Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Responsive osCommerce - Bootstrap


Recommended Posts

  • Replies 2.2k
  • Created
  • Last Reply

@burt

The  (oldeee) live store  is also running on 1und1 shared hosting with  php 5.5.38  sessions also stored in file, its a kind of v2.3.3.2 oscommerce, there are no problems with sessions expiring, i could post the code of that old sessions.php if you think that it is useful regarding diffferencies.

Best regards

Christoph

 

Link to comment
Share on other sites

@burt

My hosting company right now is webhostinghub.com and I have the latest PHP version for this BS Edge install. I did however, look in the php.ini file after you said it is a configuration issue on my end. And I did find the following code in it. Though, if this is a configuration piece that can be controlled from the application admin area, then it probably should be, right?

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
;     session.save_path = "N;/path"
; where N is an integer.  Instead of storing all the session files in 
; /path, what this will do is use subdirectories N-levels deep, and 
; store the session data in those directories.  This is useful if you 
; or your OS have problems with lots of files in one directory, and is 
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage 
;       collection through a shell script, cron entry, or some other method. 
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 1
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security. 
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

 

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Link to comment
Share on other sites

@Demitry  OsCommerce does not use the PHP session handler, so the session settings in your php.ini should have no effect. There may be a setting somewhere in there that affects the osC internal session code, but I'm not aware of any.

Regards

Jim

See my profile for a list of my addons and ways to get support.

Link to comment
Share on other sites

@kymation

hey Jim,

Thanks, ..I didn't know that. I actually thought that the following setting was responsible for the session not expiring. However, I did not move to test it because it would have to be the same setting for both the admin panel and the catalog sessions,.. and that was not the case.

session.cookie_lifetime = 0

Instead, I took what Carl Nordstrom did improved on it, and made it into an addon that can controlled from Admin>Configuration>Sessions. I tested it and it works great. The screenshot is below. Please take a look and see if it can be improved.

https://apps.oscommerce.com/Apps&2MAEV&session-expiration-control

@burt

hey Burt,

You're probably right and this is not a bug with osC, but the point here is that if this problem occurs over various hosting set-ups, then shouldn't the store owner have control over it from the application side?

 

session-expiration-control-screenshot.png

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&geo=US&q=oscommerce

Link to comment
Share on other sites

@Demitry It used to be controlled by session.gc_maxlifetime in includes/functions/sessions.php

No longer giving free advice. Please place deposit in meter slot provided.  Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! :P

Is your Osc dated try Phoenix  raising oscommerce from the ashes.

Link to comment
Share on other sites

  • 2 weeks later...
7 minutes ago, ArtcoInc said:

@burt

Example of how this could be used?

Malcolm

You could disable the buy button if there's no stock...

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

@ArtcoInc yes, but I'm going to test the code before I post it ;)

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

    function execute() {
      global $PHP_SELF, $oscTemplate;

      if (tep_not_null(MODULE_HEADER_TAGS_GRID_LIST_VIEW_PAGES)) {
        $pages_array = array();

        foreach (explode(';', MODULE_HEADER_TAGS_GRID_LIST_VIEW_PAGES) as $page) {
          $page = trim($page);

          if (!empty($page)) {
            $pages_array[] = $page;
          }
        }

        if (in_array(basename($PHP_SELF), $pages_array)) {
		  $script = <<<EOS
<script>
  $(document).ready(function() {
    $('*[data-in-stock]').filter(function () {
	  return $(this).data('in-stock') <= 0;
	}).each(function() {
	  $(this).addClass('disabled'); // use to change appearance
	  $(this).attr('disabled', true);
	});
  });
</script>
EOS;
        	$oscTemplate->addBlock($script, $this->group);
        }
      }
    }

pop that in a header tags module (base it on the grid list one but change the names obviously)

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

hi,

I noticed that product_info.php page and product_reviews.php (and likely some others) have addslashes($product_info['products_name']), which displays a backslash before an apostrophe in the alt tags for the product image. 

I changed it to stripslashes(),.. but was wondering if there is any significant purpose to keeping the addslashes() alt tags?

 

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Link to comment
Share on other sites

another question... I installed a threat scanner and ran it. One of the things it identified was the /admin/define_language.php file. I know that this file had some security vulnerabilities in the older versions of osC. I assume that those vulnerabilities are now secured in that file. With what version of osC were these changes made to resolve the security issues? Thanks.

