Jump to content



Photo
- - - - -

osCommerce Online Merchant v2.3.4


  • Please log in to reply
101 replies to this topic

#1   Harald Ponce de Leon

Harald Ponce de Leon

    Healthy Giraffe

  • Core Team
  • 5,346 posts
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Posted 05 June 2014 - 21:21

We're proud to announce the release of osCommerce Online Merchant v2.3.4! This release introduces a new Content Modules feature, secures the Administration Tool if SSL is enabled, and includes new and updated payment modules.

Content Modules

Content Modules is a new feature that builds and loads the content of a page through modules. The My Account, Login, and Checkout Success pages have been updated in this release to utilize Content Modules and can now be customized and manipulated through modules without editing source code files.
Other pages will soon be updated to utilize Content Modules in following releases and improved on with your help and feedback.

Log In with PayPal

The first featured Content Module being introduced is Log In with PayPal which can be added to the Login page. This allows customers to authenticate themselves through PayPal without needing to create a local store account.
Log In with PayPal supports a seamless checkout experience with PayPal Express Checkout where customers don't need to log in again when purchasing and starting the PayPal Express Checkout flow.

HTTPS Administration Tool

The Administration Tool now loads in HTTPS if SSL has been enabled on the store.

Payment Modules

The following payment modules have been updated to utilize the latest payment gateway APIs and to have each secured API call verified through CA public certificates.
Some payment modules have also been updated to support stored card tokens where customers can securely store their card payment information at the payment gateway and to reference their cards in later purchases without needed to retype their card information again. These include:
  • Sage Pay Direct
  • Stripe
  • Braintree
PayPal

The following modules have been updated:
  • PayPal Express Checkout v3.0
  • PayPal Payments Standard v3.1
  • PayPal Payments Pro (Direct Payment) v3.0
  • PayPal Express Checkout (Payflow Edition) v3.0
  • PayPal Payments Pro (Payflow Edition) v3.0
The following modules are being introduced:
  • PayPal Payments Pro (Hosted Solution) v1.0
The modules can be downloaded separately for existing stores at:

http://addons.oscomm.../service/paypal

Sage Pay

The following modules have been updated:
  • Sage Pay Direct v3.0
  • Sage Pay Form v2.0
  • Sage Pay Server v2.0
The following modules are being introduced:
  • Sage Pay Cards Management Page (content module)
The modules can be downloaded separately for existing stores at:

http://addons.oscomm...ervice/sage_pay

Authorize.net

The following modules have been updated:
  • Authorize.net Server Integrated Method (SIM) v2.0
  • Authorize.net Advanced Integration Method (AIM) v2.0
The following modules are being introduced:
  • Authorize.net Direct Post Method (DPM) v1.0
The modules can be downloaded separately for existing stores at:

http://addons.oscomm...ce/authorizenet

Stripe

The following modules are being introduced:
  • Stripe.js v1.0 (payment module)
  • Stripe Cards Management Page (content module)
The modules can be downloaded separately for existing stores at:

http://addons.oscomm.../service/stripe

Braintree

The following modules are being introduced:
  • Braintree v1.0 (payment module)
  • Braintree Cards Management Page (content module)
The modules can be downloaded separately for existing stores at:

http://addons.oscomm...rvice/braintree

WorldPay

The following modules have been updated:
  • WorldPay Hosted Payment Pages v2.0
The modules can be downloaded separately for existing stores at:

http://addons.oscomm...ervice/worldpay

General Updates

This release also includes the following general updates:
  • Orders can now be blocked when no defined shipping rate is available for the destination
  • Session management improvements
  • Payment Acceptance box introduced
  • jQuery libraries updated
  • and minor bug fixes and improvements
Download

osCommerce Online Merchant v2.3.4 can be downloaded in full and update packages from:

http://www.oscommerce.com/Products

Thank You!

