Jump to content


  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by ecartz

  1. That was a division by zero. It breaks the query but wouldn't harm the site. It's one of the queries (there are four) starting at https://github.com/gburton/CE-Phoenix/blob/ File injection is more likely to be caused by something that writes files. E.g. admin/backups.php, categories.php, define_languages.php. And also consider the possibility that the reason for the .mx file is that there is some software somewhere that allows the creation of a .mx file but not a .txt or .html file. That doesn't sound like osCommerce. It's more likely to be a vulnerability outside your site. The coincidence of times may simply be that the the same bad actor attempted both attacks on your site and on the server at the same time. You might find more clues from attempts to access files on your site that don't exist. Perhaps one of those found another site on the same server that did have whatever vulnerability.
  2. ecartz

    phoenix + nolapro

    Still put the code before the after_process() call: https://github.com/gburton/CE-Phoenix/blob/master/checkout_process.php#L95 It would probably also be possible to hook it into $parameters = ['order' => $order, 'email' => &$email_order]; echo $GLOBALS['OSCOM_Hooks']->call('siteWide', 'orderMail', $parameters); But that's not where they're asking to run the code.
  3. ecartz

    Installation issues

    Phoenix is the Community Edition. That template is not Phoenix. It is a different fork of the osCommerce code. Because it is a closed fork, you'd have to get support directly from the seller rather than from the forums. You cannot use both Phoenix and that template. They are two separate options.
  4. ecartz

    Installation issues

    Download page: yellow button.
  5. ecartz

    Installation issues

    My guess would be that something went wrong with the FTP upload. Try it again. You could also upload just the install.php file. But usually it's not just one file that goes missing. So either do the whole thing or at least the install directory (and all contents). You might check that you aren't out of filesystem quota. Some hosts have limits.
  6. ecartz

    Installation issues

    What is the part of the the URL after the catalog directory? E.g. if I go to https://template.me.uk/phoenix/index.php , then the catalog directory is https://template.me.uk/phoenix/ and the part of the URL after it is index.php When you click Start, to what URL does it try to go, relative to the catalog directory?
  7. ecartz

    Remove Extra Type from PDF Invoice

    How do you generate the PDF? Do you click a link on an osCommerce page? Or do you go somewhere else? If an osC page, which one and what actions do you do? Press a button? Does it link somewhere? Where? I don't want to grill you, but those are the kinds of things we would need to help you find what you need. All this assumes that it is not in the EPOS, as we wouldn't offer much help then.
  8. ecartz

    Warning: Use of undefined constant on PHP 7.4

    This is not from core code, which doesn't use that parameter. Certainly not in the current Phoenix and I don't believe so in older versions of osCommerce. If you are simply getting that's telling you that a define is missing. Nothing to do with case sensitivity. Someone might be able to help more if you gave the actual error which says which "constant" is missing.
  9. ecartz

    Default option for OPTION VALUES

    The options module would be at a location like admin > Layout Modules > Product Info > Options & Attributes. Alternately, if that is not installed, look under admin > Modules > Content. Look for the product_info modules. One of them is called Options & Attributes.
  10. ecartz

    Free Shipping Per Product for v2.3

    I made a mistake in the second line. public function listen_injectRedirects() { $products_ship_free = false; if (!GLOBALS['free_shipping']) { define('TEXT_CHOOSE_SHIPPING_METHOD', TEXT_CHOOSE_SHIPPING_METHOD_NO_PFS); define('TEXT_ENTER_SHIPPING_INFORMATION', TEXT_ENTER_SHIPPING_INFORMATION_NO_PFS); return; } foreach ($_SESSION['cart']->get_products() as $product) { if (1 == $product['ship_free']) { $ship_free_count += $product['quantity']; } } if (($GLOBALS['total_weight'] == 0) && ($GLOBALS['total_count'] == 0)) { $products_ship_free = true; $GLOBALS['free_shipping'] = true; if (!defined('FREE_SHIPPING_TITLE')) { include 'includes/languages/' . $_SESSION['language'] . '/modules/order_total/ot_shipping.php'; } } define('TEXT_CHOOSE_SHIPPING_METHOD', ($products_ship_free ? sprintf(PRODUCTS_SHIP_FREE_COUNT, $ship_free_count); : TEXT_CHOOSE_SHIPPING_METHOD_NO_PFS)); define('TEXT_ENTER_SHIPPING_INFORMATION', ((!$products_ship_free && ($ship_free_count > 0)) ? sprintf(PRODUCTS_SHIP_FREE_COUNT_ONLY, $ship_free_count) : TEXT_ENTER_SHIPPING_INFORMATION_NO_PFS)); } Note that this assumes that you've modified the shoppingCart->get_products method to return the 'ship_free' column.
  11. ecartz

    Attribute Images

    jQuery has a selector, which looks like $('SELECT#css_id') The part inside the quotes can be pretty much anything that could appear in a CSS definition. But remember that you probably only want it to apply to one menu, so try for something unique, like ID (rather than class or HTML element). Remember that it is possible to say something like #css_id SELECT to get the select menu inside the #css_id element. Then you attach an onchange handler like $('SELECT#css_id').change(function () {/* JS here */}); That would be close to the equivalent of the onchange in <SELECT id="css_id" onchange="/* JS here */"> assuming that you have <SELECT id="css_id"> somewhere in the HTML. Relevant reference: https://stackoverflow.com/q/11179406 If you post the HTML for the select menu and the recommended jQuery, someone could probably give more help.
  12. ecartz

    When is /ext/.../standard_ipn used?

