Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

What is the osCsid & why you must not loose it.


spooks

Recommended Posts

Well no good still. Page loads but no stylesheet at all. And I only change one line in the catalog/includes/configure.php and that was as follows:

 

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

 

And yes, I did change "servername" to my server. When I take away the "servername" from that line of code, everything is normal!! Completely lost at this point!!!

Link to comment
Share on other sites

  • Replies 206
  • Created
  • Last Reply

Well no good still. Page loads but no stylesheet at all. And I only change one line in the catalog/includes/configure.php and that was as follows:

 

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

 

And yes, I did change "servername" to my server. When I take away the "servername" from that line of code, everything is normal!! Completely lost at this point!!!

Link to comment
Share on other sites

Well no good still. Page loads but no stylesheet at all. And I only change one line in the catalog/includes/configure.php and that was as follows:

 

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

 

And yes, I did change "servername" to my server. When I take away the "servername" from that line of code, everything is normal!! Completely lost at this point!!!

Link to comment
Share on other sites

Well no good still. Page loads with no stylesheet at all. And I only change one line in the catalog/includes/configure.php and that was as follows:

 

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

 

And yes, I did change "servername" to my server. When I take away the "servername" from that line of code, everything is normal!! Completely lost at this point!!!

Link to comment
Share on other sites

It seems you have other un-related errors, or are creating new as u edit!!

 

config has nothing to do with css

 

go over your site more carefully, I hope you're not using filemanager to edit!!!!

 

I think its time u took this to a new thread as your errors are specific to your site & not related to sid issues.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Thanks Sam for the response.

 

I use Notepad++ to do the editing and comparing. Okay I'll go over the site again carefully and will create a new topic if necessary.

 

Thanks once again.

Link to comment
Share on other sites

Hi Sam,

 

Hope you can help ive followed you guide, but im getting a different seesion id to one assigned im using tep_href_link function ?

<?php

require('includes/application_top.php');

 function getSuggestions($keyword)
 {
 global $languages_id;
// escape the keyword string	  
$patterns = array('/"+/', '/%+/');
//$patterns = array('/\s+/', '/"+/', '/%+/');
$replace = array('');
$keyword = preg_replace($patterns, $replace, $keyword);
$keyword = tep_db_input($keyword);
// build the SQL query that gets the matching functions from the database
if($keyword != '')
  $query = 'SELECT products_name, products_id ' .
		   'FROM products_description ' . 
		   'WHERE LOWER(products_name) LIKE "' . strtolower($keyword) . '%" and language_id = "'.$languages_id.'"';
// if the keyword is empty build a SQL query that will return no results
else
  $query = 'SELECT products_name ' .

		   'FROM products_description ' .
		   'WHERE products_name !="" and language_id = "'.$languages_id.'"'; 
// execute the SQL query
$result = tep_db_query($query);
// build the XML response
$output = '<?xml version="1.0" encoding="'.CHARSET.'" standalone="yes"'.'?'.'>';
$output .= '<response>';
// if we have results, loop through them and add them to the output
if(tep_db_num_rows($result)>0)
  while ($row = tep_db_fetch_array($result))
  {  
	$output .= '<name>' . htmlentities($row['products_name'], ENT_QUOTES) . '</name>';
	$output .= '<url>' . tep_href_link(FILENAME_PRODUCT_INFO. '?products_id='.(int)$row['products_id'],'',NONSSL,true,false) . '</url>';
  }
// close the result stream 
// add the final closing tag
$output .= '</response>';   
// return the results
return $output;  
 }

Link to comment
Share on other sites

You must use the function as designed!!

 

You are adding params to the name instead of putting them in the correct place!!

 

tep_href_link(FILENAME_PRODUCT_INFO. '?products_id='.(int)$row['products_id'],'',NONSSL,true,false)

 

should be

 

tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$row['products_id'],NONSSL,true,false)

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

For all you "noobs" out there who have violated protocol and lost your osCsid I have a few extra that can be provided on a "first come - first served" basis.

