Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

v2.3.2 upgrade experience from v2.3.1


tgely

Recommended Posts

As requested: -

 

Security Pro 2.0 r11

 

Compatibility:

 

osCommerce versions: 2.2 through 2.3.2

 

PHP versions: 4 through 5.4.4

 

Security Pro 2.0 r11 add on

Link to comment
Share on other sites

  • Replies 75
  • Created
  • Last Reply

Oh and before I forget

 

@@Gergely Thanks for the catch

 

@@Harald Ponce de Leon Thanks for the heads up

 

@@Biancoblu and any others who made the change.

 

It should no longer be necessary to exclude password_reset.php and there is some added functionality if interested .. see the docs.

Link to comment
Share on other sites

Hi Harald,

 

Thanks for your reply. I checked the Action Recorder modules and all of them are now installed and configured. It seems like it's working now, except for the password_forgotten.php page alignment is all messed up. I can't figure out what's wrong with it.

 

Here it is:

<?php
/*
 $Id: password_forgotten.php,v 1.50 2003/06/05 23:28:24 hpdl Exp $
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2012 osCommerce
 Released under the GNU General Public License
*/
 require('includes/application_top.php');
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PASSWORD_FORGOTTEN);
 $password_reset_initiated = false;
 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
	$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
	$check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
	if (tep_db_num_rows($check_customer_query)) {
	  $check_customer = tep_db_fetch_array($check_customer_query);
	  $actionRecorder = new actionRecorder('ar_reset_password', $check_customer['customers_id'], $email_address);
	  if ($actionRecorder->canPerform()) {
			$actionRecorder->record();
			$reset_key = tep_create_random_value(40);
			tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set password_reset_key = '" . tep_db_input($reset_key) . "', password_reset_date = now() where customers_info_id = '" . (int)$check_customer['customers_id'] . "'");
			$reset_key_url = tep_href_link(FILENAME_PASSWORD_RESET, 'account=' . urlencode($email_address) . '&key=' . $reset_key, 'SSL', false);
			if ( strpos($reset_key_url, '&') !== false ) {
			  $reset_key_url = str_replace('&', '&', $reset_key_url);
			}
			tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_RESET_SUBJECT, sprintf(EMAIL_PASSWORD_RESET_BODY, $reset_key_url), STORE_NAME, STORE_OWNER_EMAIL_ADDRESS);
			$password_reset_initiated = true;
	  } else {
			$actionRecorder->record(false);
			$messageStack->add('password_forgotten', sprintf(ERROR_ACTION_RECORDER, (defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int)MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5)));
	  }
	} else {
	  $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
	}
 }
 $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL'));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<?php require(DIR_WS_INCLUDES . 'meta_tags.php'); ?>
<title><?php echo META_TAG_TITLE; ?></title>
<meta name="description" content="<?php echo META_TAG_DESCRIPTION; ?>">
<meta name="keywords" content="<?php echo META_TAG_KEYWORDS; ?>">
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<!-- body //-->
<table border="0" width="100%" cellspacing="3" cellpadding="3">
 <tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="0">
  <tr>
	<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
	  <tr>
		<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
		<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_password_forgotten.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
<?php
 if ($messageStack->size('password_forgotten') > 0) {
echo $messageStack->output('password_forgotten');
 }
 if ($password_reset_initiated == true) {
?>
  <tr>
	<td><?php echo TEXT_PASSWORD_RESET_INITIATED; ?></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
<?php
 } else {
?>
<?php echo tep_draw_form('password_forgotten', tep_href_link(FILENAME_PASSWORD_FORGOTTEN, 'action=process', 'SSL'), 'post', '', true); ?>
  <tr>
	<td><table border="0" width="100%" height="100%" cellspacing="1" cellpadding="2" class="infoBox">
	  <tr class="infoBoxContents">
		<td><table border="0" width="100%" height="100%" cellspacing="0" cellpadding="2">
		  <tr>
			<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
		  </tr>
		  <tr>
			<td class="main" colspan="2"><?php echo TEXT_MAIN; ?></td>
		  </tr>
		  <tr>
			<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
		  </tr>
		  <tr>
			<td class="main"><?php echo '<b>' . ENTRY_EMAIL_ADDRESS . '</b> ' . tep_draw_input_field('email_address'); ?></td>
		  </tr>
		  <tr>
			<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
		  </tr>
		</table></td>
	  </tr>
	</table></td>
  </tr>
  <tr>
	<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
  </tr>
  <tr>
	<td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
	  <tr class="infoBoxContents">
		<td><table border="0" width="100%" cellspacing="0" cellpadding="2">
		  <tr>
			<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
			<td><?php echo '<a href="' . tep_href_link(FILENAME_LOGIN, '', 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>
			<td align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
			<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
		  </tr>
		</table></td>
	  </tr>
	</table></td>
  </tr></form>
<?php
 }
?>
<!-- body_text_eof //-->
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
</table></td>
 </tr>
</table>
<!-- body_eof //-->
<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Thanks for your help.

