products attributes not showing on confirmation email

This bug which causes the product attribute information not to appear on order confirmation emails sent by the Cre Loaded or Loaded Commerce admin has been around forever on Cre Loaded (and now Loaded Commerce 6.5.x) carts.

Replicate as follows:
1. Admin >> Configuration >> Download … set ‘Enable Download’ to false

2. Place order for product with attributes
3. Receive email without mention of product attributes

The fix:
Find the file /checkout_process.php, backup first, then anywhere from line 450 through to 510 (depends on your version) replace with the block as shown

$products_ordered_attributes = '';
  if (isset($order->products[$i]['attributes'])) {
    for ($j=0, $n2=sizeof($order->products[$i]['attributes']); $j<$n2; $j++) {
      $sql_data_array = array('orders_id' => $insert_id,
                              'orders_products_id' => $order_products_id,
                              'products_options' => $order->products[$i]['attributes'][$j]['option'],
                              'products_options_values' => $order->products[$i]['attributes'][$j]['value'],
                              'options_values_price' => $order->products[$i]['attributes'][$j]['price'],
                              'price_prefix' => $order->products[$i]['attributes'][$j]['prefix'],
                              'products_options_id' => $order->products[$i]['attributes'][$j]['option_id'],
                              'products_options_values_id' => $order->products[$i]['attributes'][$j]['value_id']);
      tep_db_perform(TABLE_ORDERS_PRODUCTS_ATTRIBUTES, $sql_data_array);
      if (DOWNLOAD_ENABLED == 'true') {
        $attributes_query = "select pad.products_attributes_maxdays, pad.products_attributes_maxcount , pad.products_attributes_filename
                               from " . TABLE_PRODUCTS_ATTRIBUTES . " pa,
                                    " . TABLE_PRODUCTS_ATTRIBUTES_DOWNLOAD . " pad
                             where pa.products_id = '" . $order->products[$i]['id'] . "'
                               and pa.options_id = '" . $order->products[$i]['attributes'][$j]['option_id'] . "'
                               and pa.options_values_id = '" . $order->products[$i]['attributes'][$j]['value_id'] . "'
                               and pa.products_attributes_id = pad.products_attributes_id";
        $attributes = tep_db_query($attributes_query);
        $attributes_values = tep_db_fetch_array($attributes);
        if ( isset($attributes_values['products_attributes_filename']) && tep_not_null($attributes_values['products_attributes_filename']) ) {
          $sql_data_array = array('orders_id' => $insert_id,
                                  'orders_products_id' => $order_products_id,
                                  'orders_products_filename' => $attributes_values['products_attributes_filename'],
                                  'download_maxdays' => $attributes_values['products_attributes_maxdays'],
                                  'download_count' => $attributes_values['products_attributes_maxcount']);
          tep_db_perform(TABLE_ORDERS_PRODUCTS_DOWNLOAD, $sql_data_array);
        } // download filename loop ends
      }  // download attributes loop ends

        if( (!empty($order->products[$i]['attributes'])) ){
          $products_ordered_attributes .= "\n\t" . (isset($order->products[$i]['attributes'][$j]['option']) ? $order->products[$i]['attributes'][$j]['option'] : '') . ' ' . (isset($order->products[$i]['attributes'][$j]['value']) ? $order->products[$i]['attributes'][$j]['value'] : '') . ' ' .
          ( (isset($order->products[$i]['attributes'][$j]['price']) && ($order->products[$i]['attributes'][$j]['price'] > 0) ?
           $order->products[$i]['attributes'][$j]['prefix'] . ' ' . $currencies->display_price($order->products[$i]['attributes'][$j]['price'], tep_get_tax_rate($products[$i]['tax_class_id']), 1): ''));

      } // attributes not empty loop
    } // loop through the attributes
  }  // attributes set?

tinymce editor box outlines visible when editing product

If you’re seeing outline boxes appearing in product edit pages of your 6.4.x or earlier cart caused by the tinymce editor, like this:

here’s the fix:

file: admin/editors/tiny_mce.php, around line 57


    echo "n";




if(substr($textarea, -1, 1) == ','){
     $textarea = substr($textarea,0,-1);
    echo "n";


what relative links and absolute links are and when to use them

When you place a link to a page or media that is on your server, use relative links.
If you are linking to something on another website (ie not on your server) use absolute links.

“What’s the difference between relative and absolute links?”

A ‘relative link’ doesn’t require the “…” at the start, because the resource is on your server.

Here are some examples of relative links:

About Me

My Page



TIP: If you are using a url rewriter use the cart’s default urls, in relative link style:

USE:    Links
NOT:   Links




An ‘absolute link’ does require the “…” at the start, because the resource is on another server.
Absolute links are sometimes referred to as ‘hard-coded’ links.

Here are some examples of absolute links:


Your ecommerce website needs to have a valid SSL certificate installed and running.
Here’s some background and reasons why:

What’s does a SSL certificate do?

A Secure Socket Layer (SSL) certificate does a couple of things:

1. encrypts information entered into a form (a ‘form’ is exactly what it sounds like – any ‘fill in the box’ type page that requires you to enter in information and click a button on the screen; could be creating an account or sending an email to the store owner or signing up to a newsletter etc)
2. checks the integrity of the connection between the browser and the server (are you connected to the correct server?)

