Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. MrPhil

    Display map to track shipment progress

    How much package location information does a shipper provide (for free), and do they have limits on how frequently a given package may be queried, or an IP address (your store) can do any query? I wouldn't be surprised if any shipper has limits to prevent abuse (e.g., live tracking of your package, with your phone hitting their server every second). Latitude/longitude is nice, but city/state + delivery status would do. Even if the shipper's site is not set up for a map, as long as information is consistently presented it should be possible to scrape it off their site and present it to a mapping app. An alert (text or voice) to the customer phone that the package has been left at the address might prove very useful in this age of increasing thefts from the doorstep. If a shipper charges extra for advanced tracking, and the customer requests it, that fee could be passed on to the customer at checkout.
  2. MrPhil

    Cart loses products seemingly randomly

    Yeah, I'd check if current versions use a wider database field for session information than your (old) code does. If you've been keeping up on changes for new PHP levels and security issues, you can keep running as you are, although the fact that you're having this cart problem suggests that you may be overlooking some changes. It may be time to step back and consider whether this is a good approach, as opposed to moving to the current release and building something resembling a template over it. Let others do the work of keeping up with the basics, while you concentrate on code to make your store stand out and improve the UX. It could well be less work overall to copy your changes to a new release than to constantly patch an old base. For example, did you do a lot for Responsive/Mobile-friendly? That's built right into "Frozen". What you have to keep in mind is that the longer you stay with an old, old base, the less help you can get from this forum and the more you're on your own. You've essentially made your own fork of the product. Whichever way you choose to go, good luck and best wishes.
  3. MrPhil

    mutliple domain names? redirects?

    If it's possible one way or another to have several names pointing to the same site, where %{HTTP_HOST} is various strings, it might be interesting to feed %{HTTP_HOST} to the program (as URL Query String). The value would be used to override the domain name used in configure.php settings, making it look like a number of domains are hosting this store. Has anyone seen something like that? Offerings might be adjusted depending on "who" is hosting the store. I would be worried that some bad actor could point a random domain to your store and somehow hijack it. That might be prevented by having a hard coded whitelist of domains allowed to do this.
  4. MrPhil

    mutliple domain names? redirects?

    The domain names in the configure.php files are used for generating outbound links from the store, and perhaps a few miscellaneous items such as canonical tags. They do not change what name the server it's running on sees or uses. If you have a store running under a given domain name, and you want to change that domain, you need not only to change the configure.php entries to the new domain, but also register the new domain and point it to the server (it could be on a new server). If you are looking to redirect (point) another domain to this cart (as an alias?), you can certainly do a redirect from wherever the other domain is hosted (a redirect within .htaccess is one way). However, you will have some problems, as the store will still be hard coded to the first domain's name, and produce links, etc. under that name. If you are looking to change the name of the store, but allow it to be accessed under an old name, that can be done, too. Perhaps you could explain in detail what effect you're looking to achieve here?
  5. MrPhil

    Hack attempt - is there a way to prevent this?

    This is only appearing in this one order's data, and is not in everyone's (or in your osC code)? They are definitely trying to provoke your server into running what's presumably some nasty script code, but it's being disabled by osC. If it's just this one guy, cancel any payment made (so you're not in legal trouble for keeping payment and not delivering) and cancel the order, and fuhgettaboudit. Unless you want to jump through the hoops of reporting them to the payment processor. If everyone is seeing this, you've got some cleanup to do and security holes to patch. They're trying to inject and run some script code that creates more script, invisible images, and input field elements on your page. Some server in Guyana (they have computers there???) is involved (perhaps to load more malicious code). I haven't dived more deeply into it, but it looks like something you don't want running. Just be thankful it was (apparently) disabled before it could do the nasty.
  6. MrPhil

    Cart loses products seemingly randomly

    13 years? If you're still using a 2005 vintage osCommerce (probably osC 2.2 MS2), it wouldn't be surprising if your host has upgraded PHP or made some other change that is making an old store unstable. What version are you using, and what is your host's PHP version? The current (and only supported) version of osC is "Frozen". Note that the official osC release does not work with current PHP releases.
  7. Sorry, I'm not familiar with the UPS add-on. Now, why are they sending the address to UPS in the first place? I assume that it's to get a rate quote. If the address is only off a little, the error in the rate charged may be small, but if the customer gave the wrong state by accident, that could be catastrophic. What if they want the package sent to Carlsbad, NM instead of Carlsbad, CA? Watch out for auto-completion giving a wrong state! If UPS returns a flag that such-and-such a field in the shipping address appears to be in error, and the customer is still there in checkout, it should be possible for osC to present the shipping address and ask the customer to check/update it. I'd be surprised if it didn't do that already, but if it doesn't, it should be possible to add that to osC. If you managed to turn off the address verification, what would be the expected results? You would still manually fix the address before shipping out the package, but would you have quoted the wrong shipping rate? I think you may be fixated on the wrong thing (turning off verification, rather than letting the customer fix an incorrect address).
  8. MrPhil

