spooks Posted March 5, 2009 Posted March 5, 2009 What is the osCsid & why you must not loose it. This issue keeps raising its ugly head & many seem confused, so I will endeavor to give some light to the problems. The session id (sid or osCsid) is used by e-commerce applications to keep track of users as they browse the site to ensure the store knows who the user is so which is their basket & account. The sid is stored within the url and/or cookie (if available). So a url with sid would look like: http://www.domain-one.com/index.php?osCsid...52r43tWEFw34352 Clearly to ensure proper working of the above you must ensure no links to your site contain a sid either within search engines index (Prevent Spider Sessions), other sites linking to you or any links within your own site. If this does occur you can get users finding they are accessing another's account, orders getting mixed up and even billing going awry. There is a new tag (canonical) which could help you avoid this problem with search engines, though you must avoid this problem occurring in the first place. Example of use for product_info.php is: <link rel="canonical" href="<?php echo tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . (int)$_GET['products_id'],NONSSL,false); ?>" /> Equally when a user is on the site osC needs to ensure the users sid is kept throughout the visit, as if it is lost at any time the application will consider they are a new visitor, so they would loose the cart content, suddenly find their logged out again or even get lost halfway through checkout!! osC keeps the users sid between pages through use of the tep_href_link function, so all links must use tep_href_link to ensure the sid remains, you can circumvent this issue with 'Force Cookie Use' where since the sid is stored within the cookie if it is lost through any 'bad' code it can be picked up from there again. So should you create your own links and simply use something like <a href="index.php">Back Home</a> you are creating some major problems for yourself. Instead you should put <a href="<?php echo tep_href_link(FILENAME_DEFAULT); ?>">Back Home</a> The sid is also used by some contributions (like Anti Robot Registration Validation) where the sid is used as the root for creation of the code presented to the user, so if its missing code generation will not work. Contributions that may help if you have issues: SID Killer http://addons.oscommerce.com/info/952 Duplicate Content Manager http://addons.oscommerce.com/info/6214 For further reading see: http://www.oscommerce.info/kb/osCommerce/D...plementations/4 and http://www.oscommerce.info/kb/168 I hope that makes things clearer. ;) Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
spooks Posted March 5, 2009 Author Posted March 5, 2009 Another way you can loose sid is through the use of links to anchors on a page, like <a href="<?php echo tep_href_link(FILENAME_DEFAULT,'action=default#information'); ?>">More Info</a> the trouble with this is should the url contain a sid, the resulting link will be: http://www.domain-one.com/index.php?action...52r43tWEFw34352 since the sid occurs after the anchor link its ignored, so sid lost and disaster. The answer is to either don't use anchors, or test for the sid & don't use anchors if it exists. IE at top of page you have $sess_id = (tep_not_null(SID)); then the above link would become <a href="<?php echo tep_href_link(FILENAME_DEFAULT,'action=default' . ($sess_id ? '' : '#information')); ?>">More Info</a> I hope thats useful to some. :) Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
spooks Posted March 7, 2009 Author Posted March 7, 2009 Another place you can loose sid is through forms, if you creat a form with pure html like: <form name="contact_us" action="<?php echo FILENAME_CONTACT_US ?>" method="get"> Name: <input type="text" name="name"> More Text <input type="submit" value="Submit"> </form> As the form action does not contain the sid, its lost!! the correct method is: <?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send'), 'get'); ?> Name: <?php echo tep_draw_input_field('name'); ?> More Text <?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?> </form> Note the use of tep_href_link within the form. If your writing your own code, the details for the tep_href_link function are: tep_href_link($page, $parameters , $connection, $add_session_id , $search_engine_safe ) $page is the page you are linking to. $parameters is parameters for the url (action=send etc) $connection is SSL or NONSSL $add_session_id is normally 'true' so sid is added $search_engine_safe if set to true and SEARCH_ENGINE_FRIENDLY_URLS is set to 'true' (in admin) sef url's are created. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
TheZag Posted March 9, 2009 Posted March 9, 2009 First of all, thanks for your helpfull arguments. I need help on two issues. 1) :blush: I'm not able to write the right code for a "background-image" inside a table and in a td <table border="0" cellspacing="0" cellpadding="0" background-image="<?php tep_image(... etc 2) I put the McAfee Secure image and its link in my header.php I was able to quite let it work just creating a new function like tep_href_lonk and deleting the home references. I have the problem that as it adds the SID at the end of the link, this it doesn't open McAfee certificate page. But the question is, is it good to have it in the header ? I mean, thinking to this SID issue... Just to undertsand how it works, WHERE and HOW is better to put the SSL GoDaddy Link ? Same for McAffeee. If for example they are in the footer.php does it needed to change the code the same ? Or the loss of SID is just at the top of pages ? Thanks in advance for patience, I'm not a php programmer and I'm learning.
