Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HTTP 500 ERROR on Customer Order History


kizmark

Recommended Posts

@@kizmark

 

Hey Marky,

 

File permission cause the 500 Internal server error. Check file permission and make it 644.

 

 

Praful

Like post..hit LIKE button.

 

osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI

 

Guaranteed Website Speed Optimization!!

Link to comment
Share on other sites

  • 4 weeks later...

hello Mr.Phil.. I already ready the link.. I don't know about our .htaccess or php.ini file since we have'nt change anything or done something like upgrades or install/uninstalled plug-ins..

I have check our .htaccess file and it only contains like this:


DirectoryIndex index.php

 

 

 

the error 500 comes up from the email confirmation generated by the store. here's the sample email to our customer, wherein the link will push me on the 500 error upon clicking.

 

 

 



OUR COMPANY NAME BLAH BLAH
------------------------------------------------------
Order Number: 16068
Detailed Invoice: https://www.DOMAIN.com/store/account_history_info.php?order_id=16068
Date Ordered: Friday 06 July, 2012

Products
------------------------------------------------------
PRODUCT DETAILS BLAH BLAH
PRODUCT DETAILS BLAH BLAH
PRODUCT DETAILS BLAH BLAH
PRODUCT DETAILS BLAH BLAH
PRODUCT DETAILS BLAH BLAH

Link to comment
Share on other sites

someone suggested to check file error_log file and it contains,

[Wed Jul 25 03:17:19 2012] [error] [client 33.333.333.33] PHP Fatal error: Call to undefined function tep_hide_session_id() in /var/www/vhosts/DOMAIN.com/httpdocs/store/admin/action_recorder.php on line 118, referer: http://44.444.44.444/store/admin/configuration.php?selected_box=configuration&gID=1 
[Wed Jul 25 03:28:24 2012] [error] [client 111.111.11.11] File does not exist: /var/www/vhosts/DOMAIN.com/httpdocs/admin 
[Wed Jul 25 03:28:24 2012] [error] [client 111.111.11.11] File does not exist: /var/www/vhosts/DOMAIN.com/httpdocs/admin 
[Wed Jul 25 03:28:24 2012] [error] [client 111.111.11.11] File does not exist: /var/www/vhosts/DOMAIN.com/httpdocs/admin 
[Wed Jul 25 03:29:56 2012] [error] [client 22.222.222.22] File does not exist: /var/www/vhosts/DOMAIN.com/httpdocs/robots.txt 

 

here is my action_recorder.php


<?php
/*
 $Id$

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2010 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');

 $file_extension = substr($PHP_SELF, strrpos($PHP_SELF, '.'));
 $directory_array = array();
 if ($dir = @[member='dir'](DIR_FS_CATALOG_MODULES . 'action_recorder/')) {
   while ($file = $dir->read()) {
     if (!is_dir(DIR_FS_CATALOG_MODULES . 'action_recorder/' . $file)) {
       if (substr($file, strrpos($file, '.')) == $file_extension) {
         $directory_array[] = $file;
       }
     }
   }
   sort($directory_array);
   $dir->close();
 }

 for ($i=0, $n=sizeof($directory_array); $i<$n; $i++) {
   $file = $directory_array[$i];

   if (file_exists(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/action_recorder/' . $file)) {
     include(DIR_FS_CATALOG_LANGUAGES . $language . '/modules/action_recorder/' . $file);
   }

   include(DIR_FS_CATALOG_MODULES . 'action_recorder/' . $file);

   $class = substr($file, 0, strrpos($file, '.'));
   if (tep_class_exists($class)) {
     ${$class} = new $class;
   }
 }

 $modules_array = array();
 $modules_list_array = array(array('id' => '', 'text' => TEXT_ALL_MODULES));

 $modules_query = tep_db_query("select distinct module from " . TABLE_ACTION_RECORDER . " order by module");
 while ($modules = tep_db_fetch_array($modules_query)) {
   $modules_array[] = $modules['module'];

   $modules_list_array[] = array('id' => $modules['module'],
                                 'text' => (is_object(${$modules['module']}) ? ${$modules['module']}->title : $modules['module']));
 }

