Jump to content



MrPhil

Member Since 29 Dec 2005
OFFLINE Last Active Today, 15:13
*****

#1755908 Security Warning

Posted by MrPhil on 18 April 2017 - 22:03

Who gets that message likely depends on what browser they're using. Some current browsers have become very aggressive in warning users away from non-SSL pages. It doesn't sound like this was from a login or payment page, which normally is SSL-protected. Anyway, you're going to see more and more of this. If you have SSL, you should be thinking about making the whole site under SSL. For the most part, this is a minor configuration change, although you will need to add a redirect from http: to https: in your .htaccess, and you will need to go through your add-ons to see if any of them need updating (are using hard coded http: URLs). Start here: http://forums.oscomm...havent-already/ . If you don't have SSL at all, time to get cracking and purchase it.




#1755848 moving the site from sub-folder to root

Posted by MrPhil on 16 April 2017 - 12:33

Nice birthday present -- the flu. The Hong Kong Flu was my Christmas present back in 1968. Well, happy birthday anyway!




#1754874 Who in the EU has heard of GDPR and will it affect you

Posted by MrPhil on 20 March 2017 - 12:49

Sure, bureaucrats can spend the day fantasizing new rules in order to justify their existence (big complaint here, too, which is a major reason President Doofus, er, Trump, is in the White House). If you're a small business, do those things which are common sense and practical and fair, and ignore the rest which are an unreasonable burden to you. If you're small enough, they probably won't bother you. If they do, you can get a lot of public sympathy and support by pointing out that you are being quite reasonable -- and they're not.




#1754723 Who in the EU has heard of GDPR and will it affect you

Posted by MrPhil on 16 March 2017 - 12:30

when we leave the EU we will still need to comply with the regulations as the EU has made it worldwide somehow.

 
Easy there! If you do business in the EU, and therefore handle the data of EU citizens, this applies to you. If you are located outside the EU, and are dealing with non-EU citizens' data, it doesn't apply to you. If you need to implement anything new to meet GDPR, it should be a superset of data-protection requirements anywhere else in the world, and you can handle everything the same way. Now, if you're physically located outside the EU, I doubt they'll have much leverage with you, even when dealing with EU citizens. If you're a small shop, and make a reasonable effort to protect personal data, frankly I doubt they'll bother coming after you. They've got bigger fish to fry with Amazon, Google, etc.
 

Has any store owner seen a sensible easy to understand website that explains how this may affect store owners, or like me have you never heard about this until now.


From a very quick scan of the Wikipedia article, it sounds like mostly common-sense data protections. I don't see anything that says the Data Protection Officer has to be a discrete person -- it can be another hat you wear (president, web guru, shipping clerk, bottle washer, DPO,...). People can request that their data be moved to another system, which is not applicable if you don't run elsewhere (what are they trying to accomplish here?). People can request to be forgotten (you erase their account information upon request, where that doesn't conflict with statutory data retention requirements or good accounting principles). Data breaches have to be reported to the appropriate authority. Customers have to explicitly consent to having data collected (it should be enough to add "By providing this information, you are consenting to our collecting it" to registration and PWA pages), and there are restrictions on collecting information from children. There are some privacy provisions which anyone handling personal data should already be implementing, at least for the type of data an online shop would hold. There may be some extra i-dotting and t-crossing to be done, but what else is new?




#1754635 Ultimate SEO URLS5

Posted by MrPhil on 15 March 2017 - 00:56

{ and } in a URL Query String are a known problem, and have been discussed quite a bit. Curly braces are banned by a number of hosts as some sort of security issue. I don't know what the official replacement will be for this syntax.




#1753877 Errors - persistent attempts to access wordpress login

Posted by MrPhil on 27 February 2017 - 15:25

Yeah, very common. I don't have WP installed either, but every day my server logs up to a dozen 404s when someone is trying to run wp-login.php. I assume it's more likely for spamming purposes than hacking. I add them to my IP Deny list (.htaccess). I just wish it were possible to send some VX nerve gas back down the line, or maybe a 100 Megavolt shock (as these are probably bots rather than humans at the other end).




#1753517 OSC 2.3.4 not working on PHP5.6 / MySQL 5.6 After Updates

Posted by MrPhil on 19 February 2017 - 19:52

A Pimp version? Does it come with a very wide-brimmed hat with a big ostrich feather?  :)




#1753513 What happened to responsive OsCommerce?

