Roaddoctor Posted March 7, 2010 Share Posted March 7, 2010 Sam, Is there any possible connection between anti-hacker and header tags seo fields that are no longer updating to the database? Since adding anti-hacker, for some reason, when I try to edit any of the header tags seo fields, such as "Header Tags Categories Description" the changes are not making it to the database now. Suspecting I had a } out of place perhaps, I've looked at admin/categories.php every which way I can and can not find the problem. I've had so many criss-crossing edits in admin/categories.php thats where I've been focused. Either that or I've mucked something somewhere else. I've checked the database and all is ok there. Would you have any other suggestions for me? Much appreciated.... Other question/confession - I am still running 1.2. Will updating beyond that be challenging? (since I have Easy Address Change 0.9 already installed I was intimidated about updating) Quote -Dave Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 Is there any possible connection between anti-hacker and header tags seo fields that are no longer updating to the database? No, this sanitises the inputs on the client side, admin side is un-affected. I am still running 1.2. Will updating beyond that be challenging? (since I have Easy Address Change 0.9 already installed I was intimidated about updating) Should'nt be, the latest version (1.6) includes code to allow editing of current selected shipping/payment address within checkout, so would replace Easy Address Change, this does not alter the checkout pages for that option, so if Easy Address Change did you would need to revert, I think Easy Address Change altered filenames.php, you would need to revert that too. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 Uploaded new Version 1.6 Added code to redirect visitor to checkout on login if items in cart, as per account create completion. Added extra dob validation check to fix PCI scan issue. Updated some code to resolve notice issues. Added code for cleaning post in product_reviews_write.php Added code for cleaning post in tell_a_friend.php Added code to allow editing of current selected shipping/payment address within checkout. Addes code to allow repositioning of phone fields in create account &/or removal of fax field. Changed files: account_secure.php, login.php, create_account.php, checkout_shipping_address.php, checkout_payment_address.php, account_edit.php, validate_name_fields.php UPGRADING If your upgading from any previous version, replace all the changed files listed in the Version History or modify your existing by comparing with the new versions. Enjoy Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 In the account_edit.php you instruct to find and replace <?php if (ACCOUNT_DOB == 'true') { ?> <tr> <td class="main"><?php echo ENTRY_DATE_OF_BIRTH; ?></td> <td class="main"><?php echo tep_draw_input_field('dob', tep_date_short($account['customers_dob'])) . ' ' . (tep_not_null(ENTRY_DATE_OF_BIRTH_TEXT) ? '<span class="inputRequirement">' . ENTRY_DATE_OF_BIRTH_TEXT . '</span>': ''); ?></td> </tr> <?php } ?> That is not in my file, there is a bit that is somewhat similar. Here is my file. Please help, thanks! <?php /* $Id: account_edit.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // anti-hacker account require('includes/functions/account_secure.php'); clean_post (); $_POST['dob'] = $_POST['dob_ind'].'/'.$_POST['dob_inm'].'/'.$_POST['dob_in']; // EOF anti-hacker account require('includes/application_top.php'); if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } // needs to be included earlier to set the success message in the messageStack require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_EDIT); if (isset($_POST['action']) && ($_POST['action'] == 'process')) { if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($_POST['gender']); $firstname = tep_db_prepare_input($_POST['firstname']); $lastname = tep_db_prepare_input($_POST['lastname']); if (ACCOUNT_DOB == 'true') $dob = tep_db_prepare_input($_POST['dob']); $email_address = tep_db_prepare_input($_POST['email_address']); $telephone = tep_db_prepare_input($_POST['telephone']); $fax = tep_db_prepare_input($_POST['fax']); $error = false; // anti-hacker account $messagePage = 'account_edit'; include(DIR_WS_MODULES . 