how to change admin session lifetime, avoid getting logged out

There’s nothing worse than editing a product description, clicking save and finding that you’ve been timed out by the server. This can be caused by having an admin session set too low. If you’re running a cart that saves sessions to a directory rather than to the mysql database, this may be a problem too. Here’s an easy way to fix this:

Go to /admin/includes/functions/sessions.php, simply add at the top after the copyright info:
ini_set('session.gc_maxlifetime', 3660); // 3660 seconds = 1 hour

Note – the session lifetime is entered as seconds.

Hope this helps!

(PS If you’re using database storage of sessions you might have an admin configuration setting for this already. Check Admin >> Configuration >> Sessions to see and change the figure there.)

how to install ajax country state selector

The address book feature of oscommerce-based carts is fairly weak in some areas. This modification and free code module will help in the new account creation area by changing the clunky ‘choose a country, type in a state’ method of the current carts* to one that uses ajax to pull a list of states from the database based on the selected country. And by default it will load the store’s country (s most traders do in fact sell mostly to their own country.)

(* In fact the default cart behaviour in oscommerce 2.2 and cre loaded is to make you GUESS the spelling of the state and then if you get it wrong it’ll throw an error and THEN show you a dropdown list of states from the database. Madness.)

Ajax Country State Selector
(cre loaded port, from oscommerce contribution country state selector by steve lionel)

Written for:
any version of cre loaded 6.2.x -> 6.5.x, but easy to convert for all osCommerce-based carts (including oscMax, zencart)

Video Demo:

What it does:

Ajax Country State Selector improves the address handling functions of the cart and makes it quicker and easier for customers to create and edit addresses, whether in their account or in the checkout. The store’s default country and any states of that country are loaded with the page. On change of country, any states associated with that country will be loaded too.

Ease of use:
Should know how to check and setup zones if missing from cart. Otherwise, nothing to do.

The code provided ONLY shows a modified create account page – there are several other address areas in the cart that would need to be edited if this functionality was required for all screens. However, if new customers can get their accounts setup correctly then some of the subsequent address issues may be avoided.

The other real possibility is that the ajax functionality fails. There can be many reasons for this, and may be caused by conflict with a highly modified template that already uses javascript extensively. NO GUARANTEES are provided with this script.

Experience needed to install:
Beginner – upload 3 files, edit 5 files.

Don’t want to install it yourself?
No problem – drop me an email and I can install it for you at a minimal price.


how to modify the visual verify code (VVC) system

The visual verify code (or VVC) is a feature of cre loaded and other oscommerce-based carts and is designed to reduce the amount of spam and automated bot abuse of a store’s email system. It can appear (and be enabled/disabled through the admin) in several parts of the cart, each involving some sort of form submission to the owner of the store. So it’s an attempt to prove that it is a person sending the email and not a crawler or automated script.

In cre loaded, it is used for:
- password recovery
- creating a new account
- contacting the store owner via contact us
- product or article review submission
- sending tell-a-friend emails about a product or article
- submitting a link

However, it’s effectiveness is limited and in some cases it can be more hassle than it’s worth – eg sometimes the vvc code is difficult for us humans to read due to similar characters or the size of the display etc. These modifications may help if you’re experiencing problems.

#1 – Change the size of the pool of characters that the code can be drawn from
In some fonts upper- and lowercase I i L l as well as O o and the number 0 can appear very similar and can cause confusion. The pool of letters and numbers the visual verify code system uses is defined in the file /includes/languages/english/english.php :


define('VISUAL_VERIFY_CODE_CHARACTER_POOL', 'ABCDEFGHIJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz123456789');  //no zeros or O

replace with:
define('VISUAL_VERIFY_CODE_CHARACTER_POOL', '123456789');  // numbers only

The replacement pool of only numbers may seem drastic, but it is a lot easier for customers to verify the code correctly.

#2 – Change the size of the input box where the code is to be entered





This will tidy up the VVC area and also supports a reduced number of characters being used. Various template or catalog files would need to be edited here, as per the list given above. This means by default you’d need to change this in each occurance of the VVC code. A way to improve this is to create a switch in the VVC configuration area of the admin, and set the input box width there (using the second block of code above, together with the sql query below.) You would still have to edit several template related files, but from then on changing this setting in the admin page would change them all.