Link to comment
Share on other sites

@@Irin

 

sorry me to lalk in, but v2.2 not similar to v2.3.1. How could you install action recorder before?

:blink:
osCommerce based shop owner with minimal design and focused on background works. When the less is more.
Email managment with tracking pixel, package managment for shipping, stock management, warehouse managment with bar code reader, parcel shops management on 3000 pickup points without local store.

Link to comment
Share on other sites

Hi Gergely,

 

Yes, these two versions are very different from each other, however I try to keep my v2.2 up to date to the best of my abilities. I managed to configure the module in the database, that's the only way to make it function properly. I also sorted out the alignment problem from my previous post. I tested the latest improvements and so far, so good.

 

Thanks for your help, Harald.

Link to comment
Share on other sites

Upgraded my 2.3.1 shop to 2.3.2 today using the documentation - all went smoothly. Thanks for the clear and easy to follow instructions.

Link to comment
Share on other sites

Ha , i did the upgrade like the documentation was telling me and the website still works , SUCCES!!! ;-)

 

Thanks all for the perfect instructions.

 

Gr, Rob

Link to comment
Share on other sites

Hi, I have just completed most of the upgrade from my upgraded RC2a (which I previously succesfully upgraded to v2.3.1).

 

For the upgrade to v.2.3.2 I noticed that some updates are missing, which mainly concerns the css.

For example, the new file catalog/password_reset.php have this line:

<span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?></span>

Which have attributes not present in my upgraded version.

 

And in the catalog/password_forgotten.php

 

The upgrade instruction is to include

 

	  <div class="contentContainer">
	  <div class="contentText"><?php echo TEXT_PASSWORD_RESET_INITIATED; ?></div>

 

Which should be (due to use of tables):

  <tr>
    <td>
	  <div class="contentContainer">
	  <div class="contentText"><?php echo TEXT_PASSWORD_RESET_INITIATED; ?></div>
	  </div>
    </td>
  </tr>

 

Also, those lines reference styling rules not present in my upgrade.

 

So, I wonder if there will be an updated upgrade guide for those of us that eagerly want to be "up to date"?

 

Also, are there translations available for German and Spanish for the language files?

 

 

Sara

Link to comment
Share on other sites

For the upgrade to v.2.3.2 I noticed that some updates are missing, which mainly concerns the css.

For example, the new file catalog/password_reset.php have this line:

<span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?></span>

Which have attributes not present in my upgraded version.

 

Then your "upgraded" version is broken.

 

Suggest you look at a new 2.3.3 includes/functions/html_output.php file where the tep_draw_button can have 5 parameters passed to it.

These 5 parameters were present in 2.3.1 also.

 

Which should be (due to use of tables):

  <tr>
	<td>
	  <div class="contentContainer">
	  <div class="contentText"><?php echo TEXT_PASSWORD_RESET_INITIATED; ?></div>
	  </div>
	</td>
  </tr>

 

There is NO table tags needed here. In password_forgotten, tables do not appear until the other side of the if/else.

If you do have tables elsewhere, then your fork needs more work.

 

So, I wonder if there will be an updated upgrade guide for those of us that eagerly want to be "up to date"?

 

So what you want is detailed instructions on how to upgrade your fork of osCommerce?

 

By the way, all these "fixes" that you constantly talk of in your fork, both to the core of osCommerce and addons, have you uploaded all of these fixes to the addons area for other people to benefit from?

Link to comment
Share on other sites

Hi Burt, thanks for your reply. I do not understand why you say my efforts is a fork?

It's an upgrade from RC2a, in doing so I naturally fixed issues I came across.

Since my site was based on RC2a it does includes tables. Hence I fixed that, keeping the tables.