    Just to highlight something that others have noted in passing but may not have stated explicitly enough. If you want to test the IPN path, then don't go back to your site after making the payment. Because if you just click quickly through everything, chances are that you get back to the site before PayPal sends the IPN. So act like a customer. When you get to the screen that says something like "Click here to return to the merchant", close the browser window. Then your test will work like their order. Because some customers do exactly that. Note that both the IPN and the click through flow use the paypal_standard file. The IPN file also has some logic of its own. This contrasts to the logic triggered from the checkout_process file.
  13. ecartz

    Cost/Weight Shipping

    Sorry, new shoppingCart() not shopping_cart.
  14. ecartz

    Cost/Weight Shipping

    Remove $cart from global and write if (isset($_SESSION['cart']) { $cart =& $_SESSION['cart']; } else { $cart = new shopping_cart(); } But it might be better not to use cart in admin at all.
  15. ecartz

    Sitemap SEO

    Try if (empty($current_category_id) || (strpos($cat['id'], (string)$current_category_id) === false)) continue;
  16. ecartz

    Sitemap SEO

    It's the second parameter to strpos. In this case $current_category_id
  17. ecartz

    Is it possible to clone products?

    If they can give you a spreadsheet, you could manipulate it to match what is expected by Easy Populate (App) or another import App from the Marketplace.
  18. ecartz

    Oscommerce integrate with nolapro

    You should ask Nolapro if they guarantee compatibility with OSCOM CE Phoenix (the official name) v1.0.7.1 and later. They do not have an integration in the Apps Marketplace that we could discuss here. In general, products not available for download here are not for discussion here, as per the forum rules. There is an exception for Partners, but they do not have a partnership. The Phoenix Club rules are a bit laxer if you wanted to join there.
  19. ecartz

    1064 error and worse ...

    The one and only important difference is in includes/modules/product_listing.php , so you can just copy that file from the download (either the second link that I posted or it's on the downloads page now). Or use the first link and delete the single line that it shows to delete. The only other file that has changed is the includes/version.php file. If you want, you can copy that over too. I don't know that update instructions have been posted yet, but they would essentially be to copy those two files.
  20. ecartz

    1064 error and worse ...

    Unfortunately, is the version on the download page. The line to remove to fix that is at https://github.com/gburton/CE-Phoenix/commit/82d528731f600565d113614e0733a831c5a27f8a Alternately, download the entire https://github.com/gburton/CE-Phoenix/archive/master.zip and extract includes/modules/product_listing.php and copy it over.
  21. ecartz

    1064 error and worse ...

    If you use phpMyAdmin to run select p.*, pd.*, m.*, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price, p.products_quantity as in_stock, if(s.status, 1, 0) as is_special from products_description pd, products p left join manufacturers m on p.manufacturers_id = m.manufacturers_id left join specials s on p.products_id = s.products_id, products_to_categories p2c where p.products_status = '1' and p.products_id = p2c.products_id and pd.products_id = p2c.products_id and pd.language_id = '1' and p2c.categories_id = '2' order by pd.products_name what does it say?
  22. ecartz

    Google ads

    I'm not sure how they ended up on your site, but you may want to report the publisher to Google. Link: https://support.google.com/adsense/answer/1208370?hl=en Publisher: data-ad-client="ca-pub-4145666569613767" Google may be able to use that report to keep that person from being paid for the ads on your site. This might be a good time to change the passwords associated with your site: your admin password, FTP password, etc.
  23. ecartz

    Remove Extra Type from PDF Invoice

    Did you search for Customer\'s Comments? The apostrophe would need escaped in a string, so an overly literal search might miss it.
  24. https://github.com/gburton/CE-Phoenix/commit/8f4c98ab496f47b58bcc8accf81b183fab013013 Or just update to
  25. I would do it right before the return rather than where you're doing it, for efficiency's sake and to make sure you sort every file. I think that you are implicitly sorting by path most of the time but not always. Try usort($result, function ($a, $b) { return strcmp($a['name'], $b['name']); }); return $result; That explicitly sorts by path. Or even better might be to move it outside the function entirely. foreach (tep_opendir(DIR_FS_CATALOG_LANGUAGES . $_GET['lngdir']) as $file) { to $files = tep_opendir(DIR_FS_CATALOG_LANGUAGES . $_GET['lngdir']); usort($result, function ($a, $b) { return strcmp($a['name'], $b['name']); }); foreach ($files as $file) {