    New UPS XML Shipping Module available

    Hope this isn't too late... it sounds like you may have the CE/Edge/Frozen version installed. This is GOOD. However, the code has been updated, replacing $HTTP_POST_VARS by $_POST and module name defines (FILENAME_MODULES) with hard-coded strings. The code is functionally identical (works the same way). If you are installing this into an older osC, you may need to back out those updates (change $_POST back to $HTTP_POST_VARS... you may be able to leave the hard-coded module name). Be careful if installing older add-ons into a new osC or vice-versa. By the way, PHP 5.3 is terribly ancient. Any up-to-date system should be at PHP 7.1 by now (the earliest supported PHP version). 5.6 and 7.0 are somewhat tolerable (they went out of support a week ago) but should be planned for replacement soon. Incidentally, the CE/Edge/Frozen version will run on PHP 7.1 or below (PHP 7.2 may need a few fixes), while the "official" won't run reliably at that level. I won't swear that CE/Edge/Frozen will still work properly on PHP 5.3 -- it might.
  9. Maybe a better approach would be to leave the UPS interface alone, but validate the address before you send it to UPS? Unfortunately, it sounds like a manual operation on your end right now. If it can be automated (USPS, Google Maps?) you could alert the customer right then and there that the address looks "off" -- please check your entry and update if necessary. As a bonus, a verified address might also make available additional address information such as county and inside/outside city limits, useful for determining sales tax jurisdictions and thus, rates. Does UPS bounce back the bad address right away, while the customer is still in the checkout process? At least, the customer could correct the address themselves at that point (new code needed on the osC end). I think that in general, address validation during checkout would be quite useful.
  10. Why would blocking the reading of PHP files have any effect on JS and CSS files? The point of that segment is to keep people from looking inside your PHP files. Hasn't Apache 2.4 been around for a long time now? I would have thought this would have been seen (and sorted out) long ago. Perhaps there were some outdated commands such as phpflag, phpvalue, or options?
  11. So what happens if you remove address validation, and UPS is unable to deliver? It seems like that would be a major inconvenience for all parties. What's the downside of having UPS verify that they can deliver to that address? They're going to know the customer's address anyway, so it's not like they're being let in on a secret.
  12. Is the admin side under SSL and the public side not? Is the admin side under password protection? I don't think either of those should bar access, but anything's possible. Are the problem .css and .js files on YOUR site or are they remote (e.g., the Bootstrap server)? Can you bring up some of the blocked files in your browser? That would be like on the shop side, so it may not tell you anything about the admin side problem. Usually it turns out to be a problem with incorrectly set paths in the configure.php files (you did update the admin copy, too, right? And be careful not to mix up the two -- they're different).
  13. MrPhil

    Product image upside down

    It was not renamed. You should put all your CSS changes into user.css, so that they're in one place and won't be wiped out when you update your files to a new version. user.css is brought in last, so it overrides everything.
  14. MrPhil

    Need Help

    There are also "merchant accounts with payment gateways" not involving PayPal, but allowing direct payment with a credit card. These tend to be more costly than PayPal at low volumes, and usually require PCI compliance (security audits)... more than just having SSL. Their chief advantage is that a customer never sees a Third Party in the payment system -- it looks like you all the way through. There are also credit card handlers that do some stuff to let you handle credit cards via your brick-and-mortar Point of Sale system, but at the very least you need to get your bank's permission to use this. I agree that having to go on to a Third Party site, and sign on there to complete a purchase, is a turn-off for many customers. Anything you can do to make the transaction more seamless and frictionless is going to help, but the more you're handling credit card numbers on your site, the more security hoops you have to jump through. And security doesn't come cheap and isn't easy -- just ask all the big name stores that have been hacked and credit card information stolen.
  15. It looks like it may not be picking up the CSS files. Look at the page source in the browser (usually Ctrl+U) and see where it's trying to pick up .css and .js files from. If they're from your own site, check the configure.php files' path settings. If they're from a central CDN server, make sure your server and browser aren't blocking them.
  16. What caused you to reinstall osC in the first place? If it was damaged by something, perhaps that damage (hacks, backdoors, etc.) is still there, or the server PHP version was increased and your installation isn't compatible? Were you just upgrading from an earlier osC version? By the way, if this is the official osC (available on this site), it is way obsolete. It does not work well with modern PHPs. You should be installing the Community Edition (from GitHub -- choose "Frozen" unless you are adventurous and want to go with "Edge"). It is a complete install (not upgrade), and you need to migrate your data over. In the long run, it may be easier and cleaner than trying to clean up an older version.
  17. Do none of the existing SEO add-ons do this for you? Are you looking for one that simply has a name (product or category) without a product ID, etc. so you could give a URL of domain.com/transparent-bleems or domain.com/visual-weapons, and have it rewrite to the right place (without an explicit rewrite in .htaccess for each)? I'm sure it can be done, but I can't think of anything for osC that already does this. You would have to send the outgoing product ID, etc. to a PHP routine that looks up the name in the database (from the product ID), and produces a URL of the desired form. You would have to send an incoming SEF URL to a PHP routine that looks up the names in a database and maps it to the usual /showproduct.php?pid=12345 etc. format. And of course, you have to maintain this database, whenever products and categories are added, deleted, or changed. I've seen this done for other applications, so I'm sure it's possible, but it will be far from trivial. Don't get caught in the trap of producing a URL for every single possible use -- just confine it to mapping a product ID to/from a product name, mapping a category ID to/from a category name, etc., and tack on other actions and commands in the normal manner.
  18. MrPhil

