Many of our clients use osCommerce for their online store. osCommerce was very popular a few years ago and to date still powers a really large number of stores. Due to a variety of technical reasons, many osCommerce stores are still hosting on PHP version 5.2.

The latest version of PHP is 5.4 and 5.5 is due out fairly soon. Most hosting companies will now regard PHP 5.3 to be the minimum version they will support. By switching to PHP 5.3 they get better performance and better security. Unfortunately if you are running an osCommerce store and your hosting company decides to upgrade PHP then you might find that your entire store stops working.

The first instinct here is to get your store back online as quickly as possible and that is entirely understandable. These days though we really think that osCommerce store owners should be running on PHP 5.3. It is entirely possible to do this and does not necessarily entail a large amount of work depending on which contributions you are running.

The last release for PHP 5.2 was version 5.2.16 released back in 2010. In software terms that is really quite a long time ago and really underlines how much of an issue this is.

You can read about some of the performance gains of switching to PHP 5.3 or greater on this page.

If you would like some help getting your osCommerce store working on an up to date version of PHP then get in touch with Edmonds Commerce today.

Of course another option is to think about moving away from osCommerce and onto a more up to date platform such as osCommerce or OpenCart. If you are thinking of ugprading then 5.3 compatability will be a bonus. If you are not thinking of upgrading platform any time soon though you really do need to schedule in an upgrade to PHP 5.3 at the earliest opportunity.

Well known is how Loaded Commerce/CRELoaded protect their google banners they wack on all opensource versions of their code.

Once you have removed the footer in the current version though, it checks the output buffer and you will find it after the closing html tag of your page.

The function that does this is cre_uregisterBasicFunctions(); and if you remove the call to it from application_bottom.php, bye bye ads!

Scarily, if a hacker got control of www.loadedcommerce.com, php code could actually be inserted into EVERY Loaded Commerce installation that doesn’t remove this.

If your osCommerce checkout starts behaving badly and bits of info seem to go missing eg billing address then you should definitely try this fix before you tear your hair out completely.

Most osCommerce installs store session information to a MySQL table called (suprisingly) sessions.

Sometimes (I have only seen this twice on umpteen osCommerce sites) the sessions table will become corrupted. The irritating thing is that if this happens it seems that the site will not stop working completely with a useful error message, but instead will continue to work but will behave very strangely.

If your osCommerce site is behaving strangely then try this fix.

Open phpMyAdmin and select your SQL database and then copy and paste the following into the SQL section and hit run:

REPAIR TABLE <code>sessions</code>;

If you are having a weird problem with your payment modules not saving the configuration when you edit them via the admin, try this to see if it fixes it:

in admin/modules.php

find:

  while (list($key, $value) = each($HTTP_POST_VARS['configuration'])) {

and replace it with

  //while (list($key, $value) = each($HTTP_POST_VARS['configuration'])) {
foreach ($HTTP_POST_VARS['configuration'] as $key => $value){

If you need to move your osCommerce (and derivatives such as CRE Loaded and Zen Cart) based site to a new server, here is a quick explanation of our approach which enables you to handle the migration without any downtime and no loss of order or customer information despite the fact that in the propagation period, visitors may visit the new server or the old server.

This propagation period is due to the fact that DNS servers around the globe may have cached your old DNS record, which points your domain name at your old IP address. These caches can stay alive for up to 48 hours meaning that you can not be certain that a visitor will definitely go to your new server within this period despite the fact that you have updated your domain name to point at your new name servers.

First – Copy the Files + Database:

Of course you need to copy all of the site files from the old server to the new server. The slowest and least reliable way to do this is via FTP. By using FTP, you have to actually download all the files on your old server to your local PC and then upload those files from your local PC to the new server. This can take a long time, especially the uploading part (thanks to the asynchronous nature of ADSL).

For the database you need to create a dump file via the command line or exporting from phpMyAdmin. Like FTP for the files, if you use phpMyAdmin then you have to download the dump file to your local machine and then upload it to the new server.

A better method for moving the files and database dump is to use SCP to copy files directly from the old server to the new server. I have written an article explaining this technique here: Basic Server Migration Using SSH + SCP.

Configuring the New Server
Unfortunately osCommerce based sites often require register globals to be enabled. They also use the old fashioned long arrays. That means that you will probably need to edit the configuration of the new server to enable these old PHP features.

This is an example vhost.conf (don’t forget to create the vhost_ssl.conf with the same settings) for Plesk.

<Directory /var/www/vhosts/********.co.uk/httpdocs>
php_admin_value open_basedir /var/www/vhosts/******.co.uk/dbCreds:/var/www/vhosts/******.co.uk/httpdocs:/tmp
AllowOverride All
php_admin_flag register_globals on
php_admin_flag register_long_arrays on
</Directory>

Note that I have specified a non webaccessible folder called dbCreds which contains the database credentials. I can then simply include this file from within the includes/configure.php and admin/includes/configure.php files.

Ensuring No Loss of Customer or Order Information
To make sure that you don’t lose any customer or order information, we need to take a couple of extra steps. First though an explanation of what can go wrong:

During the propagation period, there is a distinct possibility that you will be taking orders on both servers. If you don’t take any extra steps, then you might have orders and customers on both servers that have the same id number on the database. This can then make transferring the missing orders from the old server to the new server problematic.

