Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. MrPhil

    Unusual shipping requirements

    No harm done with responding to a 13 year old post, if the problem and solution given might still be relevant to someone. Since the thread would have been so deeply buried, I would assume that Jack would be aware of its age. Likely the OP is long gone, but in case there are others in this boat... As long as we're having a pleasant chat about unusual shipping requirements, is there anything built-in to restrict certain products to certain geographic zones (such as countries)? For example, physically shipping goods only within the USA, but digital downloads anywhere not embargoed? I'm sure I could code up something, but if someone has already done the work... the key is to alert the customer well in advance before they load up their cart with a mixture of physical and virtual goods and then try to check out.
  2. MrPhil

    getting 'easy' csv import to work

    Just add him to your "Ignored Users" list, and be done with it.
  3. MrPhil

    Fake accounts

    "Albania"? Is that in quotes because you think it's a fake country name? Just curious... yes, it is ex-Soviet Bloc. Watch Wag the Dog.
  4. MrPhil

    Serve images in next-gen formats

    To really convert on the fly, at each request from a browser, would be foolish. The added time to do the conversion would far outweigh any time savings in transmitting a smaller image file. You want to do it just once, preferably in batch, rather than as-needed (where you need to track which images have already been converted). Secondly, you need to know whether the customer's browser can handle .webp. That might be possible by querying the browser and release number, but offhand I can't tell you a good way to do that. If the Javascript (running on the browser) decides it's safe to ask for .webp, it might change the <img> src on the fly to ask for .webp instead of some other format. That will take additional time to do both tasks, so I'm not sure you end up with any net savings in time. Notice that you have new PHP code running on both the server (if you do the conversion to .webp there, rather than on your PC), and JavaScript on the client (browser) to select which format to use and rewrite the <img> src. If you want to assume that everyone is running a fairly up-to-date browser (no one required to run IE6 any more!), you might serve only .webp, having done the conversion only once (on your PC). Of course, you still have to go through all the places where image URLs are stored on your site, and update them to .webp. In the end, is this worth the effort? Unless you can reduce image transmission time by 200 - 300% I don't think you're going to end up saving anything.
  5. MrPhil

    Serve images in next-gen formats

    .webp is a new format (essentially a new compression method) for images. They will probably transfer a bit faster (being smaller), and most major browsers now support the format. Is it worth the effort to convert? Who knows. It may well suffer the same fate as JPEG-2000... improved compression that got little support. When you say "convert on the fly", what exactly are you looking to do? You don't want to store your images as .png, .jpeg, etc. and then literally convert them as served to .webp -- that would slow things down considerably (the whole point of the exercise is to speed things up). You would want to use some utility to convert (in batch) your images to .webp, and then serve those like you currently serve other formats. Don't forget that anyone with older browsers (not Chrome, Edge, or Firefox current versions) is going to be left holding the bag when your site serves them .webp images that their browser can't handle. Are there any provisions in JS/CSS for selecting which type of image to call for?
  6. MrPhil

    Grundsätzliches Module

    First of all, make sure you are installing a current version of osCommerce, one that is PHP 7-ready, secure, mobile-friendly, and up to date with many new features. That would be osCommerce "Edge" or "Frozen". As you are not experienced with osC, I would recommend "Frozen" (see my signature below for the link), even though it is not PHP 7.2-ready and has a list of patches. Under no circumstances should you even think about installing the "official" version downloadable from this site. It's obsolete, even though it's also called "". via Google Translate:
  7. MrPhil

    HoneyPot Captcha

    You might want to read this article on CAPTCHAs: https://www.theverge.com/2019/2/1/18205610/google-captcha-ai-robot-human-difficult-artificial-intelligence . It states that AI is expected to improve to the point that it will solve any CAPTCHA puzzle much better than humans can. It's just about there, already. The emphasis will have to shift from how perfectly the "user" can solve a problem to watching how very human imperfections and randomness in the interaction betray who is human. Also, rather than relying on a one-time hard-shell defense against bots, we will have to watch users in their interactions with a site and see if they're doing bot-like things. Big Brother, anyone? The article points out that Third World CAPTCHA farms use people to sign up for forums and blogs, etc., which then can be handed over to bots to do the spamming. This would require monitoring of the user interactions beyond just the signup, such as an occasional CAPTCHA challenge from time to time. If most spammers crap on your forum just once (or use your tell-a-friend function for one mass mailing) and then never come back, that may be more annoying than useful. The comments are rather interesting too. Several people pointed out that the reCAPTCHA emphasis on traffic lights and street signs and vehicle recognition suggests that we are being used to train Google's self-driving cars -- for free.
  8. MrPhil

