Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. MrPhil

    FATAL ERROR: register_globals

    You are running an ancient version of osC that requires that "register global variables" be enabled (on) in order to function. Your host has upgraded PHP to a new version, or at least, disabled register global variables because they are a security problem. Hopefully they will allow you to re-enable register global variables for your site. Usually this involves editing (or creating) a file /php.ini with the contents register_globals = on Other things may have to be done, depending on the specifics of how your server is set up (such as if it's running suPHP). The best long term solution is to upgrade to the current osC, version 2.2 RC2a. It does not require register global variables to be on. If your host will not allow you to enable register global variables, you will have to do this.
  2. MrPhil

    Options as Images error

    Next time please use the code tag, so lines aren't wrapped and indentation isn't destroyed. "Unexpected end" usually means that you're missing a closing brace: } somewhere, and PHP thinks it's still in the middle of a compound statement { ... } when it hits the end of the file. This looks suspicious: <?php }//Options as Images.Add the curly bracket as shown on the next line} ?> Try changing it to <?php }//Options as Images.Add the curly bracket as shown on the next line } ?>
  3. MrPhil

    How'd you hear about is report.

    All I can figure is that there is no customers_info_date_account_created field in table customers_info. Check that -- a missing field would probably mean that the alias (date_account_created) wouldn't be created, leading to the error.
  4. MrPhil

    How'd you hear about is report.

    Your variable $date_range_query is improperly constructed. It is 'and date_account_created>=..., leading to a bad SQL query ...WHERE and date... . You want to put that leading 'and' on it only if there is already something in the clause: $date_range_query = ''; if (isset($_GET['date_from']) && $date_from=fmt_date($_GET['date_from'])) { if (strlen($date_range_query) > 0) $date_range_query .= 'and '; $date_range_query .= "date_account_created>='$date_from' "; } ... etc. ...
  5. MrPhil

    New version of OSC2?

    OK, are we talking 2.x or 3.x project? If someone puts effort into keeping 2.x going, is their work going to be ignored? Or will a 2.2 Final and maybe a 2.3 appear? Fair enough. 3.0 has been in "alpha" for years. It should be moving along (ideal world, I know...) at a much faster clip. One can draw the (hopefully erroneous) conclusion that development has seriously bogged down. 2.2 has been stuck at a Release Candidate for 2 years now. Some sort of 2.2 final (perhaps with only the most serious security bugs addressed) right now would show the world that osC is still alive and actively supported, and visible movement on 2.3 would be encouraging (again, to show that osC is alive and well). Of course, if osC 3.0 were believably "just around the corner", there would be no call for a 2.3 (except a few years down the road as a maintenance release, with security patches). If there is to be a 2.3, I wouldn't envision any major architectural changes (save for CSS-driven tableless layout), leaving such improvements to 3.0, whenever we see that. I'm not trying to attack anyone personally, including you, but I'm just passing on what I hear all over the place. People looking for information on shopping carts are advised that osC is hopelessly stuck in the mud and doesn't appear to be supported at all, and that they should look at "more modern" shopping carts. I.e., ones that are actively developed and supported. It's Code Blue. Get those paddles out and start shocking the patient. I hope something can be done before it's too late.
  6. MrPhil

    New version of OSC2?

    Sorry, but I must disagree. Stating that a product is supported, and actually delivering updated code on a regular and timely basis, are two different things in my book. As they say, the proof is in the pudding. If 2.2 RC2a came out almost two years ago, we should have seen 2.2 Gold (final) at least 18 months ago. 2.3 alpha 1 should have been out no more than 6 months ago. If you don't have the development staff to either bring out a final 3.0 now, or finish cleaning up 2.2 Gold and move on to a badly needed 2.3 (with all the non-security stuff I listed), you should know that there are a number of people willing to volunteer their time for a community-support 2.3. If the current developers will not allow that, I'm sure there's enough support to fork an independent project based on osC 2.2. It would be nice to keep it in the osC family, but the product is falling farther and farther behind the competition. It is widely regarded as difficult to use, difficult to maintain, more or less obsolete, and unsupported. If you're not going to have the final 3.0 out the door Real Soon Now, a 2.3 is needed to maintain osC's place and reputation.
  7. MrPhil

    New version of OSC2?

    There are a lot of improvements -- security-related and otherwise -- that could go into osC 2.2 final or perhaps skip that and go to 2.3. Besides security fixes, osC should be shipped with the "deprecated" PHP functions fixed, MySQL 5 compatibility, and a few known bugs fixed (e.g., navigation). Despite the occasional promise that a final 2.2 will be released, it has become apparent that osC version 2 is unsupported. My suggestion would be to fork a new product based on osC. It could include not only all known needed fixes, but also cleaner coding (especially SQL calls), separation of product files from store files, and most importantly, CSS-driven tableless layout. There is a downside to massive code changes -- many add-ons (contributions) will no longer work (or at least, install automatically). That is just a bullet that we'll have to bite -- the forked product can invite add-on authors to update to the new code, or (license permitting) do it ourselves for the most important add-ons. I would not wait for a final 2.2, nor would I wait for version 3.0. 2.2 has been in Release Candidate 2a for what, 2 years now? There are serious bugs that have been known, and left unpatched, for 4 or 5 years. I would have to say that, despite promises of a final 2.2, that we should not count on seeing one. As for 3.0, how long has it been in alpha? 2 or 3 years, anyway? Its development group must be way understaffed (rumor has it that there are only two part-time developers); it should be moving along much faster than that. A "release candidate" should be out for a maximum of 3, maybe 4 months, before going on to the next level. The entire sequence of "alpha" releases shouldn't take more than 6 to 8 months; same for "beta". It's clear that osC development has ground to a halt. If you want to discuss hosting a fork of osC (unless HPDL and the other developers speak up that they are willing to host it here as a community-developed version 2.3), please contact me offline. I have some names of other people who might be interested in contributing. An access-controlled code repository is needed (for authorized developers to change code, and a larger group of read-only testers), as is a discussion group for architecture and features.
  8. MrPhil

    Can anyone help me?

