Jump to content
Latest News: (loading..)


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. Note that Frozen is compatible with PHP 7.1. To run on PHP 7.2, some fixes might have to be made to the code. You may be better off dropping back to PHP 7.1, if you can.
  2. There is no upgrade script for the code. It's a fresh install. There might still be some SQL scripts included with each version to "import", that modify your database from to 2.3.4 and then to Frozen, or you can do it manually (compare schemas and update a backup with an editor). Of course, proceed carefully, back up your current code and database first, make sure they're good backups, and know how to restore them if you botch the upgrade job. Or, hire someone to do the job for you.
  3. MrPhil

    HoneyPot Captcha

    You might want to read this article on CAPTCHAs: https://www.theverge.com/2019/2/1/18205610/google-captcha-ai-robot-human-difficult-artificial-intelligence . It states that AI is expected to improve to the point that it will solve any CAPTCHA puzzle much better than humans can. It's just about there, already. The emphasis will have to shift from how perfectly the "user" can solve a problem to watching how very human imperfections and randomness in the interaction betray who is human. Also, rather than relying on a one-time hard-shell defense against bots, we will have to watch users in their interactions with a site and see if they're doing bot-like things. Big Brother, anyone? The article points out that Third World CAPTCHA farms use people to sign up for forums and blogs, etc., which then can be handed over to bots to do the spamming. This would require monitoring of the user interactions beyond just the signup, such as an occasional CAPTCHA challenge from time to time. If most spammers crap on your forum just once (or use your tell-a-friend function for one mass mailing) and then never come back, that may be more annoying than useful. The comments are rather interesting too. Several people pointed out that the reCAPTCHA emphasis on traffic lights and street signs and vehicle recognition suggests that we are being used to train Google's self-driving cars -- for free.
  4. MrPhil

    Product Name length

    There should be an "equal height" fix available. I don't know if it's an add-on or a module to be turned on, but there should be something available for you to use. Search the add-ons for "equal height".
  5. MrPhil

    Suddenly a lot of error messages

    Your only "mistake" was running an obsolete version of osCommerce that could not withstand PHP being upgraded to version 7. As suggested by Steve, you should get moving on an upgrade to "Frozen" or even "Edge". If you can specify PHP 7.1, I would go with "Frozen". If you have to use PHP 7.2, go with "Edge" (it still may need some fixes). Do not stay at lower levels of PHP any longer than you need to in order to upgrade your store, because all PHP versions lower than 7.1 are completely unsupported now, and more vulnerable to hackers.
  6. MrPhil

    Laravel Ecommerce System

    I give the customer what they want, but I make sure I tell them my concerns about it and why they should consider doing it differently. That way I'm covered (in writing) if things don't work out with what they want. It takes some diplomacy to do this in a way that won't anger a customer. That said, think carefully before doing anything that requires a change to the workflow or even worse, to the corporate culture. That is always tremendously expensive -- far more costly than anyone would guess. It may be that a Band-Aid patch to computerize some manual paperwork will end up being only the first step, and a suboptimal one at that, but the cost (including disruptions to work) of making lots of people change their ways may just be too much for the customer to bear. Every case is different.
  7. MrPhil

    Removing "welcome to my Shop" in index

    Have you scanned (findstr in Windows, grep in Linux) for that text string? It should be in one of the language files. Then you'll have to find the code that outputs it and decide where the best place is to silence it. This assumes that there isn't some switch built-in to do it. Whether you're looking to just remove the one phrase, or ditch the whole page, will determine what to do.
  8. MrPhil

    Suddenly a lot of error messages

    Just to clarify things, you are almost certainly at either the official 2.3.4 or release, neither of which handle PHP 7 all that well. You show as being at PHP 7.2 -- did your host just update to this level from, perhaps, PHP 5.6? It's far too advanced for the official osC release. 7.2 is trouble even for the community-supported osC "Frozen" (CE) -- you'll have to drop back to PHP 7.1 if you can. Even osC "Edge" may still have some trouble with PHP 7.2, although I think it's most of the way to compatible. If you want (or need) to run on PHP 7.x, you will have to go to Frozen or Edge.
  9. MrPhil

    Are you ready for Brexit?

