Surprise, surprise! Wishlist and osCommerce

I really love getting stuff through the post that I have not ordered, I bet you do too! So, here is what I propose to all my readers and anyone else who uses osCommerce;

You purchase something from my Amazon Wishlist, and I will give you TRIPLE credit against any of my osCommerce eBooks (from £%, about $10). I will also give DOUBLE credit on my osCommerce Makeover service or my Discount Coupon Installation cost (usually £25, about $50). Or any combination of the above.

Example: Coupon Install + Makeover + STS eBook. Normal cost would be about £140, about $280. By purchasing from my Wishlist, you can get this for about £65 ($130)! As you can see that is a substantial saving!

My wishlist has items on it from just £2 (about $4), upto some very expensive stuff. If you are interested in saving yourself some money on my products/services and sending me a surprise, email me and I will let you know where my wishlist is located.


Apply a Discount Coupon Automatically

I found a really interesting question at the osCommerce forum;

Does anyone know how i would have a certain discount coupon redeem automatically (for example when the customer logs in)? So that the user does not have to manually enter it anymore at checkout and sees his discount from the moment he logs in. This would be for a site-wide discount, available to every customer during a limited period of time.

The question is actaully aimed at users of the older contribution called “Credit Class/Gift Vouchers/Discount Coupons”, I thought it might be interesting to see if it could be done in anyway using my version of Coupons…

2 minutes later, I’m pleased to say it does. A simple addition of the following lines of code in FILENAME_LOGIN (usually login.php) is all that it took:

[php]$osC_Coupon = new osC_Coupon(‘test40’);
$coupon_code = $osC_Coupon->coupon_details[‘coupon_code’];
$coupon_amount = $osC_Coupon->coupon_details[‘coupon_amount’];
$coupon_type = $osC_Coupon->coupon_details[‘coupon_type’];
$coupon_id = $osC_Coupon->coupon_details[‘coupon_id’];

The coupon named “test40” is now automatically applied when logged in. I also had to make sure that any other coupon already entered by the customer was destroyed, so the addition of the following code:


right before sorts that out. Now the full code to enable an autoamatically applied discount coupon is:

$osC_Coupon = new osC_Coupon(‘test40’);
$coupon_code = $osC_Coupon->coupon_details[‘coupon_code’];
$coupon_amount = $osC_Coupon->coupon_details[‘coupon_amount’];
$coupon_type = $osC_Coupon->coupon_details[‘coupon_type’];
$coupon_id = $osC_Coupon->coupon_details[‘coupon_id’];

This particular line of code would be changed depending upon which coupon you want to apply:

[php]$osC_Coupon = new osC_Coupon(‘test40’);[/php]

As you can see, in my admin area I have a couple of coupons to choose from:

So I could have used:

[php]$osC_Coupon = new osC_Coupon(‘FREEDEL’);[/php]

instead. Probably this way of doing things could be applied to other Coupon contributions, I have no idea. If you try it, please let us know.

Easy as 123.

COD only if Coupon is live

A previous post introduced the idea of making modules in osCommerce “interactive” based upon other inputs…

Stefan asks;

What I need is for the COD Method of payment to work only with a valid voucher. In other words you cannot use the COD Method of payment without first entering a valid voucher code.

I had already installed my Discount Coupon modification onto Stefans store, which was seen to work very well, then Stefan posed that question to me. I was sure that this should be really quite simple to get working…and after a bit of lateral thinking, all it took was the following code (added to the COD module):

[php]if (!tep_session_is_registered(‘coupon_code’)) $this_enabled = false;[/php]

Which basically says;

if a session called “coupon_code” is NOT present, then disable the “Cash On Delivery” module. This works as my coupon module sets a number of sessions, one of them being “coupon_code”, when a coupon is live.

Easy as 123. Can you think of ways to make your site more interactive for your shoppers?

Coupons for MS2

I spent some time and got my Coupons Version 5 working with older osCommerce – MS2. So now you can have one coupons even if you are running an outdated version of osC. Get in touch if you need this.