    While waiting for the author to get back to you, look at -- 500 error causes http://forums.oscommerce.com/topic/345637-internal-server-error/page__view__findpost__p__1442374 Maybe you'll find why your restored files are broken (did you remove the add-on, or did you restore the full files?). You don't have your own "error handler"/"error document"/"error page" files defined, and the system is using the default handlers when you get, say, a 404 error (/catalog/ not found). Then it throws a 404 that it couldn't find the 404 handler! Not critical, but if you'd like to get rid of these extra 404 messages, define your own error handlers. To minimize the number of unnecessary error messages cluttering up your account log, you should supply a set of Error Pages for your account: /400.shtml, /401.shtml, /403.shtml, /404.shtml, and /500.shtml at a minimum, along with a /robots.txt (requested by every search bot) and a /favicon.ico (requested by every browser). If you have cPanel, it has a button to produce the *.shtml Error Pages ("Error pages") -- you can customize them all you want with additional HTML code. /robots.txt can be empty until you figure out what you want to put in it. Any "paint" program can produce a favicon for you (16x16 ICON format). Having these seven files will greatly reduce the clutter in your system error log, enabling you to see real errors that you need to address.
  9. MrPhil

    error: HTTP 500

    Checklist: http://forums.oscommerce.com/topic/345637-internal-server-error/page__view__findpost__p__1442374
  10. MrPhil

    Offline payment processing without fees

    I guess you're between the proverbial rock and hard place. Can you get him to at least sign a legal contract that he holds you harmless if his customers or bank come after him for damages due to insecure or fraudulent credit card handling? You warn him in writing that you understand that what he's doing is improper and he takes all responsibility for it. Before springing that on him, express your concern and get him to tell you exactly what's he doing to handle credit cards now. Maybe you misunderstood him? Maybe he doesn't realize he's violating his merchant account agreement? You've got something on him if he refuses to sign, or holds back payment -- you can go to his bank and rat on him. That's the Nuclear Option, but it's possible. I am not a lawyer, so I can't advise you on any specific steps. Just make sure you have some leverage so you can get paid for what work you've done, but don't get yourself in trouble for failing to uphold your end of the contract (refuse to finish the job). Your personal safety has to be considered, too. I suppose you could just keep quiet, do the work he asks for (and get paid), wash your hands of this client, cross your fingers and hope that nothing bad happens to you, and feign ignorance if his bank comes after you. Like I said, you're in an unenviable position. At least with another client, you'll have some knowledge about problem areas. I tried going to the safe2pay.net site, and can't get in to see what it's about. That doesn't give me the warm fuzzies. There are a number of sites which claim to use "Safe2Pay", but they don't say if it's .net or something else.
  11. MrPhil

    Offline payment processing without fees

    Your friend is probably going to be in BIG, BIG trouble with his bank when they discover what he's doing. Most merchant accounts issued for brick-and-mortar stores are not supposed to be used for eCommerce (much higher fraud rate is reflected in higher charges). I don't understand his assertion that he pays no fees to process credit cards -- if he has some sort of merchant account, he must be paying fees for it somewhere! Maybe the fees are buried in other charges, or lack of interest on the balance, or are a flat fee for a low-volume operation, but they're in there somewhere. osC comes with a generic credit card module, but the common advice is not to use it -- its security is very poor, and the site will fail any PCI audit. If you want to use a payment gateway and merchant account, you should use a proper one associated with a specific vendor, and follow all the rules. Or, he can use a third-party payment system such as PayPal to handle credit cards, without all the PCI and security hassle. You are putting yourself at financial risk if you implement an insecure payment system for your friend. Defrauded customers, his bank, or he himself could come after you with a lawsuit (that you failed to inform him of the risk, yadda, yadda, yadda). My suggestion would be to steer clear of any such shortcuts. I've never heard of a legitimate outfit that processes credit card transactions for free!
  12. MrPhil

    Electronic Delivery Shipping Option

    Maybe you've just been looking for the wrong keywords. "Digital Downloads" are already built into osC. You need to enable them, and do some other stuff in setup. When an order is placed, you have to manually OK it (that payment has been booked) before the link will be sent to the customer.
  13. MrPhil

    Charging a service fee for paypal

    Check the payment service agreement. I don't think PayPal allows you to charge an extra fee, and other services may or may not allow it. If it's allowed, I don't think there's anything built-in to charge an extra fee based on the payment type. Have you looked through the contributions to see if there's something already written for it? One complication is that legally you will have to inform the customer of the extra fee (since you're already past the checkout page and totals when they select the payment type) and give them a chance to select another payment type or cancel the transaction. How about just adding a transaction fee for everyone, as part of shipping and handling?