    I've got my bucket of popcorn, my big-screen TV, and my easy-chair. I'm going to so enjoy watching pompous and snobbish Britain sleep walk right off the cliff into Third World status. Of course, the US is right behind you, also marching to Putin's orders. The winner in all this is Russia, who is breaking up Western democracy so their tanks can easily roll over Europe. The Tories and the Republicans are all traitors, who need to be put up against the wall and shot. Literally. I need another cup of coffee.
  10. MrPhil

    File permissionsI

    It's "unstable" in the sense that Gary can change it radically from day to day, not that it's not working or likely to blow up. It's a test bed, not really something to base a production shop on. To each his own...
  11. MrPhil

    Moving from HTTP to HTTPS

    Note that using %{HTTP_HOST} in the rewrite rule means that you can't change www. to non-www or vice-versa. You would need a separate rewrite for that, which means two 301 round trips, which means Google will ding you.. %{HTTP_HOST} is whatever the visitor typed in for the address, not some canonical form with or without www. My recommendation is to hard code your domain name (as desired with or without www.) in the rewrite rule, to avoid such problems. Also, you can use $1 instead of %{REQUEST_URI} -- just less typing.
  12. MrPhil

    File permissionsI

    Since Gary froze a snapshot of "Edge" as "Frozen", I've been recommending "Frozen" for those who want a stable, working shop. Before that, there was only "Edge", so that's what I recommended. As you're obviously still in startup on this thing, you should consider reinstalling with Frozen, as Edge is quite unstable. But, the choice is yours.
  13. MrPhil

    File permissionsI

    The warning to use cPanel (any control panel, not necessarily the cPanel(tm) product) is because most servers nowadays simply ignore chmod requests from FTP (a security exposure). People try to set permissions via FTP and are puzzled because the permissions didn't seem to change. Ken, if you're that fuzzy about what's going on, "Edge" may not be a good choice for you. If this is a fresh install, you should probably be using "Frozen" instead, which is stable. Edge is still under development and can change from week to week (is unstable). If you're not an experienced programmer, you should avoid it.
  14. MrPhil

    Fake accounts

    I would hope so, but I wouldn't count on it. I've heard accounts of legally blind* people still licensed to drive a car. I don't know if this ever has been confirmed, but I wouldn't be surprised if the disability people don't talk to the Motor Vehicle people! Thanks for the support... I do try to look at things from a different angle that may not have been discussed yet. This seems to annoy some people, but I think it's better to cover all angles. * "legally blind" does not necessarily mean "totally unsighted". It can mean greatly reduced vision in some form.
  15. MrPhil