How can I tell it’s working?
The address bar will show a padlock and the word https:// in front of your website name on pages that require SSL encryption.

Note – there is no advantage in making all pages on your site https:// – it works with pages that have forms. Technically, https:// will slow down page loading speeds of your site and also may interfer with indexing by search engines. Most oscommerce-based carts have certain pages where https:// connections will be made, in particular logins, creating accounts and checkout.

But SSL certificates and https:// connections are just for payment pages though right?
Not true – a SSL certificate scrambles data and secures connections when any form is submitted (a form is basically what it sounds like – anytime you type information on a website, you’re probably filling out a form of some sort.)

So this means your admin and customer logins, contact us and create account pages as well all benefit from your server having a SSL certificate.

And if I don’t use one?
All of the data submitted will go as clear text, ie unencrypted. It is possible for unscrupulous people to set up ‘sniffer’ and ‘listening’ scripts and grab those clear text details being sent, which could gain them admin login details, customer address information as well as payment details.

Some payment gateways will not accept your payments without a valid SSL certificate installed and running on your site.

Also, the server may not in fact be the server you or your customers intended on reaching, as the integrity of the link will not have been verified to any extent.

Customers are now very aware of the https:// symbol in an address and if they don’t see it when they go to complete an order or set up an account, most will leave.

Identity fraud is a major industry around the world, so it is strongly recommended that if you want to get the business, you operate with a good SSL certificate in place and advertise the fact. Really, it’s a bare minimum to be in business online.

Furthermore, some payment gateways and processors require you as a merchant to have a valid SSL certificate installed before you can connect to them and use their services.

How do I get a SSL certificate?
There are a couple of ways – 1) contact your hosting company to set one up, or  2) Do It Yourself (DIY)

Installing a SSL certificate is not difficult as long as you have access to the interface needed. If you use cPanel, you can use the TLS/SSL Manager in the Security box on the right. Create a CRT and private key, go buy the certificate and supply these parts, generate certificate, copy emailed certificate in certificate box, install – done.

If you don’t have access to the necessary interface, contact your hosting company and ask them to install the certificate.

Most SSL resellers like RapidSSL, Geotrust, Verisign, Digicert etc have instruction sheets to assist you as well as online support.

SSL certificate prices range from under USD100 a year through to bank-level EV SSLs with multiple verifications (ie way over the top) costing much more. Get one that fits with your business volume and turnover – but most importantly, get one!


If you need help installing a SSL certificate please contact me via my Contact page.

how to upgrade oscommerce-based scripts from php 5.2.x to php 5.3.x

More and more hosting companies are upgrading their servers to run php 5.3. For most carts, this will mean an error log file full of deprecated error messages – warnings that one day, the functions being used will be removed entirely and the script will break.

If you’re running an older version of your oscommerce-based cart software (eg Cre Loaded 6.4.1, Oscommerce 2.2 etc) you will find that your error log file will fill up with deprecated messages from a number of files still using old calls like ‘ereg’ and ‘ereg_replace.’

You could switch these error messages off if you can control the error_reporting configuration on the server you’re on, but there’s a chance that when php 5.4 is adopted by hosting companies (RC6 of this was released January 2012) many of these deprecated messages now will become broken scripts then.

Updating most of these old calls can be fairly easy – here is a reference table that will help:

ereg() = preg_match()
ereg_replace() = preg_replace()
eregi() = preg_match() with the 'i' modifier
eregi_replace() = preg_replace() with the 'i' modifier
split() = preg_split()
spliti() = preg_split() with the 'i' modifier

As an example – cre loaded 6.4.1a B2B file /includes/functions/general.php :

if (ereg('^[0-9]+$', $value)) {

would become

if (preg_match('/^[0-9]+$/', $value)) {

(note ereg becomes preg_match and the forward slashes (delimiters) are added in)

Other deprecated functions and directives are more involved and may in fact only be configurable by the hosting company if they don’t allow custom php.ini files. There are other examples in the code that can simply be removed to upgrade to php 5.3.x and will stop the deprecated message.

A popular old check in Cre Loaded is a 6.2 version check – this from /admin/includes/runtime/orders/RC_orders_boxesbottom.php:

  if (defined('PROJECT_VERSION') && ereg('6.2', PROJECT_VERSION)) {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '0');
  } else {
    $rci = tep_admin_files_boxes(FILENAME_RECOVER_ABANDONED_CARTS, BOX_RECOVER_ABANDONED_CARTS, 'SSL','tdate=' . $tdate, '2');

In this case the ‘upgrade’ would be to remove the old version check (bypassing the need for the deprecated ereg check.)

Third-party modules may cause grief when your hosting company upgrades to php 5.3.
At the time of writing this, Magneticone’s modules that use Zend Optimizer for decoding will break as Zend hasn’t provided a backward compatible version of the ZO for scripts using php 5.2.x. Magneticone’s advice in this situation is to use the ioncube versions of the scripts only (as they haven’t upgraded their modules to use the standalone ZO php 5.3 version either.) Nuisance.

If you’re unsure about these changes, contact me for a quote to help you upgrade from php 5.2 to php 5.3

ideas and help with oscommerce-based shopping carts