We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.Reference

The osCommerce Online Merchant release notes and upgrade guides can be found at:

http://library.oscom...3&release_notes

:heart: , osCommerce


#2   Gyakutsuki

Gyakutsuki
  • Members
  • 596 posts
  • Real Name:Loic Richard
  • Gender:Male
  • Location:Montreal

Posted 05 June 2014 - 22:25

Thank you Harald for this new release.

Regards

 

-----------------------------------------

Loïc

Contact me by skype for business

Contact me @gyakutsuki for an answer on the forum


#3   quetevendo

quetevendo
  • Members
  • 72 posts
  • Real Name:Franco
  • Gender:Male
  • Location:Argentina

Posted 05 June 2014 - 22:55

We go for more!
Thanks team!!

#4   geoffreywalton

geoffreywalton

    OSC Aficionado

  • Members
  • 8,256 posts
  • Real Name:Geoffrey Walton
  • Gender:Male
  • Location:Norfolk, UK (close to the centre of the universe)

Posted 06 June 2014 - 10:48

Thanks for getting this out.

I installed it 3 times yesterday and it installed without a hitch.

I have just gone through the admin to see the changes and see how a store owner/newbie could be assisted.

The final installation page is fine for a developer, they would understand what it means, a shop owner could do with a lot more help and guidance:-

Review the directory permissions on the Administration Tool -> Tools -> Security Directory Permissions page.

and then do what? There isn't any documentation on this.

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up within the Configuration -> Administrators page.

Confusing as h***, why not simplify it to an instruction:-

To make a more secure shop, in the shop admin go to Configuration >> Administrators and edit the adminstrator, enter a password and tick the "Protect With htaccess/htpasswd" box.

I also spotted a few tweaks that could be considered.

Configuration >> Logging

This is set to

Log Destination /var/log/www/tep/page_parse_time.log

It could be set to

/includes/work/page_parse_time.log

as part of the installation just like the cache settings

Modules >> Action Recorder

There is a sort order column all set to zero but they can not be edited.

Modules >> Payment

There are 2 installed modules and they both have a sort order of 0. The installation sql could be set to 1000 and 2000.

Modules >> Shipping

Although there is only one installed it does not have a sort order number either.

Tools >> Action Recorder

The delete button is at the top of the page not within the highlighted area.

Tools >> Security Checks

Add a title above the paper icon, such as "How To Correct", it is not obvious that there are some good tips hidden away there!!!

/ext directory listing - The error message is not helpful.

The /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration.

Why not make it 'Directory contents can be read, see icon for solution.'

Or why not just have "Options -indexes" in the root .htaccess, other default .htaccess files have been set up e.g. in /admin/backups directory.

The new Tools menu options are not mentioned in the pdf documentation, an explanation of why certain directories should not be writable is more likely to get someone to start changing permissions than an x on a screen.

Just little tweaks but I believe it would make OSC seem much more professional and new user friendly.

Cheers

G

PS Before I get shot down, I did try to add to the documentation http://library.oscom...ntation did not allow me to install the library site.
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.

For links mentioned in old answers that are no longer here follow this link Useful Threads.

If this post was useful, click the Like This button over there ======>>>>>.

#5   Harald Ponce de Leon

Harald Ponce de Leon

    Healthy Giraffe

  • Core Team
  • 5,346 posts
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Posted 06 June 2014 - 12:16

Hi Geoffrey..

Thanks for the feedback. The instructions shown on the last installation page should indeed be removed. The checks can be performed with extended security check modules introduced in v2.3.3.3 which can link to our documentation site for steps on how to solve particular issues.

I will update the instructions for installing the Library site in the coming days.

Kind regards,

:heart: , osCommerce


#6   geoffreywalton

geoffreywalton

    OSC Aficionado

  • Members
  • 8,256 posts
  • Real Name:Geoffrey Walton
  • Gender:Male
  • Location:Norfolk, UK (close to the centre of the universe)

Posted 06 June 2014 - 14:31

Don't get me wrong I think it is a good idea to list what needs to be done but lets tell people what they need to do but in plain english not coded speak.

