OsCommerce: A Lesson in Unmaintainable Code?

I’ll let you in on a dirty secret: my first paid programming task was to make custom modifications to an oscommerce shopping cart. I cut my teeth on PHP that weekend and learned through trial by fire how much good, clean code (with no global variables!) matters, and how much it really SUCKS when everything is in the global scope. I always died a little inside each time I had to make a modification… I once started refactoring the code on the side, but gave up after a month. It was just so… intense!

Anyhow, my days of modifying oscommerce carts finally came to an end. My current job has me doing java web development (which is another beast on its own) and although I do some php related gigs on the side from time to time, always opted to use Magneto or other solutions for my shopping cart needs. Today I wondered… did oscommerce 3.0 ever release?

A quick journey to their site revealed that, no, 2.2 is STILL the latest stable release (which is what it was when I first messed with in 2004/2005 I believe) and the last release of oscommerce 3.0 (Alpha 4) was over a year and a half ago… ouch! How did this happen? Isn’t it the open source community where you are often witness to truly agile projects out in the wild?

To me, I think it is a lesson in what happens when you have code that is hacked together, unclear, and difficult to maintain. Even worse, the original codebase was written for a language that has evolved VERY VERY quickly over time… PHP is now a different beast than it was when oscommerce2.2 was released (for java’ers, think of an app in java 1.3 in today’s world). And the fact it’s widely used compounds the problem.

Like any good software, good code often has users who are constantly in need of new features that need to be added. When dealing with legacy code, any new feature can be quite costly and often requires quite a bit of refactoring (or even complete rework) in order to be able to fit the new feature in nicely. Adding new features (while not breaking existing functionality) can be mind boggling sometimes… and if you don’t have any form of automated tests AT ALL (which oscommerce has none, to my knowledge) can be so scary that it deserves its own horror movie!

I’ve had my hand at working with legacy code, and the biggest lesson I have learned when it comes to rewrites is this: don’t. It is tempting… VERY tempting to just rewrite it, or rewrite whole sections. It’s tempting to do what oscommerce did with version 3.0: put together a big release plan and do some big bang releases with some complete rewrites. Don’t! While you’re spending time rewriting, planning, rewriting, etc… your competitors are releasing. And if they aren’t, your customers are growing impatient.

The approach I’ve found helpful is to simply release… add feature X, do a little cleaning up, and release. Complete feature Y, update the look and feel of the product management menu, and release. That way the features keep coming, customers keep getting satisfied, and the product evolves piece by piece in an iterative manner. But I’m off track… this isn’t a post about agile software development. 😉

To get back on track, this post is about the need for clean code. As software developers, we should always search out ways to improve the maintainability of our code if we want our product to thrive and grow… any deterrents to maintainability will impede others from improving it, and at worst will cause the code to become stale and often avoided. 😉

As a side note, although I have slammed OsCommerce for its code quality, I do have to acknowledge that for its time it was the best free shopping cart system out there… while others had to shell out thousands for crappy shopping carts with missing features, OsCommerce was there to offer those features not only better, but for free. The contributors and core developers did an EXCELLENT job meeting the needs at the time and producing what was honestly quite an awesome piece of software.

But, in the end, Legacy Code can come back to bite oneself in the a$$ if not properly controlled. 🙁

  • http://pencoyd.com/clock/ John Roberts

    Curious in your off-hand reference to Magento, as I’m considering it for a project. Do you feel like it’s on the right track in terms of code structure and maintainability? Community seems reasonably active, and I like the Varien model. It’s not all I need it to be now, but I’m thinking the “bones” are good. But I’m not a programmer, so interested in even an off-the-cuff, knee-jerk reaction from someone who thinks in code.



  • http://railsonedge.blogspot.com Ralph

    I had to do some customization of an OSCommerce install myself a couple of years ago. All is as you said, difficult to read and change code. A lot of plug-ins I used I needed to tweak around too. But I do appreciate the folks that put it all together…

  • http://blog.james-carr.org James Carr

    @Ralph indeed… i hate slamming it as I really do apperciate the folks putting it together as well. 🙂

    @John I feel the code is pretty well written and the community is pretty active. There are also carts out there though, I hear that ubercart is heading in the right places as well, but I haven’t looked at it.

  • http://softwarebloat.com Robert Boyd

    Nice post, James. I have definitely felt my share of pain from the second-system effect. They hardly ever pan out, do they?

    In my experience, the rewrites that do work were never intended to be rewrites at all. Our current webapp is pretty much a complete rewrite but started out as a quick hack to do some proof of concept.

    Amazing how much of Fred Brooks philosophy from The Mythical Man Month still applies today.

  • http://www.glenscott.co.uk Glen Scott

    Totally agree, James. I used to work on a few osCommerce sites myself and would come out in hives when I needed to make any “customisations”. The problem is that generic shopping cart systems very rarely satisfy the needs of clients, and that’s where the problems kick in. I sincerely hope that I never have to work with osCommerce ever again, it really is a mass of spaghetti code and a good example of “how not to do it”.

  • Nathan

    James, Great post. Not sure if you are aware of the another recently forked version of oscommerce called “The osCommerce Project” http://www.oscommerceproject.org/

  • Nathan

    Also the following article has information on that project

    osCommerce is Dead: Long Live the NEW osCommerce Project
    By Kerry Watson
    November 25, 2008

  • Jeff

    Three of your seven uses of “it’s” are incorrect.

  • Shazman

    I employed ZenCart (a spin off from OSCommerce) for a couple of ecommerce projects. I had to spend an inordinate amount of time to hack seemingly simple things just to shoehorn it into my requirements. In the end I stopped using it, as I realised that I could roll my own in less time and get the results that I wanted.