 

These have reinforced attachments and are highly unlikely to ever fall off.

 

Losing the osCsid does have other ramifications.

 

They are electrically charged and do pose an electrocution hazard if you "surf" into one.

 

PLUS, there is a "no littering" policy in force in cyberspace and as the responsible webmaster you could be slapped with a littering fine by the EPA (Electronic Protection Agency).

:o

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

You must use the function as designed!!

 

You are adding params to the name instead of putting them in the correct place!!

 

tep_href_link(FILENAME_PRODUCT_INFO. '?products_id='.(int)$row['products_id'],'',NONSSL,true,false)

 

should be

 

tep_href_link(FILENAME_PRODUCT_INFO, 'products_id='.(int)$row['products_id'],NONSSL,true,false)

 

Thanks but due to the java return doesnt work, i shall keep trying

Link to comment
Share on other sites

  • 2 weeks later...
For all you "noobs" out there who have violated protocol and lost your osCsid I have a few extra that can be provided on a "first come - first served" basis.

 

These have reinforced attachments and are highly unlikely to ever fall off.

 

Losing the osCsid does have other ramifications.

 

They are electrically charged and do pose an electrocution hazard if you "surf" into one.

 

PLUS, there is a "no littering" policy in force in cyberspace and as the responsible webmaster you could be slapped with a littering fine by the EPA (Electronic Protection Agency).

:o

 

:lol: :lol: :lol:

 

I keeep seeming to meet poeple with this trouble & sometimes they really struggle with the principles, so could you let me have some of your reinforced attachments so I can just hand them out & not bother with the explenations?

 

PS are they guaranteed, or might they discharge over time leading to new fall off? ;)

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

OK Sam, I've sent you all I had.

 

The last time I struggled with a Principle was in High School and I got expelled, but that's a whole other story...

:blush:

 

Before I sent them I added a couple of metal straps to each one. One going from top to bottom, left to right, and front to back. That way if they ever start to discharge they'll just recharge themselves so I think I got the discharge problem taken care of.

:blink:

 

I sent them via FED-UP (that's half-way by FED-EX, and the other half by UPS) and they assured me that they'd arrive by the second Tuesday of next week.

*COUGH* *COUGH*

;)

 

If you need anything else, just holler.

 

(If you can't have a little fun once in a while here on the forum, what's the point? :lol: )

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

OK Sam, I've sent you all I had.

 

The last time I struggled with a Principle was in High School and I got expelled, but that's a whole other story...

:blush:

 

Before I sent them I added a couple of metal straps to each one. One going from top to bottom, left to right, and front to back. That way if they ever start to discharge they'll just recharge themselves so I think I got the discharge problem taken care of.

:blink:

 

I sent them via FED-UP (that's half-way by FED-EX, and the other half by UPS) and they assured me that they'd arrive by the second Tuesday of next week.

*COUGH* *COUGH*

;)

 

If you need anything else, just holler.

 

(If you can't have a little fun once in a while here on the forum, what's the point? :lol: )

 

OK great thanks B) , I hope FED-UP have them properly contained & sealed in a hydroscopic vacuume chamber so they cant drop out, since as u said any spillage would have the cyberpolice jumping all over them (and your principle)!

 

I'll weight in all day, second teusday in antithipation. :blink:

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Contributions that may help if you have issues:

 

SID Killer http://addons.oscommerce.com/info/952

Duplicate Content Manager http://addons.oscommerce.com/info/6214

 

 

For further reading see: http://www.oscommerce.info/kb/osCommerce/D...plementations/4

 

and http://www.oscommerce.info/kb/168

 

I hope that makes things clearer. ;)

 

 

Don't know if anyone else had probs with the contrib above SID KILLER..but in steps 5 and 6 of CHANGING THE BUTTONS the lines of code that needed replacing were not actually there:

 

ie:Step 5

========

File: /catalog/products_new.php

Find the code:

 

<td align="right" valign="middle" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCTS_NEW, tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $products_new['products_id']) . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a>'; ?></td>

 

and replace it with: (relevant new code)

 

and...

