The Secret to Upgrading osCommerce from 2.2ms2-2006-08-17 to 2.2rc1 – January 20, 2010

I've been working with a customer to upgrade his osCommerce installation.  The interesting points of the upgrade are that he has a highly customized installation, both in the template and code.  Subversion comes to the rescue for all of that.  And I got his source code checked in (had to first figure out what version he was running, since it turns out he originally installed 2.2ms1, and had partially upgraded to 2.2ms2-2005 and then partially upgraded to 2.2ms2-2006, so it was pretty confusing as to which files and database tables had already been upgraded.

I finally got him upgraded to 2.2ms2-2005, using subversion to figure out all of the customizations, and then I thought it would be easy to upgrade to 2.2ms2-2006, but that is when I discovered the database update script in the extras directory had already been partially run.  Ack.  So, I manually ran each line of the upgrade script in the mysql command line client to make sure I knew what was going on.

Once all that took place, we went through the store and admin to make sure everything looked good.  And in that, I discovered one customization that had overridden a bug fix added in 2.2ms-2006, but that was pretty trivial to fix once I spotted it.

I then breathed a sigh of relief, since all of the code was in subversion, and the database was now caught up, and everything should be good to go from then on.  But...  I used subversion to merge in the rc1 changes, and that worked perfectly, with very few conflicts (and I suspect if the client had a newer version of subversion, some of those wouldn't have happened, because the newer versions can track some file movements during merges better).  And I manually ran the database changes (some of which had already been run(!?)) and they all looked good.  Time to go back to the site: ack! nothing works, it says an "administrators" table is missing.  I searched all through the upgrade instructions, no mention of the administrators table, but it is added in new installations, so for some reason, the upgrade and new installation end up in different places.  I did see one mention in the upgrade docs of "not including an administration fix to avoid backward compatibility issues".  I am not sure how they expect people to upgrade by only following their instructions.  The few brave folks that tried getting through it without simply installing a new version of rc1 and re-adding all of their products and data manually were made fun of on the osCommerce forums.  But, finally, someone relented and published the secret SQL command that was needed to finish the upgrade, and hence the reason for this post:

 CREATE TABLE administrators (
    id int NOT NULL auto_increment,
    user_name varchar(32) binary NOT NULL,
    user_password varchar(40) NOT NULL,
    PRIMARY KEY (id));

Once you run that statement, the rc1 installation sees that there aren't any administrators defined, and asks you to login.  I suspect all of this has to do with osCommerce originally not having any login mechanism protections for the backend, but depending on htpasswd or other external methods for protection.  (when my customer moved from one host to the other, suddenly his backend with all customer data was publicly visible(!) since the new host wasn't parsing the (now invalid) .htaccess file.

So, now I can breathe a sigh of relief, right?  Because, now we are upgraded to a stable version, right?  Upgrade to rc2 coming later today...