osCommerce & Register Globals

What happens when your web host finally get's around to upgrading to php5 and MySQL 5? Here is what happened to me in order:

1. Rejoice because finally your website is hosted according to industry standards.
2. Panic because you are unprepared.
3. Worked through the night to get the website updated.

In order to migrate an osCommerce website from php4 to php5 there is really only one thing you need to worry about and that's a little "feature" in php called, Register Globals.

Register Globals makes every variable contained in the URL, POST, SESSION and ENVIRONMENT directly available in every script. What this means is that with register globals turned on, you can write a webform that posts a variable to a script and that script can refer to the variable in the POST by name. For example:


<?php
/*
** Example script to show what happens when register globals is turned on.
**
** A form will submit POST data to this website as follows:
** String $_POST['name'];
** Int $_POST['age'];
*/
  echo "<h2>Thank you for telling me your name and age.</h2>";
  echo "With register globals turned on we can do this:<br/>";
  echo "Your name is: " . $name . "</br>";
  echo "You are " . $age . " years old.";
?>


Now with register globals turned off, you need to do it this way.

<?php
/*
** Example script to show what happens when register globals is turned on.
**
** A form will submit POST data to this website as follows:
** String $_POST['name'];
** Int $_POST['age'];
*/
  echo "<h2>Thank you for telling me your name and age.</h2>";
  echo "With register globals turned on we can do this:<br/>";
  echo "Your name is: " . $_POST['name'] . "</br>";
  echo "You are " . $_POST['age'] . " years old.";
?>


PHP does have an neat function called, "extract" which will take all the variables in and associative array. It works like this:

<?php
/*
** As before we have a post that looks like this:
** String $_POST['name'];
** Int $_POST['age'];
**
** We want to create variables out of the $_POST array keys and make the values the values
** if you catch my drift.
**
*/
  echo "<h2>Thank you for telling me your name and age.</h2>";
  echo "With register globals turned off we can do this:<br/>";
  if( isset ( $_POST ) && !empty( $_POST ) ) {
    extract($_POST, EXTR_SKIP);
    echo "Your name is: " . $name . "</br>";
    echo "You are " . $age . " years old.";
  } else {
    echo "You did not post any data.";
  }
?>


So you can see where I am going with this. The first thing I needed to do was to make sure that all the "registered global" variables were first caught and made available in the above way.

osCommerce Session handling
It quickly became apparent that I was not going to get anywhere until I had the sessions stuff sorted. At this stage I gave up working this out for myself and searched for help. I found an excellent resource called: Magic SEO URL for osCommerce (osCMax)

There were a couple of other pitfalls:

1. root/admin/includes/classes/upload.php has a line that sets "$this = null;" PHP 5 objects to this ( excuse the pun ) so the correction is fairly simple. Just comment it out. I did play with unset( $this ) but found that to cause some other difficulties.

2. The variable $PHP_SELF is referred to many times in osCommerce code. As this is a registered global it will not be available to your code after the upgrade. You must set this variable in application_top.php like this:

   $PHP_SELF = $_SERVER['PHP_SELF'];


Other things that did not happen to me but might happen to you.
MySQL upgrade breaks all your queries. This is quite a common problem that I have encountered before but not recently. MySQL 5 requires the correct bracketing of clauses in the from statement of a query. Especially with regards to left joins. Search for this in the contributions section of osCommerce.

References:
http://www.magic-seo-url.com/oscommerce/tips/running-oscommerce-with-register-globals-off.html
http://www.oscommerce.com/community/contributions,2097/category,all/search,globals
http://www.oscommerce.com/community/contributions,4654

Comments

Post a Comment

Popular posts from this blog

Automatically mount NVME volumes in AWS EC2 on Windows with Cloudformation and Powershell Userdata

Introduction This post explains how I go about with AWS Cloudformation and Powershell userdata scripts. attaching EBS volumes to Windows EC2 instances identifying them in the OS initializing them formatting them and assigning labels and drive letters. Prerequisites You should know something about Cloudformation and Powershell. The AWS Image you use for your EC2 instance should be one provided by AWS and should have the following utility already deployed to  C:\ProgramData\Amazon\Tools\ebsnvme-id.exe AWS Cloudformation Step I typically do not declare EBS Volumes together with the EC2 Instance declaration in Cloudformation but prefer to declare them as separate resources along with their own ebs attachment resources.  Here is an example EC2 instance with three additional volume declarations on top of the root volume which is automatically mounted on C:\ WindowsServerInstance: Type: AWS::EC2::Instance Properties: BlockDeviceMappings: - DeviceName: /dev/sda1
Read more

Extending the AD Schema on Samba4 - Part 2

Importing LDIF files into Samba4 and Active Directory This is part 2 of the Extending AD Schema on Samba4 series.  The examples below are tested using the Samba4 LAB I created.  If you want more information on how that works then please read  http://david-latham.blogspot.co.nz/2012/12/samba4-ga-release-virtualbox-lab.html For part one, please read http://david-latham.blogspot.co.nz/2012/12/extending-ad-schema-on-samba4.html Unfortunately the format of an ldif file for creating new attributes and classes in the Schema Configuration are differ between Samba4 and Microsoft. The tools are slightly different too.  So this article will attempt to make it all clear. Find all the latest versions of code on this post at  https://github.com/linuxplayground/yubikey-ldap/tree/master/microsoft-schema Samba4 - ldbadd & ldbmodify As far as I can tell the only way to create a new class with a custom attribute in Samba4 (on the Linux command line) is first add the attribute with ldbad
Read more

Python + inotify = Pyinotify [ how to watch folders for file activity ]

Sometimes it just might be handy to be able to watch a folder on a hard disk for changes. For example: A client app might drop small files on a shared folder. A server app might be watching the folder for just such an event. Once the file is created, the server will kick into action and perform whatever tasks are required. This all comes from my CD burning application. I am currently thinking that the client apps will drop small xml files containing information about what to burn onto a folder the webserver has access to and the cdburner service will be watching... The linux kernel provides inotify. This from wikipedia : notify is a Linux kernel subsystem that provides file system event notification. It was written by John McCutchan with help from Robert Love and later Amy Griffis to replace dnotify . It was included in the mainline kernel from release 2.6.13 (2005-06-18), and could be compiled into 2.6.12 and possibly earlier releases by use of a patch . Its function is essen
Read more