Jump to content

Harald Ponce de Leon

Admin
  • Content count

    5,378
  • Joined

  • Last visited

  • Days Won

    125

Everything posted by Harald Ponce de Leon

  1. We're proud to announce the introduction of a new App endeavor with the release of PayPal App for osCommerce Online Merchant! We've worked in close collaboration with PayPal to not only bring you updated PayPal payment modules but have also bundled all PayPal modules, including Log In with PayPal, into a single App package for an even tighter integration with osCommerce Online Merchant to enhance both sellers and buyers experiences with PayPal. The PayPal App is optimized for and will be bundled with the upcoming osCommerce Online Merchant v2.3.5 release and can be installed on existing installations from v2.2RC2a to v2.3.4. The PayPal App has been architectured to preview and showcase the direction we are taking the new osCommerce Online Merchant v2.4 series in and how the new series will allow you to install and update Apps on your online store through the Administration Dashboard. The PayPal App includes an online update feature that can update itself with a click of a button that will be part of the core in v2.4 for all Apps to take advantage of. We are also extremely proud to be one of the first self-hosted e-commerce solutions to allow the PayPal App to configure itself by securely retrieving the PayPal account API Credentials for you. This is currently available for US and UK sellers and allows you to sign into or create a PayPal live or sandbox account to retrieve the API Credentials from. This makes it extremely easy for new PayPal sellers to start experiencing the PayPal payment methods through a sandbox account and to create a live account as soon as they are ready to accept payments - directly from the osCommerce Administration Dashboard. In addition, the PayPal App includes: - Updated payment modules - Payments Standard: Support for Payment Data Transfer (PDT) payments - Payments Standard: Stock management in IPN notifications - Order Administration: Capture full or partial authorizations, refund full or partial transactions - API Logging: All parameters sent in and received from API calls are logged Documentation for the PayPal App is available at: http://library.oscommerce.com/Package&paypal The PayPal App can be downloaded for free at: http://addons.oscommerce.com/info/9184 We look forward to your feedback on this announcement! Please post your feedback to this topic and any support related enquiries to the following channel: http://forums.oscommerce.com/forum/54-paypal/
  2. Harald Ponce de Leon

    Testing New PayPal Express Checkout Module

    Hi All.. The new PayPal Express Checkout payment module is nearly ready and would like to ask if you could spend a few minutes to test it out at the demo site: http://demo.oscommerce.com Please perform an order with addresses inside and outside Florida, USA, and also change the shipping address during the Express Checkout flow. The new module is configured to use the new In-Context lightbox checkout flow but can break out and revert to the classic checkout flow depending on your browser and PayPal buyer account settings. As In-Context does not currently work with the Instant Update callback, the Instant Update feature is not enabled at this time. Line items may or may not be passed to PayPal depending if the line item calculations do not match the order total calculations. If they do not, then only the order total is passed to still allow the customer to make a purchase. Line Items will almost always be sent and will not in rare situations when extra order total modules need to manipulate the order total tax values. You will also notice that when testing and switching between addresses inside and outside Florida, USA, that when returning back to the store you may be redirected to the checkout confirmation page if the transaction total does not match the order total. This would be due to taxes being added or subtracted depending on the shipping address. Otherwise if the order totals match, the order is processed immediately. Thanks, and please report back on your findings. (BTW, the top Express Checkout button should be used on the shopping cart page. The one below it is for PayFlow which will be updated next with the recent updates)
  3. Harald Ponce de Leon