Posted by MrPhil on 19 February 2017 - 14:48

Well, that's an interesting definition of "troll". If that's the definition in this day and age of Trumpian alternative facts, then I'm proud to wear the label "troll". Don't expect to ever get any help from me again. I tried to be helpful, useful, and above all, professional in what I said, and you're having a hissy fit. Good bye.




#1753308 Think With Google

Posted by MrPhil on 14 February 2017 - 19:59

I'm not proposing to 'abuse' the alt= attribute for SEO. I try to put reasonable text in it that, when read by a screen reader, will be a good description of the image. After that, I try to naturally include a keyword or two that helps the description and might help a bit with SEO.




#1753147 What happened to responsive OsCommerce?

Posted by MrPhil on 09 February 2017 - 14:27

Thanks to no one but myself!

 

 

With a Trump-sized ego like that, don't be surprised if you don't get a lot of enthusiastic help on this forum.




#1753113 Can't turn on SSL

Posted by MrPhil on 07 February 2017 - 14:52

Remember that %{HTTP_HOST} is the domain that the visitor typed in to their browser, not necessarily your desired format (with or without www). It's best to explicitly give the desired domain in the rewrite rule, rather than using %{HTTP_HOST}. Also, the sooner you give the desired protocol (http or https) and domain name, the fewer 301 redirects you'll have to do later, which makes search engines happier.




#1752892 HTTP Error 500 for for my terminal payment return file

Posted by MrPhil on 31 January 2017 - 14:11

I think the module you listed may need updating. It queries whether register globals are in use. Register globals have been deprecated for a long time, and as of PHP 5.5 or so, completely removed, so even querying whether they're enabled might break PHP 5.5+.

 

Try this: find the lines

if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) {

    extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);

}

and change it to

// if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) {
if ($session_started == true) {

    extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);

}

See if that improves matters. So long as you're on PHP 5.5+, and register global variables are disabled, I think it will work.




#1752753 Redirect all product pages of a category to a page

Posted by MrPhil on 28 January 2017 - 14:23

If you can determine something common for the URIs of all these pages in question (such as a category name or number), you should be able to have a single redirection in .htaccess. It will depend on if you're using some sort of SEO, etc. If these pages' URIs share something in common with other pages (you don't want redirected), you would have to add check(s) in .htaccess to exclude those other pages. It should be possible. Also decide if you want this to be permanent, or just temporary, and whether you want visitors to see the new address.




#1752344 oscommerce "official 2.3.5" version

Posted by MrPhil on 19 January 2017 - 15:40

A bug-fix version of 2.3.4, to be called 2.3.5, is supposedly on the way, although nothing seems to have been released yet. Note that this is not responsive and is not a rebadged 2.3.4BS! I would not wait for 2.3.5, but would go to 2.3.4BS Edge instead. At least it's actually out there...




#1752251 Database synchronization

Posted by MrPhil on 16 January 2017 - 16:39

I recall that the issue of keeping the osC online store database in synch with a brick-and-mortar store (or other, such as selling on eBay) database has been discussed a number of times. You might want to look through those discussions to see if there's anything useful there. The basic problem is that osC is architected to think that it owns the whole thing, and there is no clean and easy way to let it know that others are selling out of the same inventory (or tell others that osC has sold something). Unless you can bend one or the other system to share the same database (or at least, the same inventory table), you will have to resort to various kludges to synch up separate databases. One is for the osC database to trigger a notice to the other system whenever the inventory changes. Another is to have the other system read the sales confirmation emails that osC sends out, and post to the its database. In either case, you still have to deal with going in the other direction. For that, something like Easy Populate might be the easiest solution.

 

Unless you can get everyone to play in the same inventory database, you will always have the risk of overselling (running out of inventory) in the time slice between database updates. This is especially a problem with a physical store, where merchandise can be taken out of storage and put on display, and someone forgets to keep all the databases in synch. One solution is to physically separate inventories (in the warehouse), and allow transfer between stores only under strict rules. This way, one store or the other might temporarily run out of inventory, resulting in a lost sale, but merchandise can be moved from one side to the other fairly quickly.