Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Error when signing into account


bevilleliam

Recommended Posts

Hi.

 

I have an online shop that was recently hacked and malicious files were uploaded. I have cleaned all and to test the shop then I registered an account.

 

When I sign into the account I now get the following error....

 

1054 - Unknown column 'password_reset_key' in 'field list'

update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '31'

[TEP STOP]

 

Please help

Link to comment
Share on other sites

The error is telling you that you are trying to write data to a column "password_reset_key" that doesn't exist in your customers_info table.  You've either changed that table or the update query when you "cleaned" your site.   If you indicate what you did to "clean" the site and what version of osC you have installed maybe someone can tell you which, if either of those two things, needs to be changed.  I hope you used the opportunity to upgrade osC so you don't get hacked again.

 

Dan

Link to comment
Share on other sites

Thank you Dan for your reply.

 

I simply deleted files that should not be there and removed code from files that had extra code added to them like the index.php files. Not too sure is the problem related to anything I did or was the problem always there or were some files removed in the hack process.

 

osCommerce version 2.3.3.4

Link to comment
Share on other sites

Hummmm.....if I were you I'd use the opportunity to upgrade to the Responsive version....either gold or edge so you have a mobile friendly site.  If you choose not to, you'll never be certain that you got things completely cleaned and a backdoor or some thing wasn't left behind.  

 

Regarding the error message... password_reset_key should exist in your customer_info table so have a look at that table and see what wrong.   Did your database get hacked too?

 

Dan

Link to comment
Share on other sites

If you have a good known backup copy of the site, which I take it you have as you checked all files for code that should not be there, I would remove all the files from the server, and replace them with the known good files. That should remove any small back doors that the hacker may have left.

 

I would also upload a known good copy of the database to make sure that is clean as well. If you take regular backups you should not loose that much data.

 

Most good hosts save a copy of a site on a daily basis. It may be easier to ask them to upload all the files for you, but make sure that they use a good clean copy and remove all the old files.

 

Get the old site working first then consider the option of upgrading to the latest BS version from the community as your time permits.

REMEMBER BACKUP, BACKUP AND BACKUP

Link to comment
Share on other sites

Did you also restore the database to an older version? Either when trying to clean the hack or when the site was moved between servers?

 

Or maybe the clean code versions that you have installed are a different version than the ones you were running before the hack.

 

The error message relates to a field that was introduced in one of the upgrade steps in the 2.3.3.x series if I remember right. It could be simply that your files and database are a little out of step.

 

If this is the case, you may be able to fix the problem simply by running the required update sql in phpMyAdmin:

alter table customers_info add password_reset_key char(40);

You probably also need to run

alter table customers_info add password_reset_date datetime;

If you have ended up with a mixture of files at different versions, though, you may find other errors.

Contact me for work on updating existing stores - whether to Phoenix or the new osC when it's released.

Looking for a payment or shipping module? Maybe I've already done it.

Working on generalising bespoke solutions for Quickbooks integration, Easify integration and pay4later (DEKO) integration at 2.3.x

Link to comment
Share on other sites

Did you also restore the database to an older version? Either when trying to clean the hack or when the site was moved between servers?

 

Or maybe the clean code versions that you have installed are a different version than the ones you were running before the hack.

 

The error message relates to a field that was introduced in one of the upgrade steps in the 2.3.3.x series if I remember right. It could be simply that your files and database are a little out of step.

 

If this is the case, you may be able to fix the problem simply by running the required update sql in phpMyAdmin:

alter table customers_info add password_reset_key char(40);

You probably also need to run

alter table customers_info add password_reset_date datetime;

If you have ended up with a mixture of files at different versions, though, you may find other errors.

I did this and problem solved.

 

Thank you everyone for all your help.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...