Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

tearing my hairs out... migrate OSC 2.2 to PHP5.3


moonoi

Recommended Posts

I have to migrate an old OSC installation (ver. 2.2) to a server running PHP 5.3

 

So far, I've done the following:

 

- replace all the ereg, eregi and split by preg functions and explode

- replace all $PHP_SELF by $_SERVER['PHP_SELF']

- replace all $HTTP_POST_VARS by $_POST

- replace all $HTTP_GET_VARS by $_GET

- delete some " global $_SERVER['PHP_SELF'] " (WTF was that anyway?)

 

now the shop *looks* ok, but ... the shopping cart doesn't work, i.e. nothing happens when "buy now" is clicked.

 

this OSC installation had the globals off patch installed.

 

sometimes the browser complains about wrong encoding.

 

The server runs mod_security, I switched it off, changed nothing

 

I also tried to switch register globals on: no effect.

(safe mode is off, of course)

 

any ideas?

Link to comment
Share on other sites

  • Replies 53
  • Created
  • Last Reply

any ideas?

 

For long arrays you shouldn't really have had a problem as the osC patch .. shown below maps long arrays to the more current superglobals: -

 

catalog/includes/functions/compatibility.php

 

  if (PHP_VERSION >= 4.1) {
$HTTP_GET_VARS =& $_GET;
$HTTP_POST_VARS =& $_POST;
$HTTP_COOKIE_VARS =& $_COOKIE;
$HTTP_SESSION_VARS =& $_SESSION;
$HTTP_POST_FILES =& $_FILES;
$HTTP_SERVER_VARS =& $_SERVER;
 } else {
if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array();
if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array();
if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array();
 }

 

Re: wrong encoding .. I think you have errors and compression is set to on creating an untraceable error. Try turning gzip compression off.

 

Re:: The shopping cart problem .. I think it relates to the mapping of long arrays to _GET.

Link to comment
Share on other sites

Thank you,

 

turned off gzip, no more complaints about encoding

 

the change in compatibility.php helped with bringing back the top of screens messages reminding me to chmod down configure.php, but still no luck with adding products to the cart.

 

where else could I look?

Link to comment
Share on other sites

freaky...

 

the product_info.php page shows a form that gets posted to the same page, with action=add_product

 

I put this at the top, before even application_top gets included:

 

echo '<br>POSTaction='.$_POST['action'];

echo '<br>GETaction='.$_GET['action'];

 

and when I click on "in cart", the output is... nothing!

 

that's right, I just get

POSTaction=

GETaction=

plus the rest of the normal output for the product_info page

 

very very very strange

 

tried the same at the top of application_top which is supposed to get the GET and POST parameters... but nothing as well

 

I totally don't understand - please help?

Link to comment
Share on other sites

The cart actions are captured in application_top.php

Link to comment
Share on other sites

ok...

 

I did the following, added this at the top of application_top:

 

echo '<br>GETProductID='.$_GET['products_id'];
echo '<br>POSTProductID='.$_POST['products_id'];
echo '<br>GETaction='.$_GET['action'];
echo '<br>POSTaction='.$_POST['action'];
die();

 

the output was:

GETProductID=357

POSTProductID=357

GETaction=add_product

POSTaction=

 

so it does get the info. now... why does application_top lose it before it reaches the cart?

Link to comment
Share on other sites

I'm off to bed soon.

 

1) Install KisseR ( as you are obviously debugging .. see my sig ).

 

2) The initial code to capture this issue is ..

 

// customer adds a product from the products page

case 'add_product' : if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) {

$attributes = isset($HTTP_POST_VARS['id']) ? $HTTP_POST_VARS['id'] : '';

$cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $attributes))+1, $attributes);

}

tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

break;

Link to comment
Share on other sites

yes, I tracked it down to that point:

 

apparently this line has no effect:

 

$cart->add_cart($_POST['products_id'], $cart->get_quantity(tep_get_uprid($_POST['products_id'], $_POST['id']))+1, $_POST['id']);

 

another thing I noticed is that the oscsid keeps changing when I click on "add to cart"

Link to comment
Share on other sites

@@moonoi

 

If the OSCID changes, it means you do not have sessions set properly. The OSCID should disappear from the URL after 1-2 clicks.

 

 

 

Chris

Link to comment
Share on other sites

hmm... discovered this at the end of the sessions.php file

 

looks suspicious!

