Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. Here we go... https://www.gocomics.com/speedbump/2018/09/27
  2. MrPhil


    Before you put a lot of work into changing the display characteristics, you should look at upgrading to the current version of osC, which is Edge (also known as CE/Community Edition, and Frozen). Its is not the official release downloaded from this site, but has to be obtained from GitHub (see the link in my signature, below). The official version is years out of date and is unsupported. The Edge version will give you responsive layout, which is mobile-friendly but still works on desktops and laptops. That may be a better approach for you than struggling with a fixed size layout. [from Google Translate] Bevor Sie viel Arbeit in die Änderung der Anzeigeeigenschaften investieren, sollten Sie ein Upgrade auf die aktuelle Version von osC ( Edge (auch bekannt als CE / Community Edition, und Frozen) durchführen. Es ist nicht die offizielle Version, die von dieser Seite heruntergeladen wurde, sondern muss von GitHub bezogen werden (siehe den Link in meiner Signatur, unten). Die offizielle Version ist veraltet und wird nicht unterstützt. Die Edge-Version bietet ein ansprechendes Layout, das zwar für Mobilgeräte optimiert ist, aber dennoch auf Desktops und Laptops funktioniert. Das ist vielleicht ein besserer Ansatz für Sie, als mit einem Layout mit fester Größe zu kämpfen.
  3. MrPhil

    Google Adsense and https site

    If the ads that Google is serving you use http in their addresses, such as for images or Javascript, many browsers will suppress their appearance ("mixed content") due to http (non-SSL) content on an SSL (https) page. You should be able to see this by the icon shown next to your address in the browser address bar. The proper solution is to specify that you want SSL content in your ads, so that everything on the page will be shown by all browsers. I don't use Adsense, so I can't tell you how to do this.
  4. MrPhil

    Google Tag Manager

    Are "googletags" related to a Google advertising offering, such as Adsense, Adwords, etc.? If so, how do you monitor (and control) the quality of what Google is sending you for on-page advertising? I bring this up because on a couple of technology-oriented sites I visit from time to time, there are banner ads (constantly changing) that are often absurd. They are pure clickbait that I won't even waste a second on, but I'm sure they appeal to someone. An example: an obviously photoshopped, hideous picture of Hillary Clinton with a caption promising a look at her "hit list". Now, I understand that some people just hate her guts and are anxious to click to get the latest dirt on the Hildebeast, but I'm guessing it's something totally different from what was promised (including drive-by malware downloads). Other examples: breathless "doctors astounded by _____", "scientists amazed by _____", a picture of two helicopters lifting a supertanker off a beach, a 40-storey high cruise liner (that looks unstable enough that the tiniest ripple would capsize it), a 777 airliner with the two engines replaced by passenger cabins and the central fuselage replaced by a huge jet engine,... well, you get the picture. These things are funny to look at, but I wouldn't want them despoiling my site. I assume that Google is involved somewhere because the page is loaded with "googletag" in the source. So, how does one keep control over the quality of ads being run on their site? Do reputable ad providers guarantee a certain level of quality and truthfulness, or is it the Wild West out there? Do any let you vet what they intend to run, before they run the ads?
  5. MrPhil

    Site been working for a year, now broken!

    If it's commented out, you can safely delete it, as it's not being used. The only reason to keep something around would be if some time in the future you might want to use it again. php_value and php_flag are things you'll never use again in an .htaccess file, so go ahead and trash them. If civilization comes crashing down and you have to revert to PHP 3, you can always recreate those lines.
  6. MrPhil

    Site been working for a year, now broken!

    Almost. It says to associate .php files (and .php7 and .phtml, which you don't use) with PHP 7.2. Removing or commenting out this line would drop you back to the default version of PHP. Yeah, anything starting with # is commented out and can be ignored. If you uncomment them, you'll probably get a 500 error since they're obsolete. As written, it might well work OK, but I'll give a caution: for best SEO, you want to be consistently mydomain.com or www.mydomain.com. You should add a test for domain name and combine the HTTPS test into the same rewrite, so there's only one 301 redirect happening. Something like: RewriteEngine On RewriteCond %{HTTPS} !on [OR] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] Note that your domain is hard coded (this is the "with www" way) because HTTP_HOST can be mydomain.com or www.mydomain.com, and you can't simply shove a www. in front of it. If you want to use the "without www" form, you would take the ! off the HTTP_HOST line and remove www. from the rewrite. The R=301 tells search engines to index this revised URL instead of what they had before. The ETag business I don't quite understand, but if your host put it there, presumably it's OK. The cached file expiration stuff is to cut down on files being fetched from the server (performance improvement), ranging from 2 days to a year (depending on how quickly a file is expected to change). Yeah, f***king script kiddies trying to find vulnerable WordPress sites and break into them. "Throw it against the wall and see what sticks". I wish I could slit their bellies open and throw them into a shark tank... at least that could provide some amusement. At least you found that your database somehow got corrupted and your PayPal entries removed. It would be a good idea to figure out how that happened, to avoid a repeat. At the very least, learn to keep file and database backups on your PC so you don't have to keep going back to your host to do it for you. And learn how to restore files and database!
  7. MrPhil

    Site been working for a year, now broken!

