Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

website down on thanksgiving weekend, help needed


annetaussig

Recommended Posts

Posted

The website for our small business is down. There is an error message which says:

 

"Parse error: syntax error, unexpected $end in /home/squirrel/squirrelstuff.com/html/index.php on line 296"

 

What should be done to get the site back up and running? As you know, it is Thanksgiving weekend, and we are losing a lot of sales as a result of this issue.

Posted

Anne,

 

You will have to post the contents of the index.php file so we can see the code.

 

 

 

Chris

Posted

Anne,

 

You will need to log into your hosting account and download the file. Then, open it with a text editor and copy the files to this thread or attach the file to the thread so we can see it. However, judging by the database error in your admin side, you have more problems then just the index page.

 

 

 

Chris

Posted

this is the source code of the login page:

 

<html>
<head>
 <title>Administration Login</title>
 <style type="text/css">
BODY,TD {
margin: 0px;
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.MENU_TITLE {
background-color: #BBC3D3;
color: white;
font-weight: bold;
font-size: 12px;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
 .NAV {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
}
 </style>
 <link href="includes/stylesheet.css" rel="stylesheet" type="text/css">
</head>
<body>
 <table border=0 cellpadding=0 cellspacing=0 width=100% height=100%>
  <tr>
<td width=100% height=100% align="center" valign="middle">
 <form action="https://www.mysite...LoginAction.php]" method="post" name="LoginAction">
 <input type="hidden" name="psRefer" value="<? echo $refer; ?>">
  <table border=0 cellpadding=4 cellspacing=0 width=450>
<tr>
 <td colspan="2" align="center" class="NAV"><img src="http://www.mysite.com/images/oscommerce.gif" alt="Company Name" width="204" height="50" vspace="0" border="0">




 </td>
</tr>
   <tr>
	<td align="right" width=40% class="menu_title">Administrator's Login</td>
 <td width=60%  class="menu_title"> </td>
   </tr>
   <tr>
	<td align="right" width=40%>Administrator Username:</td>
	<td align="left" width=60%><input type="text" name="psName" style="width: 200px" value=""></td>
   </tr>
   <tr>
	<td align="right" width=40%>Administrator Password:</td>
	<td align="left" width=60%><input type="password" name="psPassword" style="width: 200px" value=""></td>
   </tr>
   <tr>
	<td align="right" width=40%><input type="submit" name="admin_login_submit" value="Login"></td>
	<td align="left" width=60%><input type="reset" name="admin_login_reset" value="Clear"></td>
   </tr>
  </table>
 </form>
</td>
  </tr>
 </table>
</body>
</html>

Posted

You are probably going to need someone to FTP into your site for you and fix the issue with the corrupted code. Its the actual content of the file that is needed to be able to determine the issue, not so much the source code of the page once a browser has loaded it.

 

That said, as FIMBLE stated, that source code above is not the source code from the standard admin login page of any osCommerce based webcart system. It looks more like the source code of an adapted admin login page.

 

My guess is its an addon of some sort that came out back in the day when people were trying to address the admin login authenticaton bypass exploit that hit the net sometime at the end of last year?

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Posted

Hi Anne,

It looks like your code is messed up. Perhaps a missing } in index.php (add just before line 296 for testing)

 

also, when viewing your page http://........com/specials.php

This notice was received: FATAL ERROR: register_globals is disabled in php.ini, please enable it!

If you really need it, try turning it back on or flag it on.

Also go to your admin >> Configuration, and reset your SEO URLs Cache

It looks like your database may be messed up some too...

Were you hacked?

Posted

You are probably going to need someone to FTP into your site for you and fix the issue with the corrupted code. Its the actual content of the file that is needed to be able to determine the issue, not so much the source code of the page once a browser has loaded it.

 

That said, as FIMBLE stated, that source code above is not the source code from the standard admin login page of any osCommerce based webcart system. It looks more like the source code of an adapted admin login page.

 

My guess is its an addon of some sort that came out back in the day when people were trying to address the admin login authenticaton bypass exploit that hit the net sometime at the end of last year?

 

They are using an older version of oscommerce from when we had to secure admin ourselves. That code is from the add on from anchor555 There wan't a hack but probably a PHP upgrade on the hosted computer. annetaussig will probably need to update to the present oscommerce version.

Posted

A site review has concluded that the site is MS2 and was running until the hosting provider updated to PHP 5.3 and MySQL 5.2. The prognosis is not good as the code is not compatible with the server upgrades.

 

 

 

Chris

Posted

You will need to download the current version and follow the update instructions found in the upgrade_guide.pdf

 

 

There is not update guide from MS2 to 2.3.1

 

 

 

Chris

Posted

Technically there is from 2.2 to 2.3.1.

http://www.oscommerc...2/Upgrade+Guide

 

But it would take several hours plus a moderate level of understanding of PHP and MYSQL needed to be able to make the changes.

 

The other issue is whether or not there are 2.3.1 versions of the addons being used.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Posted

...and a couple of gallons of freshly brewed coffee...

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Posted

Technically there is from 2.2 to 2.3.1.

http://www.oscommerc...2/Upgrade+Guide

 

But it would take several hours plus a moderate level of understanding of PHP and MYSQL needed to be able to make the changes.

 

The other issue is whether or not there are 2.3.1 versions of the addons being used.

 

IMO, it is easier to create a new site with v2.3.1 than to try to update from a v2.2 site. Then as you said, there is no update path for all of the added contributions.

 

 

 

Chris

Posted

Doing an upgrade following the upgrade docs does not give you a complete 2.31 shop, you get a "mixed" version... ie. you can still use add-ons made for 2.2 without too much hazzle while you can not use a 2.31 addon without having to modify its code to work with your "bastardized" osc version.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...