Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by ecartz

  1. The image URLs are made by appending the image name to the image directory URL. So you only want the portion of the path after the images directory. In your example, that would be cat2/cat-test-01.jpg
  2. ecartz

    Wishlist For Phoenix

    class hook_shop_system_wishlistApp { public function listen_preActionApp() { // wishlist data if (!isset($_SESSION['wishList']) || !($_SESSION['wishList'] instanceof wishlist)) { $_SESSION['wishList'] = new wishlist(); } //Wishlist actions (must be before shopping cart actions) if (isset($_POST['wishlist'])) { if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) { $qty = $_SESSION['wishList']->get_quantity(tep_get_uprid($_POST['products_id'], $attributes)) + (int)($_POST['qty'] ?? 1); $_SESSION['wishList']->add_wishlist($_POST['products_id'], $qty, ($_POST['id'] ?? '')); } if (WISHLIST_REDIRECT == 'No') tep_redirect(tep_href_link('product_info.php', 'products_id=' . $_POST['products_id'])); tep_redirect(tep_href_link('wishlist.php')); } } } Alternately, adding global $wishlist at the beginning of the function might work.
  3. Perhaps to lull you into a false sense of security. Or because they didn't need it. Corrupt the 2.2 site directly. And use those permissions to try to corrupt the Edge site. This works if both subdomains use the same user behind the scenes. So corrupting the 2.2 site allows them to make changes to the Edge site. Or almost make changes. Perhaps they were unable to complete the hack. Perhaps adding the .mx files was only the first step. If they had completed the hack, you might never have known because they would have cleaned up after themselves.
  4. You might try template_top.php and header.php. If you don't find that text, look for what files those files include/require. It is probably in one of those. And this is exactly why we recommend upgrading from the no longer supported Bootstrap to Phoenix. Because if you put the same effort into upgrading as you have put into trying to make things work in the older version, this might have just worked without further intervention. Because the Phoenix default would seem to give you the desired result. Or if not, at least people would be able to give you more on-point advice.
  5. admin > Modules > Header tags > Robot NoIndex Note though that that is only on specific pages by default and there are reasons why you might not want to have those particular pages indexed. So rather than turning it off, just make sure that it does not have either All or the specific page that you want indexed checked.
  6. Is that the App that would write your database configuration to a file? If the file needed to be writable by the web server, then yes, that could be it. Perhaps delete it, remake it, and then drop the permissions on it to a lower level.
  7. ecartz

    Phoenix easy populate addon v1.0.6.0

    I realize that the Apps Marketplace search often sucks. But https://apps.oscommerce.com/v=cephoenix10&q=Easy Populate shows three things claiming to be Easy Populate for Phoenix.
  8. Have you signed up for Google Search Console? https://www.google.com/webmasters/tools/submit-url?pli=1 https://support.google.com/webmasters/answer/6065812
  9. That was a division by zero. It breaks the query but wouldn't harm the site. It's one of the queries (there are four) starting at https://github.com/gburton/CE-Phoenix/blob/ File injection is more likely to be caused by something that writes files. E.g. admin/backups.php, categories.php, define_languages.php. And also consider the possibility that the reason for the .mx file is that there is some software somewhere that allows the creation of a .mx file but not a .txt or .html file. That doesn't sound like osCommerce. It's more likely to be a vulnerability outside your site. The coincidence of times may simply be that the the same bad actor attempted both attacks on your site and on the server at the same time. You might find more clues from attempts to access files on your site that don't exist. Perhaps one of those found another site on the same server that did have whatever vulnerability.
  10. ecartz

    phoenix + nolapro

    Still put the code before the after_process() call: https://github.com/gburton/CE-Phoenix/blob/master/checkout_process.php#L95 It would probably also be possible to hook it into $parameters = ['order' => $order, 'email' => &$email_order]; echo $GLOBALS['OSCOM_Hooks']->call('siteWide', 'orderMail', $parameters); But that's not where they're asking to run the code.
  11. ecartz

    Installation issues

    Phoenix is the Community Edition. That template is not Phoenix. It is a different fork of the osCommerce code. Because it is a closed fork, you'd have to get support directly from the seller rather than from the forums. You cannot use both Phoenix and that template. They are two separate options.
  12. ecartz

    Installation issues

    Download page: yellow button.
  13. ecartz

    Installation issues

    My guess would be that something went wrong with the FTP upload. Try it again. You could also upload just the install.php file. But usually it's not just one file that goes missing. So either do the whole thing or at least the install directory (and all contents). You might check that you aren't out of filesystem quota. Some hosts have limits.
  14. ecartz

    Payments by credit card stopped working on Friday

    I think that the first step is to ask PayPal. Perhaps they have logging that you can view, but you may need to call them. I mean, it seems unlikely that you were editing your PayPal module on June 4th. So it is unlikely that your store code is the immediate issue. It is possible that your host did something, but the most likely explanation is that PayPal changed. If the change requires a software update, they can let you know what kind of change needs to be made (if their response is not intelligible, post it for others to interpret). Or if there was some kind of host change that is preventing PayPal from connecting, they could tell you what kind of response they are getting. This seems similar to a problem that other stores are reporting on the latest Phoenix. But that hasn't been diagnosed yet. I would not try to update as a first solution. And while I think it would be better to be on a newer version, I would suggest trying to diagnose this problem in your current version first. Because it's always possible that there are two different problems: one that you have and one that more up-to-date stores have. If we can get the newer stores fixed, then it might make sense to update.
  15. ecartz