 $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

 if (tep_not_null($action)) {
   switch ($action) {
     case 'expire':
       $expired_entries = 0;

       if (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array)) {
         if (is_object(${$HTTP_GET_VARS['module']})) {
           $expired_entries += ${$HTTP_GET_VARS['module']}->expireEntries();
         } else {
           $delete_query = tep_db_query("delete from " . TABLE_ACTION_RECORDER . " where module = '" . tep_db_input($HTTP_GET_VARS['module']) . "'");
           $expired_entries += mysql_affected_rows($db_link);
         }
       } else {
         foreach ($modules_array as $module) {
           if (is_object(${$module})) {
             $expired_entries += ${$module}->expireEntries();
           }
         }
       }

       $messageStack->add_session(sprintf(SUCCESS_EXPIRED_ENTRIES, $expired_entries), 'success');

       tep_redirect(tep_href_link(FILENAME_ACTION_RECORDER));

       break;
   }
 }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
           <td align="right"><table border="0" width="100%" cellspacing="0" cellpadding="0">
             <tr>
               <td class="smallText" align="right">
<?php
 echo tep_draw_form('search', FILENAME_ACTION_RECORDER, '', 'get');
 echo TEXT_FILTER_SEARCH . ' ' . tep_draw_input_field('search');
 echo tep_draw_hidden_field('module') . tep_hide_session_id() . '</form>';
?>
               </td>
             </tr>
             <tr>
               <td class="smallText" align="right">
<?php
 echo tep_draw_form('filter', FILENAME_ACTION_RECORDER, '', 'get');
 echo tep_draw_pull_down_menu('module', $modules_list_array, null, 'onChange="this.form.submit();"');
 echo tep_draw_hidden_field('search') . tep_hide_session_id() . '</form>';
?>
               </td>
             </tr>
           </table></td>
           <td class="pageHeading" align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ACTION_RECORDER, 'action=expire' . (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array) ? '&module=' . $HTTP_GET_VARS['module'] : '')) . '">' . tep_image_button('button_delete.gif', IMAGE_DELETE) . '</a>'; ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
             <tr class="dataTableHeadingRow">
               <td class="dataTableHeadingContent" width="20"> </td>
               <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_MODULE; ?></td>
               <td class="dataTableHeadingContent"><?php echo TABLE_HEADING_CUSTOMER; ?></td>
               <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_DATE_ADDED; ?></td>
               <td class="dataTableHeadingContent" align="right"><?php echo TABLE_HEADING_ACTION; ?> </td>
             </tr>
<?php
 $filter = array();

 if (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array)) {
   $filter[] = " module = '" . tep_db_input($HTTP_GET_VARS['module']) . "' ";
 }

 if (isset($HTTP_GET_VARS['search']) && !empty($HTTP_GET_VARS['search'])) {
   $filter[] = " identifier like '%" . tep_db_input($HTTP_GET_VARS['search']) . "%' ";
 }

 $actions_query_raw = "select * from " . TABLE_ACTION_RECORDER . (!empty($filter) ? " where " . implode(" and ", $filter) : "") . " order by date_added desc";
 $actions_split = new splitPageResults($HTTP_GET_VARS['page'], MAX_DISPLAY_SEARCH_RESULTS, $actions_query_raw, $actions_query_numrows);
 $actions_query = tep_db_query($actions_query_raw);
 while ($actions = tep_db_fetch_array($actions_query)) {
   $module = $actions['module'];

   $module_title = $actions['module'];
   if (is_object(${$module})) {
     $module_title = ${$module}->title;
   }

   if ((!isset($HTTP_GET_VARS['aID']) || (isset($HTTP_GET_VARS['aID']) && ($HTTP_GET_VARS['aID'] == $actions['id']))) && !isset($aInfo)) {
     $actions_extra_query = tep_db_query("select identifier from " . TABLE_ACTION_RECORDER . " where id = '" . (int)$actions['id'] . "'");
     $actions_extra = tep_db_fetch_array($actions_extra_query);

