Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


MrPhil last won the day on May 21

MrPhil had the most liked content!

Profile Information

Recent Profile Visitors

103,974 profile views
  1. I guess you could change the code to delete the cookie if the user fails to explicitly Opt-IN. Whether simply renaming a cookie (that already contains sensitive information) will meet the letter of the law, I don't know.
  2. Credit Card Numbers Not Decrypting..

    Is this whole process PCI-DSS compliant? If you handle credit card numbers at all (and even more so if you want to store them), you are legally required to meet a whole bunch of security specifications. It's more than just using SSL. Feeding customer CC data (from online orders) into a brick-and-mortar POS system is also usually forbidden by banks. Anyway, make sure you're on the right side of the law before trying to fix an old system.
  3. I'm not familiar with the add-on in question, but I'm surprised to hear that it's "Opt-Out" rather than "Opt-In". Just to recap and make sure we're on the same page, there are three ways to ask permission to do something like drop a cookie. Two of them are illegal now: Opt-OUT where you have to take an explicit action to check a box to NOT have the cookie ("we're going to drop cookies unless you make the effort to tell us not to") Prechecked Opt-IN where the checkbox giving permission for cookies is pre-checked, saving you the time and effort of checking it ("tough luck if you overlook it") Opt-IN where you have to take an explicit action to check a box to ALLOW the cookie(s). This is the only legal way. If the current code is actually Opt-OUT, you would have to modify it to change the label/prompt to reverse the meaning flip the yes/no meaning of the selection that comes back (this could be as simple as $choice = !$choice; where you handle the form data) It should be quite possible to do this.
  4. preg_replace to preg_replace_callback

    If you are trying to fix a broken headlamp on your old clunker, sure I'll be happy to give help. However, if you're trying to rebuild the engine of your daily driver one piece at a time by trial and error until it (sort of) runs, you'd be much better off with something new(er). You never said what you were trying to do, but it sure sounds like you're trying to do a major fix on old code, which as I said, will not be a productive use of your time. An old car is still compatible with the current highway system. An old application is no longer compatible with current servers. I can understand a sentimental attachment to a '65 Mustang; I can't understand keeping around osC 2.2. Your call.
  5. preg_replace to preg_replace_callback

    Check your work carefully that you did not accidentally insert an extra ( or drop a needed ). It's easy to mistake a { for a (, or vice-versa, when reading code. May I ask what sort of project you're doing? If you're trying to convert an old add-on to PHP 7 compatibility, that's one thing, but if you have an old osC (anything pre-2.3.4BS Edge) it's frankly not a good use of your time to try upgrading old code to work with PHP 7. You'd be much better off installing "Edge" (see link below in my signature) and migrating your data over. You'll have PHP 7.1 compatibility, lots of new features and bug fixes, and best of all it's mobile-friendly (responsive).
  6. Http to Https

    Yes, but what does that have to do with the discussion? No one asked whether they should use SSL; they're asking how to fix a problem when using it.
  7. Oh great, I'll never get that image out of my mind now! :( You sure know how to party on New Years!
  8. Have a copy of your store's code on your PC (any OS). Search for the desired text string (e.g., "Specials") in all files using findstr (Windows) or grep (Linux). It should be in a "language" file somewhere. There might be multiple instances of this text (for different purposes), so it may take some experimentation to find the right one. Edit the file to change the text and upload it, or just edit it on the server. Check your work, to make sure you didn't end up changing it where not desired.
  9. It will happen only if Harald (who owns osC and this site) wishes for it to happen. He has given no indication that he does. Last August he promised a 2.3.5 upgrade release of some sort, and 2.3.6 (the CE version), within a few weeks, and it's been 8 months now. No one has heard from him in over 3 months, and we're starting to wonder if he's still above the grass. Anyone holding their breath, waiting for something to happen, is very blue by now. Most people have given up and are moving on to other projects. It's unfortunate, and even tragic (given the amount of work that he and others have put in), but he just does not know how to run a major project. You can not disappear for years at a time, crafting your solo personal project to perfection, and then suddenly present it for the world to ooh and aah over. The current offering has to be kept alive and updated and supported, and this just has not been happening.
  10. In there was a request to back up "contact us" emails in the database (due to host constantly losing emails in-transit). This brings up an interesting question: does GDPR say anything about emails and whether they are subject to deletion upon customer request? It would be ridiculous to have to delete emails, but I wouldn't put anything past the EU bureaucrats. I could even imagine a store owner being required to delete the database copy of the message, but not the email copy!
  11. Save contact_us messages in database

    If we're talking about something here that goes through your store's PHP code, rather than just invoking the customer's email client, then yes, it should be possible to capture the content into the database as a backup to the mail. If your host has so much trouble with their email system, perhaps you should consider sending these mails to an address outside of your host? I would think they may also be losing other incoming and outgoing emails, not just the contact_us messages, so as Jack suggested, it may be time to dump that host. A caution here: if you are subject to the EU's new GDPR regulations in five days, you will need to be careful about what you keep online, and may have to inform those using contact_us that you keep their emails (yeah, it's crazy). At the least, you'll need a policy for how long you hold on to these emails and should auto-delete them after a certain period (if they're just a backup to email). You may even be required to delete an email upon customer request (ditto, crazy), so take that into account.
  12. I agree 100%. Being outside the EU, I am not going to fully implement GDPR, just the parts that are common sense and are justifiable, and should be followed by anyone holding private information.
  13. Irrelevant. I have yet to see a major player (Softaculous, etc.) offer "Edge" as a "one button" install. They are all offering the official (or even, 2.3.4). Therefore, osC is dead, as far as the marketplace is concerned. Edge would have to be offered outside of this site to be accepted by the ecommerce world. Word of mouth by individual sites (like yours) will accomplish nothing. By the way, I know that there is a start-up under way to build a new product based on osC 2.4. I'm not sure the participants yet want to see it publicly listed, so I can't give the project's name yet.
  14. Unless HPDL suddenly becomes very active (or at least, turns over the keys to the kingdom to someone else, to release Edge as the official 2.3.5), I would have to say that yes, the official osCommerce product is unfortunately dead. And since that's the version that all hosts supply with their application installers, that's a major problem. The unofficial Community Edition ("Edge") is currently up to date and supported, but Gary has stated that this is the end of the line for it. Any quite severe problems might be patched, but otherwise it's "frozen". Plus, being unofficial, no host is going to touch it. P.S. When I saw the thread title "Frozen", my first thought was, "Oh no, some dipslick is starting a discussion about a Disney princess!" Or is it two? I don't really keep up on that stuff.
  15. A nice layman's view article: https://www.scotsman.com/news/politics/insight-the-gdpr-revolution-we-can-t-opt-out-of-1-4742104 There are apparently some unresolved data issues, which will need to be settled by the courts, such as a beauty salon owner required by her insurance company to hold on to customer medical data for 6 years, even if the customer requests that it be deleted. Which takes precedence? If the customer demands that her data be deleted, does she forfeit any claim that could have been refuted by the salon had it kept the data? Or is the salon in trouble for keeping that data after being told to delete it? What if the data is simply taken offline -- short of a search warrant, how would a customer know what has been kept, short of suing for malpractice and seeing what's there? I like the joke in the "letters" section: "I've found a really good GDPR consultant". "Can you give me their email address?". "No"