And, as Harald writes, the 960 grid wasn't part of the upgrade as well as the template_top & bottom.

Until I have fixed my entire site, I will replace the tables where fit. It make take some time, since I also need fix about 30 included addons.

 

Well, detailed instructions, I realize that I need to do it myself since no one else knows what I have implemented and how.

 

As for the missing tep_draw_buttom, it requires jQuery which I try to avoid as good as I can:

 

<!-- // Output a jQuery UI Button
 function tep_draw_button($title = null, $icon = null, $link = null, $priority = null, $params = null) {
<div class="buttonSet">
<span class="buttonAction"><?php //echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'triangle-1-e', null, 'primary'); ?></span>
</div>
Since I haven't implemented jQuery UI Button:
-->
		  <div class="button_bag" style="float:left;">
		    <div class="button_box">
			  <?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?>
		    </div>
		  </div>

 

You see I have created my own css buttons, which I like :)

 

By the way, all these "fixes" that you constantly talk of in your fork, both to the core of osCommerce and addons, have you uploaded all of these fixes to the addons area for other people to benefit from?

 

I am sorry Burt, but I haven't keept a record of all my fixes. I do realize, however, that the complete and finished code could be of interest to those who struggles with the addons I have included, I am not so sure that the fixes for the core could be of interest, since there is a thread for bug reports with official commits.

 

I do recommend to set a vision for your implementation fo osC. That's what I did nearly 3 years ago, and I am still keeping it.

This vision is highly personal and perhaps do not fit everyone.

 

When I started of with osC (MS2.2) I didn't have more than fundamental knowledge of php, css, sql, javascript, ajax..whatever.

 

Where I stand today, wouldn't been possible without the fantastic coding skills of the dev. team.

 

You might say that I am in love...with osC!

 

Thanks to the dev. team I am heading somewhere.

 

Sara

Link to comment
Share on other sites

In other words, you have no intention of sharing your bugfixes, instead you ask others to share theirs and nothing in return from you. Your fork is a commercial product offered via one of your sites, on which you state

 

We offer professional e-stores with guarantees based on Oscommerce RC2a "Final Release" (Version 2.31) with the addition of a number of "Contributions". We have a modular concept that allows you to be "online" within a week. We can help you with everything from web hosting to the design of your store.

 

Our version support features not available in the basic software or elsewhere. We have a full W3C validation of HTML and CSS code both on the catalog- and administration side. Also, we have fixed a lot of bugs in the core code. This also applies to all contributions we have installed.

 

Further, we have an active monitoring of the shop with e-mail alert. Of course there are functions for SEO installed, as well as strong safety features.

 

Administration is easy with the embedded help texts and is very easy to learn.

 

That is known as a fork, which is of a commercial nature. You have taken the code of many developers, myself included, with no credit. That sucks.

 

I have no problem with you selling or giving away your fork, I do have a problem with removed copyrights and credits that should (but don't) exist.

 

This vision is highly personal

 

Sure.

Link to comment
Share on other sites

I have no problem with you selling or giving away your fork, I do have a problem with removed copyrights and credits that should (but don't) exist.

 

"Copyright" and "credit" are two different things. It is not legally possibly though to remove copyright notices without the permission of the original authors. Doing so is illegal and in addition also violates the GPL license.

:heart:, osCommerce

Link to comment
Share on other sites

@@burt

 

As for sharing bugfixes and sharing code (examples):

 

1)

http://addons.oscommerce.com/info/6346

 

2)

http://www.oscommerce.com/forums/topic/313323-how-to-secure-your-oscommerce-22-site/page__st__620__p__1605106__hl__juto__fromsearch__1#entry1605106

 

3)

http://www.oscommerce.com/forums/topic/195959-ajax-attribute-manager-support/page__hl__juto__st__1060

 

4)

http://www.oscommerce.com/forums/tracker/issue-343-onkeyup-is-misspelled/

 

5)

http://www.oscommerce.com/forums/tracker/issue-309-adminmailphp/

 

As for new code, please see my footer

 

Dear Burt, if you look around in the forums I am sure you will find more suggestions from me.

 

Wrt Copyright:

 

http://www.oscommerce.com/about/copyright

 

Which I do comply to.

 

For code I have developed myself, I have the right to claim copyright as Harald pointed out.

 

There are also pieces of code on my site which I have designed the process and paid for the coding.

 

As for code which you have written, do you mean this?

