Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by ecartz

  1. ecartz

    shop by price

    @discxpress You have two lines in your code: if ($GLOBALS['PHP_SELF'] == 'index.php') { function execute() { replace those two lines with function execute() { if ($GLOBALS['PHP_SELF'] == 'index.php') { I.e. swap the order of those two lines. The rest of the code can stay the same as in your previous post.
  2. ecartz

    Email Notification

    This is not the normal workflow. Normally, when the order is first inserted in the database, the email is sent. So two possibilities: 1. Your payment module performs its own workflow where it inserts the order before processing the payment. 2. You have order emails turned off. If the latter, turn them on. If the former, then the payment module would need to be modified. It would be problematic to modify such a payment module to work the way that you describe. Because payment modules that insert the order into the database before processing payment do not necessarily process the payment. Because payment failures happen after the order is inserted. Typically, if your payment module works that way, what you want to happen is for the email to be initiated in two ways. 1. When the customer returns to the web site after paying, it sends the email. This happens automatically on checkout_process in the normal flow. 2. If the customer does not return to your web site, the payment processor sends a payment message which triggers sending the email. PayPal calls this an IPN. Perhaps your payment module is missing the latter portion. Or it could be bypassing the former. Or both. Regardless, this isn't a matter of simple configuration (unless you have order emails turned off). You need development on the payment module.
  3. ecartz

    foreach error

    It's telling you that that function is not returning an array. It would need to consistently return an array to be used that way.
  4. ecartz

    423 php error

    You can check that the timestamp has a sane value with https://www.epochconverter.com/ For example, 1593500467 is Tuesday, June 30, 2020 7:01:07 AM. (It might format more recognizably on your computer.) Current as I'm writing this: 1593703947 But the 423 is not a status code in those log entries. It's something more like the size of the response. Example link on reading Apache access logs: https://www.keycdn.com/support/apache-access-log
  5. If you do not have the .htaccess file and try to open the images directory in your browser (just the directory, no file), what happens? If it says you are not authorized, you can delete the following line from the .htaccess file Options -Indexes It is conceivable that that would fix things. I suspect that your host has set some configuration that conflicts with the .htaccess file. If your error logs don't give any more information, then they would be the ones who would have to do the next steps of debugging. You might ask them about AllowOverride and AllowOverrideList values in httpd.conf. E.g. in the documentation: https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride The .htaccess file uses the Limit directives. It is possible that they might have to incorporate the directives from the old version of the .htaccess file into the httpd.conf in a Directory section. The old version because they are using Apache 2.2. The new version should be compatible with both 2.4 and 2.2 but otherwise has no advantages over the old version. I.e. the choices are either for them to configure your site AllowOverride Limit or to incorporate <FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$"> Order Deny,Allow Deny from all </FilesMatch> Options -Indexes into the httpd.conf files.
  6. More ways to check the Apache version from PHP: https://stackoverflow.com/questions/2927954/how-to-get-the-apache-version Yet more ways to check: https://stackoverflow.com/questions/166607/how-do-i-find-the-version-of-apache-running-without-access-to-the-command-line If none of that works, ask your host. They also may be able to tell you if there are restrictions on .htaccess files that would cause trouble.
  7. admin > Tools > Server Info The Apache version should be under the HTTP Server.
  8. ecartz

    Import / Export

    There are two or three versions of Easy Populate that are supposed to be compatible with Phoenix.
  9. That looks like a malformed call to splitPageResults.
  10. Apache version? The .htaccess doesn't help with file permissions. It keeps people who upload .php files to the server from being able to run them. It's to cover for the directory permissions being 777. I'd create a test file, test.php with content <?php echo 'Hello world!'; Try to visit it in the browser. Then upload smaller versions of the .htaccess and see which makes it stop working and which makes the images stop working. If you can find a smaller version that lets the images work while stopping the PHP file, then use that version. You can see an older version of that file at https://github.com/gburton/CE-Phoenix/blob/41601da342152b010247083c1a70101aa2468d84/images/.htaccess
  11. Depending on why you want to show it, you might also put it in your conditions. As in, Must Agree Terms & Conditions. Messaging it from the payment module is best for letting the buyer know. But if you simply want them to be legally advised, that's what the terms and conditions does. Note that the payment module messaging dates back to I.e. it is older than the osCommerce GitHub.
  12. Sorry, I had meant to post https://stackoverflow.com/questions/47700336/php-7-2-warning-cannot-change-session-name-when-session-is-active That's what gives me the idea that something changed in PHP 7.2.
  13. In Phoenix, the line that triggers the session_set_save_handler call is in application_top.php at require 'includes/functions/sessions.php'; It seems to be claiming that output is being sent before that line. One possibility to find what is causing it is to keep moving that line higher in the file until it either works or you get a different error. Sometimes that helps if that line is not dependent on other code having run first. Could not be moved prior to the includes/configure.php line. Not sure about other dependencies. It does seem like PHP 7.2 became stricter in its session handling. So something that was always broken may now be announcing that it is broken. Compare what you have above that line and in files included before that to what Frozen has to see what may have changed. It's also worth noting that this can happen if you have a different error or warning displayed before the session started. You can fix that by turning off display_errors. E.g. at the top of includes/application_top.php put ini_set('display_errors', 0); Put it right before the starting time is set, after the previous comment is closed. That may shift things from totally broken to just moderately broken. If that is what the problem is. So this error would go away and you could concentrate on the other problems that would still be there.
  14. ecartz

