsite\.com|webbandit|Wget|Zeus) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Microsoft|MFC).(Data|Internet|URL|WebDAV|Foundation).(Access|Explorer|Control|MiniRedir|Class) [NC,OR]
# Unknown
RewriteCond %{HTTP_USER_AGENT} ^(Crawl_Application|Lachesis|Nutscrape) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[CDEFPRS](Browse|Eval|Surf) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Demo|Full.?Web|Lite|Production|Franklin|Missauga|Missigua).?(Bot|Locat) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (efp@[member='gmx526']\.net|hhjhj@yahoo\.com|lerly\.net|mapfeatures\.net|metacarta\.com) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Industry|Internet|IUFW|Lincoln|Missouri|Program).?(Program|Explore|Web|State|College|Shareware) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(Mac|Ram|Educate|WEP).?(Finder|Search) [NC,OR]
# RewriteCond %{HTTP_USER_AGENT} ^(Moz+illa|MSIE).?[0-9]?.?[0-9]?[0-9]?$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[0-9]\.[0-9][0-9]?.\(compatible[\)\ ] [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NaverRobot [NC]
RewriteRule .* - [F]

# 5G BLACKLIST/FIREWALL
# @ http://perishablepress.com/5g-blacklist/
# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (environ|localhost|mosconfig|scanner) [NC,OR]
---->>>> Problem Line : RewriteCond %{QUERY_STRING} (menu|mod|path|tag)\=\.?/? [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini  [NC,OR]
RewriteCond %{QUERY_STRING} echo.*kae  [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} \=\\%27$   [NC,OR]
RewriteCond %{QUERY_STRING} \=\\\'$    [NC,OR]
RewriteCond %{QUERY_STRING} \.\./	  [NC,OR]
RewriteCond %{QUERY_STRING} \?		 [NC,OR]
RewriteCond %{QUERY_STRING} \:		 [NC,OR]
RewriteCond %{QUERY_STRING} \[		 [NC,OR]
RewriteCond %{QUERY_STRING} \]		 [NC]
RewriteRule .* - [F]
</IfModule>
# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (casper|cmsworldmap|diavol|dotbot)   keep_out
SetEnvIfNoCase User-Agent (flicky|ia_archiver|jakarta|kmccrew) keep_out
SetEnvIfNoCase User-Agent (libwww|planetwork|pycurl|skygrid)   keep_out
SetEnvIfNoCase User-Agent (purebot|comodo|feedfinder|turnit)   keep_out
SetEnvIfNoCase User-Agent (zmeu|nutch|vikspider|binlar|sucker) keep_out
<Limit GET POST PUT>
  Order Allow,Deny
  Allow from all
  Deny from env=keep_out
</Limit>
</IfModule>
# 5G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (https?|ftp|php)\://
RedirectMatch 403 /(cgi|https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
RedirectMatch 403 (\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
RedirectMatch 403 \.well\-known/host\-meta
RedirectMatch 403 /function\.array\-rand
RedirectMatch 403 \)\;\$\(this\)\.html\(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot\.htm\)\.\_
RedirectMatch 403 /ref\.outcontrol
RedirectMatch 403 com\_cropimage
RedirectMatch 403 indonesia\.htm
RedirectMatch 403 \{\$itemURL\}
RedirectMatch 403 function\(\)
RedirectMatch 403 labels\.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat
</IfModule>
# 5G:[BAD IPS]
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
</Limit>



# Google Analytics Integration - Added by cPanel.
<IfModule mod_substitute.c>
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|(<script src='/google_analytics_auto.js'></script>)?</head>|<script src='/google_analytics_auto.js'></script></head>|i"
</IfModule>
# END Google Analytics Integration

So something broke with .htaccess in renaming admin, and i cant figure out what!

As far as the .configure files, i guess i just gotta learn to trust Apache.

I have CPanel so I believe I can have Hostgator password protect the new Admin file.

Just what does the configure languages file do, that I can get along without it?

If its the same EZPopulate we're talking about the one i know requires running through Excel and resetting PHP.ini and a host of other things. As booksellers we rarely use CSV (except for some databases that export to the default Amazon format (which many of us use UIEE for). Whats needed is something than can handle directly from 5,000 to half a million listings. Mine would need to handle around 20 thousand entries. And in a text format unfriendly to CSV. Complicating the issue is the fact that OSCommerce (and websites in general) run off Categories. To our databases they are an afterthought.

The thing is its doable, and I in fact have a script to do it. perl, parsing the database into SQL statements and using the DBI to probe the database to set up the categories correctly.

I have been doing my best to get a community effort going, as we have plenty of programming talent including *real* programmers, but no one really knows where to start. OSC 2.3? none of us have a clue about!
Since the reassurance that the 2.2 contribs are at least code modifiable to 2.3 there is an upgrade path then from my end.

I am certain the the CMS's and their ecommerce themes have nowhere near the versatility there. So I am in for the long haul.

Is there any thest out there that goes over the PHP files line by line, expecially with referecne to the differences between 2.2 and 2.3?

But here I go again. i dont mind the tekkie stuff, but it looks like I gotta give 2.3 a better look, especially as to how it handles *not* Item Specifics - we are not selling one book in 10 different colors and flavors, but rather a single book with about a dozen or so attributes, such as binding, edition and jacket (with flags), weight, quantity, multiple categories, ISBN10&13, and much more.

In short I need a website template derived around not toothpaste or t-shirts but *collectibles*. The ideal woulld be a website that one could say populate directly from something like GCstar.

Oddly the market is not all that small. ABEBooks has about 10,000 sellers.
Pluse there are the Amazon hobby sellers who go beyond books to collectibles who may love to have their own low cost sites, but whose revenues can never affort a boutique site - this is a number that can easily exceed 150,000 more, especially if you include the reputable dealers abandoning ebay shops to strike out on their own.

