Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Anti-hacker Account Mods, Secure your account pages


spooks

Recommended Posts

Sam,

 

Is there any possible connection between anti-hacker and header tags seo fields that are no longer updating to the database?

Since adding anti-hacker, for some reason, when I try to edit any of the header tags seo fields, such as "Header Tags Categories Description" the changes are not making it to the database now.

Suspecting I had a } out of place perhaps, I've looked at admin/categories.php every which way I can and can not find the problem. I've had so many criss-crossing edits in admin/categories.php thats where I've been focused. Either that or I've mucked something somewhere else. I've checked the database and all is ok there. Would you have any other suggestions for me? Much appreciated....

 

Other question/confession - I am still running 1.2. Will updating beyond that be challenging? (since I have Easy Address Change 0.9 already installed I was intimidated about updating)

-Dave

Link to comment
Share on other sites

Is there any possible connection between anti-hacker and header tags seo fields that are no longer updating to the database?

 

 

No, this sanitises the inputs on the client side, admin side is un-affected. wink.gif

 

I am still running 1.2. Will updating beyond that be challenging? (since I have Easy Address Change 0.9 already installed I was intimidated about updating)

 

Should'nt be, the latest version (1.6) includes code to allow editing of current selected shipping/payment address within checkout, so would replace Easy Address Change, this does not alter the checkout pages for that option, so if Easy Address Change did you would need to revert, I think Easy Address Change altered filenames.php, you would need to revert that too.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

 

Uploaded new Version 1.6

  1. Added code to redirect visitor to checkout on login if items in cart, as per account create completion.
  2. Added extra dob validation check to fix PCI scan issue.
  3. Updated some code to resolve notice issues.
  4. Added code for cleaning post in product_reviews_write.php
  5. Added code for cleaning post in tell_a_friend.php
  6. Added code to allow editing of current selected shipping/payment address within checkout.
  7. Addes code to allow repositioning of phone fields in create account &/or removal of fax field.

Changed files:

 

account_secure.php, login.php, create_account.php, checkout_shipping_address.php, checkout_payment_address.php, account_edit.php, validate_name_fields.php

 

UPGRADING

If your upgading from any previous version, replace all the changed files listed in the Version History or modify your existing by comparing with the new versions.

 

 

Enjoy biggrin.gif

 

 

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

In the account_edit.php you instruct to find and replace

<?php
 if (ACCOUNT_DOB == 'true') {
?>
                 <tr>
                   <td class="main"><?php echo ENTRY_DATE_OF_BIRTH; ?></td>
                   <td class="main"><?php echo tep_draw_input_field('dob', tep_date_short($account['customers_dob'])) . ' ' . (tep_not_null(ENTRY_DATE_OF_BIRTH_TEXT) ? '<span class="inputRequirement">' . ENTRY_DATE_OF_BIRTH_TEXT . '</span>': ''); ?></td>
                 </tr>
<?php
 }
?>

 

That is not in my file, there is a bit that is somewhat similar. Here is my file. Please help, thanks!

<?php
/*
 $Id: account_edit.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/
// anti-hacker account	
 require('includes/functions/account_secure.php');
clean_post ();
$_POST['dob'] = $_POST['dob_ind'].'/'.$_POST['dob_inm'].'/'.$_POST['dob_in'];
// EOF anti-hacker account
 require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
   $navigation->set_snapshot();
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

// needs to be included earlier to set the success message in the messageStack
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_EDIT);

 if (isset($_POST['action']) && ($_POST['action'] == 'process')) {
   if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($_POST['gender']);
   $firstname = tep_db_prepare_input($_POST['firstname']);
   $lastname = tep_db_prepare_input($_POST['lastname']);
   if (ACCOUNT_DOB == 'true') $dob = tep_db_prepare_input($_POST['dob']);
   $email_address = tep_db_prepare_input($_POST['email_address']);
   $telephone = tep_db_prepare_input($_POST['telephone']);
   $fax = tep_db_prepare_input($_POST['fax']);

   $error = false;

   // anti-hacker account
$messagePage = 'account_edit';
	include(DIR_WS_MODULES . 'validate_name_fields.php');
// EOF anti-hacker account

   if ($error == false) {
     $sql_data_array = array('customers_firstname' => $firstname,
                             'customers_lastname' => $lastname,
                             'customers_email_address' => $email_address,
                             'customers_telephone' => $telephone,
                             'customers_fax' => $fax);

     if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
     if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw($dob);

     tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");

     tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'");

