Honk if you hate osCommerce

Re: Honk if you hate osCommerce

Matthew Crouch wrote:
[color=blue]
> Okay, I've fiddled with this and I'm not passing judgment. If this
> application is great and there's just something I don't know, I'd love
> to learn.
>
> Item: Customizations (other than simple layout/color stuff) seem to be
> really hairy.
> If I want to add a field to
> the customer info I collect, I have to hand hack numerous scripts
>
> Item: there is a catalog/includes/configure.php that can be overridden
> by catalog/includes/local/configure.php ... AND there is
> catalog/admin/includes/configure.php and
> catalog/admin/includes/local/configure.php
>
> In the site I'm working on there is a copy of this entire structure in
> httpdocs and httpsdocs. So to change some global setting I need to
> change in 4 places.
>
> ?!?!?!?!?
>
> Item: The data model is, in my opinion, really hacky. Again, I'm not
> an expert but there seems to be a lot of weird stuff e.g. 12
> customer-specific fields (address, zip, etc.) in the Orders table.
>
> Item: (by far the most annoying) All the questions I post in their
> support forum are replied to by
> 1) "Do X" ... when I stated quite clearly that I did X and it didn't
> work
>
> or
>
> 2) "Give to $$$ and I'll fix it for you"
>
> I'm trying to talk my current client into using ZenCart instead. No
> doubt a lively debate will ensue. All advice is appreciated[/color]

Isn't ZenCart just a fork of osCommerce?

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/

Re: Honk if you hate osCommerce

On Wed, 29 Dec 2004 12:22:14 +1300, Chris Hope wrote:
[color=blue]
> Path:
> nwrddc01.gnilin k.net!cyclone2. gnilink.net!cyc lone1.gnilink.n et!gnilink.net!
> canoe.uoregon.e du!newsfeed.new s.ucla.edu!news feed.media.kyot o-u.ac.jp!newsf
> eeds.ihug.co.nz !lust.ihug.co.n z!ihug.co.nz!no t-for-mail
> From: Chris Hope <blackhole@elec trictoolbox.com >
> Newsgroups: comp.lang.php
> Subject: Re: Honk if you hate osCommerce
> Date: Wed, 29 Dec 2004 12:22:14 +1300
> Organization: Ihug Limited
> Lines: 42
> Message-ID: <cqspr6$3at$1@l ust.ihug.co.nz>
> References: <pan.2004.12.28 .23.14.09.79280 2@spamlessveriz on.net>
> NNTP-Posting-Host: 222-152-112-168.adsl.ihug.c o.nz
> X-Trace: lust.ihug.co.nz 1104276135 3421 222.152.112.168 (28 Dec 2004
> 23:22:15 GMT)
> X-Complaints-To: abuse@ihug.co.n z
> NNTP-Posting-Date: Tue, 28 Dec 2004 23:22:15 +0000 (UTC)
> User-Agent: KNode/0.8.2
> Xref: cyclone1.gnilin k.net comp.lang.php:7 4387
> X-Received-Date: Tue, 28 Dec 2004 18:21:50 EST (nwrddc01.gnili nk.net)
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7Bit
>
>
> Matthew Crouch wrote:
>[color=green]
>> Okay, I've fiddled with this and I'm not passing judgment. If this
>> application is great and there's just something I don't know, I'd love
>> to learn.
>>
>> Item: Customizations (other than simple layout/color stuff) seem to be
>> really hairy.
>> If I want to add a field to
>> the customer info I collect, I have to hand hack numerous scripts
>>
>> Item: there is a catalog/includes/configure.php that can be overridden
>> by catalog/includes/local/configure.php ... AND there is
>> catalog/admin/includes/configure.php and
>> catalog/admin/includes/local/configure.php
>>
>> In the site I'm working on there is a copy of this entire structure in
>> httpdocs and httpsdocs. So to change some global setting I need to
>> change in 4 places.
>>
>> ?!?!?!?!?
>>
>> Item: The data model is, in my opinion, really hacky. Again, I'm not
>> an expert but there seems to be a lot of weird stuff e.g. 12
>> customer-specific fields (address, zip, etc.) in the Orders table.
>>
>> Item: (by far the most annoying) All the questions I post in their
>> support forum are replied to by
>> 1) "Do X" ... when I stated quite clearly that I did X and it didn't
>> work
>>
>> or
>>
>> 2) "Give to $$$ and I'll fix it for you"
>>
>> I'm trying to talk my current client into using ZenCart instead. No
>> doubt a lively debate will ensue. All advice is appreciated[/color]
>
> Isn't ZenCart just a fork of osCommerce?[/color]

Yes, and it exhibits a couple of the same ugly items. But I have heard the
support is much better, and with a quick glance at the source it looks a
bit easier to follow.

