Error message....Warning: session_start()

[cjsmum4321]

Hope there is an easy answer for this one...but so far it has eluded me!

 

Site been up and running for 3 years- no dramas....then I got an error message on front end, at the same time the site loading speed went to super slow. Thought I fixed the issue, then a week later I get error message on the OSC admin login page:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/thearto4/public_html/osc/admin/includes/configure.php:32) in /home/thearto4/public_html/osc/admin/includes/functions/sessions.php on line 97

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/thearto4/public_html/osc/admin/includes/configure.php:32) in /home/thearto4/public_html/osc/admin/includes/functions/sessions.php on line 97

 

 

Now customers are unable to put anything in their shopping cart, and I am unable to log in to the back end to make any alterations or load up any new products.

 

Have had a look at the php in question:

 

93  if ($sane_session_id == false) {

94      tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));

95    }

96 

97    return session_start();

98  }

99 

100  function tep_session_register($variable) {

101    if (PHP_VERSION < 4.3) {

102      return session_register($variable);

103    } else {

104      if (isset($GLOBALS[$variable])) {

105        $_SESSION[$variable] =& $GLOBALS[$variable];

106      } else {

107        $_SESSION[$variable] = null;

108      }

109      $GLOBALS[$variable] =& $_SESSION[$variable];

 

 

Made a tweak which gave me a parse error....so before I butcher this code, is there something really simple I can do to fix this.

 

Any help would be greatly appreciated.

 

Thanks

[Jan Zonjee]

is there something really simple I can do to fix this.

Actually, the error says that there is a problem with your admin/includes/configure.php (output started at line 32). Could be white space at the beginning or end of that file.

[germ]

The problem is in /osc/admin/includes/configure.php line 32

 

If you didn't make any changes to the file to cause this there is a better than average change the store has been hacked.

 

Compare the current contents of the file to a backup made before this occurred to see if any extra code has been added at the end of he file.

[cjsmum4321]

Hi Jan,

 

I thought it might have been the case, then assumed the double up was in the sessions php.

I've got the configure php below....ideas?

 

 

Thanks

Mel

 

1<?php

2  define('HTTP_SERVER', 'http://www.theartofteddybears.com');

3  define('HTTP_CATALOG_SERVER', 'http://www.theartofteddybears.com');

4  define('HTTPS_CATALOG_SERVER', 'http://www.theartofteddybears.com');

5  define('ENABLE_SSL_CATALOG', 'false');

6  define('DIR_FS_DOCUMENT_ROOT', '/home/thearto4/public_html/osc/');

7  define('DIR_WS_ADMIN', '/osc/admin/');

8  define('DIR_FS_ADMIN', '/home/thearto4/public_html/osc/admin/');

9  define('DIR_WS_CATALOG', '/osc/');

10  define('DIR_FS_CATALOG', '/home/thearto4/public_html/osc/');

11  define('DIR_WS_IMAGES', 'images/');

12  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

13  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

14  define('DIR_WS_INCLUDES', 'includes/');

15  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

16  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

17  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

18  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

19  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

20  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

21  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

22  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

23  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

24  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

25 

26  define('DB_SERVER', 'localhost');

27  define('DB_SERVER_USERNAME', 'secret');

28  define('DB_SERVER_PASSWORD', 'evenmoresecret');

29  define('DB_DATABASE', 'mydatabase');

30  define('USE_PCONNECT', 'false');

31  define('STORE_SESSIONS', 'mysql');

32 ?>

[cjsmum4321]

Hey Germ,

I was starting to think the same thing.....

 

 

 

Mel

[germ]

The store is hacked.

 

I tried to visit it and my antivirus went crazy with warnings of a javascript virus.

:'(

[Jan Zonjee]

The store is hacked.

Including the index.html (redirect page). And on the catalog side it says that includes/configure.php is missing.

[germ]

How to Secure Your Site

 

Read the thread at the link above.

 

From what I could tell you're a victim of two separate hacks.

 

One has put many invisible spam links on the page.

 

The other injects a nasty javascript virus into the pages.

[cjsmum4321]

Thanks for the help and advice Jan and Germ, it seems the best way forward (after some more checking) is to scrap this site and start again - a little bit wiser.

 

Cheers