Making your shop “bulletproof”…

Nice post in the offical osCommerce forum from user “Spooks” talking about security implications for osCommerce stores…

You can prevent any injection attacks with Security Pro:
http://addons.oscommerce.com/info/5752

You can monitor sites for unauthorised changes with SiteMonitor:
http://addons.oscommerce.com/info/4441

You can block elicit access attempts with IP trap:
http://addons.oscommerce.com/info/5914

You can add htaccess protection:
http://addons.oscommerce.com/info/6066

You can stop Cross Site Scripting attacks with Anti XSS:
http://addons.oscommerce.com/info/6044

Also make sure that all files, except for the two configure.php files have permissions no higher than 644. The permissions for the two configure.php files will vary according to the server your site is on – it could be 644, 444 or 400 which is correct. Permissions on folders should be no higher than 755. If your hosting setup demands permissions of 777 on folders then change hosts. You can add http://addons.oscommerce.com/info/6134 to assist with permission settings.

Do it now, avoid getting that nasty addition to your listings in google: ‘This site might damage your computer’ or find all your customers data has been posted on a hackers bulletin board somewhere, etc etc

Good work Spooks!

Header Images Per Category (again!)

Ryan says;

I want to have header images display per category, how can I do this. I already have made a script buts its really repetitive.

The code Ryan had come up with was really quite complicated, repetitive and pointless. My idea is like this:

[php][/php]

We know that the function called tep_image is used to pick out an image grab the alt text and display it, so we can use this along with the switch (based on current_category_id) to show the relevant image.

The current_category_id is used in FILENAME_DEFAULT (usually index.php) and shows the category ID of the category you are currently in – surprising that it is called current_category_id wouldn’t you say 😉

The above code is off the top of my head and is actually untested, so if anyone does try it and it goes wrong, let me know and I’ll amend this post.

For reference, see http://uk.php.net/switch for more details on switching.

Remove Tax from Shipping

Lindsay asks;

My store is charging tax on the shipping. I believe the tax is charged on the product and the shipping is added. How do I switch it to do so? I’ve done it before but I don’t remember what files to change. Thanks!

If you do not want to charge tax on your shipping then you must amend each shipping module – if you do this you should be able to see exactly what to change…

Zone Shipping By Percent of Order Total

Theo asks;

Does anyone know if a contrib exists that will calculate shipping cost as a percentage of an order dependant on destination, for example: 5% in UK – 15% in Europe – 25% Overseas

I don’t think there is any contribution that allows this, as it is quite complicated and beyond the scope of most osC users. You are definitely looking at a paid-for solution.

My idea would be to have a default zone in which all the countries exist, that are not in any other zone. This would be your “Overseas” countries. Another Zone would contain the EU countries (this would be your “Europe” Zone, and a final UK Zone…

That’s not problematic for a good coder. Next up you would need to be able to insert the percent to be charged on a per zone basis – that’s easy. In the actual modules quoteing structure, you would need to get the total order value and multiply it by the percent input (based on zonage). Again quite easy.

For a decent coder, this should not be more than 30 to 60 minutes work (including testing time). The benefit of getting it coded properly is that you know you have your own perfect solution for postage, rather than have to rely on a mish-mash of code and structure to get a not perfect result.

Sorting the Customer Table (Admin in osCommerce)

If your shop is like mine, you have lots of customers, which is a good thing. However, the customers screen in the admin could be better. So what I have come up with is a new way to sort the customers table…in fact it’s an old way, but using 2008 technology instead of hard coded links…

Have a look at this video of it in action (in my testshop, not my real shop!):

Pretty sweet. I added an extra column in my customers table called ID as I find it useful to know the ID’s of my customers. That’s the only difference to most other osCommerce Stores. I can sort ascendingly or descendingly on ID, First Name, Last Name or Date Account Created – which is going to make my admin tasks much easier.

Years back, I made the same thing but using hard coded links to refresh the page (thereby pulling in the data needed), that contribution is still available as far as I know. This new way of sorting does the same but without a page refresh!

So, just how is it done?

Easy answer – using javascript. I took jQuery and the TableSorter plugin – then I recoded a portion of the customers.php page to add the necessary variable to make it all work.

Discount Coupon Help

Julie writes;

I am having a terrible time with the install… (yes I’m willing to pay for help). I have followed all the directions, and have double checked everything many times to make sure everything was in the correct place. The coupon registers in the session, and everything works except the discount does not show up when the order total is calculated. Is this any kind of recurring bug or easy fix that you know of?