Hacked osCommerce? Here’s some essential reading…

Having your site hacked is a PITA. It can be far worse if you weren’t prepared…

Step One: preparing to recover from an attack

First off, store an entire set of working files locally. This should be a set of files that has never been off your computer so that you know that they have not been tampered with. Edit them locally, when you need to, and then upload them to your webspace, either through the file manager in your cpanel or with ftp, sftp, ssh, or something similar. You don’t have to upload the entire set each time, just the modified files.

Some people edit their files live on the server. If you do this you will not have a current local copy. If you download the file(s) from your server, you do not know for certain that they have not been modified by a hacker. ALWAYS edit your local files and upload them to the server, not the other way around.

It wouldn’t be a bad idea to get XAMPP (from Apache Friends) and develop locally, or use the osCBooks “localhost” package which can be found here.

Before installing a new contribution, make a copy of the entire local directory and datestamp it (rename the directory copy to indicate the date). That way if anything goes wrong, you can revert to the old copy. It is a good idea to keep a couple of these snapshots (backups taken at different times) around just to be safe.

Now, if your site ever gets hacked it is easy to fix. Go to your webspace and delete all the files associated with your site. Use some common sense though. There may be other folders such as for cgi, logs, statistics, etc that you might want to keep. (They should not be in a web accessible location anyway but that’s another issue).

Once you have deleted your website from the server, upload the entire fileset from your local computer. Now, your website should be back to where it was before you got hacked. That should be a fairly quick and painless recovery process – certainly this can be done in minutes if done correctly.

Do not upload your files over the existing files. You must delete everything first. Otherwise you will not remove any new files or folders that were added by the hacker.

Step Two: protecting against an attack in the first place

Most important…set the permissions correctly! The documentation states that you should set the permissions on a few folders to 777. That is fine if you want to be hacked. If you follow those instructions, you WILL be hacked, it’s just a matter of time.

Set the permissions on ALL folders to 755. If your host has PHP installed as CGI through suExec (the proper method), then your site will run fine this way. If they have PHP installed as a module, you will get a warning from oscommerce saying that it is unable to write to the images folder. Setting permissions back to 777 will make the message go away but it will leave you open to an attack. Contact your host and ask them if they could change the way in which they install PHP. If they will not, you should immediately get a new host. This isn’t an arbitrary statement. By installing PHP the wrong way, they have created a security vulnerability that you will not be unable to resolve. A partial work-around is to upload images via file manager in cpanel or through ftp. A less secure method is to set the permissions on the images folder to 777 just long enough to add your new products and then set it back to 755. This work-around does not, however, deal with the permissions issues on a couple of other folders. Loading PHP in the correct manner is the only fix.

Set the permissions on all files to 644, with two exceptions. There are two configure.php files. One is located in /catalog/includes/ the other is in /catalog/admin/includes/. The permissions on these two files should be 400, 444, or 644 dependent on your server configuration. Use the lowest setting that will still allow your store to function and that your host’s setup allows you to set.

If you have trouble setting permissions on files or folders through ftp, try the file manager in cpanel instead. Some hosts don’t allow ftp to change permissions.

The admin folder requires a password (in the latest version of osc). This method of password protection is not secure. A hacker could run a password cracker program against it and try thousands of passwords a second until they get in. Use the feature in cpanel to ALSO password protect your admin directory. When a hacker runs a password cracker program against this, the system will be notified after a set number of attempts and the hacker’s IP will be automatically banned from the system (on a properly configured server. It wouldn’t hurt to check this with your host).

Renaming your admin folder to something obscure (a 12+ character long string of random letters and numbers would be best) makes it even more difficult for hackers since they won’t even know where your admin folder is now. You will have to modify your configure.php files to point to the newly renamed admin directory. Be sure that you do not list the new name in any other files (like robots.txt) as this will give the name away.#

Step Three: further securing your shop

Install the following security mods:

Security Pro
IP Trap
.htaccess Protection

With all of those changes made, it is unlikely that you will be hacked. There are always other methods of attack and some can only be prevented by making changes to the server configuration (which is out of your control). Keep in mind that shared-host accounts have more security issues than dedicated accounts and that “cheap” accounts are just that; don’t expect that a cheap account is managed by competent or conscientious people.

