Is there anything lurking that I should be addressing?

[Music Man]

Hello All,

I recall that back in the days of 1.3.x there were numerous security patches, fixes, additions etc. that you could/should include on your site. I upgraded a while back to 1.5 (yeah I know there's a newer version.....right now my hosting company doesn't upgrade to it and I just don't have the background to do it manually) and I haven't noticed any such security patches, fixes etc. for the 1.5.x. I have done some of the paypal ones but just haven't seen any for security.

I can handle changes to individual files and such but I can't get my head around anything resembling a manual upgrade to another version. I might wait for 1.6.x to be available through my host and just do a fresh install.....or not if it won't benefit me that much..... So far the features I see it adding aren't on my list of priorities....so we'll see.

I did a search but came up empty.... Is there anything out there lurking that I should be addressing?

Thanks

MM

[mc12345678]

Hello All,

I recall that back in the days of 1.3.x there were numerous security patches, fixes, additions etc. that you could/should include on your site. I upgraded a while back to 1.5 (yeah I know there's a newer version.....right now my hosting company doesn't upgrade to it and I just don't have the background to do it manually) and I haven't noticed any such security patches, fixes etc. for the 1.5.x. I have done some of the paypal ones but just haven't seen any for security.

I can handle changes to individual files and such but I can't get my head around anything resembling a manual upgrade to another version. I might wait for 1.6.x to be available through my host and just do a fresh install.....or not if it won't benefit me that much..... So far the features I see it adding aren't on my list of priorities....so we'll see.

I did a search but came up empty.... Is there anything out there lurking that I should be addressing?

Thanks

MM

So, on this issue. First of all, one should not count on an autoinstaller. (Host not providing an upgrade method.) These autoinstallers have caused more problems than they have solved and often lead the user to this site. To figure out why something doesn't work (again caused by the changes made by the host in creating the autoinstaller). So that issue aside, recently a majority of the "security" fixes have been methods to reduce spam and the upgrade to more secure php. The thing with the php upgrade is that the ZC version also must/should be upgraded in order for the cart to continue functioning.

Now, if unable to figure out how to upgrade, which the guidelines in the various places suggest can be either a replacement of files with a database upgrade, a complete rebuild with a database upgrade, or starting over with a fresh install of the cart and any other addins desired. If unable to accomplishh this on your own over time, then there are plenty that will help, some for free others for a cost. How/if you proceed is completely up to you, but realize that delaying the applicable upgrade(s) only puts your customers in greater jeopardy which in turn could put you at risk. Realize that the upgrade can be done at your own pace and does not require you to disable your existing store until you are ready to put your new version online and then depending on the method it my be down for as few as some microseconds or as much as mybe 30 minutes while some last minute tests are performed with the replaced version. Either way, with appropriate customer notification, it should not be an issue with whatever method is applied. The important part is as you are trying to address that the customer's information is maintained secure.

So again, the general "security" patches of recent have been php/version related. There are some plugins that have been updated to reflect various problems/potential issues associated, but those are isolated as compared to the overall operation of the store.

[Music Man]

Response to mc12345678.

So, on this issue. First of all, one should not count on an autoinstaller. These autoinstallers have caused more problems than they have solved and often lead the user to this site.

That I understand.....HOWEVER.....I don't know HOW to do it manually....wouldn't even know where to start. If it's just dropping files and folders into my host directory that's 1 thing......but I suspect there's some sort of 'install' procedure and in order to do that I would have to know WHERE to install WHAT. If my host is likely to botch what is needed in their autoinstall program I'm guessing they won't be of much help for me trying to do what they failed at.

Now, if unable to figure out how to upgrade, which the guidelines in the various places suggest can be either a replacement of files with a database upgrade, a complete rebuild with a database upgrade, or starting over with a fresh install of the cart and any other addins desired. If unable to accomplishh this on your own over time, then there are plenty that will help, some for free others for a cost. How/if you proceed is completely up to you, but realize that delaying the applicable upgrade(s) only puts your customers in greater jeopardy which in turn could put you at risk.

I would not even know where or how to begin. Is there a tutorial some place that shows how? I don't even know what I'm trying to do. My host set up the initial install.....so I am clueless. I am not an IT type and all this is overwhelming. It took me 6 hours today just to figure out how to change the background color on the outer edges....out past the main page.....