'validate_name_fields.php'); // EOF anti-hacker account if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax); if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender; if (ACCOUNT_DOB == 'true') $sql_data_array['customers_dob'] = tep_date_raw($dob); tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'"); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'"); $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname); tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$customer_default_address_id . "'"); // reset the session variables $customer_first_name = $firstname; $messageStack->add_session('account', SUCCESS_ACCOUNT_UPDATED, 'success'); tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } } $account_query = tep_db_query("select customers_gender, customers_firstname, customers_lastname, customers_dob, customers_email_address, customers_telephone, customers_fax from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); $account = tep_db_fetch_array($account_query); $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL')); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <?php require('includes/form_check.js.php'); ?> </head> <body style="margin:0px"> <?php $inc_file = basename(__FILE__); require(DIR_WS_INCLUDES .'theme/main_theme.php'); ?> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Quote Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 address_book_process.php i dont have this code <td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?> this is what i have <?php /* $Id: address_book_process.php 1766 2008-01-03 17:35:06Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2007 osCommerce Released under the GNU General Public License */ // anti-hacker account require('includes/functions/account_secure.php'); clean_post (); // EOF anti-hacker account require('includes/application_top.php'); // ajax require(DIR_WS_FUNCTIONS . 'ajax.php'); if (isset($_POST['action']) && $_POST['action'] == 'getStates' && isset($_POST['country'])) { ajax_get_zones_html(tep_db_prepare_input($_POST['country'])); } else { // EOF ajax if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } // needs to be included earlier to set the success message in the messageStack require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADDRESS_BOOK_PROCESS); if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') && isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) { tep_db_query("delete from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['delete'] . "' and customers_id = '" . (int)$customer_id . "'"); $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success'); tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } // error checking when updating or adding an entry $process = false; if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'update'))) { $process = true; $error = false; if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']); if (ACCOUNT_COMPANY == 'true') $company = tep_db_prepare_input($HTTP_POST_VARS['company']); $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']); $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']); $street_address = tep_db_prepare_input($HTTP_POST_VARS['street_address']); if (ACCOUNT_SUBURB == 'true') $suburb = tep_db_prepare_input($HTTP_POST_VARS['suburb']); $postcode = tep_db_prepare_input($HTTP_POST_VARS['postcode']); $city = tep_db_prepare_input($HTTP_POST_VARS['city']); $country = tep_db_prepare_input($HTTP_POST_VARS['country']); if (ACCOUNT_STATE == 'true') { if (isset($HTTP_POST_VARS['zone_id'])) { $zone_id = tep_db_prepare_input($HTTP_POST_VARS['zone_id']); } else { $zone_id = false; } $state = tep_db_prepare_input($HTTP_POST_VARS['state']); } // anti-hacker account $messagePage = 'addressbook'; $short_check = true; include(DIR_WS_MODULES . 'validate_name_fields.php'); include(DIR_WS_MODULES . 'validate_address_fields.php'); // EOF anti-hacker account if ($error == false) { $sql_data_array = array('entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => (int)$country); if (ACCOUNT_GENDER == 'true') $sql_data_array['entry_gender'] = $gender; if (ACCOUNT_COMPANY == 'true') $sql_data_array['entry_company'] = $company; if (ACCOUNT_SUBURB == 'true') $sql_data_array['entry_suburb'] = $suburb; if (ACCOUNT_STATE == 'true') { if ($zone_id > 0) { $sql_data_array['entry_zone_id'] = (int)$zone_id; $sql_data_array['entry_state'] = ''; } else { $sql_data_array['entry_zone_id'] = '0'; $sql_data_array['entry_state'] = $state; } } if ($HTTP_POST_VARS['action'] == 'update') { $check_query = tep_db_query("select address_book_id from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "' and customers_id = '" . (int)$customer_id . "' limit 1"); if (tep_db_num_rows($check_query) == 1) { tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array, 'update', "address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "' and customers_id ='" . (int)$customer_id . "'"); // reregister session variables if ( (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) || ($HTTP_GET_VARS['edit'] == $customer_default_address_id) ) { $customer_first_name = $firstname; $customer_country_id = $country; $customer_zone_id = (($zone_id > 0) ? (int)$zone_id : '0'); $customer_default_address_id = (int)$HTTP_GET_VARS['edit']; $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_default_address_id' => (int)$HTTP_GET_VARS['edit']); if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender; tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'"); } $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success'); } } else { if (tep_count_customer_address_book_entries() < MAX_ADDRESS_BOOK_ENTRIES) { $sql_data_array['customers_id'] = (int)$customer_id; tep_db_perform(TABLE_ADDRESS_BOOK, $sql_data_array); $new_address_book_id = tep_db_insert_id(); // reregister session variables if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) { $customer_first_name = $firstname; $customer_country_id = $country; $customer_zone_id = (($zone_id > 0) ? (int)$zone_id : '0'); if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) $customer_default_address_id = $new_address_book_id; $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname); if (ACCOUNT_GENDER == 'true') $sql_data_array['customers_gender'] = $gender; if (isset($HTTP_POST_VARS['primary']) && ($HTTP_POST_VARS['primary'] == 'on')) $sql_data_array['customers_default_address_id'] = $new_address_book_id; tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'"); $messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_UPDATED, 'success'); } } } tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } } if (isset($HTTP_GET_VARS['edit']) && is_numeric($HTTP_GET_VARS['edit'])) { $entry_query = tep_db_query("select entry_gender, entry_company, entry_firstname, entry_lastname, entry_street_address, entry_suburb, entry_postcode, entry_city, entry_state, entry_zone_id, entry_country_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$HTTP_GET_VARS['edit'] . "'"); if (!tep_db_num_rows($entry_query)) { $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY); tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } $entry = tep_db_fetch_array($entry_query); } elseif (isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) { if ($HTTP_GET_VARS['delete'] == $customer_default_address_id) { $messageStack->add_session('addressbook', WARNING_PRIMARY_ADDRESS_DELETION, 'warning'); tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } else { $check_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['delete'] . "' and customers_id = '" . (int)$customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['total'] < 1) { $messageStack->add_session('addressbook', ERROR_NONEXISTING_ADDRESS_BOOK_ENTRY); tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } } } else { $entry = array(); } if (!isset($HTTP_GET_VARS['delete']) && !isset($HTTP_GET_VARS['edit'])) { if (tep_count_customer_address_book_entries() >= MAX_ADDRESS_BOOK_ENTRIES) { $messageStack->add_session('addressbook', ERROR_ADDRESS_BOOK_FULL); tep_redirect(tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); } } $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL')); if (isset($HTTP_GET_VARS['edit']) && is_numeric($HTTP_GET_VARS['edit'])) { $breadcrumb->add(NAVBAR_TITLE_MODIFY_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'edit=' . $HTTP_GET_VARS['edit'], 'SSL')); } elseif (isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) { $breadcrumb->add(NAVBAR_TITLE_DELETE_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $HTTP_GET_VARS['delete'], 'SSL')); } else { $breadcrumb->add(NAVBAR_TITLE_ADD_ENTRY, tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, '', 'SSL')); } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <?php if (!isset($HTTP_GET_VARS['delete'])) { include('includes/form_check.js.php'); } ?> </head> <body style="margin:0px"> <?php $inc_file = basename(__FILE__); require(DIR_WS_INCLUDES .'theme/main_theme.php'); ?> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Quote Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 You have a template, you need to find where the code has been moved to. Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult. But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 You have a template, you need to find where the code has been moved to. Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult. But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. So if i just browse through all my files searching for that code, I will/should eventually find it? And when I do, just replace it as your instructions say? Quote Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 (edited) You have a template, you need to find where the code has been moved to. Add-ons are written for standard osc code, so installing them too templates where the code has been hacked about can be difficult. But I think thats a deliberate ploy by the template writers, as they hope you'll be force to come back & pay thier high prices for any changes you want. So i was trying to figure this code out, and compared my address_book_process file to the file you included in the contribution. Your file does NOT show neither of the find code or replace code. Unless dreamweaver is blind. Find: <td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?