Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[TIP] Enhancement to tep_db_error()


mattice

Recommended Posts

The Problem

 

By default any SQL errors are parsed to the screen by the tep_db_error() function.

It will show the full query along with the famous [TEP STOP] message.

 

Personally I do not like this as it looks ugly, scares of people and gives away information on how your db structure looks.

(Not an issue on the default installation as anybody can download that)

 

And worst of all... you will never know this problem exists unless you are logging things.. and actually read your logs..

which you're probably not.

 

The Solution

 

Actually "a" solution, but that didn't sound as good :)

I changed the complete function to show a small message on the site,

and meanwhile take the error and report it by e-mail.

The report will give you

[*]time of the error (when did it happen)

[*]actual mysql error (what was the error)

[*]remote address (their IP address)

[*]referer (where they came from)

[*]request (what they asked for)

This way it is very easy to track and solve troubles immediately.

Plus it will warn you if some script kiddie is bashing on your site.

 

 

The Change To Make

 

in /catalog/includes/functions/database.php change

  function tep_db_error($query, $errno, $error) { 

   die('<font color="#000000"><b>' . $errno . ' - ' . $error . '<br><br>' . $query . '<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>');

 }

to:

// don't forget to change 'your@domain.com' into your e-mail address



 function tep_db_error ($query, $errno, $error) {

   $msg = "n" . 'MYSQL QUERY ERROR REPORT' . "n" . '---------------------------------------' . "n";

   $msg .= $errno . ' - ' . $error . "nn" . $query . "n";

   $msg .= '---------------------------------------' . "n";

   $msg .= 'Remote Address: ' . $_SERVER['REMOTE_ADDR'] . "n";

   $msg .= 'Referer       : ' . $_SERVER["HTTP_REFERER"] . "n";

   $msg .= 'Requested     : ' . $_SERVER["REQUEST_URI"] . "n";



   tep_mail('Your Name', 'your@domain.com', '[MYSQL QUERY ERROR]', $msg, 'MYSQL Error Report', 'your@domain.com');

   die("<font face="verdana,tahoma,arial" size="2" color="ff0000"><b>SQL ERROR - admin notified</b><font>");

 }

 

 

That's it.

Regards,

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Yes, if you use HTML e-mails you need <BR> instead of n

(n == unix style newline)

Never thought of that... Thanks.

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

  • 4 weeks later...
  • 1 month later...

Strgange that!!

 

I too wondered if it was possible to set the priority of the email...

 

What about a read receipt too???

 

Hmmm... Dunno if tep_mail can do that!!

 

Warren

Link to comment
Share on other sites

I don't think it is possible without a special mail class.

In any case I think to have it prioritized is pretty useless.

 

Set the sender ("Your Name") to something like "SECURITY MAIL" and have your e-mail client filter it into a seperate mailbox. Let it play a seperate sound, give it a seperate color, whatever...

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Mattice,

 

I happed to notice that this doesn't seem to work with the "cannot open *.myi" error that occurs intermittantly with the upgrade to MySQL 4.0.12.

 

Any Idea why?

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites

Nevermind, mispelling in the email address.

 

Probably should CHANGE this to 'STORE_OWNER'

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites

btw It might be better to use mail() instead of tep_mail(). Tep_mail() is defined in 'catalog/includes/functions/general.php' and this file is included after the configuration is loaded from the db. Using tep_mail() produces an unknown function error when the configuration_table (or your whole db) is offline.

 

Beware: the calling_sequence of tep_mail() is NOT equal to that of mail().

Greetings from Marcel

|Current version|Documentation|Contributions|

Link to comment
Share on other sites

  • 4 weeks later...

//

don't forget to change 'your@domain.com' into your e-mail address

 

 

in both places?

 

 

Jen

I haven't lost my mind - I have it backed up on disk somewhere.

Link to comment
Share on other sites

  • 1 year later...

This is a great solution to securing tep_db_error(). Does anybody body know of a way to have this function throw an HTTP/1.1 500 Server Error? I think it's a little bit cleaner to have a custom 500 error page designed with Apache.

Link to comment
Share on other sites

Great Tip ! I added it a few days ago and never thought about it again until I just got a whole bunch of emails warning me that something was wrong with my SQL.

