Latest News: (loading..)
Harald Ponce de Leon

osCommerce Online Merchant v2.3.4

102 posts in this topic

We're proud to announce the release of osCommerce Online Merchant v2.3.4! This release introduces a new Content Modules feature, secures the Administration Tool if SSL is enabled, and includes new and updated payment modules.

 

Content Modules

 

Content Modules is a new feature that builds and loads the content of a page through modules. The My Account, Login, and Checkout Success pages have been updated in this release to utilize Content Modules and can now be customized and manipulated through modules without editing source code files.

Other pages will soon be updated to utilize Content Modules in following releases and improved on with your help and feedback.

 

Log In with PayPal

 

The first featured Content Module being introduced is Log In with PayPal which can be added to the Login page. This allows customers to authenticate themselves through PayPal without needing to create a local store account.

Log In with PayPal supports a seamless checkout experience with PayPal Express Checkout where customers don't need to log in again when purchasing and starting the PayPal Express Checkout flow.

 

HTTPS Administration Tool

 

The Administration Tool now loads in HTTPS if SSL has been enabled on the store.

 

Payment Modules

 

The following payment modules have been updated to utilize the latest payment gateway APIs and to have each secured API call verified through CA public certificates.

Some payment modules have also been updated to support stored card tokens where customers can securely store their card payment information at the payment gateway and to reference their cards in later purchases without needed to retype their card information again. These include:

  • Sage Pay Direct
  • Stripe
  • Braintree

PayPal

 

The following modules have been updated:

  • PayPal Express Checkout v3.0
  • PayPal Payments Standard v3.1
  • PayPal Payments Pro (Direct Payment) v3.0
  • PayPal Express Checkout (Payflow Edition) v3.0
  • PayPal Payments Pro (Payflow Edition) v3.0

The following modules are being introduced:

  • PayPal Payments Pro (Hosted Solution) v1.0

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/paypal

 

Sage Pay

 

The following modules have been updated:

  • Sage Pay Direct v3.0
  • Sage Pay Form v2.0
  • Sage Pay Server v2.0

The following modules are being introduced:

  • Sage Pay Cards Management Page (content module)

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/sage_pay

 

Authorize.net

 

The following modules have been updated:

  • Authorize.net Server Integrated Method (SIM) v2.0
  • Authorize.net Advanced Integration Method (AIM) v2.0

The following modules are being introduced:

  • Authorize.net Direct Post Method (DPM) v1.0

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/authorizenet

 

Stripe

 

The following modules are being introduced:

  • Stripe.js v1.0 (payment module)
  • Stripe Cards Management Page (content module)

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/stripe

 

Braintree

 

The following modules are being introduced:

  • Braintree v1.0 (payment module)
  • Braintree Cards Management Page (content module)

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/braintree

 

WorldPay

 

The following modules have been updated:

  • WorldPay Hosted Payment Pages v2.0

The modules can be downloaded separately for existing stores at:

 

http://addons.oscommerce.com/service/worldpay

 

General Updates

 

This release also includes the following general updates:

  • Orders can now be blocked when no defined shipping rate is available for the destination
  • Session management improvements
  • Payment Acceptance box introduced
  • jQuery libraries updated
  • and minor bug fixes and improvements

Download

 

osCommerce Online Merchant v2.3.4 can be downloaded in full and update packages from:

 

http://www.oscommerce.com/Products

 

Thank You!

 

We'd like to thank the community for their feedback on our releases. In addition, we thank the following people who participated in the development of this release.

Reference

 

The osCommerce Online Merchant release notes and upgrade guides can be found at:

 

http://library.oscommerce.com/Online&en&oscom_2_3&release_notes

Share this post


Link to post
Share on other sites

Thanks for getting this out.

 

I installed it 3 times yesterday and it installed without a hitch.

 

I have just gone through the admin to see the changes and see how a store owner/newbie could be assisted.

 

The final installation page is fine for a developer, they would understand what it means, a shop owner could do with a lot more help and guidance:-

 

Review the directory permissions on the Administration Tool -> Tools -> Security Directory Permissions page.

 

and then do what? There isn't any documentation on this.

 

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up within the Configuration -> Administrators page.

 

Confusing as h***, why not simplify it to an instruction:-

 

To make a more secure shop, in the shop admin go to Configuration >> Administrators and edit the adminstrator, enter a password and tick the "Protect With htaccess/htpasswd" box.

 

I also spotted a few tweaks that could be considered.