     $sql_data_array = array('entry_firstname' => $firstname,
                             'entry_lastname' => $lastname);

     tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$customer_default_address_id . "'");

// reset the session variables
     $customer_first_name = $firstname;

     $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success');

     tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
   }
 }

 $account_query = tep_db_query("select customers_gender, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
 $account = tep_db_fetch_array($account_query);

 $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
 $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'));
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<?php require('includes/form_check.js.php'); ?>
</head>
<body style="margin:0px">
<?php 
$inc_file = basename(__FILE__); 
require(DIR_WS_INCLUDES .'theme/main_theme.php');
?>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

address_book_process.php

 

i dont have this code

<td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?>

 

this is what i have

<?php
/*
 $Id: address_book_process.php 1766 2008-01-03 17:35:06Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2007 osCommerce

 Released under the GNU General Public License
*/
// anti-hacker account	
 require('includes/functions/account_secure.php');
 clean_post ();
// EOF anti-hacker account
 require('includes/application_top.php');
// ajax
 require(DIR_WS_FUNCTIONS . 'ajax.php');
if (isset($_POST['action']) && $_POST['action'] == 'getStates' && isset($_POST['country'])) {
ajax_get_zones_html(tep_db_prepare_input($_POST['country']));
} else {

// EOF ajax
 if (!tep_session_is_registered('customer_id')) {
   $navigation->set_snapshot();
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

// needs to be included earlier to set the success message in the messageStack
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADDRESS_BOOK_PROCESS);

 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') && isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) {
   tep_db_query("delete from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['delete'] . "' and customers_id = '" . (int)$customer_id . "'");

   $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success');

   tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
 }

// error checking when updating or adding an entry
 $process = false;
 if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'update'))) {
   $process = true;
   $error = false;

   if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
   if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']);
   $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
   $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
   $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']);
   if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']);
   $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']);
   $city = tep_db_prepare_input($HTTP_POST_VARS['city']);
   $country = tep_db_prepare_input($HTTP_POST_VARS['country']);
   if (ACCOUNT_STATE == 'true') {
     if (isset($HTTP_POST_VARS['zone_id'])) {
       $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']);
     } else {
       $zone_id = false;
     }
     $state = tep_db_prepare_input($HTTP_POST_VARS['state']);
   }

   // anti-hacker account
$messagePage = 'addressbook';
$short_check = true;
include(DIR_WS_MODULES . 'validate_name_fields.php');
include(DIR_WS_MODULES . 'validate_address_fields.php');
// EOF anti-hacker account

   if ($error == false) {
     $sql_data_array = array('entry_firstname' => $firstname,
                             'entry_lastname' => $lastname,
                             'entry_street_address' => $street_address,
                             'entry_postcode' => $postcode,
                             'entry_city' => $city,
                             'entry_country_id' => (int)$country);

     if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender;
     if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company;
     if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb;
     if (ACCOUNT_STATE == 'true') {
       if ($zone_id > 0) {
         $sql_data_array['entry_zone_id'] = (int)$zone_id;
         $sql_data_array['entry_state'] = '';
       } else {
         $sql_data_array['entry_zone_id'] = '0';
         $sql_data_array['entry_state'] = $state;
       }
     }

     if ($HTTP_POST_VARS['action'] == 'update') {
       $check_query = tep_db_query("select address_book_id from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "' and customers_id = '" . (int)$customer_id . "' limit 1");
       if (tep_db_num_rows($check_query) == 1) {
         tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "' and customers_id ='" . (int)$customer_id . "'");

// reregister session variables
         if ( (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) || ($HTTP_GET_VARS['edit'] == $customer_default_address_id) ) {
           $customer_first_name = $firstname;
           $customer_country_id = $country;
           $customer_zone_id = (($zone_id > 0) ? (int)$zone_id : '0');
           $customer_default_address_id = (int)$HTTP_GET_VARS['edit'];

           $sql_data_array = array('customers_firstname' => $firstname,
                                   'customers_lastname' => $lastname,
                                   'customers_default_address_id' => (int)$HTTP_GET_VARS['edit']);

           if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;

           tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");
         }

         $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
       }
     } else {
       if (tep_count_customer_address_book_entries() < MAX_ADDRESS_BOOK_ENTRIES) {
         $sql_data_array['customers_id'] = (int)$customer_id;
         tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array);

         $new_address_book_id = tep_db_insert_id();

// reregister session variables
         if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) {
           $customer_first_name = $firstname;
           $customer_country_id = $country;
           $customer_zone_id = (($zone_id > 0) ? (int)$zone_id : '0');
           if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) $customer_default_address_id = $new_address_book_id;