     $aInfo_array = array_merge($actions, $actions_extra, array('module' => $module_title));
     $aInfo = new objectInfo($aInfo_array);
   }

   if ( (isset($aInfo) && is_object($aInfo)) && ($actions['id'] == $aInfo->id) ) {
     echo '                  <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)">' . "\n";
   } else {
     echo '                  <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href=\'' . tep_href_link(FILENAME_ACTION_RECORDER, 'aID=' . $actions['id']) . '\'">' . "\n";
   }
?>
               <td class="dataTableContent" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'icons/' . (($actions['success'] == '1') ? 'tick.gif' : 'cross.gif')); ?></td>
               <td class="dataTableContent"><?php echo $module_title; ?></td>
               <td class="dataTableContent"><?php echo tep_output_string_protected($actions['user_name']) . ' [' . (int)$actions['user_id'] . ']'; ?></td>
               <td class="dataTableContent" align="right"><?php echo tep_datetime_short($actions['date_added']); ?></td>
               <td class="dataTableContent" align="right"><?php if ( (isset($aInfo) && is_object($aInfo)) && ($actions['id'] == $aInfo->id) ) { echo tep_image(DIR_WS_IMAGES . 'icon_arrow_right.gif', ''); } else { echo '<a href="' . tep_href_link(FILENAME_ACTION_RECORDER, 'aID=' . $actions['id']) . '">' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) . '</a>'; } ?> </td>
             </tr>
<?php
 }
?>
             <tr>
               <td colspan="5"><table border="0" width="100%" cellspacing="0" cellpadding="2">
                 <tr>
                   <td class="smallText" valign="top"><?php echo $actions_split->display_count($actions_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, $HTTP_GET_VARS['page'], TEXT_DISPLAY_NUMBER_OF_ENTRIES); ?></td>
                   <td class="smallText" align="right"><?php echo $actions_split->display_links($actions_query_numrows, MAX_DISPLAY_SEARCH_RESULTS, MAX_DISPLAY_PAGE_LINKS, $HTTP_GET_VARS['page'], (isset($HTTP_GET_VARS['module']) && in_array($HTTP_GET_VARS['module'], $modules_array) && is_object(${$HTTP_GET_VARS['module']}) ? 'module=' . $HTTP_GET_VARS['module'] : null) . '&' . (isset($HTTP_GET_VARS['search']) && !empty($HTTP_GET_VARS['search']) ? 'search=' . $HTTP_GET_VARS['search'] : null)); ?></td>
                 </tr>
               </table></td>
             </tr>
           </table></td>
<?php
 $heading = array();
 $contents = array();

 switch ($action) {
   default:
     if (isset($aInfo) && is_object($aInfo)) {
       $heading[] = array('text' => '<b>' . $aInfo->module . '</b>');

       $contents[] = array('text' => TEXT_INFO_IDENTIFIER . '<br><br>' . (!empty($aInfo->identifier) ? '<a href="' . tep_href_link(FILENAME_ACTION_RECORDER, 'search=' . $aInfo->identifier) . '"><u>' . tep_output_string_protected($aInfo->identifier) . '</u></a>': '(empty)'));
       $contents[] = array('text' => '<br>' . TEXT_INFO_DATE_ADDED . ' ' . tep_datetime_short($aInfo->date_added));
     }
     break;
 }

 if ( (tep_not_null($heading)) && (tep_not_null($contents)) ) {
   echo '            <td width="25%" valign="top">' . "\n";

   $box = new box;
   echo $box->infoBox($heading, $contents);

   echo '            </td>' . "\n";
 }
?>
         </tr>
       </table></td>
     </tr>
   </table></td>
<!-- body_text_eof //-->
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

please help,

Link to comment
Share on other sites

.htaccess with only

DirectoryIndex index.php

means "If no file is given (just a domain or directory), try running index.php in that directory. If there isn't an index.php, fail in some way (by giving a listing of the directory, unless Indexing is turned off)." It's legal, but a bit unusual, to specify only index.php. The Apache server comes set up to default to

DirectoryIndex index.html index.htm index.php

(look for index.html first, then for index.htm, and only if neither are found, for index.php). Since osC only uses index.php, that's probably safe.

