PHPackages                             oxid-esales/consistency-check-tool - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. oxid-esales/consistency-check-tool

ActiveOxideshop-component[Utility &amp; Helpers](/categories/utility)

oxid-esales/consistency-check-tool
==================================

OXID eSales Consistency Check Component

v3.0.0(2mo ago)23.2k↓53.6%2[2 PRs](https://github.com/OXID-eSales/consistency-check-tool/pulls)proprietaryPHPPHP ^8.3CI passing

Since May 13Pushed 1mo ago1 watchersCompare

[ Source](https://github.com/OXID-eSales/consistency-check-tool)[ Packagist](https://packagist.org/packages/oxid-esales/consistency-check-tool)[ RSS](/packages/oxid-esales-consistency-check-tool/feed)WikiDiscussions b-7.6.x Synced yesterday

READMEChangelogDependencies (14)Versions (11)Used By (0)

OXID eShop Consistency Check Component
======================================

[](#oxid-eshop-consistency-check-component)

[![Development](https://github.com/OXID-eSales/consistency-check-tool/actions/workflows/trigger.yaml/badge.svg?branch=b-7.6.x)](https://github.com/OXID-eSales/consistency-check-tool/actions/workflows/trigger.yaml)[![Latest Version](https://camo.githubusercontent.com/54710fb2b990bd640933cc1da6fb97721ee82abb600b92accbd58789e94d3bf0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f4f5849442d6553616c65732f636f6e73697374656e63792d636865636b2d746f6f6c3f6c6f676f3d636f6d706f736572266c6162656c3d6c617465737426696e636c7564655f70726572656c656173657326636f6c6f723d6f72616e6765)](https://packagist.org/packages/oxid-esales/consistency-check-tool)[![PHP Version](https://camo.githubusercontent.com/aa1024562f222c43a1ab8c07bf556e9c32136b05b994e462d9953641d24a7656/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6f7869642d6573616c65732f636f6e73697374656e63792d636865636b2d746f6f6c)](https://github.com/oxid-esales/consistency-check-tool)

[![Quality Gate Status](https://camo.githubusercontent.com/4c0b37276dcc663173f8e37c4d6480a0a88bcc0ae1201a21abacba2606f5c304/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4f5849442d6553616c65735f636f6e73697374656e63792d636865636b2d746f6f6c266d65747269633d616c6572745f737461747573)](https://sonarcloud.io/dashboard?id=OXID-eSales_consistency-check-tool)[![Coverage](https://camo.githubusercontent.com/0176119c714512e330f5d631c5d23bd1ddf20f5b36409539dcd74e64c8954e18/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4f5849442d6553616c65735f636f6e73697374656e63792d636865636b2d746f6f6c266d65747269633d636f766572616765)](https://sonarcloud.io/dashboard?id=OXID-eSales_consistency-check-tool)[![Technical Debt](https://camo.githubusercontent.com/b83c6635ad3c91e593e4bb3f9985f4399f8b63b3ae5c70357a393526b602b53e/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4f5849442d6553616c65735f636f6e73697374656e63792d636865636b2d746f6f6c266d65747269633d7371616c655f696e646578)](https://sonarcloud.io/dashboard?id=OXID-eSales_consistency-check-tool)

The OXID eSales Consistency Check component is a flexible tool designed to perform various consistency checks on your eShop. It helps maintain shop performance and data hygiene by identifying and resolving data inconsistencies.

**Current capabilities include:**

- **Unused Image Detection** - Identify orphaned image files no longer connected to products, categories, or manufacturers
- **SEO URL Verification** - Detect unused and duplicate SEO URLs that may affect shop performance and search rankings
- **Export by Filter** - Export data matching specific criteria (e.g., users whose password hash is not native `$2y$` Bcrypt) to CSV

This component ensures that your eShop remains optimized by helping you clean up unnecessary data while keeping track of all changes.