Lastly, make sure that your admin settings for file-based sessions and cache (if you use either), do not use the /tmp folder if you are on a shared-host account. On most systems, the /tmp folder is a symlink to a shared system folder that all the other accounts on that shared-host also use. Not only can this potentially cause problems but it can be a security leak, sharing customer data through this shared folder

This post was taken from the osCommerce forum – and was made by php_Guy. There aren’t many posts that I would take from there and post here as much of the official forum is “noise”. Nice work php_Guy.

Zones Module in osCommerce

Quite often, people don’t realise that it is really easy to increase the number of “zones” in the Zones (or Tables) shipping modules in osCommerce.

I only charge a flat fee for shipping. One fee is charged to US customers and another fee is charged to international customers. I wanted to use the flat fee module included with OSC but it only allows for 1 zone. The Zone Rates module also sets only one zone. How should I handle this?

If you have your Zones module enabled, disable it (aka turn it off!). Now open up the actual file – it’s located at /includes/modules/shipping/zones.php and find the following line of code:

[php]$this->num_zones = 1;[/php]

You can see that this controls the number of zones that the Zones module will utilise. Change this number. Let’s go for three…

[php]$this->num_zones = 3;[/php]

Save the file and now enable the module from within your admin section. You should now have three sets of input boxes, for three zones and three lots of shipping/price ratios.

Easy as 123.

Coupons Version 5.0

In my last post about my Coupons system, I signed off by saying this:

V5 – in the pipeline

Minimum Spend per coupon.

A “use once, one time” coupon. Once that is done, I can then look at the flip side of discount coupons, which is “gift vouchers.

I’m glad to say that both of these are now completed, so I’ve upgraded the status of this coupon system to “Version 5”. The minimum spend is live on some real stores, however, as of right now, no-one has the “use once, one time” coupon.

Minimum Spend per coupon

This is simply an input field, into which an amount is inserted. If the cart total is LESS than this amount, an error message is displayed along the lines of “please spend an extra $xx.yy to redeem this coupon”. It’s pretty simple and works well.

use once, one time

This is simply another selection under “Coupon Usage”. If you select “once”, then the coupon can only be used once. The coupon is set inactive at time of use. From my testing, it works very well.

As per recent versions of my coupon mod, this is only available for RC releases of osCommerce and is only available installed – if you are interested, please do contact me on

As an aside, I also wanted to point out that I have a few free eBooks available – have a hunt around my other site at – I’ll make a proper post about it in the next few days.

Garys Process for Building osCommerce

Joe asks;

…was wondering if you have a process you could share which lists the order of doing things for a new site, including the most popular add ons. I keep having to hand code everything mainly due to the fact I have done things in the wrong order and end up breaking previous contribs…

What I do is keep a version of osCommerce as a backup. It has no contributions added except stuff that I have coded up myself. I’ve also stripped out a lot of redundant features and a lot of un-needed html code…

So, I took the basic osCommerce RC2a, and then I;

1. added a “class” to each of the 3 columns in all the base files. To allow me to make qa new design easily
2. stripped out a buynch of HTML from those same pages
3. added my own coupons modification
4. added my own ban customers modification
5. added my own featured products modification
6. added small and large images for each product
7. added a jQuery wysiwyg editor for product descriptions
8. added more jQuery stuff: image popup in product page, fadeout best-sellers, small change to advanced search page, small change in the create_account page
9. I streamlined the checkout process by removing a couple of redundant pages
10. I added my own version of Category based Meta Tags (admin and shop)
11. I added my own version of Product Page Meta Tags (admin and shop)
12. Various minor changes (let’s see what we ahve here is gone, awful clipart is all gone etc)
13. Added my own idea about showing better special prices
14. Removed the useless “reviews” system and a load of the useless infoboxes

What the above is, is basically a clean, stripped down osCommerce with NO contributions added except for those which are my own.

I keep a clean copy of this, and a database. When I come up with more of my own stuff it gets added. When I need to build a site I just take another copy of this, and start work on it. That way, my clients get to have an osCommerce that works as it should do, without the fear of contributions breaking the codebase.

It works well for me!