    !on and off should be equivalent, unless you have a very strange server setup. ^(.*)$ and (.*) should both capture the entire REQUEST_URI (sans initial /) into $1, but the first form (with anchors) may be a bit more reliable in capturing the entire string. Since you're using %{REQUEST_URI} instead of /$1 in the rewrite, the $1 capture is ignored anyway. Do you have any subdomains or add-on domains in play here? %{HTTP_HOST} is what the visitor entered, not some canonical form of your domain name. For best SEO results, you really should pick "with www" or "without www" and stick with it, adding the test to this redirect (with [OR]) so that you end up sending only ONE redirect request (search engines penalize you for multiple redirects, say, one to change http to https and another to add or drop www). An explicit R=301 tells search engines that the resource has been permanently moved, and the new URL should be used from now on. The first one gives an implicit R=302, which is a temporary move, and should not be remembered. The [L] flag is a convention to tell .htaccess processing to leave and come back in (start over from the beginning). Whether it makes any real difference depends on what other URL rewrites/redirects you have in your .htaccess. A "500" (Internal server) error can be caused by a lot of things, including a botched .htaccess or php.ini file, or sometimes PHP code errors. Do you have any php_value or php_flag entries left in your .htaccess? They belong in a php.ini file (or equivalent). Your host should be able to tell you how to turn on enough error logging to find the problem, and what files (e.g., "error_log") to look for.
  8. Now you're asking for something totally different. The best way to handle sequential numbers is to have a table holding the tickets, with an autoincrement key field for that ID. Presumably there's a table already involved here, somewhere. You could also do it with a file holding the ID, which would be incremented and written back, but that's a lot more complicated coding to ensure atomic operations. By the way, the solutions given already in this thread are not safe. There's no guarantee that two tickets can't end up with the same "random" ID number, unless you check it against all existing ticket numbers. You would be better off using an autoincremented field value -- at least, you could guarantee that it's unique. A hash of some unique string (such as the customer name and address) might also be suitable.
  9. MrPhil

    Nothing happens after install

    I was asking the OP where they thought the file was.
  10. MrPhil

    Nothing happens after install

    By "root", do you mean the store's root directory (e.g., /shop)? It looks for user.css there, not in the site root or the filesystem root.
  11. MrPhil

    Paypal files PHP Error

    It's probably going to take more than just transferring the files via FileZilla. Some sort of installation process will need to be run, which updates the database and/or inserts code into files. Did you read and follow the installation instructions? Is this "standard", as downloaded from this site, or is it the Bootstrap "Edge/CE/Frozen" version?
  12. MrPhil

    Paypal files PHP Error

    Exactly which version of osCommerce are you running, and what level of PHP? This add-on says it is for osC 2.3, but not that it is Edge/CE/Frozen compatible. Anyway, your code is not defining a bunch of macros, which (depending on the particular setup) could be either missing them from a file, or missing them from a database table. That sounds like an incomplete installation -- did you have any error messages while installing?
  13. MrPhil

    Does Authorize.net pass on Customer IP Address?

