Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. MrPhil

    Select Product Image Directory

    With enough work, I'm sure it could be done. However, is it worth it? Something to keep in mind if you're deleting files or folders is that you want to detect if a product is still using an image, and forbid the deletion while the product is still there. Can an image be referenced by multiple products? Ditto for moving or renaming an image file. Also, showing the image itself in the list (in addition to its name), is fairly complicated coding. Something like Windows Explorer does this, but most control panel file managers are file name only. A better solution would probably be to automatically delete an image when you delete a product, after checking that no other product is still using that image (a reference count?). That's the only way that I could think of that a bunch of zombie images would build up. If you plan to reuse that image for another product, is it even possible to give a name and location for an existing file? Certainly the code would be cleaner to simply delete, and upload again if you want to reuse it. In the meantime, if you have accumulated a bunch of zombie unused images, you would first have to go through the database to confirm that no one is using them, and then delete them through your hosting File Manager. Perhaps automating that process (build list of in-use images, build list of image files, compare, delete unused images) might be a better and easier route. You might also be given a list of image files to be deleted, in case you want to download and preserve them.
  2. MrPhil

    Template system in Existing website

    If you really are interested in separating business logic and presentation code, grafting a template onto an existing osC application isn't really going to do the job. The application needs to be designed from the ground up to do this cleanly and reliably. I don't think even the most recent release ( CE/Edge/Frozen/Final) really does this. You're probably out of luck, or at least, in for a major overhaul of your site.
  3. I don't see anything wrong with having several links to more detailed information (so long as they don't drop their own cookies, etc.). How can you make an informed decision on such things without information? The objection here is that you MUST accept their terms, simply to proceed. There does not appear to be any way to use the system without having accepted their terms, which IS contrary to GDPR and other laws. I suppose they could add something like "If you do not accept these terms, it is not technically possible for you to use our system (it uses cookies, etc.)", but even that may be problematic.
  4. MrPhil

    Upgrading to the latest version

    Remember that all robots.txt and <meta>-style nofollow, noindex are just suggestions to search engines. None have the force of law. A well-behaved SE will probably obey them, but don't count on it. If you have no public links to a test directory, it's unlikely (but not impossible) for a SE to still index it. The only sure-fire way I know of to put the test directory under password control (via your hosting control panel). I think we're talking two different things here. The paths and files could change radically, but a SE seeing only SEF URLs could have no idea that the directory structure has been changed underneath it. Of course, you may have other reasons that you want to retain a certain directory structure, that are independent of SEO. If you have valuable SE goodwill built up, you may want to think about how you could preserve your current SEF URLs by tweaking an SEO add-on. Alternatively, it should not be harmful to redirect (301) existing URLs to new URLs, which could be an option for you.
  5. MrPhil

    Upgrading to the latest version

    As others have pointed out, Frozen is already responsive all by itself. However, if you are talking about changing function and appearance through a new skin ("template"), whatever you have now would have to be rewritten to be compatible with Frozen. There are already several such templates (some may be free) that may be a good starting point, with only minor adjustments to the CSS (placed in file user.css) needed in most cases. Note that using one of the SEO add-ons may produce slightly different URLs than your current system. Search engines will regard these as different, and you may lose SE ranking for a while. Depending on just how different the systems are, it may or may not be feasible to come up with something that either accepts (in addition) the old URLs, or returns a 301 code with a new URL. It might even be possible to tweak the new SEO code to produce the old style URLs (links produced to match the old), but this will take someone quite skilled in this area. Frozen is happy to run on PHP 5.6, but will also do 7.1 (which your host will upgrade to soon enough, as it is the current production level). Special pricing, etc. should be largely independent of the responsive skin issues. Your old database will need to be updated to work with Frozen, but you should be able to keep all your existing data (just be sure to back up your DB!). Anything you added to the DB for custom function can be kept, unless there is a naming conflict with Frozen's changes. About the best thing you can do is make a test installation (in its own directory) of Frozen, migrate over a copy of your data, and start playing with it to add in your custom function (possibly already built-in or available as add-ons). Don't sweat it if there are minor differences in appearance -- customers like to see that a shop is being kept updated rather than stagnating. The biggest impediment to such a changeover is that most site owners never kept track of what changes they made over time -- both what they changed and (just as important) why they changed it. For instance, if you made massive changes to implement responsive, all that's built-in now. If you're in this boat, start now to write down everything you can remember that was changed (and why), which will help you to replicate your custom functionality and appearance. Get in the habit of carefully documenting all changes, so the next time around, it won't be so painful.
  6. https://www.youtube.com/watch?v=0frHw-7J4Mk
  7. MrPhil