    Marketplace Category/Version Cleanup

    Hi All.. The categories and versions in the Apps Marketplace have been cleaned up as follows: Versions v3.0 Alpha 5 and v3.0 versions vaulted Categories Payment Modules renamed to Payment Shipping Modules renamed to Shipping Order Total Modules renamed to Order Processing Credit Modules moved to Order Processing Content Modules moved to Features Zones moved to Other Images moved to Other InfoBoxes moved to Features Reports moved to Features
  4. Hi All.. Here are instructions on how to check how compatible your online store installation / PHP code is against all PHP versions from 5.0 up to the latest version (currently 7.3). This guide requires a minimum PHP 5.4 version to run. This is a medium level skill guide and requires the installation of Composer - a dependency manager for PHP that manages the installation and updates of third party libraries. I will link to the installation instructions of Composer instead of writing how to install it here. It's possible to perform this guide either remotely on the web server in a ssh terminal, or locally on a backup copy of the PHP code. Step 1 - Install Composer Composer can be installed on Windows, Linux, Mac, and Unix. If you're installing on Linux, there may be a Linux distribution package that can be installed depending on your access privileges on the server, otherwise a manual installation is required. The manual installation can be performed locally in your home directory without special user permissions. Instructions for how to install Composer on Windows can be found here: https://getcomposer.org/doc/00-intro.md#installation-windows Instructions for how to install Composer on Linux, Mac, and Unix can be found here: https://getcomposer.org/doc/00-intro.md#installation-linux-unix-macos Step 2 - Create Composer Project File Composer needs to create a composer project file in the directory where your online store installation or PHP code resides. This will create two files that will be publicly accessible through the web server - this will not pose any security issues. The setup will also eventually create a "vendor" directory however Composer will be configured to place this in the "includes" directory to block public web server requests to the directory. Copy and paste the following to composer.json in the directory where your online store installation resides: { "config": { "vendor-dir": "includes/thirdparty/composer" }, "require-dev": { "squizlabs/php_codesniffer": "^3.4", "phpcompatibility/php-compatibility": "^9.2" } } Step 3 - Install PHP_CodeSniffer PHP_Codesniffer detects violations of defined rules in your code. There are several coding standard rule sets available to make sure each PHP file meets the coding standards. There is no rule set currently available for OSCOM v2.x - for v3 the PSR12 rule set is used. As there will be a lot of violations running this with a coding standard, we will instead run it to use only one rule set to check compatibility against the latest PHP version. We will also configure PHP_CodeSniffer to ignore certain violations which is already taken care of in the online store installation. Run the following command to install PHP_CodeSniffer: composer install After this installs PHP_CodeSniffer and the PHP Compatibility rule set, a PHP_CodeSniffer configuration file will be created to configure the rule set that should be used. Copy and paste the following to phpcs.xml in the directory where your online store installation resides: <?xml version="1.0"?> <ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd"> <description>The coding standard for osCommerce.</description> <file>.</file> <exclude-pattern>*/includes/thirdparty/*$</exclude-pattern> <arg name="basepath" value="."/> <arg name="colors"/> <arg value="nps"/> <rule ref="PHPCompatibility"/> <config name="installed_paths" value="includes/thirdparty/composer/phpcompatibility/php-compatibility" /> </ruleset> Step 4 - Run PHP_CodeSniffer PHP_CodeSniffer can now be executed with the following command. It will automatically use the configuration file created in step 3: ./includes/thirdparty/composer/bin/phpcs which will produce the following output report: FILE: admin/includes/functions/compatibility.php --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- FOUND 15 ERRORS AFFECTING 12 LINES --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 32 | ERROR | Global variable '$HTTP_GET_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_GET instead (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_get_varsDeprecatedRemoved) 33 | ERROR | Global variable '$HTTP_POST_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_POST instead (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_varsDeprecatedRemoved) 34 | ERROR | Global variable '$HTTP_COOKIE_VARS' is deprecated since PHP 5.3 and removed since PHP 5.4; Use $_COOKIE instead | | (PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_cookie_varsDeprecatedRemoved) FILE: admin/includes/functions/database.php ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- FOUND 25 ERRORS AFFECTING 24 LINES ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 179 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved) 181 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved) 185 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 and removed since PHP 7.0; Use mysqli instead (PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved) Here we can see which files violate a PHP Compatibility rule set, the line in the file where the violation occurs, the reason for the violation, and the actual rule set that was violated that we'll be using to ignore the false positive reports with. In the example output, it states that $HTTP_GET_VARS, $HTTP_POST_VARS, and $HTTP_COOKIE_VARS are deprecated since PHP 5.3 and are still used in your online store installation. This is a false positive as osCommerce Online Merchant already has its own implementation to work with or around it. In this case, the variables are safely defined in admin/includes/functions/compatibility.php and includes/functions/compatibility.php. It also states that "mysql_" is deprecated in PHP 5.5 and still used in the online store installation. This is also a false positive as osCommerce Online Merchant wraps calls to the "mysql_" functions if "mysqli" does not exist. We'll add to the PHP_CodeSniffer configuration the rules that can be ignored. The rules can be seen in the output report in brackets ( ). Below is an updated phpcs.xml file with a list of rules being safely ignored for a osCommerce Online Merchant v2.3.4.1 installation: <?xml version="1.0"?> <ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="PHP_CodeSniffer" xsi:noNamespaceSchemaLocation="phpcs.xsd"> <description>The coding standard for osCommerce.</description> <file>.</file> <exclude-pattern>*/includes/thirdparty/*$</exclude-pattern> <arg name="basepath" value="."/> <arg name="colors"/> <arg value="nps"/> <rule ref="PHPCompatibility"/> <config name="installed_paths" value="includes/thirdparty/composer/phpcompatibility/php-compatibility" /> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_get_varsDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_varsDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_cookie_varsDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_session_varsDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_server_varsDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Variables.RemovedPredefinedGlobalVariables.http_post_filesDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.Extensions.RemovedExtensions.mysql_DeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.session_bug_compat_42DeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.IniDirectives.RemovedIniDirectives.session_bug_compat_warnDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_registerDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_is_registeredDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.session_unregisterDeprecatedRemoved"> <severity>0</severity> </rule> <rule ref="PHPCompatibility.FunctionUse.RemovedFunctions.mysql_escape_stringDeprecatedRemoved"> <severity>0</severity> </rule> </ruleset> Please remember that a lot of false positives will be reported and will need to be individually checked to see if a workaround exists in the PHP code. Additional rules to ignore can be added to the PHP_CodeSniffer configuration file. Happy PHP 7.3 incompatibility hunting!
  5. Harald Ponce de Leon

