Category Archives: oscommerce

Warning: no file uploaded – how to fix this error

Although this fix is for out-of-date oscommerce 2.2 and 4 years overdue, it may be of use for those yet to upgrade.

By default a warning will be shown at the top of the admin when a preview of a product is shown, when the product has not had an image attached or reedited.

The reason for this is the code doesn’t allow for a product not to have an image added at time of editing – ie, if it already has the correct image added to it, no other image would be attached to it, right?

The file to edit is /admin/includes/classes/upload.php

Find:

 } else {
        if ($this->message_location == 'direct') {
          $messageStack->add(WARNING_NO_FILE_UPLOADED, 'warning');
        } else {
          $messageStack->add_session(WARNING_NO_FILE_UPLOADED, 'warning');
        }

Change to:

 } else {
      if (!empty($file['tmp_name'])){
        if ($this->message_location == 'direct') {
          $messageStack->add('search', WARNING_NO_FILE_UPLOADED, 'warning');
        } else {
          $messageStack->add_session('search', WARNING_NO_FILE_UPLOADED, 'warning');
        }
      }

There are several solutions given to this problem – here’s one that is just plain wrong:
http://www.pageonewd.com/local-search-seo/helpful-findings/oscommerce-warning-no-file-uploaded/

how to optimize and speed up the database of your oscommerce-based store

There are a lot of things going on in the mysql database of an oscommerce-based store. Data is getting written into table rows, other data is getting updated, some deleted. Over time all of these operations leave behind old markers for rows, empty blocks that could be used but are being ‘avoided’ etc that can build up to the point of causing weird errors in the cart.

Optimization is the jargon for cleaning up the debris in the database so the read/write processes run more efficiently, giving you quicker query times and more accurate, trouble free store operations. It’s the server equivalent of defragmenting a disk drive of your computer.

The optimization process is simple and I’d recommend performing this regularly. Here’s how:

If you have a cPanel hosting interface, look for the link to the database utility phpmyadmin:

phpmyadmin

Select the database you want to work on, then check the size of what’s referred to as ‘overhead’ – ie junk that prevents the database from working as smoothly and efficiently as it could:

overhead figure

If there is some, remove it by selecting All Tables (1) and then from the dropdown in the middle, Optimize Tables (2) :

select all tables and optimize

After the procedure has completed, the overhead count on the lower right should show 0 bytes. Job done :

overhead removed

How often do you have to optimize a database?
I recommend every 3 – 4 weeks.

Anything else we should do when there?
Never hurts to run Analyse Table as well as this is like a wheel alignment for the indexes and keys used on tables.

I’d also recommend truncating (ie emptying) the frequently updated tables like whos online, visual_verify_code and sessions.

If you need help with this contact me or alternatively I can provide maintenance like this (and more) on a support contract for your site

stop double htpasswd authentication for http https login in admin

If you have set up an htpasswd login to your admin (which is a good idea) you may be having to login twice to the htpasswd popup – once for an http and again for an https connection. This is so you’re authenticated in both connections which use different ports.

If you don’t want to have to login twice, here’s how to fix it:

1. The obvious way
If you login to your https admin using a http link, it will ask you to login twice in the htpasswd login popu.

Fix: Make sure your admin link/bookmark url you connect to your admin with starts with https://

2. Redirect all admin logins to https
Use this approach if 1. above doesn’t work.
Add the following to the top of the admin htaccess (not store htaccess file) to direct all admin urls to run under https.

Note – you must have 1) an htpasswd login setup and 2) an SSL certificate stored on your server to use this modification.

Find /admin/.htaccess and add at the top under the first commented line:

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "mywebsite.com"
ErrorDocument 403 https://mywebsite.com/admin

Note – change ‘mywebsite.com’ and also the ‘mywebsite.com/admin’ to your actual store’s domain name and admin (which shouldn’t be ‘admin’ either as this is a security risk.)

why do I need a SSL certificate (https connection) on my ecommerce site?

Your ecommerce website needs to have a valid SSL certificate installed and running.
Here’s some background and reasons why:

What’s does a SSL certificate do?

A Secure Socket Layer (SSL) certificate does a couple of things:

1. encrypts information entered into a form (a ‘form’ is exactly what it sounds like – any ‘fill in the box’ type page that requires you to enter in information and click a button on the screen; could be creating an account or sending an email to the store owner or signing up to a newsletter etc)
2. checks the integrity of the connection between the browser and the server (are you connected to the correct server?)