 

Configuration >> Logging

 

This is set to

 

Log Destination /var/log/www/tep/page_parse_time.log

 

It could be set to

 

/includes/work/page_parse_time.log

 

as part of the installation just like the cache settings

 

Modules >> Action Recorder

 

There is a sort order column all set to zero but they can not be edited.

 

Modules >> Payment

 

There are 2 installed modules and they both have a sort order of 0. The installation sql could be set to 1000 and 2000.

 

Modules >> Shipping

 

Although there is only one installed it does not have a sort order number either.

 

Tools >> Action Recorder

 

The delete button is at the top of the page not within the highlighted area.

 

Tools >> Security Checks

 

Add a title above the paper icon, such as "How To Correct", it is not obvious that there are some good tips hidden away there!!!

 

/ext directory listing - The error message is not helpful.

 

The /ext/ directory is publicly accessible and/or browsable - please disable directory listing for this directory in your web server configuration.

 

Why not make it 'Directory contents can be read, see icon for solution.'

 

Or why not just have "Options -indexes" in the root .htaccess, other default .htaccess files have been set up e.g. in /admin/backups directory.

 

The new Tools menu options are not mentioned in the pdf documentation, an explanation of why certain directories should not be writable is more likely to get someone to start changing permissions than an x on a screen.

 

Just little tweaks but I believe it would make OSC seem much more professional and new user friendly.

 

Cheers

 

G

 

PS Before I get shot down, I did try to add to the documentation http://library.oscommerce.com/Wiki&en&get_involved&documentation&install did not allow me to install the library site.

kymation likes this

Share this post


Link to post
Share on other sites

Hi Geoffrey..

 

Thanks for the feedback. The instructions shown on the last installation page should indeed be removed. The checks can be performed with extended security check modules introduced in v2.3.3.3 which can link to our documentation site for steps on how to solve particular issues.

 

I will update the instructions for installing the Library site in the coming days.

 

Kind regards,

Share this post


Link to post
Share on other sites

Don't get me wrong I think it is a good idea to list what needs to be done but lets tell people what they need to do but in plain english not coded speak.

 

I think

 

To make a more secure shop, in the shop admin go to Configuration >> Administrators and edit the adminstrator, enter a password and tick the "Protect With htaccess/htpasswd" box.

 

is much clearer than

 

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up using the Configuration -> Administrators page

 

I think shop owners would understand that.

 

Then something along the lines of

 

You should also check the permissions on directories and files to check they are secure. This can be done on the Administration Tool -> Tools -> Security Directory Permissions page.

 

And even add an extra step of

 

Finally check the general state of the site using Tools >> Security Checks.

 

I'll have a go at git and see if I can get my head round github, branches and other associated foliage and upload some enhancements (not corrections)!!!!

 

:-)

 

Cheers

 

G

Share this post


Link to post
Share on other sites

Here is a like for this comment

tell people what they need to do but in plain english not coded speak
:)

 

As a shop; owner making these instructions in more clear English would be very helpful. When I upgraded from 2.2 last year I struggled with

The Administration Tool should be further protected using htaccess/htpasswd and can be set-up within the Configuration -> Administrators page.
and the big red error box on Configuration >> Administrators that is suppose to explain what to do for half a day... before I realized all I had to do was click "edit" to find the checkbox. Sounds simple I know, but remember you've been doing this for 10 plus years.

 

I would like to think if it said;

To make a more secure shop, in the shop admin go to Configuration >> Administrators and <b>edit</b> the administrator, enter a password and <b>tick</b> the "Protect With htaccess/htpasswd" box.
I would have more hair then I do now...

 

Just my 2 cents...

Edited by greasemonkey
kymation likes this

Share this post


Link to post
Share on other sites

Hi All..

 

The osCommerce Online Merchant v2.3.4 full and update download packages have been silently updated to include documentation for the Braintree payment module.

 

This is not a bug fix and we did not want to hassle store owners of updating the version file (eg to 2.3.4.1) for this simple addition.

 

Kind regards,

Share this post


Link to post
Share on other sites

Hi,

 

Very quick question (I Hope) - Is it OK to cherry - pick the updates? ie. are there any that are interdependent?

 

eg. I dont really want to update the JQuery or UI files on my site etc.

 

Thanks

Share this post


Link to post
Share on other sites

Ran through the update myself did not see any dependencies except has you mention the jquery and color box (product_info.php)

 

I left out and just done the rest mostly sessions related changes and the new modules

 

Did not suit to for me to change to the color box/product_info.php for my test site at the minute !!

