254 replies to this topic

[Camilleah]

spooks, on 17 March 2010, 16:05, said:

The only thing I can think of is that your server is not recognising expresions correctly & so the sanitise function is wiping all the data (you do have a rather old php versiomn!)

Try the contact_us (i assume u updated that too) form, if you leave the e-mail address blank, on submit you will get returned to to form with with error, you should see what you placed b4, if not try commenting out the line

clean_post ();

ie change to

// clean_post;

If your data issues vanish, then its you server not recognising the regex expression, if so ask your host why the server appears not to understand perl syntax regex expressions.

Yu could also check your error log to see if that is showing anything.

Yep! Your right! If I comment out the clean_post the contact us page works. But I'm guessing doing that isn't a good thing.

As you suggested I also checked my error log and found >>

1. PHP Notice: Undefined index: email_address in /xxxxxxxxxx/httpdocs/catalog/login.php on line 17, referer:

2. PHP Warning: Compilation failed: PCRE does not support \\L, \\l, \\N, \\P, \\p, \\U, \\u, or \\X at offset 3 in /xxxxxxxxxx/catalog/includes/functions/account_secure.php on line 39, referer:

Are these causing the problem and can it be fixed?

[Follkes]

Hi again.

I have installed twice and always find the same stone in the road. Firefox and Iexplorer (not a php errorshows an error about codification if a add this piece of code in particular to login.php

// anti-hacker account
  require('includes/functions/account_secure.php');
	$password = tep_to_hex($_POST['password']);
  unset($_POST['password']);
	if (!isset($_POST['email_address'])) { 
		$_POST['email_address'] = $_GET['email_address']; unset($_GET['email_address']);
	}
	$email_address = '';
	clean_post ();
// EOF anti-hacker account

Don´t get me wrong as i get "working" in contact-us , tell-a-friend or anything without login i have tested so far.

Quite puzzled...

[spooks]

Camilleah, on 17 March 2010, 18:04, said:

2. PHP Warning: Compilation failed: PCRE does not support \\L, \\l, \\N, \\P, \\p, \\U, \\u, or \\X at offset 3 in /xxxxxxxxxx/catalog/includes/functions/account_secure.php on line 39, referer:

OK, yes its as I expected, your server does not understand the expession, its using PCRE rather than perl & further your PCRE is compiled without unicode support, you could ask your host to remidy that.

The issue is that it don't understand \p{L}\p{M} in the line:

return preg_replace("/[^\p{L}\p{M}\w\r@ :{}_.-]/i", "", urldecode($vars)); 

within account_secure.php.

you could alter that line to:

return preg_replace("/[^\w\r@ :{}_.-]/i", "", urldecode($vars)); 

but the result will be any 'foreign chars' input will be removed, ie its best if your host can sort their server, I hope their not a re-seller!! [img]http://forums.oscommerce.com/public/style_emoticons/default/huh.gif[/img]

[spooks]

Follkes, on 17 March 2010, 19:32, said:

I have installed twice and always find the same stone in the road. Firefox and Iexplorer (not a php errorshows an error about codification if a add this piece of code in particular to login.php

Don´t get me wrong as i get "working" in contact-us , tell-a-friend or anything without login i have tested so far.

I'm sorry, I can't tell what you mean, do you have errors, is something hapenning, or not happening? Please make your issue clear. [img]http://forums.oscommerce.com/public/style_emoticons/default/smile.gif[/img]

[Follkes]

Sorry, my previous post was severed somehow.

If i add this piece of code to login.php

// anti-hacker account
require('includes/functions/account_secure.php');
$password = tep_to_hex($_POST['password']);
unset($_POST['password']);
if (!isset($_POST['email_address'])) {
$_POST['email_address'] = $_GET['email_address']; unset($_GET['email_address']);
}
$email_address = '';
clean_post ();
// EOF anti-hacker account

I get this firefox crash "Content encoding error
The page you are trying to view can not be shown because it uses a compression format invalid or unsupported" and if usin original login.php it shows ok.

[spooks]

Follkes, on 18 March 2010, 09:58, said:

I get this firefox crash "Content encoding error
The page you are trying to view can not be shown because it uses a compression format invalid or unsupported" and if usin original login.php it shows ok.

Its your editor, its refering to the encoding of the page, not code in the page, use a proper editor MS programs such as 'word' etc cause this also filemanager in admin.

Edit your files with a proper text editor, such as html-kit or notepad++

You must also ensure you transfer your files by ftp in the correct mode http://forums.oscommerce.com/topic/353800-how-to-ensure-your-images-have-valid-filenames/page__view__findpost__p__1484091

[Follkes]

Notepad ++ and Wamp , no ftp involved and as soon as i remove that piede of code i see the login page.

Keep testing, BTW only have 1 language, spanish.

