You already purchased this item…

In some shopping sites, I think it’s a good idea to show people the items they’ve already purchased. In osCommerce, this is standard and is known as the “perviously purchased” infoBox.

Which is good enough for most stores – but what if your store sells products that are very cheap and people might accidentally buy again (I’m thinking maybe a DVD or Book store – after a few months I can barely remember what I’ve read or watched!)…

I haven’t found any site that shows the buyer if they have already purchased the product within the product_info page, so I set out to try to find one. The closest I could find was this “freelancer” job from TravelVideoStore.com;

We are currently running OsCommerce and would like to add the ability for a logged in customer to see items that they previously purchased with us. The key screens will be the product_info.php which displays the product detail information, search pages, shopping cart page and the confirm order page. The reason for this modification is that we have many customers that come back often and buy films and they would like to know if they had already purchased the film so that they do not have to send it back. Basically each fo the above screens need to display a message “* Previously Purchased Item” in red so they know thye had already bought that item from us.

After less than 15 minutes work, here is what I came up with;

Which shows the buyer that they have already bought the product using the following code;

[php]clubosc_previously_purchased($products_id, ‘tr’)[/php]

Note that in my function, the “tr” signifies that the “you’ve already bought” message should be wrapped in table tags to suit the markup of the product_info page.

Obviously if they are looking at a product that they have not previously purchased, then the message does not show at all.

I then took it a step further, and added almost the same code (though notice there is no “tr” this time, so instead the function shows an image!

[php]clubosc_previously_purchased($listing[‘products_id’]);[/php]

to the product_listing module, but this time used an image to show if the product was previously purchased (the small exclamation mark image, obviously as the shop owner you’d let buyers know that any product with this image means they have already purchased it);

A ncie little mod, that should come in handy for many stores. If anyone wants to commercially sponsor a code clean-up and contribution, please do email me.

Fuinny isn’t it, that this blog post took me longer to compise than I spent actually making this basic modification of osCommerce!

Uber Hacked osCommerce Site

This week has been one of those weeks that has been absolutely non-stop for osCommerce work. One of the more interesting jobs was to lockdown an osCommerce site that had been the subject of a hack.

As usual, I cleaned the site of the hack, then made a few core code adjustments and installed a few security extras. This included renaming the admin area and setting up a new user for the usual osCommerce login and protcting via .htaccess.

All locked down. And yet…a few hours later I received an email from my client saying the site had been hacked again. Well, I know that’s just not possible anymore, so logged in and found…yes, the files had been hacked.

as I know that the changes I made are secure, the hacker had to be getting in from somewhere else. Checking the log files showed me some interesting info;

The hacker was accessing the webmail of my client – so when I sent my client any info, the hacker was able to read it easily. I instructed my client to remove webmail from his hosting control panel, then set up a hotmail account. I then cleaned the site again, and sent new admin URL and passwords to the hotmail account.

Since then, no more hacks.

So, when you think that it is your osCommerce site that is the problem, it might well not be. Make sure to lockdown EVERYTHING, including hosting control panel, your own computer, etc. Change passwords regularly. If you give your password out to anyone (eg, a developer), make sure to change it again after he has finished work.

Remember – it takes only one dis-satisfied client of your shop to ruin your reputation. Don’t let that happen because of a lapse in your security!

HAZMAT Handling Fee in osCommerce

This morning I came up with the code to enable HAZMAT Handling Fees in osCommerce. My idea was to allow the Shop Owner to set individual products to be “Hazardous” or not. If they are Hazardous then a Handling Charge is introduced at the checkout_confirmation page.

Step 1 was to create the extras needed in the product adding/editing page;

Step 2 was to code up the HAZMAT Order Total module;

Step 3 was to link the two together to show at the confirmation screen;

Not too difficult. Obviously there were extra things to do such as creating functions and changing the cart class slightly, as well as making language definitions. Here is the finished layout, so you can see how complicated even a little job can be;

All in all, a nice and easy code chop up, ready to rock and roll on your osCommerce site. I don’t do “contributions”, I only do “commercial” – so if you are interested in getting this, please email me to discuss rates.

RIP and YNWA Bobby Easland aka Chemo

Robert R. Easland Jr., “Bobby,” 34, of Florence, formerly of Radcliff, died Monday, June 14, 2010, at his home in Florence.

Though I regularly disagreed with his strident viewpoint I will miss his input into osCommerce and osQuantum. A very sad loss for us all.

I know nothing of his family, but would like to say that my thoughts are with them at this very difficult time.

Rest In Peace, Chemo, You’ll Never Walk Alone.

UPS shipping in osCommerce

I recently set live a client store that I am very pleased with how it all turned out, as is my client. We’ve been working on it off and on since deploying it on a number of things to make the site better and better.

Anyway, I’ve used UPS on a number of client stores, but yesterday I learned something new which I wanted to pass on to readers of this blog.

With the standard UPS module that ships with osCommerce rc3, there is a number of options for the Pickup Method;

In here you can choose which method you use to give packages to UPS – and which method you choose will return vastly different rates for shipping. So, make sure that you are on the correct method!

If you are unsure about which you should be using, contact UPS Technical Support – they don’t bite;

You have a UPS Occasional or sometimes called on On Call Air pickup account. This is a code 03 pickup. If you are not entering that code into the request you will not receive the correct rates back.

As soon as my client inserted OCA into the pickup method field, the quotes returned are correct for his shipping system!

