Jump to content

John W

Member Since 05 Nov 2002
ONLINE Last Active Today, 20:52

Topics I've Started

Google Adwords

23 November 2016 - 15:19

A few people here asked that we have a thread on Adwords, so I'll start it.  I've used Adwords since 2003 when you could do a nickel a click.  Then, it became a dime and the race was off.  Over time I've learned a lot and had a love/hate relationship.  This year Adwords account managers have helped me in updating and learning new features.  Currently, my ROI is the best it's been in at least a very long time, so I’ll try to share some ideas. For me, a big key is getting a repeat customer, but I also get some good sales from it.


First, you need to tie in Analytics, which is now part of Adwords.  Analytics can show you what sales you are getting through different ads and you can get the actual order id.   This helps in adjusting ads or even stopping those that don't pay off.  I look a lot at last 7 days and 30 days.  The 7 day view is good because you can see how small bid adjustments can cost a lot.  This can be done in the Adwords screens too.



And using a Google Feeder like Jack's, you need to set up with Google Shopping.  Jack has a great support thread on this and the Google shopping team will help you if needed.  I was slow to get this going, but it's really working well on some items I sell.  This gets you the ad boxes you see with pics at the top of Google as well as Google Shopping.



That covers the basics but AdWords and Analytics have a lot of features. 

  1. The biggest thing with AdWords is the better your ad is, the less you have to pay and still rank high.  So, take advantage of all the little extras like extended links and callouts.  Use all the characters you can but keep substance. 
  2. Once you create a base ad, you can copy and edit to make versions to test.  I added "Fully Secure Website" to one of my ads and it get 4 times the click through than any of my others in that ad group.  I did this based on switching to all SSL all the time.  Adwords also serves it higher, so it likes it.
  3.  You can also tailor you bids based on areas like states (Texas for instance).  Adjust based on days of the week or time of the day.  Adjust up or down for phones with browsers.  I bid that down because my biggest competitor on this isn't responsive in their site design.
  4. Remarketing was a huge fail for me that burned up cash with no ROI.
  5. Small bid adjustments that make you rank higher can cost way more than expected, so the 7 day running view is key.  The other key is look at it every day.  

There is some trial and error, but this can get you sales you are otherwise missing.  A lot probably depends on your margin, but for me I'll give 200 to sell 1600 especially since some will repeat.


There's a lot more to this and I'm not sure how much this helps, but hopefully others have something to add.  Or, if anyone has questions, maybe I can help. 

Upgrading Password functions to native php 5.5+

17 June 2016 - 18:56

As of Php 5.5 and higher there are very strong password functions built in that are the recommended method of handing passwords.  After seeing Burt's post on
https://github.com/g...Commerce/issues I decided to work on implementing it. You should read more at http://php.net/manua...q.passwords.php where there is some great info if you're interested.  It explains why we should do this.  

On a current OSC site the password is being hashed and stored something like this
and after upgrading to Php native hashing functions it will be something like this
which is much stronger for more reasons than just length.  

First, I test everything on my local machine (test server) with the help of the NetBeans IDE (free). Before putting this on your live site test it first although I do have it running on my live site using Php 5.6.  

Assuming you are running Php 5.5 or higher and you are using a current BS version this should be pretty easy.  All customers that have passwords hashed with the older systems will be automatically updated when they log in.  There are only two files to change and a sql statement to execute.  Note that the current password field setting of VARCHAR(60) will work now but may be a problem going forward.


On includes/modules/content/login/cm_login_form.php around line 58 find

            if (tep_password_type($customer['customers_password']) != 'phpass') {

change to

            if (tep_password_type($customer['customers_password']) != 'phpnative') {

replace includes/functions/password_funcs.php with this file


  osCommerce, Open Source E-Commerce Solutions

  Copyright (c) 2010 osCommerce

  Released under the GNU General Public License

// This function validates a plain text password with a
// salted, phpass password or native php 5.5 and higer password hashing
  function tep_validate_password($plain, $encrypted) {
    if (tep_not_null($plain) && tep_not_null($encrypted)) {

      if (password_verify($plain, $encrypted)) {
        return true;

      if (tep_password_type($encrypted) == 'salt') {
        return tep_validate_old_password($plain, $encrypted);

      if (!class_exists('PasswordHash')) {
        include(DIR_WS_CLASSES . 'passwordhash.php');

      $hasher = new PasswordHash(10, true);

      return $hasher->CheckPassword($plain, $encrypted);

    return false;

// This function validates a plain text password with a
// salted password
  function tep_validate_old_password($plain, $encrypted) {
    if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
      $stack = explode(':', $encrypted);

      if (sizeof($stack) != 2) return false;

      if (md5($stack[1] . $plain) == $stack[0]) {
        return true;

    return false;

// This function encrypts a phpass password from a plaintext
// password.
  function tep_encrypt_password($plain) {
    return password_hash($plain, PASSWORD_DEFAULT);

// This function returns the type of the encrpyted password
// (phpass or salt)
  function tep_password_type($encrypted) {
    if (preg_match('/^[A-Z0-9]{32}\:[A-Z0-9]{2}$/i', $encrypted) === 1) {
      return 'salt';

    If (substr($encrypted, 0, 3) === '$P$') {
      return 'phpass';

    return 'phpnative';

Run this sql statemnent in phpMyAdmin.  This isn't mandotory at this time but could/will be in the future.

ALTER TABLE `customers` CHANGE `customers_password` `customers_password` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL;

You can check by using a test account to make sure the password changes format.

Post sny problems or questions and I'll try to help.  Assuming this goes well and is well received we'll work on the admin password functions, which should be simple.