    Obviously, if a customer is passed to their site, they will be able to see the IP address the customer comes in on. Now, what Authorize.net does with that IP address (if anything) is the matter at hand. If they do nothing at all with it, I suppose that could count as "not passed on". If they store it or use it for some other purpose (such as selling to a marketer), they should tell either you or the customer directly. I presume this question comes up with regards to GDPR? If they are operating in the EU, I would think they would be bound by GDPR requirements.
  14. They are an example of a corporation that thought it had really bright advisors in the legal and financial realm. They thought they could be Masters of the Universe and get away with anything while making boatloads of money. In this one case, they didn't get away with it.
  15. Enron had pretty sharp legal and financial teams, too. It's also entirely possible the system is broken, and they intended for the button to work.
  16. Just a dummy "I accept" button? How long can they get away with this before someone claims in court that this does not, in fact, constitute acceptance of the terms? (they never consented to having their personal information collected) Are you sure that this button has no effect? You've been able to enter personal data, and it's been stored?
  17. I see a lot of that too, but I'm willing to bet someone will challenge that in court as not being explicit permission to gather and store personal information. It's entirely possible that courts will rule that an explicit action (ticking a box, pressing a button, dancing the hootchiecoo) will need to be taken to prove that the shopper accepts the conditions.
  18. It's not laziness on the store owners' part if add-ons are required to enable basic functionality that almost everyone is going to need to use. I'm anticipating that legal stuff like GDPR/CCPA are doing to become widely required (or desired), and therefore ought to be built into the basic product rather than being add-ons a new store owner needs to search for. Of course, I still think it's overkill in the first place, but it does have the force of law. Anyway, it appears that Steve and Gary don't mind taking possession of their new cars on concrete blocks, and having to go to a tire store to buy the wheels and tires so the cars can roll. To each his own. A GDPR/CCPA module could be replaceable by an add-on with something lighter or offering different function, but still ought to come with the kit, so that a working store can be had right out of the box. At the very, very least, offer to download and install it (as an add-on) during installation, so a store owner isn't left wondering why their new store is out of legal compliance (i.e., osC is a piece of crap). There are a bunch of other widely useful add-ons that might be suggested at installation time, so a new store owner at least knows where to find the goodies at a later date.
  19. I NEVER SAID that it had to be somehow baked into the "core", just that it should NOT be an external "extra" (add-on) that a store owner has to decide they need, go hunt down, and install. It should come with osC in some form, and at most require "turning on" and configuration. Other stores will include GDPR/CCPA support in their base, and it will be a great selling point against osC. It's possible to carry a fetish for "lean, mean, customizable product" too far. Imagine if wheels were an extra-cost option on your new car! It's an unwritten assumption that wheels come with any car. You can specify more expensive ones when you place your order, but at least the car is usable as-delivered. It's not dropped off in front of your home on four cinder blocks. If everyone doing business with the EU, or California, has to have certain data privacy features (we can certainly argue over what's reasonable), those features will be so widely needed that they should come in the box and not require 1) realization that they're missing, 2) a search for an add-on to implement them, 3) download and installation of this add-on. That's all I'm saying!
  20. There are certain things which any ecommerce package is going to have to support right out of the box, if we hope to attract and retain a lot of users: PHP 7-ready, mobile-friendly (responsive), SEO, etc. They can not be separate add-ons, although an add-on that replaces a simpler and more basic out-of-the-box function would be acceptable. To this list, I think we need to add a pan-GDPR/CCPA/etc. customer data privacy module that doesn't have to be added separately (although it could require turning on and/or configuring). Without these things as selling points, very few people will give osC a second look. OK, so I'm going to do business in dozens of countries. I'm certainly not going to install country packages for each one. Perhaps some things like taxes/VAT etc. might be done that way, if I only have to follow the rules for my own country, but for everything else I think you're going to have to build in universal customer data protection, and other such legal requirements -- worldwide a superset of all the state, country, and union rules. I just hope there's nothing that would be contradictory enough to force separate packages! That's a general problem with osC. Harald is gone (I'm assuming, for good) and no one else has the Keys to the Kingdom. I wouldn't even be terribly surprised if domain registration and hosting expire at some point! Before long there may not be an oscommerce.com or this forum. A fork of osC is looking better and better.
  21. I don't care what form it takes, so long as it's not something that a store owner has to go looking for and install separately. Turning it on manually is OK, but it has to be built in. Any store software that has it built in is going to have a major advantage over all others where it's an "extra" afterthought, because almost everyone is going to have to use it.
  22. Well then, applications such as osCommerce should be GDPR/CCPA ready right out of the box, with all the places explaining what the site does with your data ready to be filled in (or customized), and all the tools in place for customers to make requests and manage their data. Not add-ons -- built right in, as it will be needed almost everywhere.
  23. Depending on the exact order of addition, multiplication by non-integer amounts, and rounding of intermediate results, it's easy to get a penny or two of difference in totals when using different computation methods. If you're getting close to .50 difference, though, something is badly wrong. Generally, most differences end up canceling out (plus and minus), and should not keep adding in one direction. Have you checked that PayPal isn't handling shipping amounts (or tax on it) differently from osC?
  24. osC 2.3.4 is known to have minor problems under PHP 5.5. Try falling back to 5.4 or 5.3 and see if that clears up the problem. However, you don't want to stay at backlevels for any period of time, because they are out of support and increasingly vulnerable to attacks. Even 5.5 is obsolete! PHP 5.6 only has a few more months of support left on it, so your host will need to be moving to PHP 7 soon, which osC 2.3.4 will definitely choke on. You should spend some time looking at installing the only current version, Edge (a.k.a. CE, Frozen, Final), which is available on GitHub (it's not the official release). Then your host should upgrade to at least PHP 5.6, if not higher (7.1 or 7.2 is considered current).
  25. Another thing to check: has your host just updated the PHP version? osC 2.3.4 is getting pretty long of tooth and will start to fail as you get up to currently supported PHP versions.