Zen Cart; Security Patch

Zen-Cart just released an important security patch. Here is the issue as stated by the Zen Cart team.

A vulnerability has been discovered in the admin section of v1.3.8 (and previous versions). To take advantage of this vulnerability any attacker must know the URL of your admin section. As our security recommendations point out, you should change the folder that your admin resides in as soon as you installed Zen Cart.

However we realise that relying on this ‘Security through Obscurity’ is not foolproof, hence the release of this patch.

A link to the patch file is posted below. Please download the patch file and unzip it. The zip file contains a readme.html with full details on how to install the security patch files. In the main, the security patch uses Zen Cart’s override system to make installation as simple as possible.

The security patch will work for previous versions in the 1.3.x series. Older releases i.e v1.2.x are no longer supported and the patch has not been fully tested on those versions, however some parts of the patch should still work with v1.2.x (again see the readme.html file). However we strongly advise anyone using the 1.2.x versions to upgrade to 1.3.8 as soon as possible.

Thanks to Ghyslain/BlackH for alerting us to one aspect of this vulnerability.

I highly suggest downloading the patched files and installing them or contacting a Zen Cart professional.

Via the Zen-cart.com forum.

Zen Cart; Archiving Email Newsletters

Today I’d like to show you how to easily and effectively set up an archiving system in Zen Cart using it’s EzPages function.  There is no PHP coding required for this little trick and it’s completely stock ZenCart material.  There will be few advanced functions covered that will need a little bit of PHP coding built into the EzPage template file but feel free to skip over that as needed.

This is an overview of the EzPages control panel. The red boxes are areas that are, in this example, already used to set up a running Email Archiving system. This panel can be accessed by mousing over the “Tools” option on the navigation bar and selecting “EZ-Pages.” The large red box is showing our index page for the archive and five emails that are currently in the archives. The shaded red box further shows how using the chapter function helps group all the pages together properly and that using the TOC order is important to the final outcome of the setup. The small red box on the bottom highlights the “New File” button, which is what your going to click on to start, once you have your cup of coffee handy of course.

Read more

Zen Cart Blank Page; PHP Error Reporting

Ever get a completely blank page know as ZenCart’s white page of death? Or does your page stop loading predictably at the same spot every page load? Chances are you have an error in your code, or even worse you have a blank space after a “?>” at the end of one of your files. For the first case the fastest and easiest way to being trouble shooting this is to turn on PHP runtime configuration error reporting. And, what do you know, Zen Cart has a built in way to do it. Well, as in most things ZenCart, it’s “kinda” built in.

You’ll have to upload a new configure.php file:
Read more

Breadcrumb Repetition

Sometimes when using breadcrumbs (which you should) things can get a little redundant, as oftentimes the last breadcrumb is repeated as the H1 tag. This is default for the categories, products, specials and reviews pages and can often times leave you looking like a broken record.

So let’s fix it. Read more

Speed up your ZenCart

Almost every client I work with at one point or another asks me to “speed up” their site. After addressing hosting, and image size issues, there are a few quick changes you can make to Zen Cart’s core code to speed things along. The theory behind this is that ZenCart dynamically generates a lot of information that once a site is set up no longer needs to be generated. The side bars, often times loaded on every page load are the biggest culprits of this. How many times do you change the EzPages, Information, More Information, Languages, or Currency side boxes. Decreasing the number of these that are static will decrease the amount of information that your server and database are processing.
Read more

Additional Images

Adding additional images in Zen Cart can be tricky if not down right frustrating. There are a few contributions to make the interface easier but none that do exactly what I want, they all modify too many files and / or over complicate the issue. Although I’d encourage you to explore these options, I’m going to explain a couple of ways to upload additional product images on a stock ZenCart site.

Make sure your Zen Cart template shows additional images

I’ve run across two instances where a clients template hasn’t had the capability to run multiple images. If you are running a stock template you can skip this but for the rest checking this might save you some headache down the road. Open your tpl_product_info_display.php file in your templates directory.
Read more

StumbleUpon’s new “Share this” feature.

Since 3 Dog Media covered this relatively unknown little feature and it seems to be getting pretty good traffic so I think it’s time to point out a very big drawback that everyone should be aware of.  Connecting with you target audience is often times walking a fine line between genuine understanding of your viewers and spam.  This feature can quickly fall into the later.