I think

To make a more secure shop, in the shop admin go to Configuration >> Administrators and edit the adminstrator, enter a password and tick the "Protect With htaccess/htpasswd" box.

is much clearer than

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up using the Configuration -> Administrators page

I think shop owners would understand that.

Then something along the lines of

You should also check the permissions on directories and files to check they are secure. This can be done on the Administration Tool -> Tools -> Security Directory Permissions page.

And even add an extra step of

Finally check the general state of the site using Tools >> Security Checks.

I'll have a go at git and see if I can get my head round github, branches and other associated foliage and upload some enhancements (not corrections)!!!!

:-)

Cheers

G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.

For links mentioned in old answers that are no longer here follow this link Useful Threads.

If this post was useful, click the Like This button over there ======>>>>>.

#7   greasemonkey

greasemonkey
  • Members
  • 1,059 posts
  • Real Name:Scott
  • Gender:Male

Posted 06 June 2014 - 15:26

Here is a like for this comment

tell people what they need to do but in plain english not coded speak

:)

As a shop; owner making these instructions in more clear English would be very helpful. When I upgraded from 2.2 last year I struggled with

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up within the Configuration -> Administrators page.

and the big red error box on Configuration >> Administrators that is suppose to explain what to do for half a day... before I realized all I had to do was click "edit" to find the checkbox. Sounds simple I know, but remember you've been doing this for 10 plus years.

I would like to think if it said;

To make a more secure shop, in the shop admin go to Configuration >> Administrators and <b>edit</b> the administrator, enter a password and <b>tick</b> the "Protect With htaccess/htpasswd" box.

I would have more hair then I do now...

Just my 2 cents...

Edited by greasemonkey, 06 June 2014 - 15:26.


#8   Harald Ponce de Leon

Harald Ponce de Leon

    Healthy Giraffe

  • Core Team
  • 5,346 posts
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Posted 06 June 2014 - 16:54

Hi All..

The osCommerce Online Merchant v2.3.4 full and update download packages have been silently updated to include documentation for the Braintree payment module.

This is not a bug fix and we did not want to hassle store owners of updating the version file (eg to 2.3.4.1) for this simple addition.

Kind regards,

:heart: , osCommerce


#9   Mort-lemur

Mort-lemur
  • Members
  • 2,387 posts
  • Real Name:Heather
  • Gender:Female
  • Location:UK

Posted 06 June 2014 - 20:29

Hi,

Very quick question (I Hope) - Is it OK to cherry - pick the updates? ie. are there any that are interdependent?

eg. I dont really want to update the JQuery or UI files on my site etc.

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#10   joli1811

joli1811

    Anybody seen this leprechaun say yeah !!

  • Members
  • 2,384 posts
  • Real Name:john dunlop
  • Gender:Male
  • Location:Ireland

Posted 06 June 2014 - 21:12

Ran through the update myself did not see any dependencies except has you mention the jquery and color box (product_info.php)

I left out and just done the rest mostly sessions related changes and the new modules

Did not suit to for me to change to the color box/product_info.php for my test site at the minute !!

Now the payment files also having been changed (paypal) etc not sure as regards jquery can not imagine it would make a difference

did not take long 30 minutes maybe 60 minutes gets a bit boring but quick and simple

Admin display may change a bit with the new jquery but that was it

Edited by joli1811, 06 June 2014 - 21:14.

To improve is to change; to be perfect is to change often.

#11   Harald Ponce de Leon

Harald Ponce de Leon

    Healthy Giraffe

  • Core Team
  • 5,346 posts
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Posted 07 June 2014 - 19:34

The post-installation notes have just been removed from the installation procedure :) The checks are taken care of already by the Administration Tool Extended Security Check Modules.

 

The next step is to add documentation links to all extended security check modules and of course the documentation on the library site :)


:heart: , osCommerce


#12   Harald Ponce de Leon

Harald Ponce de Leon

    Healthy Giraffe

  • Core Team
  • 5,346 posts
  • Real Name:Harald Ponce de Leon
  • Gender:Male
  • Location:Solingen, Germany

Posted 07 June 2014 - 19:40

Very quick question (I Hope) - Is it OK to cherry - pick the updates? ie. are there any that are interdependent?

eg. I dont really want to update the JQuery or UI files on my site etc.