 

"admin" not existing: Unless this is someone trying to hack your system, you should have changed the "admin" directory to some other name, and updated the <formerly admin>/includes/configure.php to change the '/admin/' entry.

 

You should have a /robots.txt file, even if it's empty, to avoid errors being logged. You should also have /favicon.ico defined (or a different name and location, with a <link> "shortcut" tag pointing to it) to avoid error logs. Finally, you should think about defining your own error documents (error pages), at least for 404 and 500, as those are so common. /404.shtml etc. are the defaults if you don't define your own in the .htaccess file. See http://www.catskilltech.com/freeSW/SMF/faqs/index.html#files

 

The tep_hide_session_id() function is in both the regular and admin html_output.php files. Are you getting any errors about not being able to include html_output.php? I would clean up all the easy errors first (like "admin" not found) and see if the problem goes away. If not, check html_output.php (both of them) to see if they're corrupted in some way. See if at least they have function tep_hide_session_id defined.

 

What osC version are we talking about here? You should preferably be at least at 2.3.1.

Link to comment
Share on other sites

Hi MrPhil,

  • I have check the directory and I found no index.html, rather an index.php which contains a few codes

<? header("Location: store/index.php");?>

 

 

Our domain link redirect to our store folder so in you visit the domain, it'll bring up to

http://www.DOMAIN.com/store

  • I did try to rename our "admin" folder to something like "admin_DOMAINstore". It did work but I think it has also had a bit security issue since if I visit the link it leads me to directly accessing the admin panel without asking any login information. Because of that I had search on this forum and found out there a lot and detailed instruction upon renaming the admin folder, I will try it again tomorrow by following this thread's intruction, security issue with admin directory

  • I did not find a /robot.txt so I did created it via generating on some site..
  • is it just fine?..

#Generated by wgtools.com/seo-tools/robots/
User-agent: *
Allow: /

  • I already also have a /favicon.ico

  • About the custom error pages, I think I'll leave that way since the site is healthy without it, I'll make it some though on the future if I got some time..

  • I think I don't get errors from html_output, and it contains the tep_hide_session_id functions like you've said. by the way here's the code on it

<?php
/*
 $Id: html_output.php,v 1.56 2003/07/09 01:15:48 hpdl Exp $
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com
 Copyright (c) 2003 osCommerce
 Released under the GNU General Public License
*/
////
// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;

