Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. raiwa

    Hack attempt - is there a way to prevent this?

    malicious/problematic code has already been filtered out in this example: Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC 244 Whatever St"__sCRiPt sRC=//jb.gy/i__/sCrIpT_
  3. GoCastaway58

    Security checks gone

    I already installed a clean "Frozen" on my server and it works perfect as far as i can see. The layout is good responsive, but when i am going to use it i am gonna make some changes in the layout etc, and i also need it in Dutch, so i have to look if the language pack that i have is up to date. Next weeks i am going to work on it, will keep you updated.
  4. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    That did it. Looks the way it should.......Thank you!!!!
  5. JcMagpie

    Admin page not logging secure, not displaying correct

    This will be down to you beeing on a shared server, looks like your host as turned on SSL on the server, just check you config file in admin/includes and make sure all http statments are changes to https. You will need to check this for every link in your code as any that still call http will cause problems of mixed content.
  6. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    Mr. Phil, how do I upgrade this? Is this something I have to have my hosting company do or can I do this myself?
  7. 4girlsandaguy

    Admin page not logging secure, not displaying correct

    I checked the browser code. It looks just what you have. But what is happening is that the .css and .js files are all blocked because it is a insecure site. My shopping cart is secure but for some reason my admin page is not. I will have my hosting site address this and follow up here. Thanks for the insite and info.
  8. Today
  9. A few general notes: did your host just upgrade PHP (to 5.6)? osC 2.3.4 (official release) is a bit long of tooth, and has been known to have problems with PHP versions above 5.4 or so, although I don't recall seeing problems this severe. Did you get moved to a different server? Did your host make any other changes, such as forcing SSL? It's not uncommon for one hand (server support) to make major changes and not tell the other hand (customer support) what they did. Could you have been hacked (any files show inexplicably recent updates)? Did you make some "innocent little change"? By the way, PHP 5.6 is no longer supported (ditto 7.0) and 7.1 won't be soon, so try to upgrade your store before you run into severe problems on the next PHP upgrade. The only current osCommerce is "Frozen" (or "Edge", if you're adventurous) -- see link for it (plus patches) below in my signature. The official osC releases are years behind.
  10. JcMagpie

    Hack attempt - is there a way to prevent this?

    So going back to the original post of what if some one uses a form to inject script into the db? Look's like no cleaning is done before input is saved to db in official osC or CE. Script used in create account form is simply passed over to each page and saved into db. No scrubing is done when it is pulled out to display, And db is just taking the data presented to it. The test script used was the one origionaly posted and used as a test ( can do no harm as it not active on it's own) Bob Smith"__sCRiPt sRC=//jb.gy/i__/sC So looks like some method of scrubing all forms and input boxes is needed not just the search. Or have I missed somthing?
  11. If you have problems with the supplied password file changes, pull it all out and use your host's "password protect a directory" function from their control panel. It's much more likely to work correctly than what is supplied by osC. The only downside is that the osC Security Check won't recognize that you have password protection and will issue spurious warnings. If you have to enter an ID and password to get into admin (to the page with the normal osC ID/password field), don't worry about the warning -- it's working.
  12. MrPhil

    Hack attempt - is there a way to prevent this?

    Well, you could always replace your osC search with Google (with the term site:yoursite.com) or some other well-known search engine. (Are there any others left these days?) You will likely lose any storage of search terms, although there's no reason you couldn't save a search string (suitably sanitized, first) in your database before passing it on to Google. I'm assuming that there is no problem with sessions, etc. if you pop out to an external search engine from a logged-in store, so check out that early in the process.
  13. MrPhil

    Security checks gone

    If a responsive site is your primary concern, Frozen is already responsive out-of-the-box. No template is needed. Unless OsMart assures you that their template is compatible with Frozen (2.3.4.1BS/CE), it's very unlikely that it will work. Note that colors, typefaces/fonts, font size, and limited positioning and sizing of screen areas are all easily adjusted in the user.css file with CSS settings. You don't need a "template" to do these things. If it adds other functionality, that would have to be done separately. Frozen is fully PHP 7.1 compatible. 7.2 is iffy. It will run on 5.6 or 7.0, but be aware that those PHP levels are totally unsupported now, and thus dangerous to use.
  14. freakystreak

