Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by MrPhil

  1. jQuery has a (recently patched) vulnerability to "prototype pollution" attacks, which can be used to escalate authority of hackers and do nasty things. Article: https://www.zdnet.com/article/popular-jquery-javascript-library-impacted-by-prototype-pollution-flaw/ The article goes on to note that there have been some API changes since v1 and v2, so upgrading jQuery is more than just dropping in a new library.
  2. FUD? BS! I'm not going to mention Phoenix in my sig, or promote it anywhere, if you're going to have an attitude like that.
  3. MrPhil

    Fatal error, webhost is stumped

    If it's the same issue, there's no problem that it's a few months old. The problem is hijacking old threads to start talking about a different problem. That becomes very confusing when the matter being discussed suddenly lurches to something else, and the subject (title) line no longer matches up.
  4. I don't think I should bother adding a mention of Gold, as it is so old. I will add that Frozen is sunset. Could you clarify what you've done with Edge vs. Phoenix? I was under the impression that Phoenix was a snapshot of Edge (as Frozen was), but this time with a series of patches to keep it updated, while Edge continues the development (but its use for production stores is discouraged, as it's too unstable). Or has Edge been renamed to Phoenix, or is it something else altogether? I'm just trying to visualize the family tree so I can understand what I'm giving links to. It doesn't help to sometimes call it Master and other times Phoenix. If someone wants to consider Phoenix from my siggy, I would assume that they want a full install (/tree/a.b.c.d). I'm not going to update my sig every time you have a point release, so where should I point them to find the latest and greatest (assuming they don't know at this point what the current a.b.c.d is)? Is there a /latest-full that points to the appropriate place? The alternative is to point them to the latest full release on the osC Products page, but then they have a bunch of updates to find and install. Is there some central repository of Phoenix incremental update zip files, or are they just scattered around this forum? Either way, keep in mind that most people looking for an installable are not computer nerds and need a lot of hand holding. You need to make it easy for them. Come to think of it, if they download from the Products page, will they even be aware that there are numerous patches? One thing that occurs to me is that some people are going to see "osCommerce Online Merchant" (or whatever the name is), see there's an "osCommerce Online Merchant" on the Products page, and say, "Man, this one is way obsolete! I'm going with the latest and greatest,! Obviously it's much better..." Are the names distinct enough to avoid this understandable confusion? In one of your announcements, you state that the shop (public) side is now BSv4, but I thought I saw you state at one point that you were close to done with a responsive (BSv4) admin side, too. Did that go away at some point? Should the vast majority of potential users be at PHP 7.0+ by now, so you can afford to state that 7.0 is the minimum? I'm wondering how many PHP 5.6 (and even earlier) servers are still out there, that Phoenix may still run fine on. Is it worth having someone at PHP 5.6 pass up Phoenix because they think it won't run on their server?
  5. MrPhil