$page = tep_output_string($page);
if (!tep_not_null($page)) {
  die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
}
if ($connection == 'NONSSL') {
  $link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
} elseif ($connection == 'SSL') {
  if (ENABLE_SSL == true) {
	$link = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG;
  } else {
	$link = HTTP_SERVER . DIR_WS_HTTP_CATALOG;
  }
} else {
  die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine connection method on a link!<br><br>Known methods: NONSSL SSL</b><br><br>');
}
if (tep_not_null($parameters)) {
  $link .= $page . '?' . tep_output_string($parameters);
  $separator = '&';
} else {
  $link .= $page;
  $separator = '?';
}
while ( (substr($link, -1) == '&') || (substr($link, -1) == '?') ) $link = substr($link, 0, -1);
// Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined
if ( ($add_session_id == true) && ($session_started == true) && (SESSION_FORCE_COOKIE_USE == 'False') ) {
  if (tep_not_null($SID)) {
	$_sid = $SID;
  } elseif ( ( ($request_type == 'NONSSL') && ($connection == 'SSL') && (ENABLE_SSL == true) ) || ( ($request_type == 'SSL') && ($connection == 'NONSSL') ) ) {
	if (HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
	  $_sid = tep_session_name() . '=' . tep_session_id();
	}
  }
}
if ( (SEARCH_ENGINE_FRIENDLY_URLS == 'true') && ($search_engine_safe == true) ) {
  while (strstr($link, '&&')) $link = str_replace('&&', '&', $link);
  $link = str_replace('?', '/', $link);
  $link = str_replace('&', '/', $link);
  $link = str_replace('=', '/', $link);
  $separator = '?';
}
if (isset($_sid)) {
  $link .= $separator . $_sid;
}
return $link;
 }
////
// The HTML image wrapper function
 function tep_image($src, $alt = '', $width = '', $height = '', $parameters = '') {
if ( (empty($src) || ($src == DIR_WS_IMAGES)) && (IMAGE_REQUIRED == 'false') ) {
  return false;
}
// alt is added to the img tag even if it is null to prevent browsers from outputting
// the image filename as default
$image = '<img src="' . tep_output_string($src) . '" border="0" alt="' . tep_output_string($alt) . '"';
if (tep_not_null($alt)) {
  $image .= ' title=" ' . tep_output_string($alt) . ' "';
}
if ( (CONFIG_CALCULATE_IMAGE_SIZE == 'true') && (empty($width) || empty($height)) ) {
  if ($image_size = @getimagesize($src)) {
	if (empty($width) && tep_not_null($height)) {
	  $ratio = $height / $image_size[1];
	  $width = $image_size[0] * $ratio;
	} elseif (tep_not_null($width) && empty($height)) {
	  $ratio = $width / $image_size[0];
	  $height = $image_size[1] * $ratio;
	} elseif (empty($width) && empty($height)) {
	  $width = $image_size[0];
	  $height = $image_size[1];
	}
  } elseif (IMAGE_REQUIRED == 'false') {
	return false;
  }
}
if (tep_not_null($width) && tep_not_null($height)) {
  $image .= ' width="' . tep_output_string($width) . '" height="' . tep_output_string($height) . '"';
}
if (tep_not_null($parameters)) $image .= ' ' . $parameters;
$image .= '>';
return $image;
 }
////
// The HTML form submit button wrapper function
// Outputs a button in the selected language
 function tep_image_submit($image, $alt = '', $parameters = '') {
global $language;
$image_submit = '<input type="image" src="' . tep_output_string(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image) . '" border="0" alt="' . tep_output_string($alt) . '"';
if (tep_not_null($alt)) $image_submit .= ' title=" ' . tep_output_string($alt) . ' "';
if (tep_not_null($parameters)) $image_submit .= ' ' . $parameters;
$image_submit .= '>';
return $image_submit;
 }
////
// Output a function button in the selected language
 function tep_image_button($image, $alt = '', $parameters = '') {
global $language;
return tep_image(DIR_WS_LANGUAGES . $language . '/images/buttons/' . $image, $alt, '', '', $parameters);
 }
////
// Output a separator either through whitespace, or with an image
 function tep_draw_separator($image = 'pixel_black.gif', $width = '100%', $height = '1') {
return tep_image(DIR_WS_IMAGES . $image, '', $width, $height);
 }
////
// Output a form
 function tep_draw_form($name, $action, $method = 'post', $parameters = '', $tokenize = false) {
global $sessiontoken;
$form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"';
if (tep_not_null($parameters)) $form .= ' ' . $parameters;
$form .= '>';

