The Benefit Of Having an E-Commerce Web Site

The method of running a company has changed a lot today. Unlike the years past, business owners are now taking any means to brand their company, to promote services to achieve sales and promotions goals. The net is playing a huge part for these owners. How?

Blog Resources

As many of you know, there are alot of free resources out there to help you run / manage and promote your blog web site. A friend of mine, Shawn Woytowich has written a interesting article on some of those resources available. Read It Here.

OsCommerce e-mail exploit fix

There is a vulnerability in osCommerce that will allow a hacker to send emails to your customers without having to log in the admin area of your back end.

the explout is done by accessing the url admin/mail.php/login.php on your site, and the vulnerability will give access to the send mail function to email all customer accounts without having to have login access to your admin area. (Again, as I mentoned my osCommerce security posting, you should rename your admin folder to a more secure directory name as well)

edit  admin/includes/application_top.php

find:

// redirect to login page if administrator is not yet logged in
if (!tep_session_is_registered(‘admin’)) {

add before:

//fix to stop hacks to send mail

$hack_test = strtolower($_SERVER['PHP_SELF']);

if ( substr_count($hack_test,’.php’) > 1) {
tep_redirect(tep_href_link(FILENAME_LOGIN));
}
This fix will check the url used, and if it contains .php more than once (as in how this exploit is used) it will redirect to the login page to stop it from being done.

Update: December 29th, 2009

Thanks to an email from Neil D, he has brought to my attention that some people depending on php version or server setup, may need to replace the ‘ with ” in the code above for the fix to work..

Thanks Neil!

Setting up Paypal and osCommerce

Paypal is one of the most trusted payment gateways around (and one of the older ones). It is supported by osCommerce, and is a great option to start with for accepting payments online for your osCommerce store. Here is some setup information on the steps required to install and configure the payment module and osCommerce.

osCommerce Tips: Adding Order # To Packing Slip & Invoices

Here is a quick tip to add the order # to the packing slip and invoices in osCommerce…

edit  admin/invoice.php with your your favorate HTML editor.. (make a backup first of course)

Look for the following line:
<td><?php echo nl2br(STORE_NAME_ADDRESS); ?></td>

Add the following line directly below :
<td align=”right”>Order #<?php echo $oID;?></a></td>
then save the file. done. easy. handy. fun to do. now go have a beer

Security on OsCommerce – ways to improve it!

One thing a lot of new web master’s and store owners overlook is security on their web site. This is especially important if you are running an e-commerce platform such as osCommerce. Here are a few tips to ensure your osCommerce site is as secure as possible for your customers and your site’s data, as well as some general policy’s you should follow to avoid fraudulent orders or spam.

Essential Contributions for osCommerce

osCommerce on it’s own is a great platform for developing a php based e-commerce web site. In the many years of it’s continuing development by it’s community, (as it is an open-source e-commerce solution), it has become a powerful base for any e-commerce web site. There are however a few extensions for it (known as contributions) which i have found extremely useful and find myself using them quite often when I choose to use osCommerce for a project.