    Installation issues

    What is the part of the the URL after the catalog directory? E.g. if I go to https://template.me.uk/phoenix/index.php , then the catalog directory is https://template.me.uk/phoenix/ and the part of the URL after it is index.php When you click Start, to what URL does it try to go, relative to the catalog directory?
  16. ecartz

    Remove Extra Type from PDF Invoice

    How do you generate the PDF? Do you click a link on an osCommerce page? Or do you go somewhere else? If an osC page, which one and what actions do you do? Press a button? Does it link somewhere? Where? I don't want to grill you, but those are the kinds of things we would need to help you find what you need. All this assumes that it is not in the EPOS, as we wouldn't offer much help then.
  17. ecartz

    Warning: Use of undefined constant on PHP 7.4

    This is not from core code, which doesn't use that parameter. Certainly not in the current Phoenix and I don't believe so in older versions of osCommerce. If you are simply getting that's telling you that a define is missing. Nothing to do with case sensitivity. Someone might be able to help more if you gave the actual error which says which "constant" is missing.
  18. ecartz

    Default option for OPTION VALUES

    The options module would be at a location like admin > Layout Modules > Product Info > Options & Attributes. Alternately, if that is not installed, look under admin > Modules > Content. Look for the product_info modules. One of them is called Options & Attributes.
  19. ecartz

    Free Shipping Per Product for v2.3

    I made a mistake in the second line. public function listen_injectRedirects() { $products_ship_free = false; if (!GLOBALS['free_shipping']) { define('TEXT_CHOOSE_SHIPPING_METHOD', TEXT_CHOOSE_SHIPPING_METHOD_NO_PFS); define('TEXT_ENTER_SHIPPING_INFORMATION', TEXT_ENTER_SHIPPING_INFORMATION_NO_PFS); return; } foreach ($_SESSION['cart']->get_products() as $product) { if (1 == $product['ship_free']) { $ship_free_count += $product['quantity']; } } if (($GLOBALS['total_weight'] == 0) && ($GLOBALS['total_count'] == 0)) { $products_ship_free = true; $GLOBALS['free_shipping'] = true; if (!defined('FREE_SHIPPING_TITLE')) { include 'includes/languages/' . $_SESSION['language'] . '/modules/order_total/ot_shipping.php'; } } define('TEXT_CHOOSE_SHIPPING_METHOD', ($products_ship_free ? sprintf(PRODUCTS_SHIP_FREE_COUNT, $ship_free_count); : TEXT_CHOOSE_SHIPPING_METHOD_NO_PFS)); define('TEXT_ENTER_SHIPPING_INFORMATION', ((!$products_ship_free && ($ship_free_count > 0)) ? sprintf(PRODUCTS_SHIP_FREE_COUNT_ONLY, $ship_free_count) : TEXT_ENTER_SHIPPING_INFORMATION_NO_PFS)); } Note that this assumes that you've modified the shoppingCart->get_products method to return the 'ship_free' column.
  20. ecartz

    Attribute Images

    jQuery has a selector, which looks like $('SELECT#css_id') The part inside the quotes can be pretty much anything that could appear in a CSS definition. But remember that you probably only want it to apply to one menu, so try for something unique, like ID (rather than class or HTML element). Remember that it is possible to say something like #css_id SELECT to get the select menu inside the #css_id element. Then you attach an onchange handler like $('SELECT#css_id').change(function () {/* JS here */}); That would be close to the equivalent of the onchange in <SELECT id="css_id" onchange="/* JS here */"> assuming that you have <SELECT id="css_id"> somewhere in the HTML. Relevant reference: https://stackoverflow.com/q/11179406 If you post the HTML for the select menu and the recommended jQuery, someone could probably give more help.
  21. ecartz

    When is /ext/.../standard_ipn used?

    Just to highlight something that others have noted in passing but may not have stated explicitly enough. If you want to test the IPN path, then don't go back to your site after making the payment. Because if you just click quickly through everything, chances are that you get back to the site before PayPal sends the IPN. So act like a customer. When you get to the screen that says something like "Click here to return to the merchant", close the browser window. Then your test will work like their order. Because some customers do exactly that. Note that both the IPN and the click through flow use the paypal_standard file. The IPN file also has some logic of its own. This contrasts to the logic triggered from the checkout_process file.
  22. ecartz

    Cost/Weight Shipping

    Sorry, new shoppingCart() not shopping_cart.
  23. ecartz

    Cost/Weight Shipping

    Remove $cart from global and write if (isset($_SESSION['cart']) { $cart =& $_SESSION['cart']; } else { $cart = new shopping_cart(); } But it might be better not to use cart in admin at all.
  24. ecartz

    Sitemap SEO

    Try if (empty($current_category_id) || (strpos($cat['id'], (string)$current_category_id) === false)) continue;
  25. ecartz

    Sitemap SEO

    It's the second parameter to strpos. In this case $current_category_id