Totally fine. The Content Modules part would not be recommended for every store to utilize unless they want to start using content modules.


:heart: , osCommerce


#13   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,752 posts
  • Real Name:George Zarkadas
  • Gender:Male
  • Location:Greece

Posted 08 June 2014 - 19:28

Looking at the content modules on the login.php page

 

There is something not right with the logic of setting the grids.

 

1) If both columns are enabled, everything is fine, we have always a total of 24 grids

2) if  just one column is enabled, we are missing 4 grids

 

For example,

 

- having both modules (create account and login) set to "half" we have

<div id="bodyContent" class="grid_20 push_4">
<h1>Welcome, Please Sign In</h1>
<div id="loginModules">
<div class="contentContainer grid_8 alpha">
<div class="contentContainer grid_8 omega">
</div>

=  total 16 grids within a container of 20 grids => 4 missing

 

- having both modules set to "full", we have

<div id="bodyContent" class="grid_20 push_4">
<h1>Welcome, Please Sign In</h1>
<div id="loginModules">
<div class="contentContainer grid_16">
<div class="contentContainer grid_16">
</div>

The problem is in the logic of includes/modules/content/login/templates/login_form.php

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

Only 8 or 16 grids, sometimes we need 10 or 20 of them, in case of 1 column + of course the case that someone changed the column with to say 5 grids

 

The file need to check first what the available content width is, and apply the proper grid classes accordingly

 

I'll try to post some lines of code for this


Edited by multimixer, 08 June 2014 - 19:29.


#14   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,752 posts
  • Real Name:George Zarkadas
  • Gender:Male
  • Location:Greece

Posted 08 June 2014 - 22:42

Ok people, a workaround as follows

 

1) in file login.php I moved following line 

  $page_content = $oscTemplate->getContent('login');

under

  require(DIR_WS_INCLUDES . 'template_top.php');

because I wanted to have the boxes executed before the content

 

2) In files includes/modules/content/login/templates/login_form.php and /create_account_link.php

 

I added just on top

$content_grid = $oscTemplate->getGridContentWidth();
$number_modules += $oscTemplate->hasContent('login') ? 1 : 0;

if ($half_grid_width = $content_grid / 2){
  if ($half_grid_width != floor($half_grid_width)) {
    $half_grid_width = $number_modules != 0 ? (floor($half_grid_width) + 1) . ' omega' : floor($half_grid_width) . ' alpha';
  }
}

3) In file includes/modules/content/login/templates/login_form.php

 

I replaced this

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

with this

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_' . $half_grid_width : 'grid_' . $content_grid; ?>">

4) In files includes/modules/content/login/templates/create_account_link.php

 

I replaced this

<div class="contentContainer <?php echo (MODULE_CONTENT_CREATE_ACCOUNT_LINK_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

with this

<div class="contentContainer <?php echo (MODULE_CONTENT_CREATE_ACCOUNT_LINK_CONTENT_WIDTH == 'Half')  ? 'grid_' . $half_grid_width : 'grid_' . $content_grid; ?>">

Now grids tare applied correctly, however, this solution is a hassle. The logic about how many grids to apply should be better a "central" one instead of repeating code like that

 

It would be maybe better to remove the grids altogether and use a width=50% or 100%, why to stick with that grids?

 

Talking with @burt, he came up with an other (better) solution, to change things afterwards (after the grids got applied) via js, he'll post this himself I think


Edited by multimixer, 08 June 2014 - 22:51.


