Gsnerf Posted November 30, 2005 Share Posted November 30, 2005 (edited) /* EDIT */ forget about it... i'm just poorly dumb... Edited November 30, 2005 by Gsnerf Quote Link to comment Share on other sites More sharing options...
Agelmar Posted December 18, 2005 Share Posted December 18, 2005 (edited) Not sure how many people this effects, but I noticed the following: catalog/includes/classes/sessions.php: $url = parse_url($GLOBALS['HTTP_REFERER']); in the patched version. AFAIK, this needs to be changed to $_SERVER['HTTP_REFERER']. ALso exists in catalog/admin/includes/classes/sessions.php: $url = parse_url($GLOBALS['HTTP_REFERER']); Also the line right below in both of those files, dealing with SERVER_NAME... Edited December 18, 2005 by Agelmar Quote Link to comment Share on other sites More sharing options...
novyan Posted December 21, 2005 Share Posted December 21, 2005 how do you make his patch work? I have DL the v1.3a and place each file in its place on the server but still I get the sama message ??? thanks a lot Quote Link to comment Share on other sites More sharing options...
kev@num Posted December 21, 2005 Share Posted December 21, 2005 has anyone found a fix for the offical osCommerce PayPal IPN v1.1 Module ?? it seems to work for some people and change the status from Paypal [Preparing IPN] to Paid.. but for most people it gets stuck on Paypal [Preparing IPN].. when they get redirected back to the checkout_process page it doesn't realise they have paid. i also have register globals on... i've tried all of the fixes from here but can' get any to work Quote Link to comment Share on other sites More sharing options...
lextech Posted January 16, 2006 Share Posted January 16, 2006 do you get the error while installing? because i had this too, i solved this by commenting the register_globals check in application.php in your /install/includes OH THANK YOU! I was tearing my hair out looking for a php.ini file that didn't exist because I am hosted. After seeing your post I went into the application_top.php file (/ public_html / store / includes) and completely removed: // check if register_globals is enabled. // since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. if (function_exists('ini_get')) { ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.'); } ************************************************************** This brought the site up immediately! Man am I happy about that. All the info I was getting in search was confusing me more than before I got here. :) Excellent info, and the search button on this site works well :) Thank you guy's! Quote RC2.2a Link to comment Share on other sites More sharing options...
homewetbar Posted January 17, 2006 Share Posted January 17, 2006 (edited) I'm trying to install this registered globals off contrib and I've run into a snag, the newer version of oscommerce modifies the includes/functions/sessions.php to include a necessary security fix changing the function tep_session_start() variable to: function tep_session_start() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; $sane_session_id = true; if (isset($HTTP_GET_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) { unset($HTTP_GET_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_POST_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) { unset($HTTP_POST_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) { $session_data = session_get_cookie_params(); setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); $sane_session_id = false; } } if ($sane_session_id == false) { tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } return session_start(); } The directions are for the old version and say to replace that with: function tep_session_start() { // >>> BEGIN REGISTER_GLOBALS $success = session_start(); // Work-around to allow disabling of register_globals - map all defined // session variables if ($success && count($_SESSION)) { $session_keys = array_keys($_SESSION); foreach($session_keys as $variable) { link_session_variable($variable, true); } } Which nullifies the security fix in the newer osCommerce I would think. How do I apply this contribution and still leave the osCommerce security fix intact??? Thanks in advance! Edited January 17, 2006 by homewetbar Quote Most Valuable OsCommerce Contributions: Also Purchased (AP) Preselection (cuts this resource hogging query down to nothing) -- Contribution 3294 FedEx Automated Labels -- Contribution 2244 RMA Returns system -- Contribution 1136 Sort Products By Dropdown -- Contribution 4312 Ultimate SEO URLs -- Contribution 2823 Credit Class & Gift Voucher -- Contribution 282 Cross-Sell -- Contribution 5347 Link to comment Share on other sites More sharing options...
