Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. MrPhil

    PayPal App for osCommerce Online Merchant

    Comparing all the ...->_app->log(... calls in Frozen, it looks like ext/modules/payment/paypal/express.php on line 281 is missing a sixth parameter: ,(OSCOM_APP_PAYPAL_PS_STATUS == '1') ? 'live' : 'sandbox' . Is that the only fix needed, or are there more? Can someone with a PayPal setup try it out?
  2. MrPhil

    PayPal App v5.018 Log In with PayPal is now dead

    Pete, "Frozen" has PayPal Pro built in -- it doesn't use the paypal-app you linked to. However, it's at 5.010, so my concern is whether you need to install, configure, upgrade, and then apply the patches above, or if the Frozen files could be updated ahead of time (via my Frozen patch). The best would be to update Frozen (via patches) to PayPal 5.018 so that when installed, it's there (along with the patches above). No further manual operations for the store owner. I will try to find a Frozen implementation that's been updated to 5.018, and compare files, and see if I can first update my Frozen patches to 5.018, then apply the patches found above. That would be the most desirable thing for anyone using Frozen. Update: I've started looking at the PayPal app vs. what's in Frozen. A lot of the differences in Frozen are trivial stuff -- use of $_GET/$_POST, __construct, hard coded file and table names, etc. However, it looks like Frozen is still at PayPal 4.039 while the app is 5.010. There are a lot of non-trivial differences between the two that will take some thinking about (which one is correct to use). Then, there is still the issue of various fixes proposed in this and other threads, and whether they can be applied to 5.010, and whether it's possible to upgrade Frozen to have 5.018 out of the box. (does the "upgrade" change the PHP files?) This is not going to be quick.
  3. MrPhil

    PayPal App v5.018 Log In with PayPal is now dead

    I am looking at this patch and considering whether to include it with the Frozen patch set I maintain. The first file may have had a name change (to tpl_cm_paypal_login.php) and the code now starts 3 lines later (21 instead of 18), but other than that, it's only a hard-coded file name ('login.php' instead of FILENAME_LOGIN) that's the difference (as expected). The second file seems to match up OK. As Frozen still ships with PayPal 5.010, does anyone know if it's safe to put this patch in? Do you need to update to 5.018 first? Perhaps I should wait until someone figures out the changes needed for Frozen patches to be PayPal 5.018 as-installed, and then add in these fixes, unless someone can state for sure that it works for 5.010 (and won't interfere with upgrading to 5.018). Does Edge ship with PayPal 5.018? If it does, I could compare files between Frozen and Edge and generate a patch for that.
  4. MrPhil

    PayPal Standard 5.018 Update not working

    Uh, which distribution? If you're talking about the "official" 2.3.4* stream, it ain't gonna happen. As far as anyone can tell, it's dead. If you're talking about @burt's BS/CE stream, hopefully he'll see this discussion and take any appropriate action. He would probably find it helpful if you could give pointers to where to find the latest certificates, etc. It would be good to ship with PayPal 5.18 pre-installed, and any PHP 7 glitches fixed, and I'm sure he'd appreciate any help he can get on updating Edge. "Frozen" will not be updated by Gary, but if you can provide pointers to the appropriate changes needed, I can add them to my public patch collection. It would be good to post the code changes in the Frozen patches discussion thread, so others can look them over too, and bless them.
  5. MrPhil

    reCAPTCHA addon recommendation

    The method used to send mail (mail function or SMTP) has no direct bearing on spamming. The spammer was using some function (Contact form) further up the food chain to generate the spam. It is irrelevant whether PHP mail() or SMTP was used to send it out, unless your host has some sort of spam-blocking implemented for one but not the other. That could be why they asked you to switch to SMTP, or it could be for some entirely different reason (you should ask, just to know what's going on). Anyway, the spam-blocking (some sort of CAPTCHA or other anti-bot challenge) needs to take place in your application where the spammer is operating, such as at the Contact form, before it gets to the mailer. Simply changing the mailing method from mail() to SMTP will do nothing to control spam from your Contact form (although your host may then be able to intercept spam). And as mentioned before, reCAPTCHA is a specific, widely-used anti-bot CAPTCHA, but it's not the only game in town. If your host demands reCAPTCHA specifically, they're idiots and you need to find a new host. By the way, it's well known that CAPTCHAs are almost useless today, as bots have gotten so good at using them, so don't expect miracles (especially with any widely-used one such as reCAPTCHA, which hordes of bots can crack). Also, you may notice that reCAPTCHA images are heavy on recognizing vehicles, traffic signals and signs/markings, street signs, crosswalks, pedestrians, and the like -- it's widely suspected that Google is using reCAPTCHA to train its AI for self-driving cars (and you're not being paid for your participation).
  6. MrPhil