Realize that the upgrade can be done at your own pace and does not require you to disable your existing store until you are ready to put your new version online and then depending on the method it my be down for as few as some microseconds or as much as mybe 30 minutes while some last minute tests are performed with the replaced version. Either way, with appropriate customer notification, it should not be an issue with whatever method is applied. The important part is as you are trying to address that the customer's information is maintained secure.

I did not know that...I assumed once I began an upgrade I was basically breaking links and such and making it non functional.

So again, the general "security" patches of recent have been php/version related. There are some plugins that have been updated to reflect various problems/potential issues associated, but those are isolated as compared to the overall operation of the store.

Are these "security" patches something that I can add/install or are these resulting from the new versions coming out?

Thanks for the response....I am 'peddling' as fast as I can!

[mc12345678]

Response to mc12345678.

So, on this issue. First of all, one should not count on an autoinstaller. These autoinstallers have caused more problems than they have solved and often lead the user to this site.

That I understand.....HOWEVER.....I don't know HOW to do it manually....wouldn't even know where to start. If it's just dropping files and folders into my host directory that's 1 thing......but I suspect there's some sort of 'install' procedure and in order to do that I would have to know WHERE to install WHAT. If my host is likely to botch what is needed in their autoinstall program I'm guessing they won't be of much help for me trying to do what they failed at.

Now, if unable to figure out how to upgrade, which the guidelines in the various places suggest can be either a replacement of files with a database upgrade, a complete rebuild with a database upgrade, or starting over with a fresh install of the cart and any other addins desired. If unable to accomplishh this on your own over time, then there are plenty that will help, some for free others for a cost. How/if you proceed is completely up to you, but realize that delaying the applicable upgrade(s) only puts your customers in greater jeopardy which in turn could put you at risk.

I would not even know where or how to begin. Is there a tutorial some place that shows how? I don't even know what I'm trying to do. My host set up the initial install.....so I am clueless. I am not an IT type and all this is overwhelming. It took me 6 hours today just to figure out how to change the background color on the outer edges....out past the main page.....

Realize that the upgrade can be done at your own pace and does not require you to disable your existing store until you are ready to put your new version online and then depending on the method it my be down for as few as some microseconds or as much as mybe 30 minutes while some last minute tests are performed with the replaced version. Either way, with appropriate customer notification, it should not be an issue with whatever method is applied. The important part is as you are trying to address that the customer's information is maintained secure.

I did not know that...I assumed once I began an upgrade I was basically breaking links and such and making it non functional.

So again, the general "security" patches of recent have been php/version related. There are some plugins that have been updated to reflect various problems/potential issues associated, but those are isolated as compared to the overall operation of the store.

Are these "security" patches something that I can add/install or are these resulting from the new versions coming out?

Thanks for the response....I am 'peddling' as fast as I can!

:) It is or can be a both slow and fast.. :) So, a few things about zen-cart and the zen-cart forum. The program has some built in tools to help find things such as where text is stored, or the value of a constant (All capital lettered words). This tool which you may need to come back to later for customization is the developer's toolkit found under the tools option of the admin panel. Okay, that aside...

On the website side of things, besides the numerous people asking how to do an upgrade (which each of those threads is searchable) a more reliable source is the Frequently Asked Questions (FAQ) section. There you can find at least one or more sets of instructions, each of good use, and in some ways duplicating the other, but with more or less detail. Some of the choice on which to use/follow has to do with what you currently,or have come to understand overall about the process and what each discusses. Generally speaking the instructions do speak to things a little generically such as compare files, or copy this type of things, etc... but many of those things can be clarified from a few questions here and there on the forum. Oh, I forgot to mention that the documents of the program downloaded from the zen-cart website (http://www.zen-cart.com/getit) also contains instructions about how to perform the upgrade.. Replace this file, remove that one, add this, etc...

The thing is that plugins already installed more than likely need to be updated to a more recent version in most cases... That is part of the upgrade process though...

So, guides to upgrade. There is somewhere a posting by Dr. Byte that by most is considered helpful/useful. I'm not 100% sure that one of the below is that, but one of them may lead to it. Anyways, read over one or more of them, sit back, think a little, then come back and see if it makes sense. If not, go do something else for a little while and come back to it. By this point if it still doesn't make sense, then come back to this website, identify which set of instructions you are trying to make sense of (link helps a lot), which step you are stuck at, what it is you understand, and what it is you do not understand. The more information that can be provided, the easier and more helpful the response.