Hope it help someone else in the future.

osCommerce Security – protecting and recovering from hacks

Recently, I’ve been seeing many osCommerce sites that are insecure. I’ve been emailing shop owners to let them know. To prove the point, I’ve been (after having permission to do so) uploading an image file to the insecure site, and pointing out that it could just as easily have been a page of malicious code uploaded instead…

So, what I want to do in this blog post is try to show every shop owner some steps they should take to secure their osCommerce.

  1. Rename your Admin area to something completely random. So instead of it being yoursite.com/admin/ it is something like www.yoursite.com/frfrow0033kdie7/
  2. Remove the admin file called file_manager.php and the file called define_language.php (note that rc3 delivers without the file_manager.php already)
  3. Protect your admin area using .htaccess via your hosting control panel (note that osCommerce rc3 has this feature installed already via the admin area)
  4. As a minimum, install the following addons listed here.

If you have already been hacked, then the most likely culprit is the “eval” hack, which inserts code at the top of almost every .php page, and adds a few extra malicious files. This “eval” code needs to be decrypted, and then the malicious files can be found and removed.

Once that’s done, then you must remove the “eval” code from each and every php file. Important to note that “eval” is in fact used by osCommerce legitimately – so you only need to find the malicious eval code (always at the top of each infected php page).

There are also other newer contributions that you can use to protect your site – such as Intrusion Detection System. Have a hunt for more in the osCommerce forum and addons area.

If all this is beyond the scope of your ability, please feel free to contact me (my email address is up there^^ )as I am happy to fix a hacked site and secure it against known hacks. Note that this is a commercial service that I offer, hence you would be paying commercial rates.

vGer stands down

http://forums.osquantum.org/index.php?showtopic=1967

I cannot continue as head of the osQuantum Project but have to stand down and let the rest of the team take over. I am sure they will do a better job than I have been doing since last year.

Date Bookings in osCommerce, using jquery

We finished up a very interesting project the other day. The client basically required a way to link dates to individual products, thereby allowing his customers to select a date as an attribute.

Really very easy, if you think about it. Just add the dates as options then apply to each product as required. Then the customer will see a dropdown box in the product_info page. Easy as 123.

But what if the shop owner wants a better experience, both in the admin side and in the shop side?

An example would be adding a date range – imagine you wanted to add the whole of August – you’d need to insert 31 product attributes (the dates in August 1st to 31st) then add these one by one to the product you want to add them to. What a nightmare. Instead, why not have the ability to select a date range, press insert and all this is done automatically in the background. With a bit of thought, it’s do-able.

Step 1 was to change the product_attribute page in admin to allow the ability to add a date (or dates) to a product.

In the example, I am adding the the whole of August to the product called “Lethal Weapon” (which is a standard product in the base install of osCommerce). This functionality is achieved using Kelvin Lucks datepicker project.

if we now look at the product page, the dates of August now are available as an attribute dropdown;

But, that is very ugly and not all nice for the customer to select his chosen date…so, changes needed;

Step 2 was to make the attribute dropdown into a text box, which when clicked will popup the datepicker allowing the buyer to select a date.

If this is clicked, up pops the datepicker;

showing the selectable dates (in green, using .css). If I select the 14th August, then this shows in the input box;

The customer can now add to cart and checkout as normal;

All this was made possible by using jquery and the datepicker module for it – along with a bunch of custom coding (osCommerce code in backend and frontend, javascript, css) to make it all play nicely in osCommerce.

Summary

This change enables the shop owner to easily link dates to products. These dates are selectable and any other dates are non-selectable. Using javascript to control this makes the whole system intuitive.

If you need something similar, contact me via email.

Horizontal Menu in osCommerce

I recently found a new contribution that creates a horizontal menu in osCommerce, it can be found here. I tried an install, and here is how it looks;

Ugly in the extreme, and simply does not work – I didn’t have the time to debug it unfortunately. What is supposed to happen is a mouseover of the top category (eg hardware) shows a list of subcategories underneath. This list actually does show, but as soon as the mouse is moved towards the list (in order to click a subcategory) the list disappears.

Doh. I’m pretty sure I followed installation instructions properly.

So, I spent a bit more time hunting and came across this sexy dropdown menu. With a bit of trickery I managed to get it working in osCommerce;

Which looks much better and appears to work. Tested so far in Internet Explorer 8 and Firefox 3. More tests to complete before I show what/how to do it.

Time to update my own osCommerce site

Mainly, my experience with osCommerce comes from helping other shop owners to realise their dreams of running a successful shop. That could be anything from coding up a bespoke shipping module, to supplying a complete osCommerce shop with a bespoke design.

Another part of my business involves selling templates for osCommerce. I was one of the first template providers (I started selling these even before Template Monster) and have not really done any work on my own site for many years. What this means is that the site is a bit stale and the available templates are also now quite outdated. I sell these templates via an osCommerce shop.

So, my intention over the next couple of weeks is to update my osCommerce site to the latest rc3 with a bunch of my own contributions installed. Because I am so busy I need to fit this in around my clients, otherwise I would just spend a couple days coming up with a design and then integrate it.

Once my new design is completed and integrated, I’ll then start to refresh the templates I offer. What I shall probably do is just stop selling all of the templates I presently offer, and come up with one new design each week.

I’m also going to start selling scripts and other osCommerce related services – such as installation, hosting and management services.

Should be an interesting time. For anyone interested here is how my present osCommerce site looks;

As I said it’s now a bit dated, and definitely needs an upgrade! Only problem is that I am more of a coder than a designer, so my idea for the new site is to keep it fairly simple and geometric rather than too graphicy. We’ll see how it works out.