    SEO Friendly Urls - a new approach

    I have checked the admin backend and I can't see any call to 'seo_friendly_urls.php. Can you advise me as to what I should look out for regarding the Apache Server configuration? Thank you.
  15. GoCastaway58

    Security checks gone

    I am going to try the PHP roll back and see what happens, but i can only go back to 5.6 and up to 7.1 - 7.2 -7.3 Downloaded the "frozen" version, but can i use that with the OsMart template? Its a good responsive template and would keep it
  16. JcMagpie

    Hack attempt - is there a way to prevent this?

    Just checked on official osC and it's the same result nothing found, can you spot the irony of the image below?
  17. Xarlina

    Editing Footer Links...

    Hi there, it could be done through footer template, but don`t forget to make a copy of the new version of the footer. It helps you quickly make changes if in some reasons footer file will be updated and returned to its original condition. It`s just friendly advice, for now, I`m a blogger and essay writer from xx but I`ve to deal with something like this before.
  18. coelroy

    17 Years Young!

    My friend I believe it's today Monday 20th May 2019 Can we hold you to your word i.e. "New releases coming soon. New websites coming soon." ? Elroy
  19. JcMagpie

    Hack attempt - is there a way to prevent this?

    I don't think this has anything to do with the edits as on a stock osC you still will get no results! Try your self on a clean BS4 in stall https://www.jcmagpie.com/advanced_search_result.php?keywords=A+Bugs+Life Compare that to a google search box output and you get a result every time, try it your self. https://www.justfastfood.com/
  20. freakystreak

    SEO Friendly Urls - a new approach

    Thanks for your reply, I am using osCommerce v2.3.4. Its using Bootstrap.
  21. BrockleyJohn

    How do I use function __construct in this code?

    Whether they would have behaved differently in the past with the current constructors, I couldn't say. However the current core code doesn't - that's what testing is for! I am confident in the testing of the original set of changes - the process used for the changes was: code scan for all classes and identify those with php4 constructors, code scan for direct calls to constructor method identify at least one page using the class and check for deprecated message show that change removed deprecated message but leaves page function unchanged for direct calls to constructor method, show function before and after the same too However the changes were reapplied several times over the course of months as Edge moved forward and although largely automated by git, it's always possible that errors or omissions were introduced in the final version so it's good to air any doubts you have. The constructors resulted in a lot of lines of code that needed altering but the bit that was much harder to analyse confidently was the change to the evaluation order in statements. IIRC there was only one line of code that needed changing for this.
  22. supercheaphobb

    Frozen bug list

    So just confirming the breadcrumbs needs to be removed from /includes/modules/content/header/templates/tpl_cm_header_breadcrumb.php
  23. Jack_mcs

    Hack attempt - is there a way to prevent this?

    For the code I posted, use $keywords = preg_replace('/[^ \w-\'\"]/', '', $_GET['keywords']);
  24. MrPhil

    How do I use function __construct in this code?

    OK, good to know that nothing there needs fixing. Although I do wonder if they behaved differently if and when they had only the eponymous constructor methods.
  25. Yesterday
  26. ArtcoInc

    Security checks gone

    @GoCastaway58 As @MrPhil suggested, ask your host if they can roll back to an earlier version of PHP. That *may* resolve your problem ... temporarily. If it does work, use the time to consider updating your shop to the latest Community Edition of osC. (link in my signature). M
  27. BrockleyJohn

    How do I use function __construct in this code?

    Nope these are all deliberate. Shopping cart's eponymous method is called to reset it (but there's no point in resetting it on construction). Table block and altert box's methods are called from child classes which override the constructor so the parent's never gets called.
  28. A recent attack on one of my shops revealed that hackers will use the search function to try and gain access to the shop and/or database. Since SmartSuggest records search inquires to a database table, there is a possibility that this could be used in an attack Malcolm
  1. Load more activity
×