 

Now the payment files also having been changed (paypal) etc not sure as regards jquery can not imagine it would make a difference

 

did not take long 30 minutes maybe 60 minutes gets a bit boring but quick and simple

 

Admin display may change a bit with the new jquery but that was it

Edited by joli1811

Share this post


Link to post
Share on other sites

The post-installation notes have just been removed from the installation procedure :) The checks are taken care of already by the Administration Tool Extended Security Check Modules.

 

The next step is to add documentation links to all extended security check modules and of course the documentation on the library site :)

Share this post


Link to post
Share on other sites

Very quick question (I Hope) - Is it OK to cherry - pick the updates? ie. are there any that are interdependent?

 

eg. I dont really want to update the JQuery or UI files on my site etc.

Totally fine. The Content Modules part would not be recommended for every store to utilize unless they want to start using content modules.

Share this post


Link to post
Share on other sites

Looking at the content modules on the login.php page

 

There is something not right with the logic of setting the grids.

 

1) If both columns are enabled, everything is fine, we have always a total of 24 grids

2) if  just one column is enabled, we are missing 4 grids

 

For example,

 

- having both modules (create account and login) set to "half" we have

<div id="bodyContent" class="grid_20 push_4">
<h1>Welcome, Please Sign In</h1>
<div id="loginModules">
<div class="contentContainer grid_8 alpha">
<div class="contentContainer grid_8 omega">
</div>

=  total 16 grids within a container of 20 grids => 4 missing

 

- having both modules set to "full", we have

<div id="bodyContent" class="grid_20 push_4">
<h1>Welcome, Please Sign In</h1>
<div id="loginModules">
<div class="contentContainer grid_16">
<div class="contentContainer grid_16">
</div>

The problem is in the logic of includes/modules/content/login/templates/login_form.php

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

Only 8 or 16 grids, sometimes we need 10 or 20 of them, in case of 1 column + of course the case that someone changed the column with to say 5 grids

 

The file need to check first what the available content width is, and apply the proper grid classes accordingly

 

I'll try to post some lines of code for this

Edited by multimixer

Share this post


Link to post
Share on other sites

Ok people, a workaround as follows

 

1) in file login.php I moved following line 

  $page_content = $oscTemplate->getContent('login');

under

  require(DIR_WS_INCLUDES . 'template_top.php');

because I wanted to have the boxes executed before the content

 

2) In files includes/modules/content/login/templates/login_form.php and /create_account_link.php

 

I added just on top

$content_grid = $oscTemplate->getGridContentWidth();
$number_modules += $oscTemplate->hasContent('login') ? 1 : 0;

if ($half_grid_width = $content_grid / 2){
  if ($half_grid_width != floor($half_grid_width)) {
    $half_grid_width = $number_modules != 0 ? (floor($half_grid_width) + 1) . ' omega' : floor($half_grid_width) . ' alpha';
  }
}

3) In file includes/modules/content/login/templates/login_form.php

 

I replaced this

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

with this

<div class="contentContainer <?php echo (MODULE_CONTENT_LOGIN_FORM_CONTENT_WIDTH == 'Half') ? 'grid_' . $half_grid_width : 'grid_' . $content_grid; ?>">

4) In files includes/modules/content/login/templates/create_account_link.php

 

I replaced this

<div class="contentContainer <?php echo (MODULE_CONTENT_CREATE_ACCOUNT_LINK_CONTENT_WIDTH == 'Half') ? 'grid_8' : 'grid_16'; ?>">

with this

<div class="contentContainer <?php echo (MODULE_CONTENT_CREATE_ACCOUNT_LINK_CONTENT_WIDTH == 'Half')  ? 'grid_' . $half_grid_width : 'grid_' . $content_grid; ?>">

Now grids tare applied correctly, however, this solution is a hassle. The logic about how many grids to apply should be better a "central" one instead of repeating code like that

 

It would be maybe better to remove the grids altogether and use a width=50% or 100%, why to stick with that grids?

 

Talking with @@burt, he came up with an other (better) solution, to change things afterwards (after the grids got applied) via js, he'll post this himself I think

Edited by multimixer

Share this post


Link to post
Share on other sites

Edit

 

Point 2 above could be better like this

$content_grid = $oscTemplate->getGridContentWidth();
$number_modules += $oscTemplate->hasContent('login') ? 1 : 0;

if ($half_grid_width = $content_grid / 2){
  if ($half_grid_width != floor($half_grid_width)) {
    $half_grid_width = $number_modules != 0 ? (floor($half_grid_width) + 1) . ' omega' : floor($half_grid_width) . ' alpha';
  } else {
    $half_grid_width = $number_modules != 0 ? $half_grid_width . ' omega' : $half_grid_width . ' alpha';
  }
}

Will think it over tomorrow again

Share this post


Link to post
Share on other sites

Ok people, please disregard all the above, the change in login.php (point 1) can't be done, line has to stay where it is.

