Responsive osCommerce - Bootstrap

[♥BrockleyJohn]

Afterthought: when changing content using jquery you need to bear in mind that it might affect how it's analysed by search engines. I'm guessing you're just moving stuff around which might not matter but make sure to check how the page appears on webmaster tools and so on.

[trier]

@burt @BrockleyJohn

Hi, Thank you for your comments. Because of the significant number of changes to my website, keeping it up-to-date is always a headache (particularly given my total lack of organising/documentation skills). Although there is obviously a bit of a processing overhead, I figured changes would be easier to identify/understand if kept outside core scripts.

 

Regarding search engine view of pages where elements have been moved/replaced/deleted by jQuery, the product_listing & product_info page titles/headings are quite heavily changed, I may need to check that it doesn’t have a negative impact.

 

Thank you for your help

[Demitry]

ok, so I noticed something that I think needs to be addressed. While working on my site I am seeing that my own customer test-account session never ends. The one for my admin session seems to end sporadically and only after a few days. Today I searched for a fix and found one, though I have not implemented it yet.

Possibly for a future release, this should be something the store owner could control and it should not be set to last forever as default.

So, my question is,.. is the solution in the link above the best one or is there a different fix for this issue? Thanks.

 

 

[burt]

3 hours ago, Demitry said:

 this should be something the store owner could control and it should not be set to last forever as default.

It isn't and it doesn't.

This would be a problem at your end...perhaps at your configuration or perhaps at your server.

[♥beerbee]

Hi, @Demitry and @burt

it is the same here on my BSEdge playground, running on german 1und1 shared hosting, PHP Version 5.6.31, sessions stored in file, the above mentioned fix works, I have to hope it is not harmful in anyway.

Best regards

Christoph

 

[♥Stephan Gebbers]

6 minutes ago, beerbee said:

Hi, @Demitry and @burt

it is the same here on my BSEdge playground, running on german 1und1 shared hosting, PHP Version 5.6.31, sessions stored in file, the above mentioned fix works, I have to hope it is not harmful in anyway.

Best regards

Christoph

 

Same here, i had to learn early that the sessions don't run out. i am on my own server and using the same solution @Demitry mentioned earlier.

[burt]

You are all on 1und1 ?

[♥beerbee]

@burt

The  (oldeee) live store  is also running on 1und1 shared hosting with  php 5.5.38  sessions also stored in file, its a kind of v2.3.3.2 oscommerce, there are no problems with sessions expiring, i could post the code of that old sessions.php if you think that it is useful regarding diffferencies.

Best regards

Christoph

 

[Demitry]

@burt

My hosting company right now is webhostinghub.com and I have the latest PHP version for this BS Edge install. I did however, look in the php.ini file after you said it is a configuration issue on my end. And I did find the following code in it. Though, if this is a configuration piece that can be controlled from the application admin area, then it probably should be, right?

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
;     session.save_path = "N;/path"
; where N is an integer.  Instead of storing all the session files in 
; /path, what this will do is use subdirectories N-levels deep, and 
; store the session data in those directories.  This is useful if you 
; or your OS have problems with lots of files in one directory, and is 
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage 
;       collection through a shell script, cron entry, or some other method. 
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 1
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security. 
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

 

[♥Stephan Gebbers]

10 hours ago, burt said:

You are all on 1und1 ?

No, dedicated linux server with apache, mysql, php 5.4.45

[burt]

OK all.

When you guys get to the bottom of it...post back.  I am clearly stating that the problem is not at the osCommerce code, but I am happy to be proven wrong.

[♥kymation]

@Demitry  OsCommerce does not use the PHP session handler, so the session settings in your php.ini should have no effect. There may be a setting somewhere in there that affects the osC internal session code, but I'm not aware of any.