    PayPal Standard 5.018 Update not working

    Well, when you make any changes to an off-the-shelf application, it behooves you to keep careful track of what exactly you did, and why. This helps you to re-implement these things in the future, when you need to switch to a new version (such as Frozen). You can also decide whether you even need a set of changes now (e.g., make it responsive or PHP 7 ready -- that's now built in). You have my sympathies if you didn't keep track of what you did over the years. Perhaps you can grab a vanilla copy of your base osC and do a "diff" against it to at least see what you changed (it's a start).
  7. MrPhil

    reCAPTCHA addon recommendation

    Will "Slide to Submit" work with a screen reader, or someone with dexterity problems who can't use a mouse? There are all sorts of visual puzzles and whatnot meant to confound a bot, but many of them exclude handicapped users, too. In some situations that will actually be illegal discrimination! So, be careful using such CAPTCHAs.
  8. MrPhil

    PayPal Standard 5.018 Update not working

    The latest official release,, is seriously obsolete. The last time I looked, it was merely 2.3.4 with the PHP "deprecated" warnings turned off. If you want actual PHP 7.1 compatibility, and Bootstrap responsiveness, as well as a bunch of other updates, you have to go with one of Gary's releases. See my signature below for either Frozen (and patches) or Edge. Both are on GitHub, and not official distributions. Frozen is nice and stable and quite usable, while Edge is developmental ("bleeding edge") and changes from day-to-day (its principal changes are Bootstrap v4 and responsive admin). If you're not sure, go with Frozen. osC 2.4.x is experimental and should not be used for a production store, unless you are willing to put in a lot of time and effort into patching and maintaining it. To be blunt, Frozen and Edge are the only games in town. Don't get a hangup on "official release or bust". The official release stream is dead. I have no idea if PayPal's latest versions are compatible with official osC releases. They themselves may need some patching to be PHP 7 compatible (__construct, etc.). At the very least, you should install a test version of Frozen and see if it satisfies your needs -- it probably will, and you may be pleasantly surprised at how up to date it is.
  9. MrPhil

    PayPal Standard 5.018 Update not working

    Be sure to google site:forums.oscommerce.com paypal view update and read about update issues, especially the View Update button not working and use of TLS 1.2. You say you have a 2.3.4 (very old) osC updated for Bootstrap and PHP 7.0 -- is there some reason that you haven't switched over to Frozen (or even, Edge), which gives you that stuff (and more) without any effort? I suppose that if you have a lot of custom code changes, that could be a legitimate issue, but otherwise, Frozen is the way to go. At least, you could see if the update itself is behind the times, or it's something in the base code that you missed.
  10. MrPhil

    Fake accounts

    If your host can't (or won't) do something to block ranges of nasty IP addresses, it falls to you to take action. It does cost server load to block IP addresses in .htaccess, so keep that in mind (whether or not it is charged to your account). If you wait until your application gets the IP address and handles it, the cost is much higher. The bill will definitely be on your account, through PHP processing and database usage to look up the offender and decide to refuse to serve them. So, the further upstream you can push the blocking effort, the less you'll usually have to pay for it. Unfortunately, the Internet, Web, and servers were not designed with such matters in mind (e.g., no reliable "country of origin" field), and any sort of access control is glued on separately (and can often be gotten around, through proxies, etc.). In the case of a forum or blog, where the propagation of content is the desired end, there isn't much you can do except to fully block offenders (up to and including denying any access at all). For a store, it might be worth waiting to block them until they get into a subsystem for content dispersal (tell-a-friend, reviews, contact us), and block them there. The idea is that relatively few visitors are going to make use of such subsystems, compared to ordinary shoppers. Just some thoughts.
  11. You could certainly set up a processor on your PC to take the incoming .csv or .txt file and write a new .csv file back out, ready for either manual database import or through Easy Populate. There would be several data configuration files associated with it: markup per category, markup for specific products (override per category), and category per product. You would manually maintain these configuration files with an ordinary editor. When you run the new .csv or .txt file through the processor, it would tell you if any products are missing a category (likely new products) and you would update the category file and rerun the processor. A bonus feature would be to compare the new output to the previous one (saved from the previous time it was run) and only write new and changed entries, in order to run the update faster (dozens or hundreds of updates rather than tens-of-thousands each time).
  12. Why are you going into Excel (or any other spreadsheet) to add columns and calculate prices? You should be able to read the CSV file with a scripting language such as Perl, and write it back out with new columns with prices and such. How many manual decisions do you need to make for each product? Can it all be reduced to a formula? What about categorizing new products -- is that manually done? You should only have to do it once, for a product or manufacturer, and keep that information around in a file. For routine functions, you should be able to take an incoming CSV or txt file and convert it to something useful to read in either manually or via Easy Populate, without any human intervention.
  13. There are some "Easy Populate" modules floating around, that let you update product information from a CSV (text) file. Take a look at that and see if any do the job.
  14. MrPhil