 

http://www.clubosc.com/javascript-off-check-your-site.html

 

In that case I have this in my template_top:

 

<!-- See http://www.clubosc.com/javascript-off-check-your-site.html -->

 

I could of course use the original source for that snippet, or develop my own if that suites you better.

 

By the way on page of this thread you find my "fixes" wrt RC2a for what this thread is about.

 

And, wrt fork, I do rescent that. As for paid services I think you offer the very same to your audience, don't you?

 

I am sorry for my late answer, I stayed up coding until five this morning. So I needed some sleep.

 

Hopefully this is the end of discussion.

 

Kind Regards with credits to the osC team and contributors

Link to comment
Share on other sites

  • 4 weeks later...

hello support,

 

i was updating from 2.3.1 to 2.3.2,

 

on the last direction below:-- (directions from here :(http://www.oscommerce.com/forums/page/docs/_/oscom/23/release-notes-v2/oscommerce-online-merchant-v232-r12)

 

Enable Customer Password Reset Action Recorder Module

 

The Customer Password Reset Action Recorder module must be enabled at the following page:

 

Administration Tool -> Modules -> Action Recorder -> Install Module -> Customer Password Reset -> Install Module

 

 

i am confused

 

i have tools not tool and under that i have no modules but i do have Action Recorder and opening that i have Administration Tool Login no place to install a module.

 

i have a modules and Action Recorder under that , but no place to install a ACTion Recorder module there are three there the Administration Tool Login, Contact us, and Tell A friend.

 

 

i am trying to get this done and then install oscommerce 2.3.3.

 

 

i pretty sure i did not make any mistakes. went slow and accurate.

 

Please advise.

 

 

craig

Link to comment
Share on other sites

The "Administration Tool" part is referencing the administration side of your online shop. The "Tools" section you described would then be referenced as "Administration Tool -> Tools".

 

Short answer: look for "Modules -> Action Recorder -> Install Module -> Customer Password Reset -> Install Module"

:heart:, osCommerce

Link to comment
Share on other sites

  • 2 weeks later...

Nice to see so many who's upgrades have gone smoothly - the instructions are well written and easy to follow. I however am experiencing a problem and am hoping to find the solution here.

 

What is happening is that first if I click on the reset link in the email - its not taking me to the password_reset.php but it redirects to the password_forgotten.php page which then contains an error message saying: "The E-Mail Address was not found in our records, please try again," and. "If you've forgotten your password, enter your e-mail address below and we'll send you instructions on how to securely change your password."

 

Now I went through the instructions again to make sure that I didnt make any errors but what I did notice is the following:

 

I also have the ULTIMATE Seo Urls 5 PRO module installed and in my catalog/includes/functions/general.php I have the following code:

 

/**
 * ULTIMATE Seo Urls 5 PRO
 * Redirect to another page or site
 */
 function tep_redirect($url) {
   if ( (strstr($url, "\n") != false) || (strstr($url, "\r") != false) ) {
  tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
   }
   if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page
  if (substr($url, 0, strlen(HTTP_SERVER)) == HTTP_SERVER) { // NONSSL url
    $url = HTTPS_SERVER . substr($url, strlen(HTTP_SERVER)); // Change it to SSL
  }
   }
   if ( false !== strpos($url, '&') ){
  $url = str_replace('&', '&', $url);  /// notice these lines here
   }
   session_write_close();
   header('Location: ' . $url);
   exit;
 }

 

In the email that gets sent the '@' sign reflects as %40 - now what I was wondering is if the url = str_replace line above doesnt have something to do with the fact that I am being redirected to the password_forgotten.php file instead of the password_reset.php file.?

 

Kayla

Link to comment
Share on other sites

~ Don't mistake my kindness for weakness ~

Link to comment
Share on other sites

  • 3 months later...

Robert (@@FWR Media) is going to release an update to the Add-On soon with an official fix :thumbsup:

 

Kind regards,

 

Any hint where to find it? I have same problem. I upgraded succesfully from 2.2 -> 2.3.1 -> 2.3.2 took backup. Installed default 2.3.2 site, and restored. Now I and customers cant logon :-(

Timo Jensen

Link to comment
Share on other sites

Read the post above yours, and click the link.

 

Except now i cant search for danish goods, due to the letters æøå/ÆØÅ.

Besides, i still cant login, and certainly cant retrieve lost password.

Timo Jensen

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...