    Payment Zone Not Working

    There is a bug with the Braintree App v2.011 that does not respect the Payment Zone if one has been specified. Until the next App update is pushed out, those affected by this issue can easily apply the following change. In the following file: catalog/includes/modules/payment/braintree_cc.php on lines 95 and 97, the following constant is being referenced: OSCOM_APP_PAYPAL_DP_ZONE simple replace both instances with the following constant: OSCOM_APP_PAYPAL_BRAINTREE_CC_ZONE and save the file. Payment Zones will then work as normal.
  6. Harald Ponce de Leon

    Naming Convention

    Every v2.x release is being sunsetted, including v2.4. Someone is welcome to continue development through the Community Edition program. My focus is 100% on v3. All Community Edition releases will have their own support area in the forum and their own version in the Marketplace. Linking to the releases on our downloads page is just the start - it is planned to have dedicated pages for each release so their features can be showcased.
  7. Harald Ponce de Leon

    Naming Convention

    Yes, at Github. 1.0.0.0 to 1.0.0.2: https://github.com/gburton/Responsive-osCommerce/compare/v1.0.0.0...1.0.0.2 1.0.0.2 to 1.0.0.3: https://github.com/gburton/Responsive-osCommerce/compare/1.0.0.2...1.0.0.3 They will be made aware as CE releases use the same update mechanism from v2.3. This means the update procedure is manual for v2.3 based CE releases (the architecture does not support online updates). Automatic updates will first arrive with v3 and v3 based CE releases. Community Edition maintainers have the ability to push out a release to the website without my intervention. In fact, the website automatically checks Github once every hour to see if a new release has been pushed out at Github and automatically updates the download page and posts a news announcement if one was posted at Github. This will be addressed when Community Editions are officially announced. If they want to stay on PHP 5.6 they can with their current installation. If it runs perfectly today, it will run perfectly tomorrow, and there are active developers in the forum that can help when problems arise. If they want to move to another release or platform, they can't stay on PHP 5.6. There is a lot of excitement when releases are pushed out, however your current installation is not going to burn if you don't upgrade immediately.
  8. Harald Ponce de Leon

    Marketplace Category/Version Cleanup

    The next update will be pushed out this month and takes care of that 👍
  9. Harald Ponce de Leon

    Marketplace Category/Version Cleanup

    There's also Relevancy and Last Updated sort options. Relevancy is the default.
  10. Harald Ponce de Leon

    Marketplace Category/Version Cleanup

    Sorry, it's not the % search, it's fulltext search.
  11. Harald Ponce de Leon

    Marketplace Category/Version Cleanup

    It's the standard MySQL % searching. One of the next updates will move the searching to an Elasticsearch server.
  12. Harald Ponce de Leon

    QTPro BS

    @raiwa done!
  13. Developers, it's now possible to link your support topics to your submissions at the Apps Marketplace!

  14. Topics with 5 or more replies within 60 minutes are now shown in the "Popular Now" box on the front page of the forum (near the bottom).