Guest Posted February 4, 2006 Share Posted February 4, 2006 I installed version 1.3 of this module. I have got everything to work fine apart from two things, if someone could help fix the problem, i could pay them some cash through paypal. The first problem: In admin/order_status.php i cannot set any of the other options as default apart from "pending". Before I installed this contrib I had it as "processing". Although I can set the default as anything I like in admin once the order is made on my website it always goes to pending. I want to do this as then an automatic email is then sent to my customer telling them about the order. The second problem is: I no longer get a paypal ipn email when an order has been made through my website nor does the paypal ipn system work. I do get an email directly from paypal saying that funds have been added to my account and what the product ordered was. The paypal contrib i have installed is (v3.1.5): http://www.oscommerce.com/community/contri...h,paypal+devosc All the order numbering and everything else is working fine. Please help. Quote Link to comment Share on other sites More sharing options...
wondernet Posted February 7, 2006 Share Posted February 7, 2006 I'm trying to get this sorted and to use with the STS Template system, can it be done?? Quote Link to comment Share on other sites More sharing options...
keress Posted February 17, 2006 Share Posted February 17, 2006 I have "Register Globals" installed and when trying to access the "product attributes" page in the admin I received the following error: Fatal error: Call to undefined function: link_get_variable() in /var/www/vhosts/scootersatvs.com/httpdocs/catalog/admin/products_attributes.php on line 14 Anyone recognize this? Linda Quote Link to comment Share on other sites More sharing options...
mr_absinthe Posted February 23, 2006 Share Posted February 23, 2006 OK, 'cause I think that what I'm experiencing might be benefitial to others and also 'cause I still hope that somebody might be able to help me, I'll keep you up to date with my problem: I'm having some difficulties with register_globals and currencies update. If you have more than one currency in your store, this module will take care of regular updates via cron. When I call the script from my browser, currencies are updated however when I set a cron job, I'm receiving message that register_globals is disabled in php.ini. This is what I've tried so far: I have "php_flag register_globals on" in my .htaccess. - I haven't restarted apache as I have no access to the server - I'm on shared hosting but the whole site has been running for couple of months now without any problems related to register_globals - apart from that update currencies script. I have created php.ini with register_globals = On in and uploaded to root as well as to admin directory. With all the above done I run cron job and receive that FATAL ERROR message again. Creator of Currency Value Updater confirmed the following: that error is generated by the file includes/application_top.php. If you've tried to enable it without success, your host has disallowed access to that command. You have two options: 1) Use the Register Globals Off contribution to allow your store to function in an enviroment with register_globals disabled 2) Delete the line in your application_top.php file that's killing the script. There's nothing in my script that needs register_globals enabled, but it calls up the application_top.php file to get configuration and database settings. With all the above said and done, I've contacted my host and this is their reply: The .htaccess method of turning on register globals only works when you access the script over the web server, if you are calling it directly with php from command line you can try specifying php -d register_globals=1 <filename> instead of just php <filename> Their answer was promising, however the command produced the following message from cron: PHP Warning: main(/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php): failed to open stream: Permission denied in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20 PHP Warning: main(/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php): failed to open stream: Permission denied in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20 PHP Warning: main(): Failed opening '/home/httpd/vhosts/mysite.com/httpdocs/config_cache/config.php' for inclusion (include_path='.:/usr/share/pear') in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/configuration_cache_read.php on line 20 PHP Warning: main(includes/languages/.php): failed to open stream: No such file or directory in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134 PHP Warning: main(includes/languages/.php): failed to open stream: No such file or directory in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134 PHP Fatal error: main(): Failed opening required 'includes/languages/.php' (include_path='.:/usr/share/pear') in /home/httpd/vhosts/mysite.com/httpdocs/admin/includes/application_top.php on line 134 X-Powered-By: PHP/4.4.2 Set-Cookie: osCAdminID=7a1722f52212af96ae23c01cc88851d9; path=/admin/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-type: text/html Well, that's the situation so far. If you have any idea how could this be sorted without using Register Globals Off contribution, please, please let me know. I've been trying to sort this out for quite a long time now. Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Guest Posted March 6, 2006 Share Posted March 6, 2006 Register Globals V 1.4 is now available. You can find it here... http://www.oscommerce.com/community/contributions,2097 I would have put a post on the "contributions announcement" board but I wasn't allowed to. I dunno - don't ask me... Rich. Quote Link to comment Share on other sites More sharing options...