TheZag Posted March 9, 2009 Posted March 9, 2009 Hello, this will break the SID ? <table border="0" width="800" cellspacing="0" cellpadding="0" align="center" style="border:1px solid #000000; background-image:url(../img/backlogo.jpg);"> Thanks
spooks Posted March 9, 2009 Author Posted March 9, 2009 You don`t want the sid on links to external pages, you can tell tep_href_link to not add the sid with: tep_href_link('my_link.php, '',NONSSL,false); note the 'false' in the 4th argument, However as tep_href_link is for internal links on your site it will add http://www.your_domain.com to the link, which is not what you want As this is an external link you can just use the likes of use <a href="http://www.other site.html">Other Site</a> or you could use redirect.php Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
spooks Posted March 9, 2009 Author Posted March 9, 2009 No, its not a link!!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
TheZag Posted March 9, 2009 Posted March 9, 2009 No, its not a link!!! Thank you. :blush: Another thing. The script for GoDaddy SSL certificate has a script: <script type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=XXX" target="_blank"></script> Does this will break SID ? How can be changed this one ? Thanks a lot !
spooks Posted March 9, 2009 Author Posted March 9, 2009 As before, its linking off site, so no problem. :D Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
TheZag Posted March 13, 2009 Posted March 13, 2009 As before, its linking off site, so no problem. :D Sorry to bother you... PLEASE ! I think I changed all the tep_href_link... I tried Force Cookie Use... both as False and then as True... I tried Image Required as False and True... NOTHING ! I still have the lost SID red alert ! If I check in Admin the page Who's On Line I can see myself, but ID is 0. Is this right ? I begin to think I probably have some problems with Database... I mean, how to check if it records the SID and then it gives it back ? What can I also check ??? I think to have installed the contribution in the right way... HELP!!! ----------------------- I put an .htaccess file inside include folder with this code: <Files *.php> Order Deny,Allow Deny from all </Files> Is it right ? Or is it wrong ? ----------------------
spooks Posted March 13, 2009 Author Posted March 13, 2009 Please don`t make duplicate posts, its against forum rules & annoys many. I personally tend to ignore such posters & will also generally slow any responce. I`ve uploaded a new version of the package if you look in the other thread you put this in!!!! Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
TheZag Posted March 14, 2009 Posted March 14, 2009 Sorry for that. I don't know where to put my head to see the contribution working...
spooks Posted March 14, 2009 Author Posted March 14, 2009 Sorry for that.I don't know where to put my head to see the contribution working... Siamo spiacenti, non capisco, hai provato la nuova versione, o hai bisogno di vedere una demo? Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
TheZag Posted March 15, 2009 Posted March 15, 2009 Siamo spiacenti, non capisco, hai provato la nuova versione, o hai bisogno di vedere una demo? Not bad your italian ! It looks like you used some web-translator, anyway ! :rolleyes: I'm checking files... But, the thing I don't understand is... WHY all those sql versions ? And why there are not info in the help/install notes ? In the folder I upload, there was only one... Probably something was missing? About these release... Which SQL file do I have to use? Then, there's no reference to LINKS_SUBMIT-PAGe: what is it? Do this has to be installed ? If I run the last SQL file, the 3.0 is it enough? If you re-wrote all previous code, as I have many add-ons and not a new/clear installation, do I have to delete all codes of previous version? GRAZIE PER L'AIUTO ! I don't think I have to see a demo, I understood how the contribution should works... I would like my e-store to be ready to publish, it's almost 1 year I'm working with... And it's not something particoularly incredible (talking about graphic or visual impact...). I hope to solve this issue.
spooks Posted March 15, 2009 Author Posted March 15, 2009 Yes, my mate Google writes my Italian for me!!! I will reply in the contrib thread, as this don`t belong here. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
ivyfleur Posted March 19, 2009 Posted March 19, 2009 Hi Sam, Apologies for bothering you but I tried this <a href="<?php echo tep_href_link(FILENAME_CONTACT_US); ?>">Contact Us</a> which brought up an error page which states somthing similar to URL /catalog/ not found on this server. Not sure what I am doing wrong.