    Wishlist For Phoenix

    Put it in the hook before the shopping cart action is processed? This will be a little more complicated in, as the shopping cart actions are also processed by a hook. But in, there is a hook call immediately prior to the processing of the shopping cart actions. Then it seems to be saying that the $wishlist object is not set. I would probably replace it with $_SESSION['wishlist'] and it's possible that it is not triggering the wishlist creation for some reason. Or perhaps it needs to be gated by if (isset($_SESSION['wishlist'])) { somewhere.
  15. If you can run executable code in .ico files, that is a security hole. Similarly, X-Frame-Options is generally set by Apache, not by individual applications. https://geekflare.com/secure-apache-from-clickjacking-with-x-frame-options/ Allowing image uploads should only be available to the admin, which should be secured by Apache's Basic Authentication (htpasswd). Writing image files to anywhere other than images/ admin/backups and a few more locations should be blocked by directory file permissions. You can disable osCommerce from allowing .ico uploads. Look for set_extensions or I seem to recall that older versions had a default set somewhere. Only the last of those is settable in application. Some of the third is configuring for use by the application. Some is host configuration (who owns the site files and directories; what are the permissions). The first two are purely host configuration. Although perhaps the .ico file is being included by something else (what?). In general, clickjacking only works if you use the same browser instance to both log into your osCommerce admin and view other pages. If you only ever use the browser instance for looking at the osCommerce admin, clickjacking won't work. Keep one browser only for osCommerce. This could be Chrome, Edge, Firefox, Safari, Opera, etc. And use a different browser for regular web browsing. Chrome and Firefox also support multiple profiles (Chrome will let you have multiple profiles open at the same time).
  16. ecartz

    Custom forms help on emagicone

    INNER JOIN vendors v on T1.vendors_id = v.vendors_id Then you can select v.vendors_name.
  17. I just downloaded it, and the fix is there. Replace the includes/functions/general.php file. Or look for the complete set of changes at https://github.com/gburton/CE-Phoenix/compare/v1.0.7.2...v1.0.7.3 Or join the Phoenix Club so that you get upgrade instructions.
  18. Or you could have just updated to, which has a fix for this as well as others.
  19. No, the DB update would stay the same. The only change you'd need to make is " . TABLE_CATEGORIES . " to categories. Otherwise , the code that you posted should be correct. Except that it's missing the confirmation step. You have the button and you have the code that processes the confirmation. But I don't see the actual step for confirming the deletion.
  20. Maybe tep_db_query("UPDATE categories SET categories_image = '" . tep_db_input($dir_cat . $categories_image->filename) . "' WHERE categories_id = " . (int)$categories_id);
  21. The image URLs are made by appending the image name to the image directory URL. So you only want the portion of the path after the images directory. In your example, that would be cat2/cat-test-01.jpg
  22. ecartz

    Wishlist For Phoenix

    class hook_shop_system_wishlistApp { public function listen_preActionApp() { // wishlist data if (!isset($_SESSION['wishList']) || !($_SESSION['wishList'] instanceof wishlist)) { $_SESSION['wishList'] = new wishlist(); } //Wishlist actions (must be before shopping cart actions) if (isset($_POST['wishlist'])) { if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) { $qty = $_SESSION['wishList']->get_quantity(tep_get_uprid($_POST['products_id'], $attributes)) + (int)($_POST['qty'] ?? 1); $_SESSION['wishList']->add_wishlist($_POST['products_id'], $qty, ($_POST['id'] ?? '')); } if (WISHLIST_REDIRECT == 'No') tep_redirect(tep_href_link('product_info.php', 'products_id=' . $_POST['products_id'])); tep_redirect(tep_href_link('wishlist.php')); } } } Alternately, adding global $wishlist at the beginning of the function might work.
  23. Perhaps to lull you into a false sense of security. Or because they didn't need it. Corrupt the 2.2 site directly. And use those permissions to try to corrupt the Edge site. This works if both subdomains use the same user behind the scenes. So corrupting the 2.2 site allows them to make changes to the Edge site. Or almost make changes. Perhaps they were unable to complete the hack. Perhaps adding the .mx files was only the first step. If they had completed the hack, you might never have known because they would have cleaned up after themselves.
  24. You might try template_top.php and header.php. If you don't find that text, look for what files those files include/require. It is probably in one of those. And this is exactly why we recommend upgrading from the no longer supported Bootstrap to Phoenix. Because if you put the same effort into upgrading as you have put into trying to make things work in the older version, this might have just worked without further intervention. Because the Phoenix default would seem to give you the desired result. Or if not, at least people would be able to give you more on-point advice.
  25. admin > Modules > Header tags > Robot NoIndex Note though that that is only on specific pages by default and there are reasons why you might not want to have those particular pages indexed. So rather than turning it off, just make sure that it does not have either All or the specific page that you want indexed checked.