           $sql_data_array = array('customers_firstname' => $firstname,
                                   'customers_lastname' => $lastname);

           if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender;
           if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) $sql_data_array['customers_default_address_id'] = $new_address_book_id;

           tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");

           $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success');
         }
       }
     }

     tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
   }
 }

 if (isset($HTTP_GET_VARS['edit']) && is_numeric($HTTP_GET_VARS['edit'])) {
   $entry_query = tep_db_query("select entry_gender, entry_company, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "'");

   if (!tep_db_num_rows($entry_query)) {
     $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);

     tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
   }

   $entry = tep_db_fetch_array($entry_query);
 } elseif (isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) {
   if ($HTTP_GET_VARS['delete'] == $customer_default_address_id) {
     $messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning');

     tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
   } else {
     $check_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['delete'] . "' and customers_id = '" . (int)$customer_id . "'");
     $check = tep_db_fetch_array($check_query);

     if ($check['total'] < 1) {
       $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY);

       tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
     }
   }
 } else {
   $entry = array();
 }

 if (!isset($HTTP_GET_VARS['delete']) && !isset($HTTP_GET_VARS['edit'])) {
   if (tep_count_customer_address_book_entries() >= MAX_ADDRESS_BOOK_ENTRIES) {
     $messageStack->add_session('addressbook', ERROR_ADDRESS_BOOK_FULL);

     tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));
   }
 }

 $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
 $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL'));

 if (isset($HTTP_GET_VARS['edit']) && is_numeric($HTTP_GET_VARS['edit'])) {
   $breadcrumb->add(NAVBAR_TITLE_MODIFY_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit=' . $HTTP_GET_VARS['edit'], 'SSL'));
 } elseif (isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) {
   $breadcrumb->add(NAVBAR_TITLE_DELETE_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $HTTP_GET_VARS['delete'], 'SSL'));
 } else {
   $breadcrumb->add(NAVBAR_TITLE_ADD_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'SSL'));
 }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<?php
 if (!isset($HTTP_GET_VARS['delete'])) {
   include('includes/form_check.js.php');
 }
?>
</head>
<body style="margin:0px">
<?php 
$inc_file = basename(__FILE__); 
require(DIR_WS_INCLUDES .'theme/main_theme.php');
?>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

 

 

You have a template, you need to find where the code has been moved to.

 

Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult.

 

 

But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. blink.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

You have a template, you need to find where the code has been moved to.

 

Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult.

 

 

But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. blink.gif

 

 

So if i just browse through all my files searching for that code, I will/should eventually find it? And when I do, just replace it as your instructions say?

Link to comment
Share on other sites

You have a template, you need to find where the code has been moved to.

 

Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult.

 

 

But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. blink.gif

 

So i was trying to figure this code out, and compared my address_book_process file to the file you included in the contribution.

 

Your file does NOT show neither of the find code or replace code. Unless dreamweaver is blind.

Find: <td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?>
add after:

<!-- ajax --><div id="indicator"></div><!-- eof ajax -->

 

and now i compared the account_edit files and its the same deal. what you have posted to find and replace, neither of them are in the file that you included in the contribution. please advise? im using your version 1.5

Edited by dcrider1
Link to comment
Share on other sites

 

Your file does NOT show neither of the find code or replace code. Unless dreamweaver is blind.

 

 

 

Its there, use a better tool.

 

<td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onsubmit="return check_form(addressbook);"'); ?>

 

is on line 215!!

 

All changes within the included files are commented with anti-hacker account or ajax, search for those if your tool is rubbish.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Its there, use a better tool.

 

<td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onsubmit="return check_form(addressbook);"'); ?>

 

is on line 215!!

 

All changes within the included files are commented with anti-hacker account or ajax, search for those if your tool is rubbish.

 

line 215 is

<td width="100%" valign="top"><?php if (!isset($_GET['delete'])) echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?><div id="indicator"></div><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">

 

your instructions say to add after

<!-- ajax --><div id="indicator"></div><!-- eof ajax -->

 

your code in the file does not have all of the code

 

Im trying to do as everyone says, READ and FOLLOW instructions. I had the site up and had two errors that noone could help with. I started over step by step, and i think this might be where my issues are/were. I didnt catch these things before, please advise! Thanks!

Link to comment
Share on other sites

 

your code in the file does not have all of the code

 

 

 

No, because its an rc2a file, yours is a template, I can only give whats in the standard files, I cant guess what you or others may have when you have non standard files!!