    If you're just starting out, you're best off leaving the store in its own catalog/ or shop/ directory, and not in the site root. That way, you can easily add other subsystems (e.g., a blog, a photo gallery) in their own directories, with some sort of "landing page" in the root to direct visitors to the appropriate area. Any subsystem can then be changed or removed without the risk of breaking something else in the site (as happens when a store or other subsystem is mixed in with root files), and you won't have the complications of having your blog's URLs pass through the store's .htaccess or vice-versa. Until you bring up other subsystems and a landing page, you can tell the server to silently (200 status code) rewrite an incoming URL to your root over to the catalog/ or shop/, in /.htaccess. That way, visitors don't have to remember to type in "catalog/", and when you do add other subsystems, bookmarks and search engine entries won't have to change.
  6. It's a 500 (Internal Server) error, so check your site server log to see if there is any additional information. Something looks really messed up with the URL... the ? and & together (a term between them missing?), and the orderID that looks a lot more like a session ID (oSCId), unless that's a payment system-specific ID. Exactly what version of osCommerce are you using, where did you get it from, what PHP version is your site running on, what add-ons have you installed, what payment system(s) are you using, etc.? If you're just starting out, scrap your current "official" installation and install the Community-supported "Frozen" plus patches (see links below in my signature). It is responsive (mobile-friendly), truly PHP 7.1 compatible, has many other improvements, and is supported. Even if you've already entered a large number of products, it may be easy enough to transfer the database to the new installation (it will need updating). There is an even newer "Phoenix" release, but I would wait a few weeks before trying to use it, until the major bugs have been shaken out.
  7. Phoenix, not
  8. I could see a brick-and-mortar store owner walking through the aisles, cross-checking on their phone what their e-site offers, and doing at least minor updates in admin. Therefore, it might not be so far-fetched to want to be able to do admin on a phone. Of course, they could also just jot down notes on a pad, and do everything back in the office.
  9. You can certainly display frame styles like any other merchandise. You can select lens types and treatments, but if that is not compatible with all frames, you might be facing some custom coding to show available frames for a type of lens. You would have to have a place to enter the prescription information, which would be passed on to whoever is cutting and shaping the lenses. Is that simple text, or are there complicated symbols (can a consumer be trusted to accurately transcribe an eyeglass prescription)? Pricing could get quite complicated if it depends on many factors. Finally, depending on where you are, eyeglasses may be regulated as medical devices, and require special certification for you to handle. TL;DR I'm sure it can be done, but probably not "out of the box" osCommerce -- it will almost sure require some custom work, more than just an add-on or two. Or was this just a spam attempt? (I see that links were removed by another moderator.)
  10. MrPhil

    Marketplace Category/Version Cleanup

    What's your point? The official osC (found on every one-button installer) is not really PHP 7 ready (it starts having problems above 5.4 or so) and is non-responsive. The CE stream (Frozen/Edge/Phoenix) work with up to PHP 7.1, and are responsive. Plus, you get a lot of functional enhancements (such as improved modularity) along with the other things. I fail to see why it's better to put in all the work to upgrade an official site to PHP 7.x and responsive, when you could simply install something from CE and customize that with add-ons and CSS tweaking. If you made tremendous changes to your official osC store, and neglected to keep any record of what you did, well, you deserve the extra work. Even then, in the long run, it will be less work to start over from CE (looking at future upgrades).
  11. tep_output_string() appears to be cleanup for HTML display, not for correct URLs. I think it's been used incorrectly here for a long time.
  12. So what is in $parameters? Is it { and } or something else? It appears that tep_output_string will only translate " to " (whatever that does for a URL).
  13. That's news to me. I've seen CE listed for a while now.
  14. But either Frozen or Edge (I think Frozen) was likewise on the official download page until replaced by Phoenix. How has the situation changed?
  15. So did Phoenix finally fix this (replace { } by something else) or is it still broken? It is undesirable to urlencode the { }, as it looks tacky (although it does more or less work). Are there enough saved URLs out there to make preserving the use of { } the least evil choice, even though they're unlikely to work anyway (if not urlencoded)?
  16. MrPhil

    PayPal App v5.018 Log In with PayPal is now dead

    Have you read the full thread, as well as related ones in the PayPal section? "Login with PayPal" is gone, replaced by "Connect". There are some suggested code changes to get this to work.
  17. MrPhil

    Marketplace Category/Version Cleanup

    My point is that Phoenix is not the official osC release, and thus will never be picked up by one-button installers (Softaculous, etc.). It would be great for Phoenix (or even, Frozen) to be on such installers, but my experience has been that they go with what is labeled the "official" release. Thus, newbies will continue to install the obsolete and have to be told that they should have installed something else. Frankly, this makes everyone associated with osC look stupid.
  18. It's more than just core changes that you should keep track of. All changes, add-ons, and other configuration settings and changes should be recorded, so that it's (relatively) easy to get your next store (e.g., based on Phoenix rather than Frozen) up and running with the same look and feel and functionality of the old store. When you have to start from scratch each time, figuring out what to change, it becomes an overwhelming job, and you tend to stay for years with an obsolete version until the pain becomes too great. Don't forget to document why you make a change... it's silly to try to repeat your responsive changes to official osC in Frozen or Phoenix, only to realize after many frustrating hours that it's already built-in... now, which of those changes were for responsive, and which were other things?
  19. Well, your frustration is understandable, but new software releases are a fact of life. You can continue to run Frozen for a while (especially if you patch it), even past its official EOL, but don't push it too far. A lot of people get into deep trouble by trying to hold on to releases years after they're obsolete. My biggest concern is getting Frozen and Phoenix past PHP 7.1, as hosts are starting to make 7.2 their minimum. The database should be very close to (if not the same as) Frozen, but the only way to tell for sure is to do a test install of Phoenix (or look at oscommerce.sql) and compare the database schemas (structures). My understanding is that it's mostly going from Bootstrap v3 to v4, and maybe the admin side is now BS'd. I would assume that a number of bugs have been quashed, but I haven't had a chance to look at it yet. Maybe later this summer.4 I keep telling people that when they install a new version of osC, they should keep careful track of every single change they make, and every single add-on installed, and why the change was made. This makes it so much easier to transfer to a new base install.
  20. MrPhil