Regards

Jim

[Demitry]

@kymation

hey Jim,

Thanks, ..I didn't know that. I actually thought that the following setting was responsible for the session not expiring. However, I did not move to test it because it would have to be the same setting for both the admin panel and the catalog sessions,.. and that was not the case.

session.cookie_lifetime = 0

Instead, I took what Carl Nordstrom did improved on it, and made it into an addon that can controlled from Admin>Configuration>Sessions. I tested it and it works great. The screenshot is below. Please take a look and see if it can be improved.

https://apps.oscommerce.com/Apps&2MAEV&session-expiration-control

@burt

hey Burt,

You're probably right and this is not a bug with osC, but the point here is that if this problem occurs over various hosting set-ups, then shouldn't the store owner have control over it from the application side?

 

[241]

@Demitry It used to be controlled by session.gc_maxlifetime in includes/functions/sessions.php

[Demitry]

@241

Thanks Steve, I did not know about that either.

 

[burt]

https://github.com/gburton/Responsive-osCommerce/commit/8c24032cae5de0d77a3d78196de6950a869d73f1

Custom Data allows the possibility to do kinky stuff with javascript.

Thank You to @BrockleyJohn for taking the time out to test prior to Core Commit.

[ArtcoInc]

@burt

1 hour ago, burt said:

https://github.com/gburton/Responsive-osCommerce/commit/8c24032cae5de0d77a3d78196de6950a869d73f1

Custom Data allows the possibility to do kinky stuff with javascript.

Thank You to @BrockleyJohn for taking the time out to test prior to Core Commit.

Example of how this could be used?

Malcolm

[♥BrockleyJohn]

7 minutes ago, ArtcoInc said:

@burt

Example of how this could be used?

Malcolm

You could disable the buy button if there's no stock...

[ArtcoInc]

@BrockleyJohn

3 minutes ago, BrockleyJohn said:

You could disable the buy button if there's no stock...

I have already done this by editing the core code. Are you saying that this can now be done with no core changes?

And, if so, can you give a sample?

Malcolm

[♥BrockleyJohn]

@ArtcoInc yes, but I'm going to test the code before I post it ;)

[ArtcoInc]

@BrockleyJohn

[♥BrockleyJohn]

    function execute() {
      global $PHP_SELF, $oscTemplate;

      if (tep_not_null(MODULE_HEADER_TAGS_GRID_LIST_VIEW_PAGES)) {
        $pages_array = array();

        foreach (explode(';', MODULE_HEADER_TAGS_GRID_LIST_VIEW_PAGES) as $page) {
          $page = trim($page);

          if (!empty($page)) {
            $pages_array[] = $page;
          }
        }

        if (in_array(basename($PHP_SELF), $pages_array)) {
		  $script = <<<EOS
<script>
  $(document).ready(function() {
    $('*[data-in-stock]').filter(function () {
	  return $(this).data('in-stock') <= 0;
	}).each(function() {
	  $(this).addClass('disabled'); // use to change appearance
	  $(this).attr('disabled', true);
	});
  });
</script>
EOS;
        	$oscTemplate->addBlock($script, $this->group);
        }
      }
    }

pop that in a header tags module (base it on the grid list one but change the names obviously)

[Demitry]

hi,

I noticed that product_info.php page and product_reviews.php (and likely some others) have addslashes($product_info['products_name']), which displays a backslash before an apostrophe in the alt tags for the product image. 

I changed it to stripslashes(),.. but was wondering if there is any significant purpose to keeping the addslashes() alt tags?

 

[Demitry]

another question... I installed a threat scanner and ran it. One of the things it identified was the /admin/define_language.php file. I know that this file had some security vulnerabilities in the older versions of osC. I assume that those vulnerabilities are now secured in that file. With what version of osC were these changes made to resolve the security issues? Thanks.

 

 

[♥BrockleyJohn]

4 hours ago, Demitry said:

hi,

I noticed that product_info.php page and product_reviews.php (and likely some others) have addslashes($product_info['products_name']), which displays a backslash before an apostrophe in the alt tags for the product image. 

I changed it to stripslashes(),.. but was wondering if there is any significant purpose to keeping the addslashes() alt tags?

 

That's not from core. The core code is

      echo tep_image('images/' . $product_info['products_image'], NULL, NULL, NULL, 'itemprop="image" style="display:none;"');

Doesn't populate alt at all