    Header Tags SEO

    GDPR or the like? Maybe IP tracking violates some privacy laws.
  15. MrPhil

    checkout by amazon "We're Sorry"

    Was this site working for a while with the Amazon checkout, and suddenly failed, or did it never work? osC 2.2 is very old and obsolete -- did your host just make any upgrades, such as the PHP version? I would expect even more problems with your store if PHP was upgraded to something approaching current (7.1) levels. If this module never worked, did you check if it is compatible with such an old version of osC, and with the old PHP version you're using? Anyway, you should be thinking about moving to the current osCommerce ( "Frozen"), rather than trying to patch up an old store. You'll get PHP 7.1 capability and it's mobile-friendly (responsive), among other things.
  16. MrPhil

    International SEO

    Well, if Google is penalizing you for what it thinks is scraped/duplicated content, you could always tweak the text a bit to make it unique to your site. For a few products, that might not be too onerous, but for lots of products, especially if you are auto-feeding them into your store along with supplier text, that could be a lot of work. Perhaps those blog post "spinner" rewriters might be employed here (if they produce good enough text)? Insert a short boilerplate sentence between the second and third sentences? It would depend upon the style they were originally written in. You want to automate the process as much as you can.
  17. 777 is NOT correct on many servers. They will give a 500 error because this is a security exposure ("world writable files"). You start with the minimum permissions on any file (typically 644) and add "write" permissions (664, then 666) until you get it working. Very few servers now require PHP files to be marked "executable" (755, 775, 777). This applies to files that PHP needs to write to, and depends on how PHP is configured (especially, what user group it's running under). 777 was safe to do back in ancient times, when you could trust everyone sharing your Unix computer. You can't anymore, especially on a server shared with hundreds or even thousands of strangers. Giving them "world write" access to your files is asking for trouble. If someone blithely tells you to "chmod 777 your files", they're an idiot. Don't listen to them.
  18. MrPhil

    Upgrading to the latest version

    Frankly, you need to fully understand what your various .htaccess files are doing, and why. They cannot be treated as sacred totems that are kept without change, or something to be discarded without a second thought. If you don't understand what parts of which ones to keep, find someone (and pay them) to help you. I think there is an add-on or two to show shop status (open, closed, down for repairs, etc.), but that would have to be installed into the old shop, and may not be worth the effort. You can always make an index.php file that just says "Sorry, we're down for a few minutes while we transfer to new shop software. Come back in about 15 minutes!". Save your old store's index.php file first, in case you need to come back to it (the whole site should be backed up first, for that matter). Address bar. These are the addresses that search engines would provide to send people to your site. If they change between the old and new versions of your store (e.g., new SEO code), you will take a search results hit while your site is reindexed, and for some time after (unless your old URLs are 301 redirected to the new ones).
  19. A starting point may well be to find a 2-dimensional system (add-on) that you can code in a third dimension to. Note that a 2D system is likely to have some constraints. For example, if you're selling cloth, it might come in rolls 1 yard (36 inches) by 100 feet (let's say). Two constraints would be that the smaller requested dimension must be no larger than 36 inches, and the larger requested dimension must be no larger than 100 feet (or whatever length you have left if it's the last roll). Even then, you may be unwilling to sell me a 2 inch by 30 foot piece, as that would severely reduce the value of the leftover 34 inch x 30 foot section (it might be hard to sell). For bulk materials (stone, dirt, mulch, etc.) sold by volume, you probably don't care how the dimensions are (above a reasonable minimum), but you probably will want to impose a constraint by rounding up to the next full cubic yard, cubic meter, etc., or packages are sold in fixed sizes (e.g., peat moss in 12 cubic foot bags, or cold patch in 60 pound bags). I take it this comes down to being for the convenience of customers too lazy or too non-mathematical to figure out the volume for themselves. I would have more sympathy for those looking for non-rectangular amounts (e.g., mulching around a tree, with outer diameter and thickness, and inner diameter and thickness; gravel to fill a 30 foot x 18 foot area, 3 inches thick on one side to 12 inches on the other, etc.). Depending on the material, offering special calculators for that might attract customers. Adding up several uses might be difficult for code, but each calculator might give an exact result, and it's up to the customer to add them all up and request the total. The store could then round up to the next full measure.
  20. MrPhil