Step 6 (hey last step!)

========

File: /catalog/product_reviews.php

=========================================================

The reason for this change is that when there is NO review existent for a product,

the users get product_reviews.php, not product_reviews_info.php ;). So we gotta mod a lil'

 

 

Find: ( Somewhere around line 189)

 

echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';

 

Replace WITH

 

Anyone else have this prob?

All other suggested codes were found and replaced apart from these two.

Link to comment
Share on other sites

  • 2 weeks later...

hi,

 

you need to make the comparasion and after the modification on the php file (hint: make a search with: button_in_cart.gif and you will find the lines)

 

 

 

 

 

 

Don't know if anyone else had probs with the contrib above SID KILLER..but in steps 5 and 6 of CHANGING THE BUTTONS the lines of code that needed replacing were not actually there:

 

ie:Step 5

========

File: /catalog/products_new.php

Find the code:

 

<td align="right" valign="middle" class="main"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCTS_NEW, tep_get_all_get_params(array('action')) . 'action=buy_now&products_id=' . $products_new['products_id']) . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a>'; ?></td>

 

and replace it with: (relevant new code)

 

and...

Step 6 (hey last step!)

========

File: /catalog/product_reviews.php

=========================================================

The reason for this change is that when there is NO review existent for a product,

the users get product_reviews.php, not product_reviews_info.php ;). So we gotta mod a lil'

 

 

Find: ( Somewhere around line 189)

 

echo '<p><a href="' . tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')) . 'action=buy_now') . '">' . tep_image_button('button_in_cart.gif', IMAGE_BUTTON_IN_CART) . '</a></p>';

 

Replace WITH

 

Anyone else have this prob?

All other suggested codes were found and replaced apart from these two.

Link to comment
Share on other sites

hi,

 

you need to make the comparasion and after the modification on the php file (hint: make a search with: button_in_cart.gif and you will find the lines)

 

Hi, yes I used Ctrl F to find where it was used but nothing came up. I scrolled through the lines of code again and again and again, any other suggestions please please...this SID THING is a killer.

Link to comment
Share on other sites

Another place you can loose sid is through forms, if you creat a form with pure html like:

 

<form name="contact_us" action="<?php echo FILENAME_CONTACT_US ?>" method="get"> Name: <input type="text" name="name"> More Text <input type="submit" value="Submit"> </form>

 

As the form action does not contain the sid, its lost!!

 

the correct method is:

 

<?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'get'); ?>

Name:  <?php echo tep_draw_input_field('name'); ?>

More Text <?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?>

</form>

 

Note the use of tep_href_link within the form.

 

 

 

If your writing your own code, the details for the tep_href_link function are:

 

tep_href_link($page, $parameters , $connection, $add_session_id , $search_engine_safe )

 

$page is the page you are linking to.

$parameters is parameters for the url (action=send etc)

$connection is SSL or NONSSL

$add_session_id is normally 'true' so sid is added

$search_engine_safe if set to true and SEARCH_ENGINE_FRIENDLY_URLS is set to 'true' (in admin) sef url's are created.

 

No matter what I try I still can't get the tep_href_link to work. Once saved and tested it goes straight to an error page. The link ends up full of %20 etc.. and shoes the FILENAME radera. What am I doing wrong?

For eg:

I am trying to include a link on all product pages from the same manufacturer a the bottom of the product info, back to the Brand name so creating a link 'More Products by this manufacturer'. I just want to link straight back to the MANUFACTURER Name

Link to comment
Share on other sites

  • 1 month later...

Hi all,

I've been reading up about SID Killer and I was wondering; will setting force cookies to true, prevent spide sessions and updating the spider.txt provide sufficient\comparable protection against SID mix ups? After trying SID Killer out, I'd rather not use it if possible due to conflicts with other contributions, but if this is the best\only way of being sure, then I'll obviously plump for this.

 

The reason I'm asking is because after looking through the forums, some people recommend SID Killer highly and others seem to absolutely hate it and think it is overrated. Any opinions would be greatly appreciated!

