Jump to content

Harald Ponce de Leon

  • Content count

  • Joined

  • Last visited

  • Days Won


Posts posted by Harald Ponce de Leon

  1. Is there a way to get some info logged or emailed on the AJAX call that the Paypal Express Instant Update makes when the customer logs into Paypal? This is on osC 2.3.1. I've been adding debug email lines in all sorts of places - lol - the emails always come up empty :)


    The Instant Update is processed in:




    lines 54 - 226 (the callbackSet case in the switch statement)


    Have you tried adding debugging code there?

  2. Hi Fred..


    I just installed freshly again and noticed the jQuery and jQuery UI libraries were outdated so the newer versions have been pushed to osCommerce/oscommerce. I didn't experience the bug with the language definitions however think it may have to do with upper/lower cased directory names - will look into it and get back to you on it.


    There's an issue with the layout of the website with Firefox - this will also need to be looked into.


    Kind regards,

  3. Hi Laurent..


    I just checked and have already committed the queries for the Admin Countries application to my github repo:




    Here are the statements for the stored procedures:



    DROP PROCEDURE CountriesGetAll;
    WITH CountriesList AS
       SELECT *, (select COUNT(*) from osc_zones where zone_country_id = countries_id) as total_zones,
       ROW_NUMBER() OVER (ORDER BY countries_name) AS 'RowNumber'
       FROM osc_countries
    SELECT *
    FROM CountriesList
    SELECT COUNT(*) as total
    FROM osc_countries;
    DROP PROCEDURE CountriesGet;
    SELECT *
    FROM osc_countries
    WHERE countries_id = @ID;
    SELECT count(*) as total_zones
    FROM osc_zones
    WHERE zone_country_id = @ID;


    I work primarily on a Mac. I'll check my Windows box tomorrow for more code.


    Kind regards,

  4. Hi Ken..


    I don't recall any fatal errors occuring with running v2.2 (not v2.3) on PHP 5.3, only that error notices were being logged due to certain functions being deprecated. As long as display_errors is off it will be fine running v2.2 on PHP 5.3. (This is the same for most other software)


    Kind regards,

  5. Hi Ken..


    if you do not store card details in your database on the server, pci is irrelevant, and so is php v5.3.x.


    Until when? PHP 5.2 reached its end of life with 5.2.16 released on 16th Dec 2010, and PCI requires the software used to be kept up to date regarding security fixes.


    This isn't an issue yet as PHP 5.2.17 was released on the 6th Jan 2011 with a "critical issue" fix. But how long will PHP bring out security or critical fixes for 5.2?


    Kind regards,

  6. Hi All..


    Here's the official download link! Special for community members ;-)




    This will be added to the website and Countdown site within an hour. The newsletter will be published tonight.


    I'll be active on the forum over the weekend helping everyone out :-)


    We just reached the largest milestone in our history, and now there's even more work to do! :-)



  7. Hi Justin..


    My only option now is to spend a lot of time upgrading to v2.3.1 which is obsolete as far as the developers are concerned so no more bug or security fixes and more sleeples nights when sites get hacked...


    v2.3 is still supported. There are no security issues that we are aware of with the release.


    Kind regards,

  8. Hi George..


    I mean, if there would be some kind of guidance and task management, then more people could participate in any development doing bigger or smaller tasks, according to what they are good in, coding something, designing something, whatever


    This will come together in the coming days. At the moment we are opening up development to receive help on improving the core framework and to finalize the base user feature set. We are publishing monthly roadmaps to show what we're working on so those interested can help out.


    The killer user features will come after this. It is your choice to help us out at the core or to start working on killer Add-Ons :-)


    Kind regards,

  9. Hi Danny..


    1. How this model of Site & Application & Action in the urls was going to affect search engine friendly URLs as people always request. Short urls with the product name or keywords in it.


    It will actually help SEO as the structure of the URL requests are short, clean, and human readable. We are looking at properly supporting multiple domains where each Site can be loaded through a distinct domain, which can further improve the URL structure. Preliminary support for this is included in v3.0 where each Site now has its own configuration parameters (for URLs, cookies, databases, ..).


    2. Security-- if internal methods are arbitrarily executable it seems security could be a nightmare, but this is just a hypothetical. We just need to ensure the security model that is in place does not allow for arbitrary execution of methods.


    It's not possible to execute arbitrary code through the request URL. Each part of the URL is securely verified to make sure the right class is being loaded. The "osCommerce" directory holding the framework should actually be moved outside of the public html directory serving the website.


    It is also up to the Site which Applications it should protect. For example, the Shop Site is a public Site with certain Applications being protected by a customer log in (eg, a customer viewing their previous orders).


    On the other hand, the Admin Site is a protected Site not only with an administrator log in, but also through levels where an administrator can only view the Applications they have been granted access to.


    The access level feature is still tied to the Admin Site. We do imagine abstracting this in a future release to make it available to other Sites as well.


    Keep the feedback coming! :thumbsup:


    Kind regards,

  10. Hi Peter..


    Great post! This will help clear questions relating to the transition.


    There are several flavours of BSD ( see http://en.wikipedia.org/wiki/BSD_licenses ) , which is going to be used ?


    We will use the new 3-clause BSD license commonly also referred to as the MIT license. The original 4-clause BSD license is rarely used today.


    What will this mean in terms of code, will code still be required to be released with both the source code ( for binaries ) and no encryption?


    We will always release our work with full source code. Until our market place is live, Add-Ons uploaded to our Add-Ons site will need to contain the full source code, regardless if it is BSD or GPL licensed. Binary only Add-Ons available for free or commercially will be accepted when the market place is live. We are requiring this while we work on our infrastructure and to also help with the development of Add-Ons.


    The author has the freedom to decide which license they will use for their Add-Ons and can safely continue to use the GPL license as normal.


    Add-Ons made available outside of our Add-Ons site can be made available in binary form only (under the BSD license), for free or commercially, and can choose to enter our market place when it is ready.


    Is there a reason that a move away from the GPL has been done for ver 3 ?


    We explained why in the announcement :) We want to be at the "core" of e-commerce, driving innovation and competition both in the free and commercial markets.


    I have been using GPL based code for many years and just not positive of all of the changes that this will bring about in terms of requirements on code development and releases.


    You can continue using the GPL as normal without any issues.


    People that mix GPL and BSD code and redistribute it in binary form will need to make sure they are doing so in a legally compliant manner.


    Kind regards,