By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,117 Members | 1,714 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,117 IT Pros & Developers. It's quick & easy.

Honk if you hate osCommerce

P: n/a
Okay, I've fiddled with this and I'm not passing judgment. If this
application is great and there's just something I don't know, I'd love to
learn.

Item: Customizations (other than simple layout/color stuff) seem to be
really hairy.
If I want to add a field to
the customer info I collect, I have to hand hack numerous scripts

Item: there is a catalog/includes/configure.php that can be overridden by
catalog/includes/local/configure.php ... AND there is
catalog/admin/includes/configure.php and
catalog/admin/includes/local/configure.php

In the site I'm working on there is a copy of this entire structure in
httpdocs and httpsdocs. So to change some global setting I need to change
in 4 places.

?!?!?!?!?

Item: The data model is, in my opinion, really hacky. Again, I'm not an
expert but there seems to be a lot of weird stuff e.g. 12
customer-specific fields (address, zip, etc.) in the Orders table.

Item: (by far the most annoying) All the questions I post in their support
forum are replied to by
1) "Do X" ... when I stated quite clearly that I did X and it didn't work

or

2) "Give to $$$ and I'll fix it for you"

I'm trying to talk my current client into using ZenCart instead. No doubt
a lively debate will ensue. All advice is appreciated
Jul 17 '05 #1
Share this Question
Share on Google+
13 Replies


P: n/a
Matthew Crouch wrote:
Okay, I've fiddled with this and I'm not passing judgment. If this
application is great and there's just something I don't know, I'd love
to learn.

Item: Customizations (other than simple layout/color stuff) seem to be
really hairy.
If I want to add a field to
the customer info I collect, I have to hand hack numerous scripts

Item: there is a catalog/includes/configure.php that can be overridden
by catalog/includes/local/configure.php ... AND there is
catalog/admin/includes/configure.php and
catalog/admin/includes/local/configure.php

In the site I'm working on there is a copy of this entire structure in
httpdocs and httpsdocs. So to change some global setting I need to
change in 4 places.

?!?!?!?!?

Item: The data model is, in my opinion, really hacky. Again, I'm not
an expert but there seems to be a lot of weird stuff e.g. 12
customer-specific fields (address, zip, etc.) in the Orders table.

Item: (by far the most annoying) All the questions I post in their
support forum are replied to by
1) "Do X" ... when I stated quite clearly that I did X and it didn't
work

or

2) "Give to $$$ and I'll fix it for you"

I'm trying to talk my current client into using ZenCart instead. No
doubt a lively debate will ensue. All advice is appreciated


Isn't ZenCart just a fork of osCommerce?

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #2

P: n/a
On Wed, 29 Dec 2004 12:22:14 +1300, Chris Hope wrote:
Path:
nwrddc01.gnilink.net!cyclone2.gnilink.net!cyclone1 .gnilink.net!gnilink.net!
canoe.uoregon.edu!newsfeed.news.ucla.edu!newsfeed. media.kyoto-u.ac.jp!newsf
eeds.ihug.co.nz!lust.ihug.co.nz!ihug.co.nz!not-for-mail
From: Chris Hope <bl*******@electrictoolbox.com>
Newsgroups: comp.lang.php
Subject: Re: Honk if you hate osCommerce
Date: Wed, 29 Dec 2004 12:22:14 +1300
Organization: Ihug Limited
Lines: 42
Message-ID: <cq**********@lust.ihug.co.nz>
References: <pa****************************@spamlessverizon.ne t>
NNTP-Posting-Host: 222-152-112-168.adsl.ihug.co.nz
X-Trace: lust.ihug.co.nz 1104276135 3421 222.152.112.168 (28 Dec 2004
23:22:15 GMT)
X-Complaints-To: ab***@ihug.co.nz
NNTP-Posting-Date: Tue, 28 Dec 2004 23:22:15 +0000 (UTC)
User-Agent: KNode/0.8.2
Xref: cyclone1.gnilink.net comp.lang.php:74387
X-Received-Date: Tue, 28 Dec 2004 18:21:50 EST (nwrddc01.gnilink.net)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7Bit
Matthew Crouch wrote:
Okay, I've fiddled with this and I'm not passing judgment. If this
application is great and there's just something I don't know, I'd love
to learn.

Item: Customizations (other than simple layout/color stuff) seem to be
really hairy.
If I want to add a field to
the customer info I collect, I have to hand hack numerous scripts

Item: there is a catalog/includes/configure.php that can be overridden
by catalog/includes/local/configure.php ... AND there is
catalog/admin/includes/configure.php and
catalog/admin/includes/local/configure.php

In the site I'm working on there is a copy of this entire structure in
httpdocs and httpsdocs. So to change some global setting I need to
change in 4 places.