sukui Posted April 20, 2006 Share Posted April 20, 2006 (edited) I just installed v1.4 into a OSC 2.2 R2 and am having problems. For some reason, my cart has totally failed. If I try to add a product into the cart from the product_info.php file, for some reason after the redirection the cart is always empty. I seem to have traced the problem to the line $success = session_start(); in the function tep_session_start in includes/functions/sessions.php. Before this line is executed, my $_GET global has the 'action' and 'product_id' variables set correctly (along with the 'osCsid' var). However after the session starts, both the 'action' and 'product_id' vars get wiped from the $_GET array, and they no longer trigger anything. Specifically I need it to trigger the shopping cart section in application_top.php. However at that point, the session has been called and my 'action' variable seems to be no longer accessible. I imagine somewhere, some code is doing something like unset($_GET['action']), but I have no idea where this might be. I've racked my brain on this for like 4 hours already and haven't had any luck. Has anyone else noticed this problem, or does anyone have any suggestions on where else I should be looking? Thanks in advance. EDIT - I almost forgot to mention, but after the $_GET variables are wiped, for some reason the osCsid stays. Before that session_start() call, there are 3 vars, action, product_id and osCsid. After, only osCsid...Weird. Edited April 20, 2006 by sukui Quote Link to comment Share on other sites More sharing options...
Memo2Shell Posted April 22, 2006 Share Posted April 22, 2006 Register Globals V 1.4 is now available. You can find it here... http://www.oscommerce.com/community/contributions,2097 I would have put a post on the "contributions announcement" board but I wasn't allowed to. I dunno - don't ask me... Rich. Hello, I just installed this contribution and upon accessing my catalog/admin, I receive the following errors: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68 Fatal error: Call to undefined function tep_get_languages() in c:\hosting\webhost4life\member\garden\catalog\admin\index.php on line 58 Help! Quote Link to comment Share on other sites More sharing options...
Memo2Shell Posted April 22, 2006 Share Posted April 22, 2006 Hello, I just installed this contribution and upon accessing my catalog/admin, I receive the following errors: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at c:\hosting\webhost4life\member\garden\catalog\admin\includes\configure.php:47) in c:\hosting\webhost4life\member\garden\catalog\admin\includes\functions\sessions.php on line 68 Fatal error: Call to undefined function tep_get_languages() in c:\hosting\webhost4life\member\garden\catalog\admin\index.php on line 58 Help! Well, it turns out that there were whitespaces in the files. Solved the warning errors but still getting the Fatal one tep_get_language) Quote Link to comment Share on other sites More sharing options...
Memo2Shell Posted April 22, 2006 Share Posted April 22, 2006 Well, it turns out that there were whitespaces in the files. Solved the warning errors but still getting the Fatal one tep_get_language) Browsed through another topic in the forum and actually run into the solution. The solution for the fatal error is that the funtion_tep_get_language could not be found in the admin/functions/general.php file. I just realized, that I may have accidentally uploaded the general.php file in the catalog folder into the admin folder. Duh!!! Anyway, posting this update as it may help others. Quote Link to comment Share on other sites More sharing options...
Maureen Posted May 31, 2006 Share Posted May 31, 2006 Installed this on my test site and now having a problem with $messageStack. On any page where a condition should generate a message from $messageStack->add_session(), it only works on the second attempt: Examples... In My Account: Newsletter -- change option to select a newsletter --> continue; no message. Return to change option, deselect newsletter --> continue, success message displayed Tell a Friend: Send a Tell a Friend e-mail about a product, returned to product no message. Send another e-mail (same or any product), returned to product find e-mail success message. I know this is happening on all the add_session messages. Haven't yet checked the $messageStack->add() I do not know enough to troubleshoot this problem -- Help Please :) Quote Link to comment Share on other sites More sharing options...
robsterK Posted June 17, 2006 Share Posted June 17, 2006 Warning: mysql_connect(): Client does not support authentication protocol requested by server; consider upgrading MySQL client in \\sknet83.seekdotnet.com\d$\Clients\C2270\R639\getbobbleheads.com\public_html\catalog\includes\functions\database.php on line 19 Unable to connect to database server! Ugly isn't it.... I was hoping this contrib would work for me to eliminate the register globals message. There was no database problems before I added this contrib. Quote Link to comment Share on other sites More sharing options...