spooks Posted March 19, 2009 Author Posted March 19, 2009 You have errors in your configuration typical config files: CATALOG/ADMIN/INCLUDES/CONFIGURE.PHP define('HTTP_SERVER', 'http://www.my-site.co.uk'); define('HTTP_CATALOG_SERVER', 'http://www.my-site.co.uk'); define('HTTPS_CATALOG_SERVER', 'http://www.my-site.co.uk'); define('DIR_WS_HTTP_CATALOG', '/servername/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/servername/catalog/'); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', '/home/servername/public_html/catalog/'); define('DIR_WS_ADMIN', '/catalog/admin/'); define('DIR_FS_ADMIN', '/home/servername/public_html/catalog/admin/'); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', '/home/servername/public_html/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); CATALOG/INCLUDES/CONFIGURE.PHP define('HTTP_SERVER', 'http://www.my_site.co.uk'); define('HTTPS_SERVER', 'http://www.my_site.co.uk'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'www.my_site.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'www.my_site.co.uk'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/servername/public_html/catalog/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'Localhost'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); if your store is in the root remove catalog/ above I suspect you have catalog/ in there, but have a root based site Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
ivyfleur Posted March 19, 2009 Posted March 19, 2009 Thanks for the response Sam. I compared those files and the only difference is that I have the following two lines missing from my admin includes define('DIR_WS_HTTP_CATALOG', '/servername/catalog/');define('DIR_WS_HTTPS_CATALOG', '/servername/catalog/'); All the other entries match. Not sure what to do?
ivyfleur Posted March 19, 2009 Posted March 19, 2009 Opps and one more thing. When you say remove "catalog" I am not sure which lines you are referring to. And yes the store is root based.
spooks Posted March 19, 2009 Author Posted March 19, 2009 as in where-ever catalog/ appears, remove it, so: define('DIR_WS_HTTP_CATALOG', '/servername/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/servername/catalog/'); becomes define('DIR_WS_HTTP_CATALOG', '/servername/'); define('DIR_WS_HTTPS_CATALOG', '/servername/'); Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
ivyfleur Posted March 19, 2009 Posted March 19, 2009 Whoa no good. Did as you suggested and the page loads with a whole bunch of errors and with a whole bunch of /.../...catalog not found messages.
spooks Posted March 19, 2009 Author Posted March 19, 2009 you seem to have a strange site then?? To clarify tep_href_link uses HTTP_SERVER and DIR_WS_HTTP_CATALOG or ssl versions Can you give the precise error shown & perhaps a url? Is it a template? Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
ivyfleur Posted March 19, 2009 Posted March 19, 2009 No template. The website can be view here and no SSL yet. Note that I don't have to type "www" in the url for the website. Okay what I did was to remove all references to catalog in both files. So as an example this is what it looked like for the catalog/includes/configure.php <?php define('HTTP_SERVER', 'http://website url'); define('HTTPS_SERVER', 'http://website url'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'website url'); define('HTTPS_COOKIE_DOMAIN', 'website url'); define('HTTP_COOKIE_PATH', ''); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', ''); define('DIR_WS_HTTPS_CATALOG', ''); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/servername/public_html/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); ?> and for the admin/includes/configure <?php define('HTTP_SERVER', 'http://website url'); define('HTTPS_SERVER', 'http://website url'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', 'website url'); define('HTTPS_COOKIE_DOMAIN', 'website url'); define('HTTP_COOKIE_PATH', ''); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', ''); define('DIR_WS_HTTPS_CATALOG', ''); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/servername/public_html/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); ?> Are the amendments correct? If yes, I'll try uploading again and see what errors and post them here.
spooks Posted March 19, 2009 Author Posted March 19, 2009 No, why do you think u have a root site, you have a catalog based site, so u must not remove catalog/ I hope u realise u must replace servername with that for your server so 'DIR_WS_HTTP_CATALOG' is iether define('DIR_WS_HTTP_CATALOG', '/servername/'); or in your case define('DIR_WS_HTTP_CATALOG', '/servername/catalog/'); Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
ivyfleur Posted March 19, 2009 Posted March 19, 2009 Okay I see. I'll try again this time bearing in mind that it's not at root. I'll report back here if there are any errors. Thanks Sam.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.