    Fake accounts

    I would hope so, but I wouldn't count on it. I've heard accounts of legally blind* people still licensed to drive a car. I don't know if this ever has been confirmed, but I wouldn't be surprised if the disability people don't talk to the Motor Vehicle people! Thanks for the support... I do try to look at things from a different angle that may not have been discussed yet. This seems to annoy some people, but I think it's better to cover all angles. * "legally blind" does not necessarily mean "totally unsighted". It can mean greatly reduced vision in some form.
  9. MrPhil

    Fake accounts

    Just a note to be careful when screening for fake accounts or using a honeypot to catch bots, that you don't fool legitimate users who are visually impaired and need to use a screen reader or braille output. Some field that's white-on-white or visibility: none might still be presented to a blind user, who could innocently fill in such a decoy field. At best, you've lost a potential customer; at worst, you could be in legal trouble for discriminating against the handicapped (ADA, etc.). In other words, don't count on "invisibility" (visual appearance) to keep all legitimate users from "seeing" an input field. If you have something like a "company tax ID" decoy field, might someone innocently enter "none" or "N/A"? Keep that in mind when designing such bot-traps. Perhaps it would be best to disable certain functions (reviews, contacts, emails, etc.) and flag such suspicious "customers" until the administrator has had a moment to look over their registration and decide that it's a bot to be flushed. Unfortunately, that's a bit of extra work for the administrator, but might be worth it to keep spam out of the system. To avoid harming real customers who trigger false positives, you should probably inform them that the account is being "held for review". Also, bots might be soon (if not already be) smart enough to look for things labeled "honeypot" or "decoy" or similar names and phrases, and avoid them. If you have a field with nearby text "do not enter anything in this field" or "for office use only", a smart bot might know to avoid it. Similarly, a smart bot might notice that text is the same color as the background, or something's positioned offscreen or fudged on visibility, and refrain from filling in something there. It will be a never-ending war.
  10. MrPhil

    Oscommerce websites for sale?

    No, there's nothing here to buy and sell sites. What would that do for you anyway? Getting the store itself installed is maybe 5% of the labor. The rest is customizing it to your needs, and loading your products. Post in the Commercial Services area to get a quote on having someone set up your store for you.
  11. No language support is going to magically appear all by itself, just because you need it. Someone (perhaps you) will have to sit down and manually translate all the language files, and package them up into an "add-on", and put it in the library. Of course, it needs to be thoroughly tested. Make sure you start out with at least the "Frozen" version, and not waste your time translating for obsolete versions of osC. osC is UTF-8, but I don't know if it handles bidirectional languages (including Arabic) properly. Be sure to check here: https://apps.oscommerce.com/q=arabic for earlier translation work that might be a useful start. It doesn't look like there's a full translation for the current version.
  12. Sorry, I'm not familiar with the UPS add-on. Now, why are they sending the address to UPS in the first place? I assume that it's to get a rate quote. If the address is only off a little, the error in the rate charged may be small, but if the customer gave the wrong state by accident, that could be catastrophic. What if they want the package sent to Carlsbad, NM instead of Carlsbad, CA? Watch out for auto-completion giving a wrong state! If UPS returns a flag that such-and-such a field in the shipping address appears to be in error, and the customer is still there in checkout, it should be possible for osC to present the shipping address and ask the customer to check/update it. I'd be surprised if it didn't do that already, but if it doesn't, it should be possible to add that to osC. If you managed to turn off the address verification, what would be the expected results? You would still manually fix the address before shipping out the package, but would you have quoted the wrong shipping rate? I think you may be fixated on the wrong thing (turning off verification, rather than letting the customer fix an incorrect address).
  13. MrPhil

    New UPS XML Shipping Module available

    Hope this isn't too late... it sounds like you may have the CE/Edge/Frozen version installed. This is GOOD. However, the code has been updated, replacing $HTTP_POST_VARS by $_POST and module name defines (FILENAME_MODULES) with hard-coded strings. The code is functionally identical (works the same way). If you are installing this into an older osC, you may need to back out those updates (change $_POST back to $HTTP_POST_VARS... you may be able to leave the hard-coded module name). Be careful if installing older add-ons into a new osC or vice-versa. By the way, PHP 5.3 is terribly ancient. Any up-to-date system should be at PHP 7.1 by now (the earliest supported PHP version). 5.6 and 7.0 are somewhat tolerable (they went out of support a week ago) but should be planned for replacement soon. Incidentally, the CE/Edge/Frozen version will run on PHP 7.1 or below (PHP 7.2 may need a few fixes), while the "official" won't run reliably at that level. I won't swear that CE/Edge/Frozen will still work properly on PHP 5.3 -- it might.
  14. Maybe a better approach would be to leave the UPS interface alone, but validate the address before you send it to UPS? Unfortunately, it sounds like a manual operation on your end right now. If it can be automated (USPS, Google Maps?) you could alert the customer right then and there that the address looks "off" -- please check your entry and update if necessary. As a bonus, a verified address might also make available additional address information such as county and inside/outside city limits, useful for determining sales tax jurisdictions and thus, rates. Does UPS bounce back the bad address right away, while the customer is still in the checkout process? At least, the customer could correct the address themselves at that point (new code needed on the osC end). I think that in general, address validation during checkout would be quite useful.
  15. So what happens if you remove address validation, and UPS is unable to deliver? It seems like that would be a major inconvenience for all parties. What's the downside of having UPS verify that they can deliver to that address? They're going to know the customer's address anyway, so it's not like they're being let in on a secret.
  16. MrPhil

