Tag Archives: things you can do without

tinymce editor box outlines visible when editing product

If you’re seeing outline boxes appearing in product edit pages of your 6.4.x or earlier cart caused by the tinymce editor, like this:

here’s the fix:

file: admin/editors/tiny_mce.php, around line 57


    echo "n";




if(substr($textarea, -1, 1) == ','){
     $textarea = substr($textarea,0,-1);
    echo "n";


how to upgrade oscommerce-based scripts from php 5.2.x to php 5.3.x

More and more hosting companies are upgrading their servers to run php 5.3. For most carts, this will mean an error log file full of deprecated error messages – warnings that one day, the functions being used will be removed entirely and the script will break.

If you’re running an older version of your oscommerce-based cart software (eg Cre Loaded 6.4.1, Oscommerce 2.2 etc) you will find that your error log file will fill up with deprecated messages from a number of files still using old calls like ‘ereg’ and ‘ereg_replace.’

You could switch these error messages off if you can control the error_reporting configuration on the server you’re on, but there’s a chance that when php 5.4 is adopted by hosting companies (RC6 of this was released January 2012) many of these deprecated messages now will become broken scripts then.

Updating most of these old calls can be fairly easy – here is a reference table that will help:

ereg() = preg_match()
ereg_replace() = preg_replace()
eregi() = preg_match() with the 'i' modifier
eregi_replace() = preg_replace() with the 'i' modifier
split() = preg_split()
spliti() = preg_split() with the 'i' modifier

As an example – cre loaded 6.4.1a B2B file /includes/functions/general.php :

if (ereg('^[0-9]+$', $value)) {

would become

if (preg_match('/^[0-9]+$/', $value)) {

(note ereg becomes preg_match and the forward slashes (delimiters) are added in)

Other deprecated functions and directives are more involved and may in fact only be configurable by the hosting company if they don’t allow custom php.ini files. There are other examples in the code that can simply be removed to upgrade to php 5.3.x and will stop the deprecated message.

A popular old check in Cre Loaded is a 6.2 version check – this from /admin/includes/runtime/orders/RC_orders_boxesbottom.php:

  if (defined('PROJECT_VERSION') && ereg('6.2', PROJECT_VERSION)) {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '0');
  } else {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '2');

In this case the ‘upgrade’ would be to remove the old version check (bypassing the need for the deprecated ereg check.)

Third-party modules may cause grief when your hosting company upgrades to php 5.3.
At the time of writing this, Magneticone’s modules that use Zend Optimizer for decoding will break as Zend hasn’t provided a backward compatible version of the ZO for scripts using php 5.2.x. Magneticone’s advice in this situation is to use the ioncube versions of the scripts only (as they haven’t upgraded their modules to use the standalone ZO php 5.3 version either.) Nuisance.

If you’re unsure about these changes, contact me for a quote to help you upgrade from php 5.2 to php 5.3

how to modify the visual verify code (VVC) system

The visual verify code (or VVC) is a feature of cre loaded and other oscommerce-based carts and is designed to reduce the amount of spam and automated bot abuse of a store’s email system. It can appear (and be enabled/disabled through the admin) in several parts of the cart, each involving some sort of form submission to the owner of the store. So it’s an attempt to prove that it is a person sending the email and not a crawler or automated script.

In cre loaded, it is used for:
– password recovery
– creating a new account
– contacting the store owner via contact us
– product or article review submission
– sending tell-a-friend emails about a product or article
– submitting a link

However, it’s effectiveness is limited and in some cases it can be more hassle than it’s worth – eg sometimes the vvc code is difficult for us humans to read due to similar characters or the size of the display etc. These modifications may help if you’re experiencing problems.
image of visual verify code modifications to cre loaded vvc

#1 – Change the size of the pool of characters that the code can be drawn from
In some fonts upper- and lowercase I i L l as well as O o and the number 0 can appear very similar and can cause confusion. The pool of letters and numbers the visual verify code system uses is defined in the file /includes/languages/english/english.php :


define('VISUAL_VERIFY_CODE_CHARACTER_POOL', 'ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz123456789');  //no zeros or O

replace with:
define('VISUAL_VERIFY_CODE_CHARACTER_POOL', '123456789');  // numbers only

The replacement pool of only numbers may seem drastic, but it is a lot easier for customers to verify the code correctly.