    Email queuing system

    Do you mean "the DEFAULT change to TIMESTAMP"? datetime should still be a valid field type, shouldn't it? CURRENT_TIMESTAMP appears to be a more recent addition to MySQL -- is the failing database a much older version? I think the intent is that it acts like INSERT INTO with a now() value, but it can now be defaulted to do that. For older MySQL versions, it won't work, and you may have to explicitly give a now() in the VALUES list. That, or declare a minimum MySQL version number.
  21. MrPhil

    reCAPTCHA addon recommendation

    It's not clear that CAPTCHAs or reCAPTCHA do more good than harm. Bots have gotten so good at processing them that you can say that a CAPTCHA is more likely to exclude a human than a bot! If such challenges are going to do any good, they will need to look at how the puzzle is solved (including timing and minor mistakes) to see that it's a human and not a perfect bot. Of course, bots will then be modified to look more like humans in how they work the puzzle... In the end, the behavior once "inside the gates" will have to be monitored to detect bots and/or spam content being sent, rather than trying to keep bots out.
  22. MrPhil

    Email queuing system

    The first time I read it, I thought he was just using Black Slang (bad = good, get down = get frisky/get busy). Now I'm wondering. Not having to create an account seems to be widely popular, as people fear their information will be used to harass them (marketing emails, sale of personal information, etc.). I too, would like to hear his reasoning.
  23. MrPhil

    Email queuing system

    This is an interesting subject. It sounds like the desire is for ability to trigger sending an email on many different kinds of events (calendar, order shipped, shipment delay, abandoned cart, follow-up on order, merchandise return, no orders in the last X months, etc.) "slugs" of a template for the email (anything starting "Hey Phil" gets immediately deleted from my inbox! I had a credit card which used my initials, and I'd get mails "Dear P" from the issuer.) -- perhaps several different templates to choose from, based on customer specifics (e.g., a Valentines Day offer geared differently towards singles and couples)? ability to pull information from the database (customer name, order information, ship date, etc.) and put it in the email possibly updating the database, such as a coupon was issued on my birthday Without a lot of custom-written code, especially to read/write the database for all sorts of different things (and combinations of data), I don't think you can generalize this with one piece of code. However, specific modules could be supplied to do specific tasks (e.g., look up customer birthdays), maybe with a hook system so new ones can be added. The data found should influence the content of the email, so that it's appropriate and has the maximum impact. Be careful about queuing up so many emails that your host slaps you (is a rate limiting mechanism assumed? if so, do different messages have different priorities?). Also be careful about straying into actual marketing mails if the customer has not granted permission to send such to you.
  24. Free and Advanced? Is this in reference to the add-on, or to the base osCommerce? osC is only free. By the way, as you're new here, make sure you're building your site on the only supported and current version, which is osC "Frozen". See the link to it below in my signature. Do not use the official release, as it's unsupported, unresponsive, and quite a few years behind the times (e.g., doesn't properly handle PHP 7).
  25. MrPhil

    International SEO

    This page might be of interest as an overview: https://moz.com/learn/seo/hreflang-tag They state: "Google recommends not using rel="canonical" across country or language versions of your site. But you can use it within a country or language version". I work only in English, so I can't tell you what exactly that implies, or what best practices are.