    Edge VS Frozen

    In other words, trash your "official" installation and start over with "Frozen". If you're adventurous, you could try "Edge", but it's somewhat unstable (i.e., still in development). "Frozen" would be best for you. Sorry to have to do that, but as Malcolm said, the only guy who can make "Frozen" official (download from this site) has been AWOL for a long time.
  17. I watched it online after you mentioned it. Nothing really new to us, but a look at the young lawyer who drove this thing through, with a discussion of "whose data is it?". Not GDPR-related, but covering a lot of issues in ecommerce, was a segment yesterday on "Marketplace" (marketplace.org for 2018-11-12) starting at 08:36 and running 4 minutes. 70% of shopping carts are abandoned being hit with unexpected fees late in the process is a big killer need to create an account turns off many shoppers (want guest checkout) many shoppers are so lazy that they can't be bothered to fish out a credit card, and would like to use something like ApplePay, available with one click shoppers want simplified information gathering -- three fields for the phone number is so much work, compared to a single phone field stores need to encourage impulse buying, or most shoppers won't be excited enough to complete the purchase if anticipated delivery time exceeds 48 hours, many shoppers will say "forget it" many online shoppers are not serious about making a purchase, but are in it for the experience suggests a need to discourage coupon use (?? that would seem to discourage buying even further) Amazon Prime effect: need to divert marketing budget from coupons to lower cost/free shipping to attract customers End Times, anyone?
  18. Seen on the 'net. Sing along! He's making a list, He's checking it twice, He's gonna find out who's naughty or nice, Santa Claus is -- in contravention of article 4 of the General Data Protection Regulation (EU) 2016/679.
  19. Could all respondents clarify whether it's a Merchant Account type setup (A.net?), a Third Party payment system (e.g., basic PayPal), or something else? Some shop owners may not be able to (or wish to pay for) something requiring PCI compliance. Let's assume everyone has SSL by now. How about an idea of monthly and per-transaction fees? Small shops may not want to pay stiff monthly fees in return for lower transaction fees, while those with higher volume might find it worthwhile. Finally, what about refund policies and other such things (e.g., PayPal is notorious for "the customer is always right")? A simple "I use XYZ and it's great!" is useless for someone trying to decide which payment system(s) to use.
  20. If I already owned a collection of quality safety glasses or goggles, I would be quite annoyed if you forced me to buy yet another pair. Is this some EU law, rather than just letting you add "HAZARD! Use only with good safety glasses (such as this pair you can buy here)."? If they're cheap glasses, consider just throwing them in as a gift. Or is this just an example you thought of off the top of your head? If it's essential that the customer buy "B" to go along with "A", and "B" is cheap enough, it might be easier to just throw "B" in with "A". If "B" was expensive enough, that could be a problem (the customer would want to buy only one). Ack! Please strongly consider upgrading to the current version, Edge/CE/Frozen. You're making so much extra work for yourself, and some day your site will crash badly when your host upgrades something.
  21. OK, Alix. At least you're aware of the situation, and plan to seriously look into the BS version. Actually, I can't even guarantee that the official won't give you trouble with PHP 5.6 -- I don't think it was ever updated that far, so don't be surprised if something breaks. Good luck with your upgrading!
  22. When you say you're "re-building my very old 2.2 site on 2.3.4", I hope you mean the very latest osC, Edge/CE/Frozen. It gives you PHP 7.1 compatibility (a few fixes needed for 7.2), responsive design (mobile friendly), and a number of new features. Please don't use the official "latest" offering of, as it's years out of date.
  23. MrPhil

    Fake accounts

    "False flag" fields are a common tool for spambot detection, but be careful if you use it -- a real customer might enter "N/A" or something else, fearing that it's needed. Some recommend that you make that field and its prompt invisible in some manner, but then it's still "seen" by a screen reader and even a sighted user might tab to it and wonder what's going on. So, like anything else in life, such fields are not foolproof (i.e., they may snag some legitimate customers). Spammers that use real people to do the signup may not be fooled at all.
  24. MrPhil

    Fake accounts

    == and === are two different things. Which did you mean to use? == (and !=) is simple equality (inequality) with type conversion if necessary (0 and false match), while === (and !==) must also have the type match (0 and false do not match).