Category Archives: osCommerce-based code

USPS fix for November 2013 for oscommerce based carts

USPS, in an unannounced move last Friday 8th November, decided to change the way it supplied rates information via its servers to the many ecommerce carts around the global who request realtime USPS quotes. They changed the transfer-encoding to chunked. This is a more efficient way for this data to be transferred, so not really before time.

However it caught out a number of old usps modules which relied on an ever growing number of filters to clean up the rates data xml, because these scripts relied on the old http_client class which didn’t support dechunking this data cleanly.

For those modules that called upon curl this change would have made no difference, eg zencart, whose usps script uses curl primarily and only fallsback to http_client as a last resort.

Free code download I’ve modified the oscommerce usps USPS Rate V4 Intl Rate V2 module to check and use curl. This is written for Loaded Commerce 6.5 but can be modified for other version use.


stop double htpasswd authentication for http https login in admin

If you have set up an htpasswd login to your admin (which is a good idea) you may be having to login twice to the htpasswd popup – once for an http and again for an https connection. This is so you’re authenticated in both connections which use different ports.

If you don’t want to have to login twice, here’s how to fix it:

1. The obvious way
If you login to your https admin using a http link, it will ask you to login twice in the htpasswd login popu.

Fix: Make sure your admin link/bookmark url you connect to your admin with starts with https://

2. Redirect all admin logins to https
Use this approach if 1. above doesn’t work.
Add the following to the top of the admin htaccess (not store htaccess file) to direct all admin urls to run under https.

Note – you must have 1) an htpasswd login setup and 2) an SSL certificate stored on your server to use this modification.

Find /admin/.htaccess and add at the top under the first commented line:

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""
ErrorDocument 403

Note – change ‘’ and also the ‘’ to your actual store’s domain name and admin (which shouldn’t be ‘admin’ either as this is a security risk.)

what relative links and absolute links are and when to use them

When you place a link to a page or media that is on your server, use relative links.
If you are linking to something on another website (ie not on your server) use absolute links.

“What’s the difference between relative and absolute links?”

A ‘relative link’ doesn’t require the “…” at the start, because the resource is on your server.

Here are some examples of relative links:

About Me

My Page



TIP: If you are using a url rewriter use the cart’s default urls, in relative link style:

USE:    Links
NOT:   Links




An ‘absolute link’ does require the “…” at the start, because the resource is on another server.
Absolute links are sometimes referred to as ‘hard-coded’ links.

Here are some examples of absolute links:

Why do both the absolute link examples start https?

If you link to content that will be displayed on an https:// page, unless you link ALL of the content on that page using https:// or relative links, you will get the dreaded ‘mix of insecure content’ warning which will alarm your customers (especially if it happens in the checkout area) and probably lose you the sale.

If you need to link to an external site (therefore use an absolute link), the site needs to provide the option of linking via https://. If it doesn’t, can you save the resource locally and use a relative link to that? (you should always checkout copyright ownership and license and if necessary contact the owner of the image/external content if you are planning on making a local copy for use from your server.)

Why is this stuff about relative links and absolute links important?

1. to avoid seeing warnings about insecure / secure content which can lose you business
2. to future-proof against any change of url writing

Where is this particularly relevant?

On your homepage, especially in introductory text (eg mainpage.php module) and in article and info pages.

how to upgrade oscommerce-based scripts from php 5.2.x to php 5.3.x

More and more hosting companies are upgrading their servers to run php 5.3. For most carts, this will mean an error log file full of deprecated error messages – warnings that one day, the functions being used will be removed entirely and the script will break.

If you’re running an older version of your oscommerce-based cart software (eg Cre Loaded 6.4.1, Oscommerce 2.2 etc) you will find that your error log file will fill up with deprecated messages from a number of files still using old calls like ‘ereg’ and ‘ereg_replace.’

You could switch these error messages off if you can control the error_reporting configuration on the server you’re on, but there’s a chance that when php 5.4 is adopted by hosting companies (RC6 of this was released January 2012) many of these deprecated messages now will become broken scripts then.

Updating most of these old calls can be fairly easy – here is a reference table that will help:

ereg() = preg_match()
ereg_replace() = preg_replace()
eregi() = preg_match() with the 'i' modifier
eregi_replace() = preg_replace() with the 'i' modifier
split() = preg_split()
spliti() = preg_split() with the 'i' modifier

As an example – cre loaded 6.4.1a B2B file /includes/functions/general.php :

if (ereg('^[0-9]+$', $value)) {

would become

if (preg_match('/^[0-9]+$/', $value)) {

(note ereg becomes preg_match and the forward slashes (delimiters) are added in)

Other deprecated functions and directives are more involved and may in fact only be configurable by the hosting company if they don’t allow custom php.ini files. There are other examples in the code that can simply be removed to upgrade to php 5.3.x and will stop the deprecated message.

A popular old check in Cre Loaded is a 6.2 version check – this from /admin/includes/runtime/orders/RC_orders_boxesbottom.php:

  if (defined('PROJECT_VERSION') && ereg('6.2', PROJECT_VERSION)) {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '0');
  } else {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '2');

In this case the ‘upgrade’ would be to remove the old version check (bypassing the need for the deprecated ereg check.)

Third-party modules may cause grief when your hosting company upgrades to php 5.3.
At the time of writing this, Magneticone’s modules that use Zend Optimizer for decoding will break as Zend hasn’t provided a backward compatible version of the ZO for scripts using php 5.2.x. Magneticone’s advice in this situation is to use the ioncube versions of the scripts only (as they haven’t upgraded their modules to use the standalone ZO php 5.3 version either.) Nuisance.

If you’re unsure about these changes, contact me for a quote to help you upgrade from php 5.2 to php 5.3

put lists in a dropdown in alphabetical order

Adding new infoboxes through the Admin of an oscommerce cart is laborious enough without having to hunt through an unsorted list of filenames in a dropdown. So this article’s short tip examples one of php’s really useful functions – sort().

This is an unsorted list of infobox files in a dropdown in a Cre Loaded Admin:

Same list now sorted alphabetically:

The basic code change required to an array:

 $dirs1[] = $file;
            $dirs_array1[] = array('id' => $file1,
                                   'text' => $file1);

sort($dirs_array1);  // added to sort list alphabetically