This is perhaps something for the developers to consider: The total paradigm shift from new to old, and something Bezos was never able to wrap his head around.

One more thing:

>>> is THAT an actual statement? In my world ... has a specific meaning! : <FilesMatch "...">
Order deny,allow
Deny from all
# allow your ip address:
allow from 12.34.56.789 [color=green !important](US)[/color]
</FilesMatch>


Off to bed.

#12 ONLINE   burt

burt

    Vanquisher of Demons

  • Community Team
  • 10,181 posts

Posted 28 April 2012 - 09:23

I have been doing my best to get a community effort going, as we have plenty of programming talent including *real* programmers, but no one really knows where to start. OSC 2.3? none of us have a clue about!


There are real programmers in the forum, but there appears to be a lack of people with money to spend in order to get things coded that go beyond the realms of "easy" and into the realm of "well, that's 3/6/12 months work". If you get together a bunch of interested book sellers who wish to migrate to (a booksellers version of) osCommerce, then get them all to chip in $xxx, then I'd suggest that you could have precisely what you want coded up and ready to go (and ready to be resold to recoup the initial investment).
WHERE IS YOUR SANTA HAT ??

IF YOU MAKE A POST REQUESTING HELP...please state the exact version of osCommerce that you are using. THANKS
 

--
Making your osCommerce better, one module at a time - get in touch.

#13   Juto

Juto
  • Members
  • 369 posts

Posted 28 April 2012 - 12:57

Well, try testing my suggestion with an ip address that isn't yours.
Remember to set it back to yours and if you have a dynamic ip address remember to edit that line, should your address changeg.
Sara

#14   MrPhil

MrPhil
  • Members
  • 5,381 posts

Posted 28 April 2012 - 15:35

That's quite an .htaccess file you've got there. If you can't figure out what's happening, you can always #comment out a section at a time and see if it stops breaking. So you renamed admin/ to no-longer-admin/, and updated the no-longer-admin/includes/configure.php file entry. You've looked through .htaccess and found nothing that matches no-longer-admin? You've even ruled out that it's something other than .htaccess causing your problems?

#15   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 29 April 2012 - 00:11

Burt: The ABEBooks community is still reeling from a 'co-op' venture for uploading tools that members paid around $35 a month for, and everyone expected part ownership of. Everything was run off the 'founder's website. And then he quit and took his toys (and website) with him.

The ideal is to get everyone working on this together. After the last fiasco no one is going to put up a dime for anything 'up front'. I can probably provide the framework, ie a working site , but there would need to be some kind of community input on the stages of design. There has been some discussion already, so there is some interest, but what I am looking for is a link to something that can act as some kind of motivation for the community. Such as a full comparison of ecommerce templates from some type of unbiased perspective (I would eliminate any developer articles by those trying to sell particular templates such as Joomla). Hopefully the article would point to the advantages of OSC.

The idea is to get a basic template out as cheaply and quickly as possible -not more than $100 - and at that point let the people who need more professional assistance contract for it. There will be many with some knowledge of manipulating the basics of a site from what little they are permitted on Chrislands, which is a popular but jailed OSC clone that is not mobile and users have no direct access to.

Chrislands costs between $30-40 a month, and since a real hosted site costs around $15 a month with SSL a private site should not come anywhere near a monthly average of $15-25 extra over that for setup and maintenance , or nobody is going to be motivated to move from where they are at.
(ABE and Chrislands BTW, are owned by Amazon).

I am not looking to sell anything other thqan books, but with a little bit of tech knowledge I have, I have found it exrtremely frustrating that there is a complete blind spot in the open source world for the technicalities of selling collectibles versus commodities.

As a side note, and probably not relevant to anything, one of our colleagues has developed a full scale book database written in Java off the H2 engine. Unfortunately he dont speak Perl, and I dont speak Java!

I just hope some of the OSC developers read this and maybe put some more flexibility into the OSC front ends. Like the option of renaming some fields at the database level so users can work directly with 'Publisher' or 'Artist' or 'CountryofIssue' if they have to go into phpMyAdmin rather than 'Manufacturer' .

#16   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 29 April 2012 - 00:16

Sara:

OK, so that I understand:

# Authentication
# check admissible IP-address
# Protect files and directories from prying eyes.
<FilesMatch "...">
Order deny,allow
Deny from all
# allow your ip address:
allow from 70.56.22.10 #As a Comcast example...
</FilesMatch>

Wound be ok? It was the "..." in the filesmatch statement that threw me!
(And yes, being on Comcast it would be a dynamic IP, but the Hostgator IP is static)
I would use my Comcast Ip I assume!

#17   kelagedart

kelagedart
  • Members
  • 69 posts

Posted 29 April 2012 - 01:00

Phil:

Here the interesting pat.

I put that whole .htaccess file back. In its original form

Now everything is working just fine.

Except for the screwy 'author drop down' which I need to fix anyway (it has blanks and duplicates!).
Its from the SiteSearchPlus addon, so I guess I better check for updates....

#18   Juto

Juto
  • Members
  • 369 posts

Posted 29 April 2012 - 09:15

Sara:

OK, so that I understand:

# Authentication
# check admissible IP-address
# Protect files and directories from prying eyes.
<FilesMatch "...">
Order deny,allow
Deny from all
# allow your ip address:
allow from 70.56.22.10 #As a Comcast example...
</FilesMatch>

Wound be ok? It was the "..." in the filesmatch statement that threw me!
(And yes, being on Comcast it would be a dynamic IP, but the Hostgator IP is static)
I would use my Comcast Ip I assume!


Yes, that's correct. It must be your own ip address. Of course if you have a partner, or are working from another ip address, thane add those ip addresses as well.

Sara