Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Date of Birth value keeps setting itself to TRUE!


DorianJ

Recommended Posts

Something is hijacking my osCadmin settings. When a new customer signs up, it is requiring them to enter their date of birth. If I change this setting in Admin > Configuration > Customer Details > Date of Birth = false, nothing changes. It remains TRUE. I even changed this value in phpMyAdmin to false. As soon as I open a test account, this value is reset to true.

 

What is causing this?

-Dorian

Link to comment
Share on other sites

are you able to save any admin settings?

Yes. I can save all the settings for "Customer Details". I can log out of the osCadmin and log back in and all of those settings are still saved. As soon as this page loads (https://...com/create_account.php), then the database value for Date of Birth is automatically changed to true and it forces the customer to enter their DOB before letting them checkout! Not good! :angry:

-Dorian

Link to comment
Share on other sites

i would rather delete the code for dob (both entry & validation) in relevant files eg creat account etc. for the time being, ang then look back & find out if you bother...

 

Ken

commercial support - unProtected channel, not to be confused with the forum with same name - open to everyone who need some professional help: either PM/email me, or go to my website (URL can be found in my profile).

over 20 years of computer programming experience.

Link to comment
Share on other sites

I was wrong. index.php and product_info.php and every page in the Admin are causing this to happen. So when the HOME page or any PRODUCT CATEGORY page or ADMIN PANEL page gets loaded, then the Date of Birth value changes to true.

 

The individual product pages and customer login pages and checkout pages do not change this value. Every other page does.

-Dorian

Link to comment
Share on other sites

  • 3 months later...
I was wrong. index.php and product_info.php and every page in the Admin are causing this to happen. So when the HOME page or any PRODUCT CATEGORY page or ADMIN PANEL page gets loaded, then the Date of Birth value changes to true.

 

The individual product pages and customer login pages and checkout pages do not change this value. Every other page does.

 

I am having the same issue. It just started today & is very frustrating. Did you discover the issue? Can you help me with a solution. Thanks!

Tony Mazz

Link to comment
Share on other sites

  • 6 months later...

I too struggled with this so got Tony from Logon.info to sort it out for me. He says he couldn't fix it the way I wanted and had no idea what was causing the problem but he commented out the code for the DOB and now even though it shows in the admin panel as true, it doesn't appear on the customer page and as such the problem is fixed, albeit by going around the problem.

Link to comment
Share on other sites

  • 2 months later...

In a client's case, they had been hacked.

 

The first clue was as described here: DOB requirement changed from false to true all by itself.

The second clue was all the root php files had the same date. No one was accessing that day (except the hacker).

 

Download the root php files without overwriting a good backup and, with a text editor, search for "xong". If you find it, you've been hacked. Want to be sure? Compare your index.php with an untainted index.php. You may find the following:

 

$td_query = tep_db_query("UPDATE `configuration` SET `configuration_value` = 'true' where `configuration_key` = 'ACCOUNT_DOB'");

 

Goal of said hacker? To capture credit card and sensitive personal details and insert into hacker's data base.

 

Check your banner manager. Got a new one you don't recognise? If so, delete it.

 

Back up your data base.

 

Replace ASAP:

 

1. All root PHP files with known good backups.

2. admin/application_top.php

3. Have a file named affiliate_help9.php you never had before? Delete it.

4. Check your access logs for "boot.php" or "q_boot.php". The date of the root files hacked will guide you to the right access log.

5. Rename your "admin" directory to something else; change the name of your data base and its password.

6. Make sure your configure files match.

7. Change your host password, including FTP and email.

8. if your have admin/file_manager.php, for Lord's sake, DELETE it.

9. Again back up your data base and delete all previous backups. You should have them downloaded and archived anyway :)

 

If any of this has applied to you, post back here with your findings :)

 

jon

It's all just ones and zeros....

Link to comment
Share on other sites

  • 2 weeks later...

Excellent post, Jon. Well documented. I am curious if anyone else has run across this. I do have one additional note to those who follow this path. Then you rename your /admin/ folder you must also modify /admin/includes/configuration.php and chance each instance of "/admin/ to reflect your new folder name. And to do that you must set permissions on that file so you can write to it, and finally, change them back to secure your settings.

Put a face on your business

Communicate through video

http://www.helloworld.com/yboti

Link to comment
Share on other sites

  • 1 year later...

Old thread, but this should help. From the root directory

 

find . -name "*.php" -exec grep "ACCOUNT_DOB" '{}' \; -print

 

and

 

find . -name "*.php" -exec grep "td_query" '{}' \; -print

 

That will help you find where they hid the hacks.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...