As for actually doing the upgrade? Basically, all of your current files should be copied to a new folder area so that you can basically have the same site in two places so that you can make mistakes on the one and not affect the live thing. Now, I say files, but the database also should be duplicated to its own location so that the information displayed to customers also doesn't get affected. The location and method of this duplication does depend a little on what you are allowed to do by your host, like have multiple databases, or if not then need to know/understand how to copy the database to the same database but with a different database prefix...

So, those links:
http://www.zen-cart.com/content.php?...pgrade-my-site
http://www.zen-cart.com/content.php?...-zen-cart-site
http://www.zen-cart.com/content.php?...stall-zen-cart

The above was found by searching on the FAQ for the word upgrade. There may be others, but that's a start for reading.

Oh, and as for the other "security" patches, sure you can upgrade the plugins you currently have installed to the latest version of it/them, but realize either upgrade the plugins or upgrade your system, don't try to do both at the same time. Ohhh and backup.. Make backups.. backup of your files, backup of your database... The database backup will become a file, but that's not a "problem" it makes the information available to be "physically" stored somewhere.

Better?

[Music Man]

:)
Better?

It is better....somewhat like drinking out of a fire hose is better when you need a glass of water.....

I appreciate your time and effort.... I think I need to take a deep breath and clear my head....right now it seems like it is ready to explode. Then I'll read the posts you suggest.... It is difficult to get my head around this and that's why I've relied on the host and I just do a fresh install after I fall behind a couple of versions.....of course that entails a lot of work as I end up recreating a completely new database too...... When the IT portion takes up this much of my time it is like the cart is pulling the horse......I would rather take a beating it is less painful than updating this cart.

Sorry....didn't mean to go off.....I'm just completely frustrated right now.

[mc12345678]

It is better....somewhat like drinking out of a fire hose is better when you need a glass of water.....

I appreciate your time and effort.... I think I need to take a deep breath and clear my head....right now it seems like it is ready to explode. Then I'll read the posts you suggest.... It is difficult to get my head around this and that's why I've relied on the host and I just do a fresh install after I fall behind a couple of versions.....of course that entails a lot of work as I end up recreating a completely new database too...... When the IT portion takes up this much of my time it is like the cart is pulling the horse......I would rather take a beating it is less painful than updating this cart.

Sorry....didn't mean to go off.....I'm just completely frustrated right now.

Actually, thank you for the information in the "venting". It revealed a lot.

So you've rebuilt a site before. Good. The difference here, and maybe you did more work before than was necessary, is that you don't need to rebuild your products, you rebuild/correct/upgrade how all that is shown and processed.

If you built your site the zen way by making most of your changes in override directories, then the upgrade is that much easier. (Some plugins have necessitated core file changes.)

The part(s) many find difficult is the creation of the backup, yet functional, store. That's where the confusion of old aand new in the instructions comes. But all that said... Really take it one step at a time. Print out the directions. Make notes. Gather files and information together. Step througgh each instruction and you will amaze yourself at what you can do. It does take some time. Experienced, a couple of hours... First time upgraders, a couple of good days...

Big thing that helps, plan first before installing anything. What do you want to install? Does it work with the version you plan to install. If not, what else will work and do the same thing or better? Do you really need whaat it is that is there now? If not, one less thing to install. Can you live without it for now and wait for it to be updated? Do certain programs need to be installed before another? Etc... Develop your plan, make the list and take one step at a time. Make backups, and move to the next...

There are still a couple of ways to approach the install sequence, but somewhat deppends on experience and knowledge. But again, the venting did seem to indicate that you are capable of doing the update if things are not made complex.

[Music Man]

But again, the venting did seem to indicate that you are capable of doing the update if things are not made complex.

I think once I understand what I'm trying to do I can do it.

I have a favorite expression.... "If you don't know where you're going you either can't get there or wind up in some place you don't want to be......" Right now I don't know where I'm trying to go.....if that makes sense. I guess that's the part that is most frustrating. I feel like a dummy and the kid that gets taught how to swim by throwing him in the deep part of the lake.

At least once I get my head around and understand the methodology I'll know what to try first, second, and so on....or at least I'll know what questions to ask to pinpoint issues. Right now...not seeing the big picture of how the install process works it seems overwhelming.

I'll do some reading and come back with a list of questions I'm sure.....

Thanks again....the encouragement is appreciated.