First of all let me start by saying I will not be using this and I feel like those who do use it should practice some care. Before getting into the details let me explain what I’m talking about. SU added a new little “Share this” feature. To find it navigate to “Favorites” under the Reviews menu. Highlight over a thumbnail of a review and click on “Share this.”

Now you have the option of click multiple users or all users at the same time. This has been something marketing and web site promoters on SU have been wishing for since first creating their accounts. And why not? Reach more people with less time…

Well aside from the fact that this lets you over send an article. There is a huge draw back. Every person you send this to gets an email plus the SU button in box hit. Now the email is what bothers me. Personally if I wanted emails from you I’d have given my email to you. This is the same issue newsletter campaigns and many email marketers run across. People (me included) get protective of their in boxes. So words of wisdom watch out when using this. You might quickly find yourself loosing friends.

Now, why do we need to worry about the feature in general. First off as a recreational SU user we can just begin to imagine the fear as every “internet marketing professional” (aren’t we all) now has their finger on an all encompassing shot gun method of sending sites. This might turn the site more into Digg where marketers just thumb each others sites blindly and recreational users are forced out by the sheer quantity of spam. This situation allows those with larger networks to “force” a site with poor content over those with high quality content but pushed by a grass roots following, or a unconnected marketer. All I can do is hope SU is working out how to prevent this and I already see many ways that I hope are in effect.

If you are someone who is marketing and sharing articles for some kind of gain this feature also needs to be treated carefully. Without doing your homework first and getting to know your friends you risk sharing content that not everyone is interested in. Create lists, remember who likes what and remember that you will generate large amounts of traffic with StumbleUpon when you target your quality content to interested users.

Bring SEO Tools to Appliance Shopping (and beyond)

SEO tools that analyize searches, and user trending go beyond the internet, they are inherently your gateway to the pulse of the internet user. Why is Google investing billions in companies that provides data about the internet user? Because it is the most important information on the internet today. So why confine these tools to SEO, Copy writing, and Web Design, let them breath, use them to shop. Bring them out of Web 2.0 and into the real world, it’s a little retro. So retro in fact my mom, who sometimes fails to see the legitimacy of my internet job, asked me to show her how to “do that thing.” This very odd situation came up after my mom started shopping for a new refrigerator, in her typical Cold War era OCD fashion. Last time she went “shopping” for a point and shoot camera I found a two inch thick pile of printouts all of them highlighted and noted, organized with a dizzying array of paper clips and sticky notes. So when she pulled the familiar stack out of her brief case I sighed. I should have known better “What, you think you can do better? Give me your opinion then, mister.”

I, well, I don’t have an opinion, I have data, and lots of it. I have thousands of searches to analyze, organized however I see fit, the pulse of the internet, not what a magazine or blog is paid to write. This is where I started, and a quick look at what I did. First off I opened Google’s keyword tool, Google AdWords. I chose brands she was already fond of, I started broad and worked my way down the spider of related terms and more specific searches. I organized, recorded, and analyzed my findings.

Here I’m looking at one of the “KitchenAid - Maytag” comparison results. Notice ~50% more searches for Maytag than KitchenAid. We can’t but we will assume then there might be ~50% more sales. But, look at the highlighted “repair” searches, there is a 200% increase in Maytag searches when using KitchenAid as the base line. So ~1.44% of “Maytag refrigerator” searches are “maytag refrigerator repair” searches. While kitchenaid is a much more friendly ~.98%. The difference is significant. Of course, we need to take into account other information such as the fact that KitchenAid is a newer company. So while Maytag has fridges out there that are 6-7 years old, KitchenAid does not. But if you have a good set of tools and a understanding of analysis you can see the benefit of this versus traditional reviews for finding repair and maintenance information on brands and products. But don’t stop here move to Google Trends and then beyond.

MySQL Quick ZenCart Product Update

Recently I had a customer who wanted to change the guarantee that they’ve appended on to the end of all their products descriptions. This can be an extremely long task as product quantities increase into triple digit quantities. My solution and a very quick one was to use a REPLACE MySQL Database Query to modify all product descriptions at once. I used PHPMyAdmin instead of ZenCart’s “Install SQL Patches” and I’d recommend you do the same. Read more

ZenCart: Monitor your Database Queries, A Little Trick

I like to monitor and try and reduce my data base queries as much as possible, this is sometimes very usefull for module development but mainly comes in handy when optimizing a cart and making tweaks throughout.  Here is how I do it. Read more