 

// >>> BEGIN REGISTER_GLOBALS
 // Work-around function to allow disabling of register_globals in php.ini
 // This is pretty crude but it works. What it does is map session variables to
 // a corresponding global variable.
 // In this way, the main application code can continue to use the existing
 // global varaible names but they are actually redirected to the real session
 // variables
 //
 // If the global variable is already set with a value at the time of the mapping
 // then it is copied over to the real session variable before being mapped back
 // back again
 //
 // Parameters:
 // var_name - Name of session variable
 // map - true = map variable, false = unmap varaible
 //
 // Returns:
 // None
 function link_session_variable($var_name, $map)
 {
   if ($map)
   {
  // Map global to session variable. If the global variable is already set to some value
  // then its value overwrites the session varibale. I **THINK** this is correct behaviour
  if (isset($GLOBALS[$var_name]))
  {
    $_SESSION[$var_name] = $GLOBALS[$var_name];
  }
  $GLOBALS[$var_name] =& $_SESSION[$var_name];
   }
   else
  {
  // Unmap global from session variable (note that the global variable keeps the value of
  // the session variable. This should be unnecessary but it reflects the same behaviour
  // as having register_globals enabled, so in case the OSC code assumes this behaviour,
  // it is reproduced here
  $nothing = 0;
  $GLOBALS[$var_name] =& $nothing;
  unset($GLOBALS[$var_name]);
  $GLOBALS[$var_name] = $_SESSION[$var_name];
   }
 }
// <<< END REGISTER_GLOBALS

Link to comment
Share on other sites

You mentioned replacing split by explode... were you careful to do that only where the delimiter was a constant string? Where it was a choice of characters (regular expression), you need to use preg_split(). And of course, every place you are now using a preg_* function, you put in delimiters such as / /.

Link to comment
Share on other sites

wow, I tried to force the use of cookies, and I get the message that my browser doesn't allow cookies.

 

something is very wrong!

and very frustrating too

 

Now I'm just stabbing at the problem at random and every stab is a crap shoot

 

I don't know what to do, would be glad for a solution.

Link to comment
Share on other sites

what about this in sessions.php: $vars = explode($session->delimiter, $data);

 

If $session->delimiter is a choice using square brackets [ ], e.g., '/[ .:]/', you must use preg_split(). If it's definitely a fixed character, e.g., ' ', you can use explode. If you don't know, preg_split should be safe, except you need to wrap delimiters around it (if they're not already there):

$vars = preg_split('/' . $session->delimiter . '/', $data);

This assumes / isn't found within $session->delimiter (in which case, use # # or something else).

Link to comment
Share on other sites

I tried - didn't help. I don't think that's the issue.

 

I really don't know what to do - why does OSC tell me that my browser doesn't allow cookies?

 

I'm sure it is just a small thing in one of the files

 

Here is my catalog session.php file

(I also got a more modern one, but it doesn't work either)

 