> add after: <!-- ajax --><div id="indicator"></div><!-- eof ajax --> and now i compared the account_edit files and its the same deal. what you have posted to find and replace, neither of them are in the file that you included in the contribution. please advise? im using your version 1.5 Edited March 8, 2010 by dcrider1 Quote Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 Your file does NOT show neither of the find code or replace code. Unless dreamweaver is blind. Its there, use a better tool. <td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onsubmit="return check_form(addressbook);"'); ?> is on line 215!! All changes within the included files are commented with anti-hacker account or ajax, search for those if your tool is rubbish. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 Its there, use a better tool. <td width="100%" valign="top"><?php echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onsubmit="return check_form(addressbook);"'); ?> is on line 215!! All changes within the included files are commented with anti-hacker account or ajax, search for those if your tool is rubbish. line 215 is <td width="100%" valign="top"><?php if (!isset($_GET['delete'])) echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($_GET['edit']) ? 'edit=' . $_GET['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?><div id="indicator"></div><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0"> your instructions say to add after <!-- ajax --><div id="indicator"></div><!-- eof ajax --> your code in the file does not have all of the code Im trying to do as everyone says, READ and FOLLOW instructions. I had the site up and had two errors that noone could help with. I started over step by step, and i think this might be where my issues are/were. I didnt catch these things before, please advise! Thanks! Quote Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 your code in the file does not have all of the code No, because its an rc2a file, yours is a template, I can only give whats in the standard files, I cant guess what you or others may have when you have non standard files!! There are very good reasons why many wont touch templates!!! For the most part you need to be good at coding to fix/modify templates, but then if u were you would'nt have bothered with one in the first place!! PS in this case it really dont matter what you have there, so long as its the form open code. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 No, because its an rc2a file, yours is a template, I can only give whats in the standard files, I cant guess what you or others may have when you have non standard files!! There are very good reasons why many wont touch templates!!! For the most part you need to be good at coding to fix/modify templates, but then if u were you would'nt have bothered with one in the first place!! PS in this case it really dont matter what you have there, so long as its the form open code. Im just trying to understand. If i had a virgin osc install then i would add <!-- ajax --><div id="indicator"></div><!-- eof ajax --> Your files included in the contribution are supposed to be the same thing, already modified. Yet some of the code is missing from yours. Im trying to learn and understand. You are correct, if i knew what i was doing, i wouldnt need a template. btw, I gave you a donation last night, like i said i would. Quote Link to comment Share on other sites More sharing options...
spooks Posted March 8, 2010 Author Share Posted March 8, 2010 Your files included in the contribution are supposed to be the same thing, already modified. Yet some of the code is missing from yours. Im trying to learn and understand. You are correct, if i knew what i was doing, i wouldnt need a template. Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur. I was thinking of taking the manual back off, from what you say perhaps that would be best. btw, I gave you a donation last night, like i said i would. Thats great, thanks v much Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
dcrider1 Posted March 8, 2010 Share Posted March 8, 2010 Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur. I was thinking of taking the manual back off, from what you say perhaps that would be best. Thats great, thanks v much Check your pm's Quote Link to comment Share on other sites More sharing options...