    1. Harald Ponce de Leon

      Harald Ponce de Leon

      and as "Hot" in the forum channel listing :laugh:

  15. Harald Ponce de Leon

    One-Page / Guest Checkout

    BTW, at https://demo.oscommerce.com, vault storage has been enabled for the following payment modules: braintree_cc sage_pay_direct stripe Please use a test credit card number to test it out, eg: 4111111111111111 any expiry date in future any cvv code The stored cards are then managed in the My Account area. For your next purchase, the payment module should detect a stored token and automatically select the payment module for the order.
  16. Harald Ponce de Leon

    One-Page / Guest Checkout

    I did not refer to storing the actual card information locally in the database - that I advise against unless you know what you're doing with PCI DSS (you 99% don't, so don't try). What I'm referring to is allowing the payment service provider store the card information on their servers and have them deal with PCI DSS (they are 100% compliant as it's their business). The payment service provider sends you a token which is stored locally in the database and is referenced for future payments. This token must be of course secured locally just the same as your payment service provider credentials must be secured. The last 4 digits of the card number is stored so the customer knows what card is going to get charged. It is here where CVV and 3D Secure can be configured to be asked for again as they have already been verified when the first purchase was made. The PayPal and Braintree Apps have this as a configuration option. Other payment modules that support vault storage are also configurable to enable the feature. The card input fields are loaded via iframe from the payment service provider so the card information never touches your server. There is no need to worry about PCI DSS even when stored tokens are enabled.
  17. Harald Ponce de Leon

    One-Page / Guest Checkout

    The shopping cart page could act as a checkout confirmation page for existing customers as their information and preferred payment options are already known. There is no need to go through the checkout steps, if the customer needs to use a different address they can click on the "edit" link and return straight back to the checkout confirmation page.
  18. Harald Ponce de Leon

    One-Page / Guest Checkout

    Another issue to consider is the general speed loading time of your site. If it's slow, don't think a one page checkout will increase sales by 650% just because "AJAX is fast". It may be fast because the rest of the site is slow Remove the left and right columns of the checkout procedure and it's a giant step towards the "one thing per page" concept.
  19. Harald Ponce de Leon

    One-Page / Guest Checkout

    I advise against that too if you're going to store the details locally in your database due to PCI-DSS regulations, however there is absolutely nothing wrong with storing card details if you have a payment service provider providing you that service (most do today without an extra charge). To be on the safe side it's nice to have a checkbox option near the card input fields to save the card details for the next purchase. Some sites don't have the checkbox and always store the card details - this always comes down to your business and your target audience. At the very minimum it should then be described in your privacy or terms and conditions page. Requiring CVV and 3D Secure is common for first time purchases (though I believe amazon.de asks for neither) and is usually configurable if the CVV and 3D Secure should be asked for again for future purchases to allow one-click purchases. This again comes down to how strict you want the security checks to be to protect against fraudulent sales.
  20. Harald Ponce de Leon

    One-Page / Guest Checkout

    There isn't a one page checkout procedure in v2.3 due to the legacy codebase having the ideology of working on browsers with cookies enabled or disabled and JavaScript enabled or disabled. The v2.4 release will still have a standard checkout procedure however it doesn't share the same ideology and can have a one page checkout in a future v2.5 or so release. Regarding entering card information before the checkout confirmation page, we moved those fields in the payment modules a while ago to the checkout confirmation page. I don't remember if there is a European law on it, but it's more satisfying for the customer to see the real and exact order total when entering their card information in. If something alters the order total during the checkout payment page and the checkout confirmation page (card acceptance fees?), the customer will feel cheated of giving up their card information for an order total they didn't agree to. For the cases where card acceptance fees are passed to the customer, the customer chooses Credit Card on the checkout payment page and first enters their card information on the checkout confirmation page where the fee is included in the order total rows. The customer sees the exact order total before entering their card information in.
  21. Harald Ponce de Leon

    One-Page / Guest Checkout

    Sorry, I didn't write anything constructive in my post I think just by judging the way that one page checkout screenshot looks is overwhelming the customer with too much information on the screen at once. The checkout process column on the right is not needed as I presume that information is shown again in the last step for the confirmation. The same edit links are also available with each step listed. Having a JavaScript based one-page checkout procedure is nice and can outperform a standard checkout procedure, but only if it has been designed properly. The idea behind a one-page checkout procedure is to keep it as simple as possible for the customer experience, not the technical achievement experience.
  22. Harald Ponce de Leon

    One-Page / Guest Checkout

    6 steps, and entering credit card information before the checkout confirmation page? That's not an improvement.
  23. Harald Ponce de Leon

    FedEx - Web Services v9

    Are you able to see what error is being logged that causes the http 500? Maybe an exception can be caught that automatically disables the module for that page request can be added to the code.
  24. Harald Ponce de Leon

    PayPal App for osCommerce Online Merchant

    That definitely does not sound right. Could you provide a screenshot of how that page looks? Be sure to censor out any sensitive information.
×