Features
--------

[](#features)

### Image Management

[](#image-management)

- Provides commands to move or delete unused images
- Supports dry-run mode, allowing safe testing before making changes
- Filter unused images across product, categories, and manufacturers
- Progress bar for real-time feedback
- Logs all actions in log/oe\_consistency\_check.log for review and auditing
- Customizable directory paths for images

### SEO URL Management

[](#seo-url-management)

- Detect unused SEO URLs (orphaned entries where target object no longer exists)
- Detect duplicate SEO URLs (entries with collision suffixes)
- Export findings to CSV format for review
- Batch delete SEO URLs from exported CSV file
- Support for OXID SEO types with reference tables (oxarticle, oxcategory, oxmanufacturer, oxvendor, oxcontent)

Compatibility
-------------

[](#compatibility)

This component assumes you have OXID eShop Compilation version 7.6.0 installed.

Installation
------------

[](#installation)

To install this component in your OXID eShop environment, use Composer:

```
$ composer require oxid-esales/consistency-check-tool
```

Development installation
------------------------

[](#development-installation)

The installation instructions below are shown for the current [SDK](https://github.com/OXID-eSales/docker-eshop-sdk)for shop 7.6. Make sure your system meets the requirements of the SDK.

1. Ensure all docker containers are down to avoid port conflicts
2. Clone the SDK for the new project

```
echo MyProject && git clone https://github.com/OXID-eSales/docker-eshop-sdk.git $_ && cd $_
```

2. Clone the repository to the source directory

```
git clone --recurse-submodules https://github.com/OXID-eSales/consistency-check-tool.git --branch=b-7.6.x ./source
```

3. Run the recipe to setup the development environment

```
./source/recipes/setup-development.sh
```

You should be able to access the shop with  and the admin panel with (credentials:  / admin)

Usage
-----

[](#usage)

The tool provides several commands for managing unused images.

### Move Unused Images

[](#move-unused-images)

Move unused images to a specific directory (e.g., /backup/images)

```
$ vendor/bin/oe-console oe:consistency_check:move-unused-images --destination=out/pictures/backup/
```

When specifying a destination folder for moving images, **note that paths are relative to the shop root**.

For example:

- If you set `destination` to `/`, the **source and target directories will be identical**.
- To move images to `out/pictures/backup/`, simply provide `out/pictures/backup/` as the destination.

### Delete Unused Images

[](#delete-unused-images)

Permanently delete unused images:

```
$ vendor/bin/oe-console oe:consistency_check:delete-unused-images
```

### Dry Run Mode

[](#dry-run-mode)

To perform a dry-run (simulate the move without making changes):

```
$ vendor/bin/oe-console oe:consistency_check:delete-unused-images --dry-run
$ vendor/bin/oe-console oe:consistency_check:move-unused-images --destination=/path/to/backup --dry-run
```

### Verbose Output (-v)

[](#verbose-output--v)

To view detailed logs of affected files (e.g., which images would be deleted or moved), you can pass the `-v` flag along with your command:

```
$ vendor/bin/oe-console oe:consistency_check:delete-unused-images --dry-run -v
$ vendor/bin/oe-console oe:consistency_check:move-unused-images --destination=/path/to/backup --dry-run -v
```

When `-v` is enabled, the command displays relevant entries from the consistency check log file directly in the console output. This is especially useful for shop owners who want to inspect which images are impacted before taking action.

### Filter by Entity Type (optional)

[](#filter-by-entity-type-optional)

Process specific entity types (e.g., product, category, manufacturer):

```
$ vendor/bin/oe-console oe:consistency_check:delete-unused-images --type=product
```

If this parameter is not set the application perform actions on all images.

SEO URL Commands
----------------

[](#seo-url-commands)

### Check Unused SEO URLs

[](#check-unused-seo-urls)

Detect SEO URLs where the target object no longer exists in the database:

```
$ vendor/bin/oe-console oe:consistency_check:check-unused-seo-urls
```

Export results to CSV file:

```
$ vendor/bin/oe-console oe:consistency_check:check-unused-seo-urls --export
```

### Check Duplicate SEO URLs

[](#check-duplicate-seo-urls)

Detect SEO URLs with collision suffixes (e.g., URLs ending with `-oxid`):

```
$ vendor/bin/oe-console oe:consistency_check:check-duplicate-seo-urls
```

The command reads the collision suffix from shop configuration (`sSEOuprefix`). You can override it:

```
$ vendor/bin/oe-console oe:consistency_check:check-duplicate-seo-urls --suffix=-duplicate
```

Export results to CSV:

```
$ vendor/bin/oe-console oe:consistency_check:check-duplicate-seo-urls --export
```