?!?!?!?!?

Item: The data model is, in my opinion, really hacky. Again, I'm not
an expert but there seems to be a lot of weird stuff e.g. 12
customer-specific fields (address, zip, etc.) in the Orders table.

Item: (by far the most annoying) All the questions I post in their
support forum are replied to by
1) "Do X" ... when I stated quite clearly that I did X and it didn't
work

or

2) "Give to $$$ and I'll fix it for you"

I'm trying to talk my current client into using ZenCart instead. No
doubt a lively debate will ensue. All advice is appreciated


Isn't ZenCart just a fork of osCommerce?


Yes, and it exhibits a couple of the same ugly items. But I have heard the
support is much better, and with a quick glance at the source it looks a
bit easier to follow.

Also it doesn't require register_globals=On (yuck).

Ideally, though, I'd like a system with rigid code/presentation separation

Jul 17 '05 #3

P: n/a
Honk, Honk.

Absolutely messy. Version I've analyzed (few months ago)
had various coding styles and design architectures mixed
(with some very ugly bits).

osCommerce has catchy name, tempting license and complete set of modules,
but when you try to use it, it turns out that it takes a lot of effort
to adapt, extend or maintain the code.

It outputs tons of poor, invalid HTML.

osCommerce even motivated me to write my own webshop from scratch.
It took a bit, but now I have object-oriented code, semantic XHTML output
and pure CSS styling. Pages load faster and get boost in google rank :>

--
Kornel Lesinski
ideadesigners.com
Jul 17 '05 #4

P: n/a
porneL wrote:
Honk, Honk.

Absolutely messy. Version I've analyzed (few months ago)
had various coding styles and design architectures mixed
(with some very ugly bits).

osCommerce has catchy name, tempting license and complete set of
modules, but when you try to use it, it turns out that it takes a lot
of effort to adapt, extend or maintain the code.
Which is why almost all the osCommerce sites out there look *exactly*
the same (except for colour styling). It's great for people who don't
mind all having the same look though because it's very easy to set up
if you're not bothered with actually having a nice design. There are a
few sites out there who sell customised templates though that look
pretty good.
It outputs tons of poor, invalid HTML.

osCommerce even motivated me to write my own webshop from scratch.
It took a bit, but now I have object-oriented code, semantic XHTML
output and pure CSS styling. Pages load faster and get boost in google
rank :>


That's the other downside - it has to be generic to try to work for
everyone so ends up executing loads of queries per page, include()ing
lots of different files and generally taking a lot longer to parse a
page than it should.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #5

P: n/a
"Matthew Crouch" <ma************@spamlessverizon.net> wrote in message
news:pa****************************@spamlessverizo n.net...
Okay, I've fiddled with this and I'm not passing judgment. If this
application is great and there's just something I don't know, I'd love to
learn.
Tried hacking it myself and gave up.
Item: Customizations (other than simple layout/color stuff) seem to be
really hairy.
If I want to add a field to
the customer info I collect, I have to hand hack numerous scripts

Item: there is a catalog/includes/configure.php that can be overridden by
catalog/includes/local/configure.php ... AND there is
catalog/admin/includes/configure.php and
catalog/admin/includes/local/configure.php
Yup, I just wanted to add a simple html wysiwg editor to the product
description field. Near bloody impossible :(
In the site I'm working on there is a copy of this entire structure in
httpdocs and httpsdocs. So to change some global setting I need to change
in 4 places.

?!?!?!?!?

Item: The data model is, in my opinion, really hacky. Again, I'm not an
expert but there seems to be a lot of weird stuff e.g. 12
customer-specific fields (address, zip, etc.) in the Orders table.
That'll be correct for any system that doesn't do proper Entity management.

Supposing your customer moves address in between orders. When you look at
the old orders they should retain the old invoice and delivery addresses and
not be updated with the new ones.
Item: (by far the most annoying) All the questions I post in their support
forum are replied to by
1) "Do X" ... when I stated quite clearly that I did X and it didn't work

or

2) "Give to $$$ and I'll fix it for you"


Well if you are not paying for the software don't expect expert help to be
available for free. ;)
Jul 17 '05 #6

P: n/a
On Wed, 29 Dec 2004 08:25:02 +0000, CJ Llewellyn wrote:

Item: The data model is, in my opinion, really hacky. Again, I'm not an
expert but there seems to be a lot of weird stuff e.g. 12
customer-specific fields (address, zip, etc.) in the Orders table.
That'll be correct for any system that doesn't do proper Entity management.