[Follkes]

And php error log says:

PHP Notice: Undefined index: password in D:\wamp\www\hm\login.php on line 14
PHP Notice: Undefined index: email_address in D:\wamp\www\hm\login.php on line 17

[spooks]

Follkes, on 18 March 2010, 16:38, said:

And php error log says:

PHP Notice: Undefined index: password in D:\wamp\www\hm\login.php on line 14
PHP Notice: Undefined index: email_address in D:\wamp\www\hm\login.php on line 17

[img]http://forums.oscommerce.com/public/style_emoticons/default/pinch.gif[/img]

Those are notices, minor isssue can be ignored


As I said b4 its refering to the encoding of the page, not code in the page, you need to find what you are doing to create mal encoded pages, they should have no encoding, just plain text

[Follkes]

As far as i can see that piece of code in index.php triggers that firefox error, I am using all your files in the contribution.

With this:

// anti-hacker account
  require('includes/functions/account_secure.php');
	$password = tep_to_hex($_POST['password']);
  unset($_POST['password']);
	if (!isset($_POST['email_address'])) { 
		$_POST['email_address'] = $_GET['email_address']; unset($_GET['email_address']);
	}
	$email_address = '';
	clean_post ();
// EOF anti-hacker account

I still get the error. No index.php is shown


But with this

// anti-hacker account
  require('includes/functions/account_secure.php');
	//$password = tep_to_hex($_POST['password']);
  //unset($_POST['password']);
	//if (!isset($_POST['email_address'])) { 
		//$_POST['email_address'] = $_GET['email_address']; unset($_GET['email_address']);
	//}
	//$email_address = '';
	clean_post ();
// EOF anti-hacker account

Shows login.php, i can try [w](o)%3Cr%3Ek|i*n^g an i get "working"......

[spooks]

Follkes, on 18 March 2010, 19:52, said:

Perhaps you have your server set up oddly, of course windows is not the best type of server to use.

You need to use the tep_to_hex function, the e-mail stuff is just for convenience. The sanitise is working as u have left that part in.



Upload your files to a real server (linux) I bet you will find it all fine, or install linux onto your PC, the basic is a lot more strait forward than windows & it will install alongside your existing. I recomend Fedora 12.



There are quite a number of areas within osC(add-ons) that wont work under windows most times.

[Follkes]

spooks, on 18 March 2010, 20:15, said:

Perhaps you have your server set up oddly, of course windows is not the best type of server to use.

You need to use the tep_to_hex function, the e-mail stuff is just for convenience. The sanitise is working as u have left that part in.

Upload your files to a real server (linux) I bet you will find it all fine, or install linux onto your PC, the basic is a lot more strait forward than windows & it will install alongside your existing. I recomend Fedora 12.

There are quite a number of areas within osC(add-ons) that wont work under windows most times.

Indeed.
I uploaded the wamp version to my linux server online, a kind of a shadow shop and once I modified the configure file i saw login.php without problem. There is the thin to adapt to spanish the languages files you provided.

PD. I also use Opensuse 11.2 but no with lamp or similar...another think to do...

Regards

[Follkes]

Sam, have you ever tried it in firefox with "remember password feature ON" keeps seeing the postal code field as password........quite odd. " Want to remember 3355 as your password?"
Other fields get a clean "working". This time is online with linux server.

[spooks]

Follkes, on 20 March 2010, 09:29, said:

Sam, have you ever tried it in firefox with "remember password feature ON" keeps seeing the postal code field as password........quite odd. " Want to remember 3355 as your password?"
Other fields get a clean "working". This time is online with linux server.

Its not taking the postcode field as the password, but as the id or name for the account.

Its a firefox error, there's not a lot I can do, the field names & id's are unchanged from ther default osC & it would be a bad idea to vary from that.

What firefox is actually doing is taking the last input field b4 the password fields & assumeing thats the 'id' field for the account

If you move the email field to below the country field, it gets the right one!!

[Follkes]

Hi Sam

At first I thought was cos I unpicked genre and dob i admin panel. But after resetting those on still same failure. I guess is my pc and my firefox...

I see "working" everywhere !! Cheers!!

[MR1]

Hello Guys,

I am getting this error when i click on check out.

"Warning: require(DIR_WS_FUNCTIONSajax.php) [function.require]: failed to open stream: No such file or directory in"

Now from the error i though its saying it cant see the file so i made sure that the pile is in, the error message also said about link 13. Which also seems fine?

Line 13
create_account.php

 require(DIR_WS_FUNCTIONS . 'ajax.php');

Any help, would be apericiated.

[MR1]

Hello,

seems to work now.

THank you

Edited by MR1, 22 March 2010, 14:56.

[spooks]

MR1, on 22 March 2010, 14:53, said:

Hello,

seems to work now.

THank you

Good, your issue was somehow DIR_WS_FUNCTIONS was not getting defined, that happens in application top, I assume you found the error there, or you repositioned the call to after the call to application top.

[MR1]

Hello,

Am not sure why or what this is.

When i go to create_account.php

it says

"ENTRY_SAVE_DETAIL"

I mean what is this, thank you

[spooks]

MR1, on 22 March 2010, 15:27, said:

When i go to create_account.php

it says

"ENTRY_SAVE_DETAIL"

You havent updated catalog/includes/languages/english/create_account.php with the new code, as given in the included file, not all the changes are detailed in the manual install, you must use a file compare for some.