### Delete SEO URLs from CSV

[](#delete-seo-urls-from-csv)

Delete SEO URLs listed in a previously exported CSV file:

```
$ vendor/bin/oe-console oe:consistency_check:delete-seo-urls /absolute/path/to/exported.csv
```

Use `--dry-run` to preview deletions without making changes:

```
$ vendor/bin/oe-console oe:consistency_check:delete-seo-urls /absolute/path/to/exported.csv --dry-run
```

**Recommended workflow:**

1. Run check command to see results in console
2. Run check command with `--export` to generate CSV
3. Review the CSV file and remove any rows you want to keep > **Note:** Each row is deleted by its unique combination of OXOBJECTID, OXSHOPID, and OXLANG. You can filter the CSV to delete URLs for specific shops or languages only.
4. Run delete command with `--dry-run` to preview
5. Run delete command to perform actual deletion

Export by Filter
----------------

[](#export-by-filter)

Export data matching specific filter criteria to CSV files.

### Usage

[](#usage-1)

```
$ vendor/bin/oe-console oe:consistency_check:export-by-filter --filter-name=
```

### Available Filters

[](#available-filters)

FilterDescription`deprecated-credentials`Exports every user whose password hash is **not** native `$2y$` Bcrypt and is **not** empty. The CSV surfaces both deprecated/unsupported hashes (security risk) and externally-produced Bcrypt hashes (informational audit trail for imports from non-PHP systems).### Example: deprecated-credentials filter

[](#example-deprecated-credentials-filter)

```
$ vendor/bin/oe-console oe:consistency_check:export-by-filter --filter-name=deprecated-credentials
```

Output file: `export/deprecated-credentials-{timestamp}.csv`

The exported CSV includes:

- `user_id` - User OXID (database key only — no email, name, or other PII; see "Privacy" below)
- `active` - Whether the user account is active
- `created_at` - Account creation date
- `user_updated_at` - Last modification date of the user row (`OXTIMESTAMP`). Touched by any update to the account, not specifically by password changes. Useful as an "account activity" signal; **not** a "password last changed" timestamp.
- `last_order_at` - Date of last order (empty if none)
- `credential_status` - Detected hash classification, see the table below
- `credential_hash_scheme` - Detected algorithm name (e.g. `bcrypt`, `sha512`, `md5`, `unknown`)

#### `credential_status` values

[](#credential_status-values)

ValueMeaningRecommended action`deprecated`SHA512 — older shop hashing schemeForce password reset / re-hash on next login`unsupported`MD5 — very old, brokenForce password reset`supported`Bcrypt `$2a$` / `$2b$` — externally produced (Java BCrypt, OpenBSD, modern non-PHP libraries, manual imports). Cryptographically equivalent to `$2y$` and accepted transparently by PHP's `password_verify()`.**No action needed.** Informational only — surfaces accounts imported from non-PHP backends.`unknown`Any other format — argon2, scrypt, custom hash plugin, garbled dataInvestigate manually.`not_set`Empty password hash — account cannot log in via passwordFiltered out at the database level and **never appears in the export**. Listed here only for completeness of the `CredentialStatus` enum.When to expect each status:

- Migrations from non-PHP backends (Java, OpenBSD, Python/Ruby auth) → expect `supported` rows
- Shops upgraded from OXID 4.x/5.x/6.x → expect `deprecated` (SHA512) rows
- Very old shops or hand-imported users → expect `unsupported` (MD5) rows
- Shops using non-standard hashing plugins → expect `unknown` rows
- Empty password hashes (`not_set`) are excluded by the SQL query and will not appear in the CSV

#### Privacy: minimal export by design

[](#privacy-minimal-export-by-design)

The CSV contains only the `user_id` (OXID database key) — **no email, name, or other personal data**. This is intentional: the file can be shared, archived, or attached to tickets without leaking PII. To contact flagged users, look up `OXUSERNAME` from the `oxuser` table separately via the `user_id` column.

#### Subshop scope

[](#subshop-scope)

The export covers users from **all shops** in an Enterprise Edition installation. There is no shop-id column on purpose:

- With `blMallUsers = true`, a single user record can authenticate against any shop in the mall, so a weak hash is a shop-installation-wide concern rather than a per-shop one.
- Even with mall-user disabled, the origin shop (`OXSHOPID`) is not a reliable signal for who should drive the cleanup, since users created in one shop frequently order from another.