 

 

There are very good reasons why many wont touch templates!!!

 

 

For the most part you need to be good at coding to fix/modify templates, but then if u were you would'nt have bothered with one in the first place!!

 

 

PS in this case it really dont matter what you have there, so long as its the form open code.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

No, because its an rc2a file, yours is a template, I can only give whats in the standard files, I cant guess what you or others may have when you have non standard files!!

 

 

There are very good reasons why many wont touch templates!!!

 

 

For the most part you need to be good at coding to fix/modify templates, but then if u were you would'nt have bothered with one in the first place!!

 

 

PS in this case it really dont matter what you have there, so long as its the form open code.

 

Im just trying to understand. If i had a virgin osc install then i would add

<!-- ajax --><div id="indicator"></div><!-- eof ajax -->

 

 

Your files included in the contribution are supposed to be the same thing, already modified. Yet some of the code is missing from yours. Im trying to learn and understand. You are correct, if i knew what i was doing, i wouldnt need a template.

 

btw, I gave you a donation last night, like i said i would.

Link to comment
Share on other sites

Your files included in the contribution are supposed to be the same thing, already modified. Yet some of the code is missing from yours. Im trying to learn and understand. You are correct, if i knew what i was doing, i wouldnt need a template.

 

 

Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur.

 

I was thinking of taking the manual back off, from what you say perhaps that would be best. huh.gif

 

 

btw, I gave you a donation last night, like i said i would.

 

 

thumbsup.gifthumbsup.gif Thats great, thanks v much thumbsup.gifthumbsup.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur.

 

I was thinking of taking the manual back off, from what you say perhaps that would be best. huh.gif

 

 

 

 

 

thumbsup.gifthumbsup.gif Thats great, thanks v much thumbsup.gifthumbsup.gif

 

Check your pm's

Link to comment
Share on other sites

Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur.

 

I was thinking of taking the manual back off, from what you say perhaps that would be best. huh.gif

 

I agree the manual install instructions must be a nightmare to update as you make new versions. I think when I wrote them I was used to installing something once but when you're updating all the time they're useless. Probably better to use a file compare tool. I won't be offended at all if you remove them.

 

BTW

My RSI in my hands came back so am taking a break from modding my store. I'll be back when they are better....

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Hello Sam:

 

I just installed the new version of this contribution. I think everything is installed correctly, by the way I loveeee how the contact us page looks :thumbsup: . I just have a problem with Paypal Express, where it takes me back to the create account or log in page, instead of going to the paypal express checkout page. Maybe it has nothinggg to do with the contribution, (please excuse my ignorance, I have no idea what I'm doing I just follow instructions), but since it does have redirect when items in the cart, I thought maybe it could be a possibility. Am I totally wrong??? Thanks in advance 4 your time!!! And ofcourse, thanks 4 the excellent contribution!!!

 

Glenda

I Hate PHP, LoLssss

Visit My Site, Any constructive comments and suggestions Welcome :)

WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS

Link to comment
Share on other sites

I just have a problem with Paypal Express, where it takes me back to the create account or log in

 

 

Not related to this, unless you have manually added the cleaning code to the page.

 

Perhaps an issue with security pro (try adding to exlude list), or something causing a loss of session.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Not related to this, unless you have manually added the cleaning code to the page.

 

Perhaps an issue with security pro (try adding to exlude list), or something causing a loss of session.

Hey:

 

Thanks for the prompt response. I did the exclude with Security Pro, but It's still doing the same. I think it's something with the module itself, I found more info on that subject, and it seems many are dealing with this paypal issue also. I think I'll leave it at that for now, hopefully it won't affect much as far as customers leaving the shop.

 

Again, Thank you!!!

Glenda

I Hate PHP, LoLssss

Visit My Site, Any constructive comments and suggestions Welcome :)

WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS

Link to comment
Share on other sites

Hi sam, long time....

3 of my old sites got hacked in the last 2 months...

I found: <?php //**/eval(base64_decode('aWYoZnVuY3Rpb about 200 caracters long...

In the head of every single file of these 3 sites, (admin & catalog side)

 

Than you for this contrib, I have implemented it throughout my new site.

I have also installed about 5 other security addond we fond on Osc.

 

Now regarding to my hacked sites :o -- <?php //**/eval(base64_decode('aWYoZnVuY3Rpb

 

 

Do you have any idea how this was done and what I can do to prevent this from happening again?

