Your Shopping Cart is empty!
Nov 10th
If you are running osCommerce on a Windows platform (I do for testing) then you may find that the above message appears when you try to add something to the cart. Reason is that the sessions are being lost between pages. There are a HUGE amount of reasons for sessions going AWOL and I have just spent a happy couple of hours grinding my teeth in exasperation whilst whittling away at code, forums, the works.
The cure?
Edit your includes/configure.php file to this:
define('HTTP_SERVER', 'http://127.0.0.1');
define('HTTPS_SERVER', 'http://127.0.0.1');
define('ENABLE_SSL', false);
define('HTTP_COOKIE_DOMAIN', '127.0.0.1');
define('HTTPS_COOKIE_DOMAIN', '127.0.0.1');
i.e. change any reference to ‘localhost’ to ’127.0.0.1′
The actual thread that I found it on is here.
Pagseguro::Erro 165 – O VALOR do item 1 não foi informado.
Nov 4th
Came across this one recently – Pagseguro is a Brazilian payment processor 
with a built in postal calculation function.
All of a sudden the client’s store was throwing errors on checkout:
O VALOR do item 1 não foi informado.
O VALOR do item 2 não foi informado.
and so on.
Using HttpFox I could see that the correct value for the currency (tep_draw_hidden_field(‘moeda’, ‘BR’)) was being passed to the payment server but no values for the individual items in the order.
After a bit of digging I found that the client (ahem!) had been in the store admin and he had changed the currency code for Brazilian Reals to ‘BR’ from the existing ISO-4217 code ‘BRL’ so that it would match the ‘BR’ required by Pagseguro as per their moeda field.
The Pagseguro payment module passes individual prices for each item in the order to the payment server by using the osCommerce function $currencies->get_value($currency) – changing the currency code in the admin to BR will make this function return a zero value.
So if you find that your Reals are not being correctly calculated then check that admin currency setting.
Database hack
Nov 2nd
Recently I was working on a client’s website when I came across an interesting variation on the recent fake ‘Google’ files hack.
Looking at his database I found this in the Manufacturers table:
(not the real filenames or manufacturers – names have been changed to protect the innocent 
)
Quite nifty this one as, when the manufacturers’ details are called by the osCommerce PHP code it will output the google11367c8876898.php file code to the visitor’s web browser rather than an image – looking into the /images/ folder on the clients server – sure enough – there is a PHP file with the appropriate name just waiting to be called.