<?php
/*
 $Id: sessions.php,v 1.19 2003/07/02 22:10:34 hpdl Exp $
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2003 osCommerce
 Released under the GNU General Public License
*/
 if (STORE_SESSIONS == 'mysql') {
if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) {
  $SESS_LIFE = 1440;
}
function _sess_open($save_path, $session_name) {
  return true;
}
function _sess_close() {
  return true;
}
function _sess_read($key) {
  $value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'");
  $value = tep_db_fetch_array($value_query);
  if (isset($value['value'])) {
	return $value['value'];
  }
  return false;
}
function _sess_write($key, $val) {
  global $SESS_LIFE;
  $expiry = time() + $SESS_LIFE;
  $value = $val;
  $check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
  $check = tep_db_fetch_array($check_query);
  if ($check['total'] > 0) {
	return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
  } else {
	return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
  }
}
function _sess_destroy($key) {
  return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'");
}
function _sess_gc($maxlifetime) {
  tep_db_query("delete from " . TABLE_SESSIONS . " where expiry < '" . time() . "'");
  return true;
}
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
 }
 function tep_session_start() {
// >>> BEGIN REGISTER_GLOBALS
$success = session_start();
// Work-around to allow disabling of register_globals - map all defined
// session variables
if ($success && count($_SESSION))
{
  $session_keys = array_keys($_SESSION);
  foreach($session_keys as $variable)
  {
	link_session_variable($variable, true);
  }
}
return $success;
// <<< END REGISTER_GLOBALS
 }
 function tep_session_register($variable) {
global $session_started;
// >>> BEGIN REGISTER_GLOBALS
$success = false;
if ($session_started == true) {
// -skip-   return session_register($variable);
  // Work-around to allow disabling of register_globals - map session variable
  link_session_variable($variable, true);
  $success = true;
}
return $success;
// <<< END SESSION_REGISTER
 }
 function tep_session_is_registered($variable) {
// >>> BEGIN REGISTER_GLOBALS
//	return session_is_registered($variable);
return isset($_SESSION[$variable]);
// <<< END REGISTER_GLOBALS
 }
 function tep_session_unregister($variable) {
// >>> BEGIN REGISTER_GLOBALS
// Work-around to allow disabling of register_gloabls - unmap session variable
link_session_variable($variable, false);
unset($_SESSION[$variable]);
//  return session_unregister($variable);
return true;
// <<< END REGISTER_GLOBALS
 }
 function tep_session_id($sessid = '') {
if (!empty($sessid)) {
  return session_id($sessid);
} else {
  return session_id();
}
 }
 function tep_session_name($name = '') {
if (!empty($name)) {
  return session_name($name);
} else {
  return session_name();
}
 }
 function tep_session_close() {
// >>> BEGIN REGISTER_GLOBALS
// Work-around to allow disabling of register_gloabls - unmap all defined
// session variables
if (count($_SESSION))
{
  $session_keys = array_keys($_SESSION);
  foreach($session_keys as $variable)
  {
	link_session_variable($variable, false);
  }
}
if (PHP_VERSION >= '4.0.4') {
  session_write_close();
} elseif (function_exists('session_close')) {
  session_close();
}
// <<< END REGSITER_GLOBALS
 }
 function tep_session_destroy() {
// >>> BEGIN REGISTER_GLOBALS
// Work-around to allow disabling of register_gloabls - unmap all defined
// session variables
if (count($_SESSION))
{
  $session_keys = array_keys($_SESSION);
  foreach($session_keys as $variable)
  {
	link_session_variable($variable, false);
	unset($_SESSION[$variable]);
  }
}
// <<< END REGISTER_GLOBALS
return session_destroy();
 }
 function tep_session_save_path($path = '') {
if (!empty($path)) {
  return session_save_path($path);
} else {
  return session_save_path();
}
 }
 function tep_session_recreate() {
if (PHP_VERSION >= 4.1) {
  $session_backup = $_SESSION;
  unset($_COOKIE[tep_session_name()]);
  tep_session_destroy();
  if (STORE_SESSIONS == 'mysql') {
	session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
  }
// >>> BEGIN REGISTER_GLOBALS
//	tep_session_start();
//	$_SESSION = $session_backup;
  session_start();
  $_SESSION = $session_backup;
  // Work-around to allow disabling of register_globals - map all defined
  // session variables
  if (count($_SESSION))
  {
	$session_keys = array_keys($_SESSION);
	foreach($session_keys as $variable)
	{
	  link_session_variable($variable, true);
	}
  }
// <<< END REGISTER_GLOBALS
  unset($session_backup);
}
 }
// >>> BEGIN REGISTER_GLOBALS
 // Work-around function to allow disabling of register_globals in php.ini
 // This is pretty crude but it works. What it does is map session variables to
 // a corresponding global variable.
 // In this way, the main application code can continue to use the existing
 // global varaible names but they are actually redirected to the real session
 // variables
 //
 // If the global variable is already set with a value at the time of the mapping
 // then it is copied over to the real session variable before being mapped back
 // back again
 //
 // Parameters:
 // var_name - Name of session variable
 // map - true = map variable, false = unmap varaible
 //
 // Returns:
 // None
 function link_session_variable($var_name, $map)
 {
if ($map)
{
  // Map global to session variable. If the global variable is already set to some value
  // then its value overwrites the session varibale. I **THINK** this is correct behaviour
  if (isset($GLOBALS[$var_name]))
  {
	$_SESSION[$var_name] = $GLOBALS[$var_name];
  }
  $GLOBALS[$var_name] =& $_SESSION[$var_name];
}
else
  {
  // Unmap global from session variable (note that the global variable keeps the value of
  // the session variable. This should be unnecessary but it reflects the same behaviour
  // as having register_globals enabled, so in case the OSC code assumes this behaviour,
  // it is reproduced here
  $nothing = 0;
  $GLOBALS[$var_name] =& $nothing;
  unset($GLOBALS[$var_name]);
  $GLOBALS[$var_name] = $_SESSION[$var_name];
}
 }
// <<< END REGISTER_GLOBALS
?>

Link to comment
Share on other sites

BTW, thank you very much to everybody who is trying to help me!

 

and since it is nearly 1:30 am and I got my seventh beer already, I'll go sleep now.

 

I hope to find a solution tomorrow.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...