tigergirl Posted March 9, 2010 Share Posted March 9, 2010 Its possible, I did'nt write the original manual install, as I was'nt going to, but Tigergirl provided it, so its there, but a real pain to update, so errors may occur. I was thinking of taking the manual back off, from what you say perhaps that would be best. I agree the manual install instructions must be a nightmare to update as you make new versions. I think when I wrote them I was used to installing something once but when you're updating all the time they're useless. Probably better to use a file compare tool. I won't be offended at all if you remove them. BTW My RSI in my hands came back so am taking a break from modding my store. I'll be back when they are better.... Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
seshalyn_pr Posted March 9, 2010 Share Posted March 9, 2010 Hello Sam: I just installed the new version of this contribution. I think everything is installed correctly, by the way I loveeee how the contact us page looks :thumbsup: . I just have a problem with Paypal Express, where it takes me back to the create account or log in page, instead of going to the paypal express checkout page. Maybe it has nothinggg to do with the contribution, (please excuse my ignorance, I have no idea what I'm doing I just follow instructions), but since it does have redirect when items in the cart, I thought maybe it could be a possibility. Am I totally wrong??? Thanks in advance 4 your time!!! And ofcourse, thanks 4 the excellent contribution!!! Glenda Quote I Hate PHP, LoLssss Visit My Site, Any constructive comments and suggestions Welcome :) WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS Link to comment Share on other sites More sharing options...
spooks Posted March 9, 2010 Author Share Posted March 9, 2010 I just have a problem with Paypal Express, where it takes me back to the create account or log in Not related to this, unless you have manually added the cleaning code to the page. Perhaps an issue with security pro (try adding to exlude list), or something causing a loss of session. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
seshalyn_pr Posted March 9, 2010 Share Posted March 9, 2010 Not related to this, unless you have manually added the cleaning code to the page. Perhaps an issue with security pro (try adding to exlude list), or something causing a loss of session. Hey: Thanks for the prompt response. I did the exclude with Security Pro, but It's still doing the same. I think it's something with the module itself, I found more info on that subject, and it seems many are dealing with this paypal issue also. I think I'll leave it at that for now, hopefully it won't affect much as far as customers leaving the shop. Again, Thank you!!! Glenda Quote I Hate PHP, LoLssss Visit My Site, Any constructive comments and suggestions Welcome :) WARNING: IT'S STILL UNDER CONSTRUCTION, LOLS Link to comment Share on other sites More sharing options...
ronrrico Posted March 9, 2010 Share Posted March 9, 2010 Hi sam, long time.... 3 of my old sites got hacked in the last 2 months... I found: <?php //**/eval(base64_decode('aWYoZnVuY3Rpb about 200 caracters long... In the head of every single file of these 3 sites, (admin & catalog side) Than you for this contrib, I have implemented it throughout my new site. I have also installed about 5 other security addond we fond on Osc. Now regarding to my hacked sites :o -- <?php //**/eval(base64_decode('aWYoZnVuY3Rpb Do you have any idea how this was done and what I can do to prevent this from happening again? I know what they were after! They hacked to use my email server for spamming, we got Complaint Exploit! email from google & hosting server notifing us regarding this matter. Do you have any other suggestions based of what you see here? In New site we installed & addded: http://addons.oscommerce.com/info/7202 Sam's Anti-hacker Account Mods :D http://addons.oscommerce.com/info/7211 [TiM's osC Solutions] osCommerce Threat Scanner http://addons.oscommerce.com/info/6134 Check Permissions 1.0 http://addons.oscommerce.com/info/4441 SiteMonitor http://addons.oscommerce.com/info/5752 Security Pro http://addons.oscommerce.com/info/5914 Secure your site with an IP trap http://addons.oscommerce.com/info/6066 Protect your site via htaccess http://addons.oscommerce.com/info/6044 ANTI Cross Site Scripting attacks http://addons.oscommerce.com/info/6546 [TiM's] Safer Database Input Method http://www.oscommerce.com/forums/index.php?showtopic=340995 [AS COMMENTED] Thanks Sam, Regards, Ronnie B) Quote Link to comment Share on other sites More sharing options...