 

 

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Link to comment
Share on other sites

4 hours ago, Demitry said:

hi,

I noticed that product_info.php page and product_reviews.php (and likely some others) have addslashes($product_info['products_name']), which displays a backslash before an apostrophe in the alt tags for the product image. 

I changed it to stripslashes(),.. but was wondering if there is any significant purpose to keeping the addslashes() alt tags?

 

That's not from core. The core code is

      echo tep_image('images/' . $product_info['products_image'], NULL, NULL, NULL, 'itemprop="image" style="display:none;"');

Doesn't populate alt at all

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

5 hours ago, Demitry said:

another question... I installed a threat scanner and ran it. One of the things it identified was the /admin/define_language.php file. I know that this file had some security vulnerabilities in the older versions of osC. I assume that those vulnerabilities are now secured in that file. With what version of osC were these changes made to resolve the security issues? Thanks.

 

 

not a bootstrap question.  ask it elsewhere please

Link to comment
Share on other sites

8 hours ago, Demitry said:

hi,

I noticed that product_info.php page and product_reviews.php (and likely some others) have addslashes($product_info['products_name']), which displays a backslash before an apostrophe in the alt tags for the product image. 

I changed it to stripslashes(),.. but was wondering if there is any significant purpose to keeping the addslashes() alt tags?

 

as far as I recall, this is also true in all version of historical oscommerce

hence:  not a bootstrap question, please ask elsewhere

Link to comment
Share on other sites

@BrockleyJohn, @burt

John, Burt, thank you for the replies.

John, The latest BS Edge does have this code in the product_info.php, page reviews, and others. The screenshot below is from the latest download of BS Edge in the product_info.php page.

Burt, with all due respect, I'm not sure how the osC community is supposed to help improve on this software when we cannot address issues, ..which are both present in the latest release of BS Edge.

If adding of slashes to alt tags is also true in all version of historical oscommerce, and this is an issue that had never been corrected, ..and it currently exists in BS Edge, ..then how is this not the place to address it?

Demitry

 

 

 

product_info-source.png

osCommerce: made for programmers, ...because store owners do not want to be programmers.

https://trends.google.com/trends/explore?date=all&amp;geo=US&amp;q=oscommerce

Link to comment
Share on other sites

@Demitry apologies - sloppy checking. I've never seen that code path before; I don't believe I've had a BS client yet that doesn't use large images which is the only time that statement gets used. I had to go back remove the large images from my test product to reproduce. The reason it is originally there is to prevent a quote (or double-quote) in the product name breaking the page or throwing an error. You should check whether either breaks your change.

2 hours ago, Demitry said:

@BrockleyJohn, @burt

If adding of slashes to alt tags is also true in all version of historical oscommerce, and this is an issue that had never been corrected, ..and it currently exists in BS Edge, ..then how is this not the place to address it?product_info-source.png

This isn't necessarily the place to address it because the scope of the project is to provide a responsive variant of the main osc release. The more additional change that's done, the harder it is to bring this variant and the main release stream back together in the future. The only serious departure from this has been php7 compliance because of the strength of demand from BS-users. If there's a big problem that prevents people using the project for some reason, an urgent new requirement (eg for google, meta data etc) or something that makes it much easier to create addons without changing core code then maybe there's a discussion to be had but I don't think that what you're raising here falls into these categories.

If changes are introduced for an issue that's carried through from the mainstream but which eventually gets fixed in a different way in the mainstream, that can create an extra migration issue for getting BS-based projects into a mainstream version at some point in the future.

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

2 hours ago, BrockleyJohn said:

This isn't the place to address it because the scope of the project is to provide a responsive variant of the main osc release.

This.  So please stop asking questions that are outside this scope.

You would be better off asking them in their own thread.

Link to comment
Share on other sites

  • 2 months later...

getting this error under PHP7.2 , have I forgotton to install an update? I take it this is right thread for this?

Warning: sizeof(): Parameter must be an array or an object that implements Countable in \includes\functions\general.php on line 89

Warning: sizeof(): Parameter must be an array or an object that implements Countable in \a*****\categories.php on line 976

Installed Version: osCommerce Online Merchant v2.3.4.1

 

Link to comment
Share on other sites

  • burt locked this topic
  • burt unlocked and locked this topic

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...