If you have a specific reason to slice differently, implement your own `FilterInterface` using the tag-based extension mechanism described in "Extending: Creating Custom Filters" below.

### Logs

[](#logs)

All operations, including moved and deleted images, are logged in:

```
log/oe_consistency_check.log

```

This log file helps you track the changes and verify actions performed by the tool.

Customizable parameters
-----------------------

[](#customizable-parameters)

There are several parameters in the `services.yaml` that can be customized for the module:

- `app.log_file_path` - Path to the log file where the consistency check results will be stored.
- `app.export_directory_path` - Directory where CSV export files are saved.
- `app.unused_seo_urls_file` - File name prefix for unused SEO URLs export.
- `app.duplicate_seo_urls_file` - File name prefix for duplicate SEO URLs export.

Path parameters (`app.log_file_path`, `app.export_directory_path`) support both **relative** and **absolute** paths:

- **Relative paths** (e.g., `log/oe_consistency_check.log`) are resolved relative to the OXID eShop `source` directory.
- **Absolute paths** (e.g., `/var/log/oxid/consistency_check.log`) are used as-is.

#### ⚠️ Configure the export directory before first use

[](#️-configure-the-export-directory-before-first-use)

With the default `app.export_directory_path: 'export'`, output files land at `/source/export/.csv` — a directory inside the web document root. The shop's global `source/.htaccess` denies common sensitive extensions (`.log`, `.tpl`, `.ini`, `.pem`, etc.) but **does not cover `.csv`**, and `source/export/` has no dedicated `.htaccess`. Files written there are reachable via `https:///export/.csv` as static content. Although the consistency-check CSVs are privacy-minimal (`user_id` only, no PII), they still expose lists of accounts plus activity dates.

Before running export commands in production, either:

- Override `app.export_directory_path` to an absolute path **outside** the document root (for example, `/var/log/oxid/exports`), **or**
- Drop a deny-all `.htaccess` into `source/export/`: ```

            Require all denied

            Order allow,deny
            Deny from all

    Options -Indexes
    ```

This applies to every feature writing to `source/export/`, not just this tool.

To modify the parameters, create the `configurable_services.yaml` file in the `var/configuration` folder as described in the [Documentation](https://docs.oxid-esales.com/developer/en/latest/development/tell_me_about/service_container.html#replacing-oxid-eshop-services-in-a-project), and overwrite the parameters you want to change. Ex.:

```
parameters:
  app.log_file_path: 'log/oe_consistency_check.log'
  app.export_directory_path: 'var/exports'
  app.unused_seo_urls_file: 'orphaned-seo-urls'
  app.duplicate_seo_urls_file: 'collision-seo-urls'
```

### Custom file paths for images

[](#custom-file-paths-for-images)

If you are using custom directory paths for storing images (products, categories, manufacturers), overwrite the services defined in `src/ImageManager/Entity/services.yaml` by using the same procedure described in the [Documentation](https://docs.oxid-esales.com/developer/en/latest/development/tell_me_about/service_container.html#replacing-oxid-eshop-services-in-a-project)for service overriding - use already mentioned `configurable_services.yaml` file in the `var/configuration` folder.:

Example override for product images:

```
services:
  oxid_esales.consistency_check.entity.image_entity.product.oxpic1:
    class: OxidEsales\ConsistencyCheck\ImageManager\Entity\ImageEntity
    arguments:
      $name: 'Product'
      $table: 'oxarticles'
      $fieldName: 'OXPIC1'
      $directory: 'custom/directory/to/pictures/master/products/1'
    tags: ['oe.consistency_check.image_entity']

```

Testing
-------

[](#testing)

### Linting, syntax check, static analysis

[](#linting-syntax-check-static-analysis)

```
$ composer update
$ composer static
```

### Unit/Integration tests

[](#unitintegration-tests)

- Install this component in a running OXID eShop
- run Unit + Integration tests

```
$ composer phpunit
```

- run Unit tests

```
$ ./vendor/bin/phpunit -c vendor/oxid-esales/consistency-check-tool/tests/phpunit.xml
```

- run Integration tests

```
$ ./vendor/bin/phpunit --bootstrap=./source/bootstrap.php -c vendor/oxid-esales/consistency-check-tool/tests/phpintegration.xml
```

Extending: Creating Custom Filters
----------------------------------

[](#extending-creating-custom-filters)

You can create custom filters for the `export-by-filter` command to export any data matching your criteria.