#15   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,752 posts
  • Real Name:George Zarkadas
  • Gender:Male
  • Location:Greece

Posted 08 June 2014 - 22:59

Edit

 

Point 2 above could be better like this

$content_grid = $oscTemplate->getGridContentWidth();
$number_modules += $oscTemplate->hasContent('login') ? 1 : 0;

if ($half_grid_width = $content_grid / 2){
  if ($half_grid_width != floor($half_grid_width)) {
    $half_grid_width = $number_modules != 0 ? (floor($half_grid_width) + 1) . ' omega' : floor($half_grid_width) . ' alpha';
  } else {
    $half_grid_width = $number_modules != 0 ? $half_grid_width . ' omega' : $half_grid_width . ' alpha';
  }
}

Will think it over tomorrow again



#16   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,752 posts
  • Real Name:George Zarkadas
  • Gender:Male
  • Location:Greece

Posted 08 June 2014 - 23:40

Ok people, please disregard all the above, the change in login.php (point 1) can't be done, line has to stay where it is.

 

Do not use any of the above code, I'm sorry for causing confusion



#17   multimixer

multimixer

    Lemons or Melons ?

  • Partner
  • 4,752 posts
  • Real Name:George Zarkadas
  • Gender:Male
  • Location:Greece

Posted 09 June 2014 - 09:34

Goodmorging all, I'm sorry for yesterdays late night show :)

 

I ended up removing all grid classes by js, and adding new classes that I can style via css as I like

$('#loginModules .contentContainer.grid_8').removeClass('grid_8 alpha omega').addClass('half_width').parent('div#loginModules').css({overflow: "hidden"});
$('#loginModules .contentContainer.grid_16').removeClass('grid_16 alpha omega').addClass('full_width');

I think the whole part could afford a reconsideration

 

EDIT: this was also @burt suggestion yesterday in the chat, I just got stck with php yesterday, Garys suggestion was better


Edited by multimixer, 09 June 2014 - 09:36.


#18   Mort-lemur

Mort-lemur
  • Members
  • 2,387 posts
  • Real Name:Heather
  • Gender:Female
  • Location:UK

Posted 12 June 2014 - 07:03

another question from me (sorry)

 

With regards to versioning - at what point does a previously 2.3.3.4 store become a 2.3.4 store during the update process? ie I am not installing the new Jquery, Jquery UI or Flot - so can I really call my store a 2.3.4 store?

 

Also there are some interdependancies on the upgrade - eg Admin toolboxes needs the new Jquery or it makes the boxes too long - for future update packages a suggestion would be to show somehow what needs to be done before something else is done..

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.


#19   burt

burt

    I drink and I know things

  • Community Team
  • 12,463 posts
  • Real Name:G Burton
  • Gender:Male
  • Location:UK/DEV/on

Posted 12 June 2014 - 07:45

If you don't do it all, it's not exactly 2.3.4.  If it's not near enough exactly 2.3.4 then you will have issues in future updates when you are told to;

 

find:

xyz123

 

change to:

abc456

 

yet, you did not do the xyz123 change in the update to 2.3.4.  That will serve only to confuse in the future...

 

What is the reason you're not making the updates to jquery and flot etc ? 


Edited by burt, 12 June 2014 - 07:45.

This is a signature that appears on all my posts.  It is not specifically aimed at you.

 

IF YOU MAKE A POST REQUESTING HELP...please state the exact version of osCommerce that you are using. THANKS
 
If you are still on the old style osCommerce, it is time to move to Responsive.

 


#20   Mort-lemur

Mort-lemur
  • Members
  • 2,387 posts
  • Real Name:Heather
  • Gender:Female
  • Location:UK

Posted 12 June 2014 - 08:12

@burt Not doing the Jquery / UI / Flot changes at the moment because my sites are live, and this will mess up the formatting / colour settings of my MTS which I cant do when there are customers online - and some of my customers shop at strange hours........

 

Its an Interesting point the "Near Enough" statement...... If all the Code changes to core files are carried out then can this be classed as now 2.3.4? For example Not everyone will see the point of updating ALL the payment modules - as they will only ever use one or two of these.

 

Maybe future releases should be split into "Essential to Claim Update to Version 2.X.X" and "Optional Updates"

 

Im not getting hung up on any of this -just something I have been pondering........


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.