#2 – Change the size of the input box where the code is to be entered


<td class="main"><?php echo tep_draw_input_field('visual_verify_code', '', 'size="15"') . '&nbsp;' . '<span class="inputRequirement">' . VISUAL_VERIFY_CODE_ENTRY_TEXT . '</span>'; ?></td>


<td class="main"><?php echo tep_draw_input_field('visual_verify_code', '', 'size="' . VVC_INPUT_SIZE . '"') . '&nbsp;' . '<span class="inputRequirement">' . VISUAL_VERIFY_CODE_ENTRY_TEXT . '</span>'; ?></td>

This will tidy up the VVC area and also supports a reduced number of characters being used. Various template or catalog files would need to be edited here, as per the list given above. This means by default you’d need to change this in each occurance of the VVC code. A way to improve this is to create a switch in the VVC configuration area of the admin, and set the input box width there (using the second block of code above, together with the sql query below.) You would still have to edit several template related files, but from then on changing this setting in the admin page would change them all.

INSERT INTO `<<the name of your database goes here>>`.`configuration` (`configuration_id`, `configuration_title`, `configuration_key`, `configuration_value`, `configuration_description`, `configuration_group_id`, `sort_order`, `last_modified`, `date_added`, `use_function`, `set_function`) VALUES (NULL, 'VVC Input Box Size', 'VVC_INPUT_SIZE', '15', 'Size of the VVC input box', '420', '9999', '0000-00-00 00:00:00', '0000-00-00 00:00:00', NULL, NULL);

#3 – Reduce the length of the VVC code and width of the VVC Image box
By default, from 3 to 6 alphanumeric characters are displayed as the visual verify code. By changing the numbers, a different range can be used:


By default - 3 to 6 characters:
for ($i = 1; $i <= rand(3,6); $i++){

Here - 3 to 4 characters:
for ($i = 1; $i <= rand(3,4); $i++){

After reducing the number of characters displayed, you may need to resize the width of the code box. This is done easily through admin >> configuration >> vvc configuration >> VVC Image Width – in the example, this was set to 125.

mod pagespeed causes google checkout problems on dreamhost vps

If you’re running a vps (virtual private server), an oscommerce-based cart, a 3rd party google checkout payment module that requires zend optimizer and happen to be with a hosting company that offers ‘web site optimizations’ … (yeah I know, pretty select situation), make sure to take a close look at the web hosting control panel because ‘page speed optimization defaults’ may include the apache module mod_pagespeed, Google’s own bash at making your sites go faster.

A recent job I had was to fix a failing google checkout callback for a client who runs a site on a dreamhost vps. After a lot of of tests and removing various caching and compression features, plus an investigation into php compiled via fastcgi (that I wouldn’t recommend to anyone), I noticed that all the stylesheets were getting linked together in the page source code of the site. For example, a cre loaded site running product page tabs and a social media box might look:

http://mysite.com/cgi-bin/dispatch.fcgi/templates/mytemplate/sty lesheet.css+tabs,_tabpane.css.pagespeed.cc.1234abc.css

Note ‘pagespeed’ in the url – this is an indicator that you too have google’s mod_pagespeed running on your server.

It was easy to deactivate the Page Speed Optimization module (which includes mod_pagespeed – remove a tick in a box) but man, it took some hunting down (mainly because I wasted time looking at the ‘complicated’ when it would be better to check the ‘obvious.’)

You can read a whole lot more about Google’s ‘Page Speed Optimization’ suite of tools (which includes the apache mod_pagespeed) from this url: code [dot] google [dot] com/speed/page-speed/

Here is a list of some of the filters it uses, to give you an idea of what it might do to for your site:

ModPagespeedEnableFilters combine_css
ModPagespeedEnableFilters rewrite_css,rewrite_javascript
ModPagespeedEnableFilters inline_css,inline_javascript
ModPagespeedEnableFilters rewrite_images
ModPagespeedEnableFilters insert_img_dimensions
ModPagespeedEnableFilters remove_comments
ModPagespeedEnableFilters extend_cache
ModPagespeedEnableFilters remove_quotes

cre loaded adserver authsecure annoyance

I was working on a client’s site today and found the admin panel was slow to load. The url it was getting stuck on was one of the adserver.authsecure.com links, one of the Cre direct ‘feeds’ into the admin panel.

Taking a closer look at a some files in the admin revealed a possible solution for Cre Loaded 6.4.x users:

The file is admin/messages.php
Find (around line 27):

case 'upgrade': //index
  $n = 'a6bb2567';
  $zone = '50';
  echo cre_iframe($n,$zone);

Replace with:

case 'upgrade': //index
  $n = 'a7d7b7d2';
  $zone = '49';
  echo cre_iframe($n,$zone);

Find and delete this block (around line 45):

case 'login': //std admin login nag
  $n = 'ac49906f';
  $zone = '103';
  echo cre_iframe($n,$zone);