    Missing Products and not updating quantity

    I'll then give you 1000-to-1 odds that it's either the standard (non-responsive) 2.3.4 (at that time) or (current). No major player has Gary's responsive BS Edge/Frozen/CE/whatever on auto-install, and they never will, because it's not the official release.
  8. Good point. I would suggest ignoring any request that does not come from a registered user or customer (i.e., you don't have their email on file). Don't reply to them "we have no record of you", as all they want is confirmation that you are spammable a live address. If they are on file, and you fear the wrath of the EU if you don't properly respond, go ahead and reply. Just curious... is there any way to make a spammer's email bounce after you've read it? It would be good to make it look like you're a dead address.
  9. There are news reports that dozens of major US news sites are blocking EU access b/c they're not GDPR compatible. I find it rather amusing.
  10. I guess you could change the code to delete the cookie if the user fails to explicitly Opt-IN. Whether simply renaming a cookie (that already contains sensitive information) will meet the letter of the law, I don't know.
  11. I'm not familiar with the add-on in question, but I'm surprised to hear that it's "Opt-Out" rather than "Opt-In". Just to recap and make sure we're on the same page, there are three ways to ask permission to do something like drop a cookie. Two of them are illegal now: Opt-OUT where you have to take an explicit action to check a box to NOT have the cookie ("we're going to drop cookies unless you make the effort to tell us not to") Prechecked Opt-IN where the checkbox giving permission for cookies is pre-checked, saving you the time and effort of checking it ("tough luck if you overlook it") Opt-IN where you have to take an explicit action to check a box to ALLOW the cookie(s). This is the only legal way. If the current code is actually Opt-OUT, you would have to modify it to change the label/prompt to reverse the meaning flip the yes/no meaning of the selection that comes back (this could be as simple as $choice = !$choice; where you handle the form data) It should be quite possible to do this.
  12. Oh great, I'll never get that image out of my mind now! :( You sure know how to party on New Years!
  13. In there was a request to back up "contact us" emails in the database (due to host constantly losing emails in-transit). This brings up an interesting question: does GDPR say anything about emails and whether they are subject to deletion upon customer request? It would be ridiculous to have to delete emails, but I wouldn't put anything past the EU bureaucrats. I could even imagine a store owner being required to delete the database copy of the message, but not the email copy!
  14. I agree 100%. Being outside the EU, I am not going to fully implement GDPR, just the parts that are common sense and are justifiable, and should be followed by anyone holding private information.
  15. A nice layman's view article: https://www.scotsman.com/news/politics/insight-the-gdpr-revolution-we-can-t-opt-out-of-1-4742104 There are apparently some unresolved data issues, which will need to be settled by the courts, such as a beauty salon owner required by her insurance company to hold on to customer medical data for 6 years, even if the customer requests that it be deleted. Which takes precedence? If the customer demands that her data be deleted, does she forfeit any claim that could have been refuted by the salon had it kept the data? Or is the salon in trouble for keeping that data after being told to delete it? What if the data is simply taken offline -- short of a search warrant, how would a customer know what has been kept, short of suing for malpractice and seeing what's there? I like the joke in the "letters" section: "I've found a really good GDPR consultant". "Can you give me their email address?". "No"
  16. Well... the new one (GDPR) is written in a "friendlier" manner than before, which makes it hard to say which improvements are due to GDPR and which are just the new tone.
  17. MrPhil

    Domestic Only Shipping??

    Even better, some sort of "shipping class" entry on each product, for finer-grained sales/shipping. Say you sell physical (shipped) goods, and virtual (download) goods, and want to confine physical goods to US sales for the reasons given above, but are willing to sell downloadables all over the world. Within a country, you might have some products that cannot be sold in some places, or are restricted to certain shipping methods (e.g., hazardous materials by surface only). The shipping restrictions description could be automatically added to the product display text, rather than having to enter it for each product.
  18. MrPhil