 

Do not use any of the above code, I'm sorry for causing confusion

Share this post


Link to post
Share on other sites

Goodmorging all, I'm sorry for yesterdays late night show :)

 

I ended up removing all grid classes by js, and adding new classes that I can style via css as I like

$('#loginModules .contentContainer.grid_8').removeClass('grid_8 alpha omega').addClass('half_width').parent('div#loginModules').css({overflow: "hidden"});
$('#loginModules .contentContainer.grid_16').removeClass('grid_16 alpha omega').addClass('full_width');

I think the whole part could afford a reconsideration

 

EDIT: this was also @@burt suggestion yesterday in the chat, I just got stck with php yesterday, Garys suggestion was better

Edited by multimixer
Mort-lemur likes this

Share this post


Link to post
Share on other sites

another question from me (sorry)

 

With regards to versioning - at what point does a previously 2.3.3.4 store become a 2.3.4 store during the update process? ie I am not installing the new Jquery, Jquery UI or Flot - so can I really call my store a 2.3.4 store?

 

Also there are some interdependancies on the upgrade - eg Admin toolboxes needs the new Jquery or it makes the boxes too long - for future update packages a suggestion would be to show somehow what needs to be done before something else is done..

 

Thanks

Share this post


Link to post
Share on other sites

If you don't do it all, it's not exactly 2.3.4.  If it's not near enough exactly 2.3.4 then you will have issues in future updates when you are told to;

 

find:

xyz123

 

change to:

abc456

 

yet, you did not do the xyz123 change in the update to 2.3.4.  That will serve only to confuse in the future...

 

What is the reason you're not making the updates to jquery and flot etc ? 

Edited by burt

Share this post


Link to post
Share on other sites

@@burt Not doing the Jquery / UI / Flot changes at the moment because my sites are live, and this will mess up the formatting / colour settings of my MTS which I cant do when there are customers online - and some of my customers shop at strange hours........

 

Its an Interesting point the "Near Enough" statement...... If all the Code changes to core files are carried out then can this be classed as now 2.3.4? For example Not everyone will see the point of updating ALL the payment modules - as they will only ever use one or two of these.

 

Maybe future releases should be split into "Essential to Claim Update to Version 2.X.X" and "Optional Updates"

 

Im not getting hung up on any of this -just something I have been pondering........

Share this post


Link to post
Share on other sites

@@Mort-lemur

 

The query and jqueryUI updates will not affect your store, you can select the versions you want to use in admin. No MTS settings are affected by the osCommerce upgrade.

 

I would do the complete upgrade

Share this post


Link to post
Share on other sites

@@burt Not doing the Jquery / UI / Flot changes at the moment because my sites are live, and this will mess up the formatting / colour settings of my MTS which I cant do when there are customers online - and some of my customers shop at strange hours........

I think that the MTS is fine with the newer fileset. George will confirm - ooops should have read the following posts prior to replying. George has already confirmed...

 

Its an Interesting point the "Near Enough" statement...... If all the Code changes to core files are carried out then can this be classed as now 2.3.4? For example Not everyone will see the point of updating ALL the payment modules - as they will only ever use one or two of these.

it is *always* best (my opinion) to do the full fileset changes as you then have the knowledge that you are 100% up to date.

 

By "near enough" I mean the exact changes, but if you have an extra line break in a file, no big deal..or if you have changed a new language define to some other words. You know the score.

Edited by burt

Share this post


Link to post
Share on other sites

Not every existing store owner needs to perform each changeset in the upgrade guide. Any security fixes should of course be applied though.
 
Not performing each changeset will of course make it harder to review and compare changes in future releases as the next release is only based on its previous release.

The following are the changesets related to the jQuery library updates:

jQuery UI
jQuery
Flot (jQuery Library)
PhotosetGrid and ColorBox
Administration Tool Boxes

Mort-lemur likes this

Share this post


Link to post
Share on other sites

The file admin/includes/configure.php is not mentioned in the list of modified files ( http://library.oscommerce.com/Online&en&oscom_2_3&release_notes&v2_3_4 ) and also not part of the upgrade package

 

It is a bit hard to find out that the new constants need to be added to that file

 

Unless I'm missing something, this need to be done manually, correct?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now