    Marketplace Category/Version Cleanup

    Don't wait for any official updates to osC. If you hold your breath for one, you'll end up turning extremely blue! Harald has a habit of making grand announcements of the imminent release of The Greatest Thing Since Sliced Bread, and then... nada. As you may have noticed, the "Phoenix" snapshot of "Edge" (I think that's the name being used) was just released, and "Frozen" is still quite usable, but those are unofficial releases. One-Button installers will never carry it, but it's the best you're going to do.
  21. MrPhil

    Login with Paypal

    IIRC, 5.010 is indeed the last full installation, and there are a number of incremental updates following it, up to 5.018. I haven't looked to see if all the updates will be applied in one "update" click, or if you have to update several times to get to 5.018, but you might want to keep an eye on what it's doing. I recall that there are gaps in the sequence (i.e., there are not 8 updates to get to 5.018). There have been some recent changes to PayPal (e.g., Connect vs Login), so 5.018 isn't the last word, but I think Harald has to manually do some code changes to bring it up to date. I don't know what his plans are there.
  22. MrPhil


    First of all, check what version you were supplied with by GoDaddy. It's probably the obsolete v2.3.4.1. What you want, as a minimum, is "Frozen" plus some patches (see links in my signature below). In the "Community Edition" section of this forum you will find discussion on how to install it. The installation will attempt to create the database on your server, but it's possible that you'll have to do some manual operations to create the database itself (but osC will create all the tables and fill them with sample store data). Other than that, it's basically a matter of copying files to your server and running "install". Just yesterday a newer version of Frozen was released. I would give it at least a week before trying it, to let it settle down (there's already been two patches issued). I'm not sure if it's being called "Master" or "Phoenix".
  23. MrPhil

    International SEO

    Google site:forums.oscommerce.com hreflang to see lots of discussion on this subject.
  24. MrPhil

    Is a store built on oscommerce ?

    The general question of determining whether a e-store is osC-based is legitimate, and discussion of techniques is allowed, although mentioning specific sites crosses the line into spam (which is why this thread was originally censored). There are many osC-based stores out there which are heavily modified and/or template-based, so there is no sure-fire way to tell by simply looking at the HTML output. You can get hints from what content in the <head> is positioned where, and how some of the <body>'s content is structured. You might even get lucky and spot a cookie name or div id that marks it as probably osC, but don't count on it. You won't see the tep_ internal PHP routine names in the HTML. With enough bending and hammering, you can get osC to look like and behave like almost anything, which is both its blessing and its curse. Therefore, it may not be terribly useful to ask "is this built on osCommerce"? It might be better to ask, "what add-ons for osC would give me such-and-such look and behavior?".
  25. MrPhil

    Undefined index:

    What PHP version, what osC version, and what was this add-on built for (PHP and osC versions)? The wrong combination might leave you without $_GET and $_POST defined, while $HTTP_GET/POST_VARS are, or vice-versa. Or, it could be that just the 'delete' element is missing. A button could certainly use the GET method to transfer form data, but what it will do if the table is empty, I don't know (whether delete=xxxx is in the form data). One thing that could be done is to verify that $_GET['delete'] exists, before attempting to run this query that depends on it. If there were no entries to select for deletion, there isn't much sense in trying to run the query.