    Upgrading to the latest version

    You changed PHP version (from what?), but did you then clear your browser cache (and possibly any server cache, too)? It might be working now, but you're still being shown an old (failed) page by your browser. Edge should run OK with PHP 7.0 and maybe 7.1. As mentioned by others, the "link at the top of the post" could be pointing you to the "Gold" edition of 2.3.4BS, which is old and should not be used. Make sure yours shows "" as the version and is in fact, "Edge". Unfortunately, I don't think it actually says "Edge" anywhere (Gary fell down a bit by not giving it a unique identifier, leading to endless confusion over exactly what is installed). If you are getting through many pages OK, it's unlikely that you have an .htaccess or php.ini file that contains an invalid command (e.g., php_value or php_flag). However, it would still be a good idea to check all lower-level .htaccess files for any such commands no longer supported by your host.
  19. MrPhil

    Authorize.net Consolidated v1.7 by Austin519

    Well, what's the customer expecting can be done? With such an old system, it's likely that something else will break soon, even if you switch payment systems (e.g., to PayPal). If they're not willing to spend the money to get up to current standards, all I can suggest is that you walk away from this job. It's not going to be worth the headaches you'll get trying to bring it up to snuff on a shoestring (which sounds like what the client is trying to do). If you have already sat down with the client and explained that it will likely be cheaper and safer to upgrade than to try to muddle through a patching process, and they still won't, I think it's a lost cause. Just out of curiosity, how old is "very old"? Frankly, anything older than is obsolete (won't even run on current systems), and only "Edge" is up to date in features, including responsive design. Using anything from the 2.2 era (or earlier) should be a capital offense.
  20. MrPhil

    Authorize.net Consolidated v1.7 by Austin519

    Unfortunately, that's the only real option. I can't understand why store owners refuse to keep their store reasonably updated, so it works with the current PHP, MySQL, and other subsystems. They think they can just coast along with their initial installation, and it will work forever. It won't. If you want to drive your Model T Ford at night on the Interstate, be prepared to be run over a few times by 18-wheelers. It will be very costly and time-consuming to dig through all the code and update everything, as compared to upgrading properly. For a basic store, they simply install and configure the "Edge" version, and migrate their data over. I have some sympathy for those who have invested a great deal of time and/or money into customizing their store, but they simply have to realize that no software lasts forever. The base software needs to be periodically refreshed, and transferring over customizations (whether custom code or add-ons) should be no more than a minor inconvenience if good records have been kept regarding what has been done to the store.
  21. Some time ago, either Gary or Jack supplied code to do a math CAPTCHA, where the answer is supplied in the prompt, in case someone misunderstands the question or can't do math(!). I tarted it up a bit to give a variety of prompts, and a variety of answer formats, to discourage bots, and put it on a site Contact page. Unfortunately, I'm now getting an increasing amount of spam through this, which may mean that the bots have cracked it. I may try taking the answer out of the prompt to see what happens, if the amount of spam becomes annoying enough.
  22. What do you mean by "mandatory"? Are earlier versions of reCAPTCHA going to become unsupported? Be aware that various "CAPTCHA" schemes, including reCAPTCHA, are no longer very useful. The spammers can easily defeat them, and cranking up the difficulty high enough to stop most bots means that almost all humans are also blocked! You also have to be careful that visually impaired/blind people aren't excluded from your store, or you could face discrimination charges for failing to make "reasonable accommodations". Unfortunately, almost any anti-bot challenge scheme easy enough for most people to pass seems to also be easy for bots to pass.
  23. Can you imagine if even a small percentage of people in the EU suddenly demand that all their forum/blog posts, reviews, endorsements, tweets, etc. be immediately deleted? It will be chaos, but the GDPR says they can. Can you imagine having to ask people for permission to pass their shipping address on to the Post Office or shipping company? The intent (to protect privacy) is noble, but the execution is seriously flawed. It's one thing to implement reasonable data protection and privacy rules, but the GDPR goes beyond the Pale. If someone in the EU buys from me, and the bureaucrats get their panties tied in a knot because I'm not following the GDPR to the letter, tough shit. I'll implement reasonable practices and guidelines, but nothing beyond that. What are they going to do, request that the US government arrest me and send me to Brussels to be hanged? Maybe that much howling, derisive laughter will do us good on this side of the Pond.
  24. And you have to get explicit permission to share that address with the shipping company? This is going beyond merely stupid... Just implement common-sense data privacy and security measures, and ignore the rest of it. As part of your Privacy policy, state that entering such information implies consent to use it in such a manner. If The Man harasses you about it, make a big public stink about how absurd the rules are and how every online business in the EU is going to have to close up shop or move to the UK or US.