How can I tell it’s working?
The address bar will show a padlock and the word https:// in front of your website name on pages that require SSL encryption.


Note – there is no advantage in making all pages on your site https:// – it works with pages that have forms. Technically, https:// will slow down page loading speeds of your site and also may interfer with indexing by search engines. Most oscommerce-based carts have certain pages where https:// connections will be made, in particular logins, creating accounts and checkout.

But SSL certificates and https:// connections are just for payment pages though right?
Not true – a SSL certificate scrambles data and secures connections when any form is submitted (a form is basically what it sounds like – anytime you type information on a website, you’re probably filling out a form of some sort.)

So this means your admin and customer logins, contact us and create account pages as well all benefit from your server having a SSL certificate.

And if I don’t use one?
All of the data submitted will go as clear text, ie unencrypted. It is possible for unscrupulous people to set up ‘sniffer’ and ‘listening’ scripts and grab those clear text details being sent, which could gain them admin login details, customer address information as well as payment details.

Some payment gateways will not accept your payments without a valid SSL certificate installed and running on your site.

Also, the server may not in fact be the server you or your customers intended on reaching, as the integrity of the link will not have been verified to any extent.

Implications
Customers are now very aware of the https:// symbol in an address and if they don’t see it when they go to complete an order or set up an account, most will leave.

Identity fraud is a major industry around the world, so it is strongly recommended that if you want to get the business, you operate with a good SSL certificate in place and advertise the fact. Really, it’s a bare minimum to be in business online.

Furthermore, some payment gateways and processors require you as a merchant to have a valid SSL certificate installed before you can connect to them and use their services.

How do I get a SSL certificate?
There are a couple of ways – 1) contact your hosting company to set one up, or  2) Do It Yourself (DIY)

Installing a SSL certificate is not difficult as long as you have access to the interface needed. If you use cPanel, you can use the TLS/SSL Manager in the Security box on the right. Create a CRT and private key, go buy the certificate and supply these parts, generate certificate, copy emailed certificate in certificate box, install – done.

If you don’t have access to the necessary interface, contact your hosting company and ask them to install the certificate.

Most SSL resellers like RapidSSL, Geotrust, Verisign, Digicert etc have instruction sheets to assist you as well as online support.

SSL certificate prices range from under USD100 a year through to bank-level EV SSLs with multiple verifications (ie way over the top) costing much more. Get one that fits with your business volume and turnover – but most importantly, get one!

 

If you need help installing a SSL certificate please contact me via my Contact page.

gift vouchers, how to setup, use and manage

Gift Vouchers

There are two types of redeemable ‘credits’ in oscommerce-based carts:

  1. a printed voucher with a redemption code, value and message (physical) – this is basically a coupon
  2. purchased online credit sent to someone’s email address (electronic) – this is a gift voucher

You could have the first type printed up, sold through your online store as a regular product and mailed to the purchaser or recipient. This article is about the second type – the electronic gift voucher – which uses the store’s system to record credit.

Did you know ?

A little known FAQ script included with most installations can be found in the file gv_faq.php.

On www.yourwebsite.com the url address would be then: www.yourwebsite.com/gv_faq.php

Gift Vouchers Process (Buyer’s View)

  1. Purchase the GV product as you would any other product via checkout
  2. The value of the GV value is added to the Buyer’s Account as ‘credit’
  3. Buyer can send credit to a recipient’s email address, or use credit for themselves
  4. Recipient ticks checkbox in checkout to use GV balance – balances below the order value will require the Recipient to pay the balance using a different payment method
  5. Any unusued GV credit is recorded in the Recipient’s Account for later

Gift Vouchers Process (Admin’s View)

  1. GV is setup like any other product, except:
  • weight is usually zero
  • product_model must begin with the word GIFT
  1. Admin can collect purchases of GVs in a queue for checking before release to Buyer
  2. Admin needs to offer other payment methods for use with GVs below order total value
  3. The GV Order Total module should be enabled in Admin >> Modules >> Order Total

There are several considerations* for Admin in the GV system:

  • there is no way of telling Customer GV balances using the default reporting
  • if Release Queueing isn’t enabled in the Order Total module, the GV value will be credited immediately to the Buyer’s account
  • you’ll only be able to see purchased gvs through the order, as any non-queued gvs don’t go through the gv report.
  • there are issues using GVs and Paypal modules, in particular regarding $0.00 order balances and cancelling an order when on the Paypal site (GV value is still removed from Account)

*Not all of these considerations are found throughout all oscommerce-based carts. Zencart for example has a more reliable yet feature limited version of the system.