### Step 1: Create Filter Class

[](#step-1-create-filter-class)

Implement `OxidEsales\ConsistencyCheck\ExportByFilter\Filter\FilterInterface` in your module.

See interface at `src/ExportByFilter/Filter/FilterInterface.php`.

### Step 2: Register Filter Service

[](#step-2-register-filter-service)

Add to your module's `services.yaml` with the `oe.consistency_check.export_filter` tag:

```
services:
  YourVendor\YourModule\Filter\YourCustomFilter:
    autowire: true
    tags: ['oe.consistency_check.export_filter']
```

### Step 3: Use Your Filter

[](#step-3-use-your-filter)

```
$ vendor/bin/oe-console oe:consistency_check:export-by-filter --filter-name=your-filter-name
```

For a complete example, see the `DeprecatedCredentialsFilter` implementation in `src/ExportByFilter/Filter/Credentials/`.

Troubleshooting
---------------

[](#troubleshooting)

### Log directory does not exist

[](#log-directory-does-not-exist)

By default, the tool uses `log/oe_consistency_check.log` relative to the OXID eShop `source` directory. If the `log` directory does not exist, you may encounter an error like:

```
There is no existing directory at "/var/www/source/log" and its not buildable: Permission denied.

```

To resolve this, either:

- Create the `log` directory in your `source` folder, or
- Configure a custom path in `var/configuration/configurable_services.yaml` (see "Customizable parameters" section)

###  Health Score

50

—

FairBetter than 95% of packages

Maintenance91

Actively maintained with recent releases

Popularity26

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 74.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~89 days

Total

5

Last Release

60d ago

Major Versions

v1.0.0 → v2.0.02026-01-15

v2.0.1 → v3.0.02026-05-04

PHP version history (2 changes)v1.0.0-rc.1PHP ^8.2

v3.0.0PHP ^8.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/1374817?v=4)[oxid](/maintainers/oxid)[@OxID](https://github.com/OxID)

---

Top Contributors

[![RahatHameed](https://avatars.githubusercontent.com/u/11661532?v=4)](https://github.com/RahatHameed "RahatHameed (192 commits)")[![MarcelOxid](https://avatars.githubusercontent.com/u/98812941?v=4)](https://github.com/MarcelOxid "MarcelOxid (19 commits)")[![Sieg](https://avatars.githubusercontent.com/u/98882?v=4)](https://github.com/Sieg "Sieg (19 commits)")[![tkcreateit](https://avatars.githubusercontent.com/u/42207462?v=4)](https://github.com/tkcreateit "tkcreateit (15 commits)")[![hkreuter](https://avatars.githubusercontent.com/u/3692295?v=4)](https://github.com/hkreuter "hkreuter (9 commits)")[![NikolaIvanovski](https://avatars.githubusercontent.com/u/8055347?v=4)](https://github.com/NikolaIvanovski "NikolaIvanovski (5 commits)")

---

Tags

OXIDcomponenteshop

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/oxid-esales-consistency-check-tool/health.svg)

```
[![Health](https://phpackages.com/badges/oxid-esales-consistency-check-tool/health.svg)](https://phpackages.com/packages/oxid-esales-consistency-check-tool)
```

###  Alternatives

[civicrm/civicrm-core

Open source constituent relationship management for non-profits, NGOs and advocacy organizations.

751291.4k43](/packages/civicrm-civicrm-core)[oat-sa/tao-core

TAO core extension

66143.7k122](/packages/oat-sa-tao-core)[ddoe/wysiwyg-editor-module

Summernote WYSIWYG Editor for OXID eShop.

191.0M5](/packages/ddoe-wysiwyg-editor-module)[oxid-esales/gdpr-optin-module

This is the GDPR opt-in module for the OXID eShop.

20473.8k3](/packages/oxid-esales-gdpr-optin-module)[oxid-esales/apex-theme

APEX Theme

19137.2k9](/packages/oxid-esales-apex-theme)[oxid-esales/personalization-module

Econda Personalization &amp; Analytics module for the OXID eShop

175.1k](/packages/oxid-esales-personalization-module)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