A simple solution is to simply edit the autoincrement value on the orders and the customers table. I would normally suggest using a big jump in increment like 1000. This will mean that new orders and customers created on the new server will have id numbers that are 1000 higher than the old server. By doing this, we can then import any missing order and customer information over, safe in the knowledge that the id numbers will not clash. Of course, if you expect to create 1000 orders or customers within a couple of days then you will need to make a bigger increment increase on the new server. You are probably also turning over vast amounts of cash

Once the propagation period is over, lets say 3 days after you update your name servers, you can use this little script I created to help you to export the missing orders from your old server to your new server

Server Migration Orders / Customers Synchronisation

Get Someone To Handle it For You
Of course, if you prefer you can book someone to handle the migration for you. If you would like us to take care of your migration, just get in touch.

I’ve been spending a hell of a lot of time coding Magento recently, and for any full time serious ecommerce business I would recommend a Magento solution. However I have spent much more of my time coding osCommerce and usually CRE Loaded osCommerce based ecommerce sites.

CRELoaded is still a great package (once you get rid of the annoying nags and ads) and is really taking the osCommerce platform and polishing it up to a nice usable fully featured system. If you are looking for a UK based developer who specialises in ecommerce, osCommerce and CRELoaded development then definitely get in touch. Don’t be surprised though if I mention that Magento is definitely worth a close look!

More…

Harald made a great post on the osCommerce forum that details the roadmap for the project and also includes some great links for developers who want to get involved.

I will definitely be forking the project and seeing what I might be able to contribute.

You can see the full post here.

This is the roadmap and feature list:

New Features

Some of the new features in osCommerce Online Merchant v3.0 Alpha 5 include:

* New object-oriented framework (alpha 1)
* New installation routine (alpha 1)
* register_globals and magic_quotes_gpc compatibility (alpha 1)
* New template structure implementation (alpha 1)
* Search-engine optimizations (alpha 1)
* Service modules (alpha 1)
* Checkout procedure cleanup (alpha 2)
* New language definitions implementation (alpha 2)
* Updated payment modules with post-transaction actions (alpha 3)
* Catalog front-end, administration tool, and installation routine combined (alpha 3)
* XHTML/CSS based default template layout for the catalog side (alpha 3)
* Multiple product images implementation (alpha 3)
* New action modules (alpha 3)
* Administration Tool access levels (alpha 4)
* Administrator Log (alpha 4)
* Administration Tool batch action capabilities (alpha 4)
* HTML Editor for product descriptions (alpha 4)
* Full zone entries for most countries (alpha 4; Anders Pamdal)
* Language injection feature for similar languages (alpha 4)
* GeoIP Modules for the Administration Tool Who’s Online section (alpha 4)
* Product Attributes and Product Variants implementation (alpha 5)
* Dynamic Table Listings (Administration Tool) (alpha 5)
* Live Search (Administration Tool) (alpha 5)
* Administration Tool sections now self-contained Applications (alpha 5)
* Error Logging; both PHP and MySQL errors and warnings now logged (forced runtime usage of PHP E_ALL and MySQL STRICT_ALL_TABLES) (alpha5)
* Stabilized Framework (alpha 5)
* Usage of JSON for RPC calls (alpha 5)
* Inclusion of jQuery v1.3.2 and jQuery UI v1.7 (alpha 5)

osCommerce Online Merchant v3.0 Roadmap

The roadmap leading up to the final v3.0 release is defined as:

osCommerce Online Merchant v3.0 Beta 1

* HTML E-Mails
* Purchase Without Account
* Frozen Framework
* Updated Frontend/GUI
* Upgrade from v2.2 and v3.0 Alpha 5

osCommerce Online Merchant v3.0

* Finalize Updated Frontend/GUI
* Documentation
* Certified Modules
* Upgrade from v2.2 and v3.0 Beta 1

osCommerce Online Merchant v3.1

* Backup/Import/Export Features

osCommerce Online Merchant v3.2

* Gift Vouchers and Coupons

More…

Harald has released some info about the minimum requirements of osCommerce version 3 alpha on the osCommerce blog here.

It requires PHP 5.2 as a minimum (though I would personally recommend avoiding version 5.2.0 and going for the latest version if at all possible.

The major reasons for this are the requirement for the object oriented mysqli interface for PHP and MySQL. It also requires PHP’s JSON encode functions.

JSON is a javascript data format a bit like XML or similar. It is used a lot of Web 2.0 style projects with a lot of asynchronous data transfers.

This indicates that we can expect some nice Javascript based asynchronous tools that will hopefully be faster and easier to use than the current osCommerce.

osCommerce is without a doubt one of the most popular open source ecommerce platforms and it is going to be really interesting to see how this new version compares with Magento.

As a long time user, hacker and fan of osCommerce I really wish them all the best of luck.

More…

Just checking out the osCommerce blog and it looks like there is some activity over at osCommerce in relation to version 3.

It would great to see osCommerce come back into the foreground of open source ecommerce!

After a brief look through the source code it looks like osCommerce is leaving its procedural routes behind but is still keeping some of the osCommerce code features such as the application top.

This could be an excellent compromise between OOP flexibility and procedural performance.

More…

Like any web application, osCommerce can suffer from security problems such as SQL Injection attacks or famously the email form exploit which allow hackers to gain access to data they shouldn’t have access to or in the case of the email form exploit, to use your machine to send thousands of spam emails.

Here are some osCommerce customisations to improve the security of your store

Security Pro
Sitemonitor
IP Trap
.htaccess Protection
Anti-XSS

You might also want to run a PCI compliance scan, there are some free ones around for example this one