I know what they were after!

They hacked to use my email server for spamming, we got Complaint Exploit! email from google & hosting server

notifing us regarding this matter.

 

Do you have any other suggestions based of what you see here?

 

 

In New site we installed & addded:

 

http://addons.oscommerce.com/info/7202 Sam's Anti-hacker Account Mods :D

 

http://addons.oscommerce.com/info/7211 [TiM's osC Solutions] osCommerce Threat Scanner

 

http://addons.oscommerce.com/info/6134 Check Permissions 1.0

 

http://addons.oscommerce.com/info/4441 SiteMonitor

 

http://addons.oscommerce.com/info/5752 Security Pro

 

http://addons.oscommerce.com/info/5914 Secure your site with an IP trap

 

http://addons.oscommerce.com/info/6066 Protect your site via htaccess

 

http://addons.oscommerce.com/info/6044 ANTI Cross Site Scripting attacks

 

http://addons.oscommerce.com/info/6546 [TiM's] Safer Database Input Method

 

http://www.oscommerce.com/forums/index.php?showtopic=340995 [AS COMMENTED]

 

 

Thanks Sam,

 

Regards,

Ronnie B)

Link to comment
Share on other sites

 

 

You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either).

 

I think SiteMonitor http://addons.oscommerce.com/info/4441 is more useful than [TiM's] osCommerce Threat Scanner, plus I would never use any contrib thats not supported.

 

Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995)

 

 

Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add.

 

Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same.

 

 

PS Other measures you should do is check your host have the server properly firewalled & know how to configure that & the server properly, especially if your using a shared server. Double check if your host is a re-seller.

Edited by spooks

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either).

 

I think SiteMonitor http://addons.oscommerce.com/info/4441 is more useful than [TiM's] osCommerce Threat Scanner, plus I would never use any contrib thats not supported.

 

Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995)

 

 

Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add.

 

Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same.

 

 

PS Other measures you should do is check your host have the server properly firewalled & know how to configure that & the server properly, especially if your using a shared server. Double check if your host is a re-seller.

 

Thanks for the reply Sam.

 

You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either).

 

Do you mean I need to remove [TiM's] Safer Database Input Method so, Anti-hacker Account Mods and Security Pro mods work properly?

 

Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995)

 

Yes, as commented on my post, we did this.

 

Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add.

 

ok, we are applying to a non hacked site.

 

Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same.

 

Sorry Sam, I'm not sure what you mean.

Are you saying that hacker will open a dummy account on my site, then use the automated password sent to him to hack site?

Is the solution to prevent this within the list of security mod I told you I have installed in my new site?

 

Please correct me if I'm wrong, I want to do this the right way.

 

Thanks again Sam

 

Regards,

Ronnie

Edited by ronrrico
Link to comment
Share on other sites

Do you mean I need to remove [TiM's] Safer Database Input Method so, Anti-hacker Account Mods and Security Pro mods work properly?

 

 

No, I`m saying others have had issues with that & other areas of osC, you don't need it, so get rid. (I would also point out the code provided is not comprehensive & I believe the issue raised is in part erronious.)

 

Are you saying that hacker will open a dummy account on my site

 

 

No, I`m saying hackers are known to hack e-mail accounts in general, so be aware that say your MSN or HOTMAIL account etc etc could get compremised.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

This contribution is so different to the others I have installed that will take me some time (long I guess) to have it on-line.

Difficult to follow since I am not an English spoken person. blush.gif

 

 

I would'nt say it was that hard, especially if you have a rc2a site, but if its a template then you need to be familiar with code to an extent, but that the hastle you accepted when taking a template. ohmy.gif

 

I`m sorry you struggle with English, but thats my language & the most widely spoken (though we have such a small country!!) so not a lot I can do about that, sorry!! biggrin.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

No STS at all ,i have enough mess !!

 

But I prefer to have all the process clear b4 touching anything.

 

So let´s say.

 

1- Copy these files , I suppose cos are completely new and they are not in the basic OSC structure.

2- Modify the existent files ( that´s a typical step for almost all contributions).

3- More copy&paste OR copy the files ¿but you can overwrite previous modifications?

4- By hand seeking for more $HTTP_POST_VARS and $HTTP_GET_VARS in

# catalog/checkout_shipping_address.php

# catalog/checkout_payment_address.php

# catalog/checkout_shipping.php

# catalog/includes/modules/address_book_details.php

# catalog/includes/modules/checkout_new_address.php

# catalog/includes/languages/english/create_account.php

 

And the resources folder?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...