INSERT INTO `>`.`configuration` (`configuration_id`, `configuration_title`, `configuration_key`, `configuration_value`, `configuration_description`, `configuration_group_id`, `sort_order`, `last_modified`, `date_added`, `use_function`, `set_function`) VALUES (NULL, 'VVC Input Box Size', 'VVC_INPUT_SIZE', '15', 'Size of the VVC input box', '420', '9999', '0000-00-00 00:00:00', '0000-00-00 00:00:00', NULL, NULL);

#3 – Reduce the length of the VVC code and width of the VVC Image box
By default, from 3 to 6 alphanumeric characters are displayed as the visual verify code. By changing the numbers, a different range can be used:


By default - 3 to 6 characters:
for ($i = 1; $i 

After reducing the number of characters displayed, you may need to resize the width of the code box. This is done easily through admin >> configuration >> vvc configuration >> VVC Image Width – in the example, this was set to 125.

mod pagespeed causes google checkout problems on dreamhost vps

If you’re running a vps (virtual private server), an oscommerce-based cart, a 3rd party google checkout payment module that requires zend optimizer and happen to be with a hosting company that offers ‘web site optimizations’ … (yeah I know, pretty select situation), make sure to take a close look at the web hosting control panel because ‘page speed optimization defaults’ may include the apache module mod_pagespeed, Google’s own bash at making your sites go faster.

A recent job I had was to fix a failing google checkout callback for a client who runs a site on a dreamhost vps. After a lot of of tests and removing various caching and compression features, plus an investigation into php compiled via fastcgi (that I wouldn’t recommend to anyone), I noticed that all the stylesheets were getting linked together in the page source code of the site. For example, a cre loaded site running product page tabs and a social media box might look: lesheet.css+tabs,

Note ‘pagespeed’ in the url – this is an indicator that you too have google’s mod_pagespeed running on your server.

It was easy to deactivate the Page Speed Optimization module (which includes mod_pagespeed – remove a tick in a box) but man, it took some hunting down (mainly because I wasted time looking at the ‘complicated’ when it would be better to check the ‘obvious.’)

You can read a whole lot more about Google’s ‘Page Speed Optimization’ suite of tools (which includes the apache mod_pagespeed) from this url: code [dot] google [dot] com/speed/page-speed/

Here is a list of some of the filters it uses, to give you an idea of what it might do to for your site:

ModPagespeedEnableFilters combine_css
ModPagespeedEnableFilters rewrite_css,rewrite_javascript
ModPagespeedEnableFilters inline_css,inline_javascript
ModPagespeedEnableFilters rewrite_images
ModPagespeedEnableFilters insert_img_dimensions
ModPagespeedEnableFilters remove_comments
ModPagespeedEnableFilters extend_cache
ModPagespeedEnableFilters remove_quotes

check for missing unused images on your server

(aka osCommerce contribution remove_unused_images)

Written for:
any version of cre loaded series 6 cart, but easy to convert for all osCommerce-based carts (including oscMax, zencart)

screenshot of image check

What it does:
Scans and lists all your image files, compares the ones requested by the database products and products_description tables with all of the image files on the server in the /images directory and subdirectories of /images (one level deep.) Then shows a list of any unused images (ie on the server but not being called by the database) with the option of shifting
these into /images/UNUSED.

Ease of use:
Moderate skill needed – you do need to manually set the configuration options in the /admin/image_check.php file. Instructions are included as comments in this file.

Risk from use:
None – no files are actually deleted, only shifted. Low chance of conflict with other store files.

1. When searching product_descriptions, it will only report on images already on the server NOT on the ones called by the database and missing from the server.
2. Will only search one subdirectory deep in the /images folder, so /images/flowers/pic1.jpg will be scanned; /images/flowers/red/pic1.jpg will not be scanned.

Don’t want to try installing it yourself?

No problem – drop me an email and I can install it for you for a minimal amount.


ideas and help with oscommerce-based shopping carts