Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


MrPhil last won the day on November 15

MrPhil had the most liked content!

Profile Information

Recent Profile Visitors

105,921 profile views
  1. Take a look at https://stackoverflow.com/questions/11539981/htaccess-301-redirect-rule-to-remove-part-of-a-query-string-from-urls-but-leave, before it does any SEO stuff like rewriting to dynamic URL format. It tells how to remove a single term=value entry from your URL Query String (which could end up being the entire thing, including the "?").
  2. MrPhil

    PCI Report Shows Issues

    I don't know if nginx uses .htaccess. It's yet another server (technically, Apache is your server, not Linux, which is the operating system of the server machine -- yes, "server" is ambiguous). Apache runs on a variety of operating systems, including Windows, Mac, and Linux, and maybe others.
  3. MrPhil

    PCI Report Shows Issues

    Apparently the security scan thinks that there's a chance that 1.0 or 1.1 might end up being used as fallbacks by back-level browsers that don't support 1.2. That's my guess as to why they would flag it. Anyway, you might bring this to the attention of your host and discuss whether it's worth suppressing fallback to 1.0 or 1.1 (I think it can be done, but what's involved, I don't know). Any customer with an old browser that doesn't support TLS 1.2 would be out of luck. You might want to check browser histories and usage statistics, to see how many customers might potentially be affected.
  4. MrPhil

    Product listing strip_tag

    The code in question is intended to offer a short "teaser" from the full product description. This involves taking only a few (20) words and stripping out all HTML tags. If you don't want to lose the audio player, but want to keep the "teaser" functionality for other products, you might be able to add code to check if the audio player is being requested (preg_match call looking for the audio tag), and if it is, don't strip tags. You might have to get the full product description for all products, and only for non-audio player do you trim it down after stripping tags. strip_tags() has a list of tags to exclude, so you might be able to use that (but without other changes, it might have already been cut down too much). For any product, you might want to keep simple in-line tags like <i> and <b> (as well as the audio player tags)... it's really the major block stuff you want to kill. Anyway, there are a bunch of issues to be aware of, and a number of approaches you could take.
  5. MrPhil

    PCI Report Shows Issues

    Are you sure that's not intended to go in the .htaccess file? You might want to check that first. I've never heard of it referred to as "Web.config". Maybe it's a configuration file unique to IIS? If you're using IIS, it should be easy enough to check. Otherwise, ignore it. Regarding your TLS 1.0, you should remind your host that 1.0 and 1.1 are quite insecure, and they should be at 1.2 soon. Also, the major browser makers (Mozilla, Microsoft, Google) have announced that they will drop browser support in the spring of 2020 for TLS 1.0 and 1.1, so hosts should be planning to upgrade before long.
  6. MrPhil

    Pet Supplies E-commerce

    What answer do you think you'll get on the osCommerce discussion forum?
  7. I watched it online after you mentioned it. Nothing really new to us, but a look at the young lawyer who drove this thing through, with a discussion of "whose data is it?". Not GDPR-related, but covering a lot of issues in ecommerce, was a segment yesterday on "Marketplace" (marketplace.org for 2018-11-12) starting at 08:36 and running 4 minutes. 70% of shopping carts are abandoned being hit with unexpected fees late in the process is a big killer need to create an account turns off many shoppers (want guest checkout) many shoppers are so lazy that they can't be bothered to fish out a credit card, and would like to use something like ApplePay, available with one click shoppers want simplified information gathering -- three fields for the phone number is so much work, compared to a single phone field stores need to encourage impulse buying, or most shoppers won't be excited enough to complete the purchase if anticipated delivery time exceeds 48 hours, many shoppers will say "forget it" many online shoppers are not serious about making a purchase, but are in it for the experience suggests a need to discourage coupon use (?? that would seem to discourage buying even further) Amazon Prime effect: need to divert marketing budget from coupons to lower cost/free shipping to attract customers End Times, anyone?
  8. I see now that you're using 2.4. Are you aware of the PHP levels it requires? I suspect your live server may be a bit back-level. Also keep in mind that 2.4 is a developmental version not completely ready for production -- you should be using Frozen or Edge if you want a production shop and not another hobby.
  9. You want to remove it from links being produced by your store, or from incoming URLs? I think that it comes from someone using the "select language" feature in osC. Is some search engine indexing this Query String, and it's overriding your (non-English) users' choice? Removing language= on incoming URLs could result in disabling the ability to choose a language (if you have multiple languages enabled), so be careful about doing that. Perhaps there is a way to persuade search engines not to index with that language= Query String? I'm not sure how to do that on the osC side of things. Maybe language selection could be disabled for certain User Agents?
  10. If you have no control over the prices you can charge, and can't get your costs down enough to earn a living from it, then it sounds like your business model is not viable. That's the unfortunate truth today. When the only retailers left in the world are Amazon and Walmart, perhaps people will have learned that low prices aren't everything. Your only choice is to not accept payment systems that charge excessive fees. And legally, you can't tack on a new fee at the end of the process, without having adequately warned the customer that you would be doing that, and giving them a chance to change their mind about the payment method (or the entire purchase). It's fraud on your part.
  11. Seen on the 'net. Sing along! He's making a list, He's checking it twice, He's gonna find out who's naughty or nice, Santa Claus is -- in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679.
  12. If this message is indeed coming from the browser itself, it will depend on the language that the browser is configured for. For most people, it will still be English, and messages will be in English. You can try some of the techniques in the referenced StackOverflow thread to add some PT text to the message. You may even be able to do some Javascript that replaces the English message with PT, but there's no guarantee that it will work on all browsers. I'll assume that you've scanned through the English language text files to check whether this text is supplied by osCommerce. If it is, you should be able to come up with a PT language file equivalent, if it doesn't already exist.
  13. That sounds like you're self-hosting on a PC with a *AMPP stack. That's a very bad idea -- hackers know far more about site security issues than you ever will, and they'll eat you alive. Unless you're an absolute expert on site security, spend a few bucks a month to host with a pro.
  14. Exactly what version of osCommerce (and "official" or "BS" version)? What PHP versions on the localhost and the live server? It sounds like you have some code somewhere that finds your live server's PHP a little too back-level. This is an example of why it's a bad idea to develop on a localhost (e.g., WAMPP installation on your PC) and then move it over to a live server. If you already have a live server, you should do your development and test work in a private test directory on that server (it might be password protected). *AMPP installations tend to have bleeding-edge PHP versions that don't work well with old osC versions. By the way, since you're just starting up, you should be using only "Frozen" (stable) or "Edge" (unstable)... see my sig below.