    Fake accounts

    Just a note to be careful when screening for fake accounts or using a honeypot to catch bots, that you don't fool legitimate users who are visually impaired and need to use a screen reader or braille output. Some field that's white-on-white or visibility: none might still be presented to a blind user, who could innocently fill in such a decoy field. At best, you've lost a potential customer; at worst, you could be in legal trouble for discriminating against the handicapped (ADA, etc.). In other words, don't count on "invisibility" (visual appearance) to keep all legitimate users from "seeing" an input field. If you have something like a "company tax ID" decoy field, might someone innocently enter "none" or "N/A"? Keep that in mind when designing such bot-traps. Perhaps it would be best to disable certain functions (reviews, contacts, emails, etc.) and flag such suspicious "customers" until the administrator has had a moment to look over their registration and decide that it's a bot to be flushed. Unfortunately, that's a bit of extra work for the administrator, but might be worth it to keep spam out of the system. To avoid harming real customers who trigger false positives, you should probably inform them that the account is being "held for review". Also, bots might be soon (if not already be) smart enough to look for things labeled "honeypot" or "decoy" or similar names and phrases, and avoid them. If you have a field with nearby text "do not enter anything in this field" or "for office use only", a smart bot might know to avoid it. Similarly, a smart bot might notice that text is the same color as the background, or something's positioned offscreen or fudged on visibility, and refrain from filling in something there. It will be a never-ending war.
  16. CE is the only up-to-date version ("Frozen", or if you don't mind being on the bleeding edge, "Edge"). Support is reasonable, as that version is what most advanced users are on. There's certainly at least as much support available as with any "official" version. "Frozen" is as production-ready as anything else. If you're thinking about using osCommerce, and are not a top programmer, "Frozen" CE is the only way to go. Unfortunately, you will probably have to update any Italian language support yourself (please contribute it back as an add-on), and add-ons may need updating themselves. Yes, there is SEO. I have no idea about VAT entries.
  17. You can get most of the way there by upgrading to osC Frozen (or even Edge, if you're an adventurous programmer). It's not worth trying to fix up an old version of osC to run on PHP 7.x. Plus, you get mobile-friendly (responsive), and a lot of new features and security fixes.
  18. Note that Fred's fix is to extend the allowable dates out to "this year + 9 years". Keep that in mind as what's happening, rather than just extending another year. The starting date is now "this year" rather than fixed at 2001, in case you have a store with coupon entries older than 2019. I haven't looked at the code in question, so I don't know exactly what the intent is for this sliding window range of years. The old expression here was for a year range of 2001 through 2018. Also note that osC 2.2 is ancient history. Unless you have been constantly updating it, the next PHP update on your server will blow it out of the water. It's also full of security holes, is lacking many useful features, requires an old MySQL library that is going away, and is not mobile-friendly. You really should be thinking about upgrading to osC "Frozen" and transferring your data over. Do it now, before it becomes an emergency.
  19. Export it as an .sql file, including the table structure. Install osC "Frozen" for your new store (do not use any other version), get its table structure (the oscommerce.sql file), compare the two, and modify your store's .sql file (structure and data) to match Frozen's structure. Then you can clear out the Frozen store sample data and import the modified .sql file. You'll also have to bring the product images over. That should do it. A production store should never had been built with osC 3A5 -- it was only experimental (developmental).
  20. MrPhil

    Removing fake customers

    Maybe if they're fembots or manbots, they're proud of their gender? cf. Futurama. Comparing against your hosting access log, if you can find specific bot names you might be able to ban them entirely via .htaccess. No guarantee that you'll be able to get a unique name, but you can also ban on referring site name. Of course, they can always just switch to a new host or bot, but at least you've inconvenienced them.
  21. MrPhil

    работа админки

    English via Google Translate: What was involved in the change from the old system? Are you on a different server? Different host? Did the PHP or MySQL version change? Did you update both the configure.php files with the changed domain name and any changes to the directory structure? Most importantly, what is your version of osCommerce and what PHP version are you running under? via Google Translate:
  22. And just what the fuck was "pointless" about asking him to confirm what he had installed? The current setup can be quite confusing to those who haven't been closely following the discussion. Gary doesn't help by refusing to properly label his releases, either in the version number or the repository file name, and it's very easy to get mixed up and think that the official download is the same one as the download being suggested. I didn't tell the OP to reinstall -- that's his choice. I did tell him to double check where his install came from.
  23. The interface is a bit different on the BS version, so I thought I'd check. People see the "official" download is, so they assume that it's the BS version, which is also It's not. I think that link is to the good "Frozen", but you might want to check it against the "Frozen" link in my signature, which is a/the good version. Unfortunately, Gary (Burt) refuses to put a unique identifier in his releases, and does not give repository link and file names that clearly differentiate versions. Too bad... otherwise his work is great. It would be superb if he would just do that. Then there would be absolutely no confusion about what BS version you're dealing with.
  24. I'm quite sure that 2.3.4BS will not run properly under PHP 7.2. I don't think it will run on 7.1, and for that matter, probably not 7.0. It's fairly old. You should replace it with "Frozen" and migrate your data over. Frozen works up through PHP 7.1. It doesn't work with 7.2, but "Edge" might at this point, if you absolutely must be running at that PHP level.
  25. MrPhil

    Oscommerce websites for sale?

    No, there's nothing here to buy and sell sites. What would that do for you anyway? Getting the store itself installed is maybe 5% of the labor. The rest is customizing it to your needs, and loading your products. Post in the Commercial Services area to get a quote on having someone set up your store for you.