osCommerce Blog - osCommerce solutions for business

Good news - ‘ve just purchased a brand new MAC Mini box. The little thing will ensure new osCommerce online stores are designed and developed compatible with MAC browsers such as Safari, MS IE for MAC, and so on.

Our design team can’t wait to plug it in and start using it. Farewell MAC OS PC and Web based simulators, long live MAC Mini !

(Our osCommerce Development team will try to find out if the little white box can actually host an osCommerce site very soon!)

A customer brought a problem to our attention today. They sent a newsletter to their subscribers an accidentally included an URL to one of the pages of their web site that contained osCommerce session ID.

This resulted into several of the subscribers seeing shopping cart of each other. An immediate solution was to block that specific session ID.

But lets see what happens in case a search engine spiders a link to some page of an osCommerce web site that contains session ID, or if such link gets included into a newsletter, again with session ID.

Each time a new visitor comes to the web site - osCommerce creates a new session, and then uses that session to store various variables, including customer’s login information if the customer chooses to log in. Shopping cart is also stored in the session. Sessions themselves can be stored in the database or in one of the folders (usually /tmp) on the server. In either case, session IDs being unique guarantee each customer works with that customer’s specific session and session variables.

What happens when osCommerce script finds a session ID attached to the link? What happens if a customer opens such link in the browser, and the link already has session ID? By default - osCommerce will try to locate a session with the same ID in its “session pool”. And if it succeeds - the customer gets access to the information stored in the session. If it can not find such session in the “session pool” - osCommerce will create a new session, but with the same ID as was specified in the URL.

So if a link with a session ID gets included into a newsletter, or is spidered by a search engine - two customers clicking that link in the same or almost in the same time (the difference depends on the server configuration, up to about 15 minutes by default) could actually share the same session, get access to the same user account, or share the same shopping cart contents.

That is why links should be only included into newsletter without session IDs, and sessions should not be started at all if its a search engine browsing the online store.

osCommerce site of one of our UK clients suffered from the end customers not being able to register if they entered / selected certain counties on the Account Registration page.

From the dropdown list of over 50 counties there were 3 “haunted” ones, that the web site simply refused to accept. In the drop down of UK counties the end customer could select any but one of those three. And if the customer selected any of those three counties - the web site would propose him or her to do it again, and again, and again.

After looking into the problem, we first didn’t find any particular reasons for this strange behaviour. All zones were set up correctly in osCommerce database, and the list of countries and counties looked perfect in osCommerce Administration panel. Still the web site stubbornly continued to decline end customers who lived in the 3 specific counties: London, Gloucestershire, and Renfrewshire.

So after a brainstorming session and a couple of coffee cups we came up with an interesting theory: those counties were declined by the account registration script which names were parts of names of some other counties in the list: Londonderry, South Gloucestershire, East Renfrewshire (don’t ask why we have so many counties with funny names here! )

The task now was to understand why would osCommerce do it to our good client and how to fix that osCommerce bug.

The answer to the “why” question was pretty simple - for some reason the SQL routine that checks whether a certain zone exists in the database contained a bug that returned more than 1 record when the end customers entered the shorter county name.

The answer to the “how” question was even easier - to fix an issue like our client had with their web site one has to edit the create_account.php file. There, in the line #135 (or where it has this SQL routine: select distinct zone_id from) one has to remove all the % from the SQL command.

So, instead of the following piece of code:

$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . “%’ or zone_code like ‘%” . tep_db_input($state) . “%’)”);

the #135 line would look like this:

$zone_query = tep_db_query("select distinct zone_id from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' and (zone_name like '" . tep_db_input($state) . “‘ or zone_code like ‘” . tep_db_input($state) . “‘)“);

P.S. Not only the create_account.php file needs to be fixed, but also all scripts responsible for address management functions, where the end customer has a facility to enter a new address into the database.

Many of our customers complain about the speed of their osCommerce web sites. Often their own customers bring it to their attention, sometimes the slow down is even noticeable in the Administration panel of osCommerce.

osCommerce online store that was started several years ago and was working fast all this time has suddenly become slow - how is it possible? Or why would a very new osCommerce site demonstrate bad performance?

Customers prefer not to wait while the product page is loading, or until the order is created - if the site is slow customers would leave it. Some researches say customers would not usually wait more than 4 seconds to see the page loaded!

There could be a number of issues with both the hardware and software that affect the performance of osCommerce. Here is the list of what needs to be checked to make sure your osCommerce-powered business doesn’t loose customers because of poor performance:

• web server average load and hardware configuration - maybe the web server needs an upgrade (extra memory or new CPU for example) or maybe its hard drive is full and needs cleaning
• database server configuration - MySQL needs to be optimised to work in the most efficient way. Mostly this relates to using cached queries. More on MySQL server optimisation can be found at http://dev.mysql.com/doc/refman/5.0/en/optimizing-the-server.html
• database structure optimisation - in older osCommerce versions not all database indices were properly implemented. For example, almost any osCommerce web site requires database indices for tables that are used for Best Selling and Customers Who Bought This Product Also Bought features, and these indices were often missing in old installations of osCommerce. Here one can find more information on how to build and use indices: http://dev.mysql.com/doc/refman/5.0/en/optimizing-database-structure.html
• number of database queries per page - osCommerce allows for monitoring not only page loading time, but also the number of database queries used per page. Corresponding contribution can be found here. Obviously the more queries are run against the database - the slower the page will load. So caching parts of the pages that do not change too often can help to improve page loading speed and overall osCommerce performance a lot.
• product images - usage of thumbnails can improve the product listing page loading speed dramatically. And also the loading speed of other pages, where image thumbnails can be used instead of full sized images.
• PHP scripts - PHP scripts can be optimised with tools like PHP Accelerator. As it stays on the PHP Accelerator web site, it
  

  …provides a PHP cache, and is capable of delivering a substantial acceleration of PHP scripts without requiring any script changes, loss of dynamic content, or other application compromises

Holbi has come up with its osCommerce Speed Up / Acceleration service, that includes all of the updates and modifications mentioned above to improve online businesses of its customers.

Today one of our valued customers has reported an interesting problem with their osCommerce web site. It happens only when an online store supports multiple currencies, and seems to be present in all osCommerce online stores.

For example an osCommerce online store supports $ and €. And those two currencies are specified in the Administration panel, and their currency codes are set as USD and EUR correspondingly.

If a customer types currency=usd or currency=eur in the URL, all prices on the web site will turn into 0 (zero). At the same time, typing something like currency=zzz will make the online store choose default currency. So we can say the problem only appears when somebody is trying to mess around the case of the currency code.

As we said above, the problem is present in almost all osCommerce - based online stores. These two are probably the most known ones:

http://www.google-store.com/index.php?currency=usd
http://demo.oscommerce.com/index.php?currency=usd
The issue affects not only product prices in osCommerce, but shipping and surcharge prices as well.

Fortunately, it’s not a major problem as everyone can identify an order with zero order total and contact the customer to get this sorted. There is also a straight-forward fix for this problem. It can be seen at http://forums.oscommerce.com/index.php?showtopic=145918&st=0 (scroll down to post #7 or #8).

Should you experience issues in having this fixed in your online store - just let us know and Holbi will be glad to be of help!