Guest Posted June 17, 2006 Share Posted June 17, 2006 Installed this on my test site and now having a problem with $messageStack. On any page where a condition should generate a message from $messageStack->add_session(), it only works on the second attempt: Examples... In My Account: Newsletter -- change option to select a newsletter --> continue; no message. Return to change option, deselect newsletter --> continue, success message displayed Tell a Friend: Send a Tell a Friend e-mail about a product, returned to product no message. Send another e-mail (same or any product), returned to product find e-mail success message. I know this is happening on all the add_session messages. Haven't yet checked the $messageStack->add() I do not know enough to troubleshoot this problem -- Help Please :) The add_session should work on the 2nd attempt. You use it when you're about to do a redirect and therefore maintain the message when the page reloads. Otherwise for instant notification (on the same page) you should use the $messageStack->add Quote Link to comment Share on other sites More sharing options...
Maureen Posted June 24, 2006 Share Posted June 24, 2006 The add_session should work on the 2nd attempt. You use it when you're about to do a redirect and therefore maintain the message when the page reloads. Otherwise for instant notification (on the same page) you should use the $messageStack->add Thanks for the answer but maybe I didn't explain it properly. My e-mail a friend example is a redirect and so the message should appear when returned from the E-Mail A Friend page. Without the Register Globals patch and of course with register globals on, that is how it works --> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears. When I had the patch installed and register globals off this is what would happen instead: product_info.php to tell_a_friend.php redirect to product_info.php NO e-mail success message; repeat the process -> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears. This was the case with all the normal OSC $messageStack functions. Probably I missed or incorrectly installed the patch but I could not find where. At the moment I have removed it so I could do other work. Maybe it would be easier to address this when I re-install. :thumbsup: Quote Link to comment Share on other sites More sharing options...
nfrobertson Posted June 25, 2006 Share Posted June 25, 2006 Thanks for the answer but maybe I didn't explain it properly. My e-mail a friend example is a redirect and so the message should appear when returned from the E-Mail A Friend page. Without the Register Globals patch and of course with register globals on, that is how it works --> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears. When I had the patch installed and register globals off this is what would happen instead: product_info.php to tell_a_friend.php redirect to product_info.php NO e-mail success message; repeat the process -> product_info.php to tell_a_friend.php redirect to product_info.php and the e-mail success message appears. This was the case with all the normal OSC $messageStack functions. Probably I missed or incorrectly installed the patch but I could not find where. At the moment I have removed it so I could do other work. Maybe it would be easier to address this when I re-install. :thumbsup: Wow, I just tried this and sure enough - works as you describe (which is not what is desired) I just got done testing tell_a_friend.php a coupld days ago and it was working great. I then loaded the Register Globals patch. I thought everything seemed to be working fine but guess I hadn't really noticed this yet. Is there a fix?? Nathan Quote Link to comment Share on other sites More sharing options...
yanayun Posted August 19, 2006 Share Posted August 19, 2006 This patch dosnt work in my sites : Big problem is create new user, can't insert complete information such as address id with 0. Shipping modules cant display because that problem. i was try to edit manual and upload register global patch file, problem still in customer database addressbookid with id 0 any idea? Quote Link to comment Share on other sites More sharing options...
Rugman Posted August 31, 2006 Share Posted August 31, 2006 Hi, I've just downloaded osCommerce 2.2 Milestone 2 Update 060817 dated 17-08-2006 and after having problems with Register Globals found this thread. I've now realised that the pre-patched files won't work with this (or may not anyhow) and I'm not confident about doing it manually. Is it likely an updated version of this contribution will appear in the near future? I'm hoping Richard has subscribed to this thread and will enlighten us :-" This contribution is invaluable to new to newbies like me. Thanks Richard. Mark Quote Link to comment Share on other sites More sharing options...
Guest Posted August 31, 2006 Share Posted August 31, 2006 Hi, I've just downloaded osCommerce 2.2 Milestone 2 Update 060817 dated 17-08-2006 and after having problems with Register Globals found this thread. ... I didn't even realise there was a new version of OSC. I'll look at it and update the register globals contribution accordingly. It will probably take me a few days to get round to it though. Rich. Quote Link to comment Share on other sites More sharing options...
Rugman Posted September 1, 2006 Share Posted September 1, 2006 I didn't even realise there was a new version of OSC. I'll look at it and update the register globals contribution accordingly. It will probably take me a few days to get round to it though. Rich. Thanks Rich, you've just made my day. Quote Link to comment Share on other sites More sharing options...
Guest Posted September 5, 2006 Share Posted September 5, 2006 Put up version 1.5 of the register globals patch. This will work for the 17/08/2006 release of OSC regards, Rich. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.