if ( ($tokenize == true) && isset($sessiontoken) ) {
  $form .= '<input type="hidden" name="formid" value="' . tep_output_string($sessiontoken) . '">';
}
return $form;
 }
////
// Output a form input field
 function tep_draw_input_field($name, $value = '', $parameters = '', $type = 'text', $reinsert_value = true) {
$field = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {
  $field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"';
} elseif (tep_not_null($value)) {
  $field .= ' value="' . tep_output_string($value) . '"';
}
if (tep_not_null($parameters)) $field .= ' ' . $parameters;
$field .= '>';
return $field;
 }
////
// Output a form password field
 function tep_draw_password_field($name, $value = '', $parameters = 'maxlength="40"') {
return tep_draw_input_field($name, $value, $parameters, 'password', false);
 }
////
// Output a selection field - alias function for tep_draw_checkbox_field() and tep_draw_radio_field()
 function tep_draw_selection_field($name, $type, $value = '', $checked = false, $parameters = '') {
$selection = '<input type="' . tep_output_string($type) . '" name="' . tep_output_string($name) . '"';
if (tep_not_null($value)) $selection .= ' value="' . tep_output_string($value) . '"';
if ( ($checked == true) || ( isset($GLOBALS[$name]) && is_string($GLOBALS[$name]) && ( ($GLOBALS[$name] == 'on') || (isset($value) && (stripslashes($GLOBALS[$name]) == $value)) ) ) ) {
  $selection .= ' CHECKED';
}
if (tep_not_null($parameters)) $selection .= ' ' . $parameters;
$selection .= '>';
return $selection;
 }
////
// Output a form checkbox field
 function tep_draw_checkbox_field($name, $value = '', $checked = false, $parameters = '') {
return tep_draw_selection_field($name, 'checkbox', $value, $checked, $parameters);
 }
////
// Output a form radio field
 function tep_draw_radio_field($name, $value = '', $checked = false, $parameters = '') {
return tep_draw_selection_field($name, 'radio', $value, $checked, $parameters);
 }
////
// Output a form textarea field
 function tep_draw_textarea_field($name, $wrap, $width, $height, $text = '', $parameters = '', $reinsert_value = true) {
$field = '<textarea name="' . tep_output_string($name) . '" wrap="' . tep_output_string($wrap) . '" cols="' . tep_output_string($width) . '" rows="' . tep_output_string($height) . '"';
if (tep_not_null($parameters)) $field .= ' ' . $parameters;
$field .= '>';
if ( (isset($GLOBALS[$name])) && ($reinsert_value == true) ) {
  $field .= stripslashes($GLOBALS[$name]);
} elseif (tep_not_null($text)) {
  $field .= $text;
}
$field .= '</textarea>';
return $field;
 }
////
// Output a form hidden field
 function tep_draw_hidden_field($name, $value = '', $parameters = '') {
$field = '<input type="hidden" name="' . tep_output_string($name) . '"';
if (tep_not_null($value)) {
  $field .= ' value="' . tep_output_string($value) . '"';
} elseif (isset($GLOBALS[$name])) {
  $field .= ' value="' . tep_output_string(stripslashes($GLOBALS[$name])) . '"';
}
if (tep_not_null($parameters)) $field .= ' ' . $parameters;
$field .= '>';
return $field;
 }
////
// Hide form elements
 function tep_hide_session_id() {
global $session_started, $SID;
if (($session_started == true) && tep_not_null($SID)) {
  return tep_draw_hidden_field(tep_session_name(), tep_session_id());
}
 }
////
// Output a form pull down menu
 function tep_draw_pull_down_menu($name, $values, $default = '', $parameters = '', $required = false) {
$field = '<select name="' . tep_output_string($name) . '"';
if (tep_not_null($parameters)) $field .= ' ' . $parameters;
$field .= '>';
if (empty($default) && isset($GLOBALS[$name])) $default = stripslashes($GLOBALS[$name]);
for ($i=0, $n=sizeof($values); $i<$n; $i++) {
  $field .= '<option value="' . tep_output_string($values[$i]['id']) . '"';
  if ($default == $values[$i]['id']) {
	$field .= ' SELECTED';
  }
  $field .= '>' . tep_output_string($values[$i]['text'], array('"' => '"', '\'' => ''', '<' => '<', '>' => '>')) . '</option>';
}
$field .= '</select>';
if ($required == true) $field .= TEXT_FIELD_REQUIRED;
return $field;
 }
////
// Creates a pull-down list of countries
 function tep_get_country_list($name, $selected = '', $parameters = '') {
$countries_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
$countries = tep_get_countries();
for ($i=0, $n=sizeof($countries); $i<$n; $i++) {
  $countries_array[] = array('id' => $countries[$i]['countries_id'], 'text' => $countries[$i]['countries_name']);
}
return tep_draw_pull_down_menu($name, $countries_array, $selected, $parameters);
 }
?>

Link to comment
Share on other sites

Ah, so your site root / has index.php that just flips the visitor over to store/index.php? If you're on an Apache server (which recognizes .htaccess files), it would be much better to do this instead. In /.htaccess:

RewriteEngine On
RewriteCond  %{REQUEST_URI}  !^/store  [NC]
RewriteRule  ^(.*)$  /store/$1  [L]

 

Get rid of the current one line /index.php. If you're using an IIS server, there is probably a way to accomplish the same thing.