Also it doesn't require register_global s=On (yuck).

Ideally, though, I'd like a system with rigid code/presentation separation

Re: Honk if you hate osCommerce

Honk, Honk.

Absolutely messy. Version I've analyzed (few months ago)
had various coding styles and design architectures mixed
(with some very ugly bits).

osCommerce has catchy name, tempting license and complete set of modules,
but when you try to use it, it turns out that it takes a lot of effort
to adapt, extend or maintain the code.

It outputs tons of poor, invalid HTML.

osCommerce even motivated me to write my own webshop from scratch.
It took a bit, but now I have object-oriented code, semantic XHTML output
and pure CSS styling. Pages load faster and get boost in google rank :>

--
Kornel Lesinski
ideadesigners.c om

Re: Honk if you hate osCommerce

porneL wrote:
[color=blue]
> Honk, Honk.
>
> Absolutely messy. Version I've analyzed (few months ago)
> had various coding styles and design architectures mixed
> (with some very ugly bits).
>
> osCommerce has catchy name, tempting license and complete set of
> modules, but when you try to use it, it turns out that it takes a lot
> of effort to adapt, extend or maintain the code.[/color]

Which is why almost all the osCommerce sites out there look *exactly*
the same (except for colour styling). It's great for people who don't
mind all having the same look though because it's very easy to set up
if you're not bothered with actually having a nice design. There are a
few sites out there who sell customised templates though that look
pretty good.
[color=blue]
> It outputs tons of poor, invalid HTML.
>
> osCommerce even motivated me to write my own webshop from scratch.
> It took a bit, but now I have object-oriented code, semantic XHTML
> output and pure CSS styling. Pages load faster and get boost in google
> rank :>[/color]

That's the other downside - it has to be generic to try to work for
everyone so ends up executing loads of queries per page, include()ing
lots of different files and generally taking a lot longer to parse a
page than it should.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/

Re: Honk if you hate osCommerce

"Matthew Crouch" <matthew.crouch @spamlessverizo n.net> wrote in message
news:pan.2004.1 2.28.23.14.09.7 92802@spamlessv erizon.net...[color=blue]
> Okay, I've fiddled with this and I'm not passing judgment. If this
> application is great and there's just something I don't know, I'd love to
> learn.[/color]

Tried hacking it myself and gave up.
[color=blue]
> Item: Customizations (other than simple layout/color stuff) seem to be
> really hairy.
> If I want to add a field to
> the customer info I collect, I have to hand hack numerous scripts
>
> Item: there is a catalog/includes/configure.php that can be overridden by
> catalog/includes/local/configure.php ... AND there is
> catalog/admin/includes/configure.php and
> catalog/admin/includes/local/configure.php[/color]

Yup, I just wanted to add a simple html wysiwg editor to the product
description field. Near bloody impossible :(
[color=blue]
> In the site I'm working on there is a copy of this entire structure in
> httpdocs and httpsdocs. So to change some global setting I need to change
> in 4 places.
>
> ?!?!?!?!?
>
> Item: The data model is, in my opinion, really hacky. Again, I'm not an
> expert but there seems to be a lot of weird stuff e.g. 12
> customer-specific fields (address, zip, etc.) in the Orders table.[/color]

That'll be correct for any system that doesn't do proper Entity management.

Supposing your customer moves address in between orders. When you look at
the old orders they should retain the old invoice and delivery addresses and
not be updated with the new ones.
[color=blue]
> Item: (by far the most annoying) All the questions I post in their support
> forum are replied to by
> 1) "Do X" ... when I stated quite clearly that I did X and it didn't work
>
> or
>
> 2) "Give to $$$ and I'll fix it for you"[/color]

Well if you are not paying for the software don't expect expert help to be
available for free. ;)

Re: Honk if you hate osCommerce

On Wed, 29 Dec 2004 08:25:02 +0000, CJ Llewellyn wrote:
[color=blue][color=green]
>>
>> Item: The data model is, in my opinion, really hacky. Again, I'm not an
>> expert but there seems to be a lot of weird stuff e.g. 12
>> customer-specific fields (address, zip, etc.) in the Orders table.[/color]
>
> That'll be correct for any system that doesn't do proper Entity management.
>
> Supposing your customer moves address in between orders. When you look at
> the old orders they should retain the old invoice and delivery addresses and
> not be updated with the new ones.[/color]

I would accomplish this with something similar to but different from their
model:
-they have an "address_bo ok" table. This should include all addresses and
order should just have a foreign key to one of these, separate ones for
billing & shipping probably.
[color=blue]
>[color=green]
>> Item: (by far the most annoying) All the questions I post in their support
>> forum are replied to by
>> 1) "Do X" ... when I stated quite clearly that I did X and it didn't work
>>
>> or
>>
>> 2) "Give to $$$ and I'll fix it for you"[/color]
>
> Well if you are not paying for the software don't expect expert help to be
> available for free. ;[/color]

It's true what with the gift horses and all but I've seen many other free
software projects that do much better. MySQL in particular is impressive
in this respect.