Right before I had been fiddling with the Visitor Web Stats 2.01 and although everything seemed to work fine these error emails made me aware something wasn't right. As it turned out not all tables and fields had been imported correctly and after a renewed try no more emails and so really no errors now :)

 

Bloody brilliant :thumbsup:

 

Merry Christmas

Link to comment
Share on other sites

  • 2 weeks later...
The Problem

By default any SQL errors are parsed to the screen by the tep_db_error() function.

It will show the full query along with the famous [TEP STOP] message.

Personally I do not like this as it looks ugly, scares of people and gives away information on how your db structure looks.

(Not an issue on the default installation as anybody can download that)

And worst of all... you will never know this problem exists unless you are logging things.. and actually read your logs..

which you're probably not.

The Solution

Actually "a" solution, but that didn't sound as good :)

I changed the complete function to show a small message on the site,

and meanwhile take the error and report it by e-mail.

The report will give you

[*]time of the error (when did it happen)

[*]actual mysql error (what was the error)

[*]remote address (their IP address)

[*]referer (where they came from)

[*]request (what they asked for)

This way it is very easy to track and solve troubles immediately.

Plus it will warn you if some script kiddie is bashing on your site.

The Change To Make

in /catalog/includes/functions/database.php change

  function tep_db_error($query, $errno, $error) { 

   die('<font color="#000000"><b>' . $errno . ' - ' . $error . '<br><br>' . $query . '<br><br><small><font color="#ff0000">[TEP STOP]</font></small><br><br></b></font>');

 }

to:

// don't forget to change 'your@domain.com' into your e-mail address
 function tep_db_error ($query, $errno, $error) {

   $msg = "n" . 'MYSQL QUERY ERROR REPORT' . "n" . '---------------------------------------' . "n";

   $msg .= $errno . ' - ' . $error . "nn" . $query . "n";

   $msg .= '---------------------------------------' . "n";

   $msg .= 'Remote Address: ' . $_SERVER['REMOTE_ADDR'] . "n";

   $msg .= 'Referer       : ' . $_SERVER["HTTP_REFERER"] . "n";

   $msg .= 'Requested     : ' . $_SERVER["REQUEST_URI"] . "n";
   tep_mail('Your Name', 'your@domain.com', '[MYSQL QUERY ERROR]', $msg, 'MYSQL Error Report', 'your@domain.com');

   die("<font face="verdana,tahoma,arial" size="2" color="ff0000"><b>SQL ERROR - admin notified</b><font>");

 }

That's it.

Regards,

Mattice

 

 

Very nice, still, I would never show system errors to customers and as such never use the die feature, I simply return nothing and send out the email.

Most of my customers don't have a clue what sql is and when that error shows up, leave.

 

I admit, maybe when dealing with inserts or updates I may have to rethink that and state that we have some temporary problems due to the large amount of customers at the moment.

Treasurer MFC

Link to comment
Share on other sites

  • 3 years later...

I'm getting this error:

 

Parse error: syntax error, unexpected T_STRING in /home/egypttal/public_html/includes/functions/database.php on line 59

 

Any idea how to get rid of this error?

Thank you.

Link to comment
Share on other sites

  • 1 year later...

It's been a few years I'm afraid ;), but this functionality is now rewritten to a more flexible application called 'Database Error Mode'.

 

Features:

 

* All settings are controlled through the Administration tool

 

* Functionality is completely database (duh!) and osCommerce independent

 

* Three possible database error modes:

 

1. Friendly with silent reporting (by email)

2. Friendly (no reporting)

3. Debug (show debug information)

 

* Email limit, e-mails for the same error only get send at specific

intervals

(prevent e-mail flooding on crowded websites with database error(s))

 

* Auto Debug mode for certain IP addresses on live sites

(visitors see 'friendly mode', the tech department sees 'debug mode')

 

* Return a 503 'Temporarily unavailable' HTTP header if possible

(Prevent search engines from indexing pages with database errors)

 

* Debug information includes basic information and simple backtrace

(Shows which route was travelled by PHP before the error)

 

 

You can find the full details plus code on Github: http://github.com/mattice/oscommerce2/tree/feature-DEM

 

If you are not comfortable with Git you can just have a look at what has been changed and added.

The needed changes are minimal, see this specific link:

 

http://github.com/mattice/oscommerce2/commit/d1675fa1c0dc0c37b09bf1c100fb79dadfa2df80

 

Feedback -here or on Github- is appreciated.

 

Thanks,

Matthijs

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...