    HTTP to HTTPS help?

    Even easier is to change the two configure.php files to tell them to use https: for everything, including HTTP_ entries. That way, everything using tep_href_link() automatically ends up with https: (SSL), with no code editing.
  19. MrPhil

    HTTP to HTTPS help?

    There are two configure.php files. Change all mention of "http:" to "https:" including the HTTP_ entries. If you have add-ons for banners, etc., you might have to change hard-coded "http:" to "https:". Note that this should be only for your site's links, not for other sites. The easiest way to search is to have a copy of your files on your PC (as a backup, if nothing else). On Linux, grep for http:, and on Windows, findstr for http:. Finally, once your site is producing nothing but https: internal links, your .htaccess (or the equivalent) should redirect incoming http: addresses to https:. An example: RewriteEngine On RewriteCond %{HTTPS} !on [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.yoursite.com/$1 [R=301,L] This assumes you want "www." on your domain name, and that you're not using any subdomains. If either is not true, this code will have to be adjusted.
  20. MrPhil

    Can't log into Admin

    Yes, it is possible to migrate your old database and files (product images) from an old osC to a current one. I've done it for clients by manually editing a dump (.sql export, including the DB schema) of the old database to match the schema of the new one. Install Frozen, and overwrite the DB with the revised old one, and overwrite the image files (removing the sample store data). Some of the process can be done with .sql "update" scripts in various levels of new installs, but there is none for the final jump to Frozen, so it's just as easy to do it all manually. Note that if you want password protection on the admin directory (which, BTW, should be renamed during installation), it's usually better to use your hosting control panel's "password protect a directory" (or the equivalent, such as "directory security") rather than trying to install osC-supplied files. They often don't work on many servers. The downside is that the osC security audit tool often won't recognize that you in fact have password protection, and falsely reports that you don't. If you have to supply an extra ID and password to be let into the admin area, it's working.
  21. MrPhil

    countries query

    Maybe if you told us your starting point (what information you have), and what information you're trying to get, we could be of help. As it is, I can't tell what you're trying to do. Also, the phrase where countries_id and customers_id = is certainly incorrect SQL.
  22. MrPhil

    Can't log into Admin

    Besides updating your two configure.php files to reflect changed directory paths, and possibly new domain, you might have a problem with PHP levels and changes to how passwords are handled. You can look around for information on how to remove the current administrator (it may be as simple as truncating the administrator table in phpMyAdmin, but try to check first) and insert a new one. Your customers may also have trouble logging in if that's the cause. Your images look like perhaps you're not getting the CSS files. You can look at the page source (Ctrl+U on most browsers) to see where it's getting the osC .css and .js files from, and see if the address is wrong. If you're lucky, fixing the configure.php files may fix this. While you're at it, since you are apparently at a very old osC level, you should go ahead and install the latest, "Frozen" (see link in my signature below) and migrate your data to it. Then you can run on up to PHP 7.1, have a lot of fixes, a lot of new features, and be responsive (mobile-friendly). It's foolish to stay at any official osC release (which is obsolete and won't run on most systems), including the one offered on this very site.
  23. MrPhil

    Edge VS Frozen

    In other words, trash your "official" installation and start over with "Frozen". If you're adventurous, you could try "Edge", but it's somewhat unstable (i.e., still in development). "Frozen" would be best for you. Sorry to have to do that, but as Malcolm said, the only guy who can make "Frozen" official (download from this site) has been AWOL for a long time.
  24. Keep in mind the value of an established domain name and search engine rankings. If there is a good chance you'll go back into business in this field, you might want to keep the domain and site active. It's possible to disable the store so no one can place an order, or even clear it out (if you're definitely leaving the field). Just don't bail out completely, in a blind panic, because you're not sure what you're going to do at this moment.
  25. The "osc2nuke" appears to be a personal project. You are free to look at it, but be aware that it probably won't be supported here. Gary is continuing work on "Edge" (the semi-official current project) to implement Bootstrap v4 on both the store side and the admin side. It's still a work in progress.