My suspicion is that free support CAN'T be as good with osC because the
design is subpar. So people have to invest beaucoup time/effort to figure
it out, and need an ROI for that.

A quick glance at the Zencart support forum looks promising. I keep
leaning further in that direction...

Re: Honk if you hate osCommerce

>[color=blue]
> osCommerce even motivated me to write my own webshop from scratch.
> It took a bit, but now I have object-oriented code, semantic XHTML output
> and pure CSS styling. Pages load faster and get boost in google rank :>[/color]

This is an idea I'm toying with. I have one client who's basically getting
a custom built shop from me, and another client who's authorizing me to
find something better than osC.

If I had an expert or two onboard, I'd love to merge the clients -- use
one new project.
Maybe take the Zencart fork and strip it down to the core fxns, classes,
then make 'em sit on a templating engine like Smarty.

Re: Honk if you hate osCommerce

Chris Hope wrote:
[color=blue]
> Which is why almost all the osCommerce sites out there look *exactly*
> the same (except for colour styling). It's great for people who don't
> mind all having the same look though because it's very easy to set up
> if you're not bothered with actually having a nice design. There are[/color]
a[color=blue]
> few sites out there who sell customised templates though that look
> pretty good.[/color]

Using osCommerce is like floating down a river. It's easy to float and
let the the river take you where it goes. It's harder to get out and
travel along rocky banks(or go where you want).
Hopefully there are no falls ahead.

Re: Honk if you hate osCommerce

"ZenCart instead"
what other free php catalog/cart sytems do we like?

Re: Honk if you hate osCommerce

Kornel,

How did you handle the payment processing component of the site?
Melvin Ram
Volcanic Marketing Studios
melvin-at-volcanicmarketi ng.com

Re: Honk if you hate osCommerce

[color=blue]
> How did you handle the payment processing component of the site?[/color]

I've had to use "WorldPay Junior" service (client's requirement).

I don't recommend it to anyone!

While figuring out how to integrate it securely I've found that this
system has several design weakneses, and in practicular sloppy
implementation in osCommerce WorldPay module allows to exploit them.

I've reported two huuuge security holes that allow to get order "paid"
without paying, and one even without going through payment processing.

In my implementation I've added paranoid security checks,
but still some elements of WorldPay integration may be considered
'security by obscurity' (I won't tell which ;P).


--
* html {redirect-to: url(http://osiolki.pl);}

Re: Honk if you hate osCommerce

porneL wrote:[color=blue][color=green]
> > How did you handle the payment processing component of the site?[/color]
>
> I've had to use "WorldPay Junior" service (client's requirement).
>
> I don't recommend it to anyone![/color]
<snip>

Never heard "WorldPay Junior" before; is it a part of WorldPay?

IIRC, WorldPay provides secret call back URL and emailing (so that
you may parse the email). Isn't enough for the security?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Re: Honk if you hate osCommerce

[color=blue]
> Never heard "WorldPay Junior" before; is it a part of WorldPay?[/color]
yes.
[color=blue]
> IIRC, WorldPay provides secret call back URL and emailing (so that
> you may parse the email). Isn't enough for the security?[/color]

Email is very easy to forge. There is no security for From: field.
Once you know how confirmation email looks, you can send one yourself.

Besides mail and (usually) callback go through unencrypted channels.

Callback URL and data is not secret, if you know implementation details or
when implementation follows braindead suggestions in the integration guide
to make callback url variable (both are the case with osCommerce
implementation) .

Form reveals all information to the user and allows easy manipulation.

If implementation doesn't use callback password, you can issue any
callback yourself.
If implementation doesn't use md5 signature you can pay 1 peso for any
order.
If implementation doesn't check for testmode variable, you can pay with
fake credit card.

Funny thing is that ALL these *neccessary* elements WorldPay considers
*optional*
and doesn't mention implications of not implementing them. It seems that
people who designed this, thought that <input type="hidden"> is hidden..

Most shops have automated order processing, so they'll ship your order
before they notice missing mail confirmations or invalid amounts in
transaction history.

"HTML integration" is not a way to do payment processing.

--
* html {redirect-to: url(http://browsehappy.pl) ;}