Supposing your customer moves address in between orders. When you look at
the old orders they should retain the old invoice and delivery addresses and
not be updated with the new ones.


I would accomplish this with something similar to but different from their
model:
-they have an "address_book" table. This should include all addresses and
order should just have a foreign key to one of these, separate ones for
billing & shipping probably.
Item: (by far the most annoying) All the questions I post in their support
forum are replied to by
1) "Do X" ... when I stated quite clearly that I did X and it didn't work

or

2) "Give to $$$ and I'll fix it for you"


Well if you are not paying for the software don't expect expert help to be
available for free. ;


It's true what with the gift horses and all but I've seen many other free
software projects that do much better. MySQL in particular is impressive
in this respect.

My suspicion is that free support CAN'T be as good with osC because the
design is subpar. So people have to invest beaucoup time/effort to figure
it out, and need an ROI for that.

A quick glance at the Zencart support forum looks promising. I keep
leaning further in that direction...
Jul 17 '05 #7

P: n/a
>
osCommerce even motivated me to write my own webshop from scratch.
It took a bit, but now I have object-oriented code, semantic XHTML output
and pure CSS styling. Pages load faster and get boost in google rank :>


This is an idea I'm toying with. I have one client who's basically getting
a custom built shop from me, and another client who's authorizing me to
find something better than osC.

If I had an expert or two onboard, I'd love to merge the clients -- use
one new project.
Maybe take the Zencart fork and strip it down to the core fxns, classes,
then make 'em sit on a templating engine like Smarty.
Jul 17 '05 #8

P: n/a
Chris Hope wrote:
Which is why almost all the osCommerce sites out there look *exactly*
the same (except for colour styling). It's great for people who don't
mind all having the same look though because it's very easy to set up
if you're not bothered with actually having a nice design. There are a few sites out there who sell customised templates though that look
pretty good.


Using osCommerce is like floating down a river. It's easy to float and
let the the river take you where it goes. It's harder to get out and
travel along rocky banks(or go where you want).
Hopefully there are no falls ahead.

Jul 17 '05 #9

P: n/a
"ZenCart instead"
what other free php catalog/cart sytems do we like?

Jul 17 '05 #10

P: n/a
Kornel,

How did you handle the payment processing component of the site?
Melvin Ram
Volcanic Marketing Studios
melvin-at-volcanicmarketing.com

Jul 17 '05 #11

P: n/a
How did you handle the payment processing component of the site?


I've had to use "WorldPay Junior" service (client's requirement).

I don't recommend it to anyone!

While figuring out how to integrate it securely I've found that this
system has several design weakneses, and in practicular sloppy
implementation in osCommerce WorldPay module allows to exploit them.

I've reported two huuuge security holes that allow to get order "paid"
without paying, and one even without going through payment processing.

In my implementation I've added paranoid security checks,
but still some elements of WorldPay integration may be considered
'security by obscurity' (I won't tell which ;P).
--
* html {redirect-to: url(http://osiolki.pl);}
Jul 17 '05 #12

P: n/a
porneL wrote:
How did you handle the payment processing component of the site?


I've had to use "WorldPay Junior" service (client's requirement).

I don't recommend it to anyone!

<snip>

Never heard "WorldPay Junior" before; is it a part of WorldPay?

IIRC, WorldPay provides secret call back URL and emailing (so that
you may parse the email). Isn't enough for the security?

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #13

P: n/a
Never heard "WorldPay Junior" before; is it a part of WorldPay? yes.
IIRC, WorldPay provides secret call back URL and emailing (so that
you may parse the email). Isn't enough for the security?


Email is very easy to forge. There is no security for From: field.
Once you know how confirmation email looks, you can send one yourself.

Besides mail and (usually) callback go through unencrypted channels.

Callback URL and data is not secret, if you know implementation details or
when implementation follows braindead suggestions in the integration guide
to make callback url variable (both are the case with osCommerce
implementation).

Form reveals all information to the user and allows easy manipulation.

If implementation doesn't use callback password, you can issue any
callback yourself.
If implementation doesn't use md5 signature you can pay 1 peso for any
order.
If implementation doesn't check for testmode variable, you can pay with
fake credit card.

Funny thing is that ALL these *neccessary* elements WorldPay considers
*optional*
and doesn't mention implications of not implementing them. It seems that
people who designed this, thought that <input type="hidden"> is hidden..

Most shops have automated order processing, so they'll ship your order
before they notice missing mail confirmations or invalid amounts in
transaction history.

"HTML integration" is not a way to do payment processing.

--
* html {redirect-to: url(http://browsehappy.pl);}
Jul 17 '05 #14

This discussion thread is closed

Replies have been disabled for this discussion.