spooks Posted March 9, 2010 Author Share Posted March 9, 2010 (edited) You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either). I think SiteMonitor http://addons.oscommerce.com/info/4441 is more useful than [TiM's] osCommerce Threat Scanner, plus I would never use any contrib thats not supported. Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995) Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add. Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same. PS Other measures you should do is check your host have the server properly firewalled & know how to configure that & the server properly, especially if your using a shared server. Double check if your host is a re-seller. Edited March 9, 2010 by spooks Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
ronrrico Posted March 9, 2010 Share Posted March 9, 2010 (edited) You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either). I think SiteMonitor http://addons.oscommerce.com/info/4441 is more useful than [TiM's] osCommerce Threat Scanner, plus I would never use any contrib thats not supported. Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995) Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add. Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same. PS Other measures you should do is check your host have the server properly firewalled & know how to configure that & the server properly, especially if your using a shared server. Double check if your host is a re-seller. Thanks for the reply Sam. You don't need [TiM's] Safer Database Input Method if you already have Anti-hacker Account Mods and Security Pro as inputs are already sanitised, plus others have had issues with that contrib (it cannot replace either of the latter either). Do you mean I need to remove [TiM's] Safer Database Input Method so, Anti-hacker Account Mods and Security Pro mods work properly? Check you made the changes to app top in admin to prevent the login hacks & are securing admin through a htacces login (the dual login is best detailed at http://forums.oscomm...howtopic=340995) Yes, as commented on my post, we did this. Remember security should be applied to a clean site, if applied to a already hacked site there may be hidden back doors that will circumvent anything you add. ok, we are applying to a non hacked site. Don't forget also that e-mails can & are hacked, so sometimes hackers get in that way, ie u send passwords they can then use same. Sorry Sam, I'm not sure what you mean. Are you saying that hacker will open a dummy account on my site, then use the automated password sent to him to hack site? Is the solution to prevent this within the list of security mod I told you I have installed in my new site? Please correct me if I'm wrong, I want to do this the right way. Thanks again Sam Regards, Ronnie Edited March 9, 2010 by ronrrico Quote Link to comment Share on other sites More sharing options...
spooks Posted March 9, 2010 Author Share Posted March 9, 2010 Do you mean I need to remove [TiM's] Safer Database Input Method so, Anti-hacker Account Mods and Security Pro mods work properly? No, I`m saying others have had issues with that & other areas of osC, you don't need it, so get rid. (I would also point out the code provided is not comprehensive & I believe the issue raised is in part erronious.) Are you saying that hacker will open a dummy account on my site No, I`m saying hackers are known to hack e-mail accounts in general, so be aware that say your MSN or HOTMAIL account etc etc could get compremised. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Follkes Posted March 13, 2010 Share Posted March 13, 2010 This contribution is so different to the others I have installed that will take me some time (long I guess) to have it on-line. Difficult to follow since I am not an English spoken person. :blush: Quote Link to comment Share on other sites More sharing options...
spooks Posted March 13, 2010 Author Share Posted March 13, 2010 This contribution is so different to the others I have installed that will take me some time (long I guess) to have it on-line. Difficult to follow since I am not an English spoken person. I would'nt say it was that hard, especially if you have a rc2a site, but if its a template then you need to be familiar with code to an extent, but that the hastle you accepted when taking a template. I`m sorry you struggle with English, but thats my language & the most widely spoken (though we have such a small country!!) so not a lot I can do about that, sorry!! Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Follkes Posted March 15, 2010 Share Posted March 15, 2010 No STS at all ,i have enough mess !! But I prefer to have all the process clear b4 touching anything. So let´s say. 1- Copy these files , I suppose cos are completely new and they are not in the basic OSC structure. 2- Modify the existent files ( that´s a typical step for almost all contributions). 3- More copy&paste OR copy the files ¿but you can overwrite previous modifications? 4- By hand seeking for more $HTTP_POST_VARS and $HTTP_GET_VARS in # catalog/checkout_shipping_address.php # catalog/checkout_payment_address.php # catalog/checkout_shipping.php # catalog/includes/modules/address_book_details.php # catalog/includes/modules/checkout_new_address.php # catalog/includes/languages/english/create_account.php And the resources folder? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.