I logged in to Julies Admin and could see that the “sort orders” for the order_total modules were incorrect. These sort orders need to be different, so my advice was;

You can’t have the same sort order as anything else.

Nice and easy solution 😀

Country State Selection in create_account.php

Azad writes;

I executed the file I have attached with this mail — with phpmyadmin. [note, this was a listing of the zones of India]. The process was successful. I am getting the zones when I click on zone where the store is located in Admin area. My main motto of doing this was I want to enter different shipping rates for different zones. These are the zones of India.

The problem is that – When A customer tries to create a account and selects the country India – He is not getting the zones. He is getting the normal blank text-box in state/province field. On other websites – When country India is selected they get the zones I entered via a drop down menu in state/province area. Can you please help me out in this issue.

I tested the file you sent and it went into the database without any problems. I then went to create an account and chose India as the country and inputted the rest of the details. On submit, the create_account page refreshed back to itself and showed the list of India zones – this is standard behaviour of osCommerce.

If you want to change this, there is a contribution which updates the zones “live” when a person chooses a country. I think it’s this one => Country-State Selector.

Good luck!

Remove a Table – Best Sellers InfoBox

Here is an easy way to remove a table without any unwanted side effects. Open up /includes/boxes/best_sellers.php and find:

[php]$rows = 0;
$bestsellers_list = ‘

‘;
while ($best_sellers = tep_db_fetch_array($best_sellers_query)) {
$rows++;
$bestsellers_list .= ‘

‘;
}
$bestsellers_list .= ‘

‘ . tep_row_number_format($rows) . ‘. ‘ . $best_sellers[‘products_name’] . ‘

‘;

$info_box_contents = array();
$info_box_contents[] = array(‘text’ => $bestsellers_list);[/php]

Change it to:

[php]$rows = 0;
$bestsellers_list = ”;
while ($best_sellers = tep_db_fetch_array($best_sellers_query)) {
$rows++;
$bestsellers_list .= tep_row_number_format($rows) . ‘. ‘ . $best_sellers[‘products_name’] . ‘
‘;
}

$info_box_contents = array();
$info_box_contents[] = array(‘text’ => $bestsellers_list);

new infoBox($info_box_contents);[/php]

If you wanted, you could also remove the tep_row_number_format function. All this does is create a number from 1 to 10 for each seller. If you wanted to do this, try the following code instead;

[php]$rows = 0;
$bestsellers_list = ‘

    ‘;
    while ($best_sellers = tep_db_fetch_array($best_sellers_query)) {
    $rows++;
    $bestsellers_list .= ‘

  1. ‘ . $best_sellers[‘products_name’] . ‘
  2. ‘;
    }
    $bestsellers_list .= ‘

‘;

$info_box_contents = array();
$info_box_contents[] = array(‘text’ => $bestsellers_list);[/php]

Which would output a semantically correct numbered list instead.

Support for Ship Date Contribution

This is the support thread for the soon to be released “Club osCommerce Ship Date” Contribution.

This contribution is quite an easy install, only affecting the following files:

account_history_info.php
checkout_confirmation.php
checkout_payment.php
checkout_process.php
checkout_shipping.php
includes/classes/order.php
includes/languages/english/account_history_info.php
includes/languages/english/checkout_confirmation.php
includes/languages/english/checkout_shipping.php

admin/orders.php
admin/includes/classes/order.php
admin/includes/languages/english/orders.php

Also, 1 small change in the database. And a few extra files to control the javascript.

Very easy to install, but as with all my contributions, I offer a guaranteed install service.

Payment Module Help

Troi asks;

In the checkout payment area of OS I have two radio buttons coming up. one for paypal and one for money order, cheque and bank details.

I just want to split the radio buttons .. so there’s one for each. I did find info on this at one point but i can’t bloody find it now 🙂

Troi, sounds like you have two payment modeules installed. 1 for Paypal, and 1 other.

What you need to do is have 3 installed:

1. Paypal
2. Money Order/Cheque
3. Bank Transfer

At some point in the past you or someone else has “merged” the money order and bank module by the sound of it. So you need to unmerge them basically – most like the “merge” is only some language defines that need amending. It’s hard to give more advice without actually viewing your site/files.

Does that help?