 

if I visit the link it leads me to directly accessing the admin panel

Two things here. The intent is to use a directory name that is not easily guessed. osC used to use just "admin", which every hacker knew. Second, you're supposed to password protect the <formerly admin> directory so that you have to enter an ID and password to get in (another layer of protection against hackers). So, you change the name, update the configure.php file to use that name, and add password protection.

 

is it just fine?..

Yeah, it's OK. It doesn't restrict any search engines (same as an empty robots.txt or no robots.txt file at all), which is OK for a start. Eventually you may want to tell search engines to stay out of various parts of your site, but that can come later.

 

About the custom error pages, I think I'll leave that way since the site is healthy without it

Just be aware that every time you have an error (e.g., a 404 or a 500), you will probably get a second error "404 error, handler for nnn not found". By default, Apache is set up in an absolutely stupid way, such that you get a 404 error when it looks for a custom error page, even though it has a default page it can use!

 

As to why you're getting an error message that tep_hide_session_id() can't be found, action_recorder.php should include application_top.php (any error there?). In turn, application_top.php should be including html_output.php, which contains the definition for tep_hide_session_id(). Is anything in that chain broken?

Link to comment
Share on other sites

Hi MrPhil,

 

I have modified my .htaccess and added the codes you provided, though I don't feel the changes.. hehe, thanks anyway

 

 

Get rid of the current one line /index.php. If you're using an IIS server, there is probably a way to accomplish the same thing.

already deleted it. I don't what's IIS server but I known I'm using plesk.

 

 

Two things here. The intent is to use a directory name that is not easily guessed. osC used to use just "admin", which every hacker knew. Second, you're supposed to password protect the <formerly admin> directory so that you have to enter an ID and password to get in (another layer of protection against hackers). So, you change the name, update the configure.php file to use that name, and add password protection.

No, I mean the default "admin" normally ask for a username and password but my newly created admin folder doesn't. Luckily a figure it out and it works fine now.. Though I notice there is no log-out link on admin panel..

 

 

Just be aware that every time you have an error (e.g., a 404 or a 500), you will probably get a second error "404 error, handler for nnn not found". By default, Apache is set up in an absolutely stupid way, such that you get a 404 error when it looks for a custom error page, even though it has a defaultpage it can use!

okay thanks for clearing it out, I'll apply it on the future.

 

 

 

As to why you're getting an error message that tep_hide_session_id() can't be found, action_recorder.php should include application_top.php (any error there?). In turn, application_top.php should be including html_output.php, which contains the definition for tep_hide_session_id(). Is anything in that chain broken?

I searched action_recorder.php but It bring me to a lot of results.. which one specifically?

includes/languages/enlish/modules/action_recorder

includes/modules/action_recorder

admin_folder/action_recorder.php

admin_folder/includes/languages/english/action_recorder.php

admin_folder/includes/classes/action_recorder.php

includes/classes/action_recorder.php

 

 

application_top.php also bring me 2 results

includes/application_top.php

admin_folder/includes/application_top.php

 

 

 

I don't see any errors on this files..

Link to comment
Share on other sites

I don't have my store source available, but this is a customer trying to visit store/account_history_info.php from an invoice link? Check that no file is "world writable" (666 or 777 typically). The file should normally be 644 permissions. You say you are using plesk for your hosting control panel, which I thought was for Windows (IIS), but your file paths look like a Linux server. The file permissions would be "read-write" for the owner and "read-only" for everyone else, on a Windows server. The file could also have a blank/empty line at the beginning (before the first <?php) or end (after the last ?>) due to improper editing (which needs to be removed). You do have a working SSL installation? The link is for https:, so you need a properly installed and configured SSL certificate. Does it work for other things, such as account login? Some strangely set up systems require that you copy any file that needs to be accessed under SSL to another subdirectory tree -- check with your host if that's the case.

Link to comment
Share on other sites

Hi MrPhil. I really appreciate your response. Thanks about that. The problem is now solved, my developer friend helped me. I ask him how did he do it, he told that he ON the error reporting then found out the problem on a order.php file that has a typo codes..

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...