Cheers

-R

Link to comment
Share on other sites

If you have set prevent spider sessions to true and updated the spider.txt you don`t need SID killer

 

 

You could still get sid mixup if other sites etc include the sid, so you need to be careful.

 

Set Recreate Session to true to avoid that problem

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

You have errors in your configuration

 

typical config files:

 

CATALOG/ADMIN/INCLUDES/CONFIGURE.PHP

define('HTTP_SERVER', 'http://www.my-site.co.uk');

define('HTTP_CATALOG_SERVER', 'http://www.my-site.co.uk');

define('HTTPS_CATALOG_SERVER', 'http://www.my-site.co.uk');

define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/servername/catalog/');

define('ENABLE_SSL_CATALOG', 'false');

define('DIR_FS_DOCUMENT_ROOT', '/home/servername/public_html/catalog/');

define('DIR_WS_ADMIN', '/catalog/admin/');

define('DIR_FS_ADMIN', '/home/servername/public_html/catalog/admin/');

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', '/home/servername/public_html/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

CATALOG/INCLUDES/CONFIGURE.PHP

define('HTTP_SERVER', 'http://www.my_site.co.uk');

define('HTTPS_SERVER', 'http://www.my_site.co.uk');

define('ENABLE_SSL', false);

define('HTTP_COOKIE_DOMAIN', 'www.my_site.co.uk');

define('HTTPS_COOKIE_DOMAIN', 'www.my_site.co.uk');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/servername/public_html/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

define('DB_SERVER', 'Localhost');

define('USE_PCONNECT', 'false');

define('STORE_SESSIONS', 'mysql');

 

if your store is in the root remove catalog/ above

I suspect you have catalog/ in there, but have a root based site

 

i compared my two configure files and i see i have som extra code in both of them that isnt in your example:

 

 define('DB_SERVER', 'localhost');
 define('DB_SERVER_USERNAME', 'xxx_xxxxx');
 define('DB_SERVER_PASSWORD', `xxxxx);
 define('DB_DATABASE', 'xxx_xxxxxx');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');

 

Is that wrong? i cant remember putting the code in there the first place, so i cant explain why its in both of my configure files...

Link to comment
Share on other sites

 define('DB_SERVER', 'localhost');
 define('DB_SERVER_USERNAME', 'xxx_xxxxx');
 define('DB_SERVER_PASSWORD', `xxxxx);
 define('DB_DATABASE', 'xxx_xxxxxx');
 define('USE_PCONNECT', 'false');
 define('STORE_SESSIONS', 'mysql');

 

Those are normal & correct, I leave them off the example to aviod some posting their's 'as is' with the secuity info compromised.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

ok, Thanks..

 

Nnow back to my bad english and understanding *lol*

 

I didnt quite understand if i shall have the oscid to show or not.

They show if i have force cookie use false

 

And not show if force cookie use True.

 

What configuration should i have in my sessions?

Check SSL Session ID

Check User Agent

Check IP Address

Prevent Spider Sessions

Recreate Session

 

Is that depending on something or what?

Link to comment
Share on other sites

As I said Prevent Spider Sessions must be set to true, setting Recreate Session to true is a good idea, but it depends on your server, the others depend on your site & server config.

 

You cannot & must not block the sid, with force cookie ON the sid is in the cookie, so its not in the url otherwise its up to osc if its needed in the url or not.

 

PLEASE READ THE THREAD

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

i have been reading the Thread but, as this is in another language i somtimes find it difficult to understand.. especially "computer talk" :blush:

 

Sorry...

 

Im afraid to anoy you more but, i have to ask just so i make it glass clear:

 

If my URL´s look like http:// mywebsite.com/index.php/barn-c-3?osCsid=4ae2e68238d85d62d43ffda14202bf77 and someone copies that url and paste it on a nother website, the osCsid will also show... is that a bad thing?

 

Please be kind and not angry with me of my stupid questions... :blush: (wish i were english or american)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...