  • http://www.awsom.org Harknell

    Back when I was looking at setting up a store site I looked at OSCommerce and even started doing some custom work in it. I then noticed that there wasn’t a way to have people checkout anonymously (as opposed to having to create an account with username/password). I contacted the developers and posted on their forum about it. The response I got back was very negative as if that feature was idiotic–they in fact stated that they’d never do that and any person buying from a site that didn’t want to set up an account weren’t worth selling to! At that point I moved on to another system, and in fact paid for one that was more open about how you did things.

    Kind of sad that they don’t seem to be going anywhere, maybe the “we know best for everyone” attitude might have had something to do with it….

  • zach

    I’m currently running two 2.2 oscommerce sites that have been extensively customized with both user contributions and my own modifications. The sites have never given me a problem due to problem code. With that said, it is critical that folks understand how difficult it can be to modify the product. The user contribution area is amazingly rich, but is also a total mess, with haphazard “updates” by whomever desires to create one, and no clear way to determine what is the most appropriate and stable release of any particular contrib. There are zero standards for how contribs are documented or updated, and it can be very time consuming to implement the n+1 contrib. User-to-user support via the forums range from excellent to non-existent, but the search limitations imposed by how they implemented phpBB often makes it difficult to find answers. Finally, many folks see that oscommerce is open source and have no clue that one really needs a programmer to implement a feature-full site; consequently you’ll see a lot of stock osc sites out there that look atrocious.

  • http://blog.james-carr.org James Carr

    @Harknell INDEED! The thing that makes open source great is that anyone can contribute to it… I think another failing of oscommerce in that they never allow people to join the core development team, instead it’s handpicked and only consists of five devs, which afaik only two are really working on it.

    Why they don’t give people commit privileges once their coding style is considered “worthy” is beyond me. *shrugs*

  • http://blog.james-carr.org James Carr

    @Jeff Thanks… the errors have been corrected. It’s bound to happen when you throw a post together really quickly! 😉

  • http://zacharydangercampbell.com Zachary Danger

    I worked with OSC for almost a year and half and you’ve eloquently summed up all of the frustrations. It sort of beats you down into doing work you’re not exactly proud of. Yes, you *could* try to refactor, but in the end the legacy code wins out and you just learn to encapsulate your modifications so as to not disturb the OSC gremlins.

  • http://www.citrusbright.com Citrus

    You article hits the nail right on the head. I had EXACTLY the same problems. Embedding logic code and display code together is mad and goes against every design pattern in the book.


    Magento is a far superior product in terms of both functionality and also maintainability. I’m not knocking OSCommerce but there comes a time when things move on and it’s now run it’s time.

  • http://floatsolutions.net Aidan

    I’ve worked with osCommerce a fair amount in the past and let me say it was one of the worst programming experiences i’ve ever had.

    Although it taught me a lot about how NOT to do things.

  • Chris

    I have been working with OSCommerce extensively for almost a couple of years now. I actually switched to oSCMax, which is basically OSCommerce but with some of the contributions already built into it. I did that because when I was trying to add contributions into OSCommerce, I’d run into problems like well you cant run that contribution without first installing that one. And then come to find out I installed the wrong version of one contribution so another version of a new one wouldn’t work. Not to mention none of this is documented anywhere. So I almost gave up on most of the contributions and installed oSCMax since it had so many contributions already built into it. Then I have been making all of my own custom modifications to the system over the last year. Their code is really hacked together and old. I would like to find something new. I’ve done some cool things with it, but sometimes making simple changes will make you rip your hair out.

  • Hans

    @Nathan – I took the time yesterday to download this so called “fork”. First thing I noticed (and was suspicious of due to their blatant use of the osCommerce name) was that the osCommerce copyright notices have been altered to suit their bogus use of the osCommerce name. This is clearly in breach of the GPL, so anybody who uses it is contributing to the spread of pirated software. Codewise it is the same old spaghetti code and not worth the bother.

  • Laura Sheldon

    I do not think The osCommerce Project (the new one) will be around for more than a few weeks. In the open source community they have already lost all credibility and respect. They do not seem to think that trademarks are there just for the taking. Copyrights are for other people. Ownership is a word that only applies to them.

    No one except for the individuals running the project think that the way they have set up their project is legal but they are not listening to anyone. They are not listening to their potential users, common sense, and the law. Not even the Court of Appeals for the Eleventh Circuit (case law) agrees with them but they still do not listen.

    I feel that if you go there in a couple of weeks you will not find a forum as the sites will be seized.

    I feel this will be the end of their project and since there is no other development the whole project will eventually die a slow death (but it is not abandoned as the new project tries to tell everyone).

  • Jason H

    I recently built a site with oscommerce. Nice app but just as everyone said, it’s all over the place. To install an addin you first have to find the contrib. Then determine which version is full and stble and includes any updates. Then you have to install it in several places hoping that u don’t overwrite a previous contrib. Also, I hate tables… As a CSS designer I was in table hell.

    Overall, I got it to work the way I wanted. Very modified, lots of addons, and extra code. For what it’s worth I like oscommerce alot. Although, I will look at Magneto for the next release of the site.

  • Mike Seth

    You are entirely correct. OsCommerse (and Zen Cart) are nightmare. I was forced to work on them both and ever since I refuse any and all requests related to them. It’s hard to imagine an uglier codebase which is so widespread.


  • http://www.antlyn.com Lyndon Garvey

    osCommerce is a horror show. We used it for a large, high turnover website, and it has become an out of control beast.

    We’re now in the process of planning a large scale redevelopment process to undo the mess that was created by choosing osc.

  • http://stratocentric.com stratocentric

    Is OSC dead? There hasn’t been a comment on the site since mid 2010 regarding the progress of OSC 3. Or maybe the old revamp to a pay product once the open sourcers have contributed the code.