Jump to content

Archived

This topic is now archived and is closed to further replies.

74

Missing buttons in 2.2

Recommended Posts

Hi,

 

seems there are missing buttons in version 2.2 (eg. search, continue, checkout, update,...). I uploaded some buttons for test in /catalog/images for test and they can't be vieuwed :( .

 

Anybody an idea about it?

 

Thx

 

Fred


"The only revolutionary power is the power of human creativity..."

Share this post


Link to post
Share on other sites

Maybe you uploaded them in ASCII mode where they should have been uploaded in BINARY mode?

 

Check the settings of your ftp client and try again ;-)


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites

It was uploaded in Binary , I tried again but no results :(

 

Fred


"The only revolutionary power is the power of human creativity..."

Share this post


Link to post
Share on other sites

Hi 74

There's no missing buttons i 2.2 (all there), so:

a) Use your FTP to check that all images are in /catalog/images

B) check your config.php (right dir for images?)

c) Did you use the same name for the buttons?

d) Changed names all the way for the new ones?

 

Hope this helps


Best Regards

olby

Share this post


Link to post
Share on other sites
It was uploaded in Binary , I tried again but no results

 

Then check the permissions of the files. They should be something like 704 or 707. Make sure the web server is allowed to read the images. This usually means that permissions must be set to 707.

 

HTH


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites

Hold on it cant be that hard to find them.

 

Either they are in your catalog/includes/languages/english/images/buttons/ or they aint!!

 

I think I got that right. :lol: Cant be bothered to look and check, but you get my drift.

 

Take a look in that directory, if they are not there, re-download the latest snapshot and upload them. If they are there, then you have done something wrong on upload.

 

CC.

Share this post


Link to post
Share on other sites

Hi guys,

 

Thanks for the help but nothing works :(

 

Anyone another idea??

 

Thx

 

Fred


"The only revolutionary power is the power of human creativity..."

Share this post


Link to post
Share on other sites

Yes. Test this:

 

In the includes directory you will find a file called .htaccess.

 

Delete it.

 

And add an empty index.html to includes and all subdirectories to avoid that people can list the content of these directories.

 

There is a known problem with some apache configurations that prevents apache from getting the images from the includes/languages/[langugae]/images.

 

HTH


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites

You rule Jan :lol: :lol:

 

This was the solution :lol: :lol: :lol:

 

just another question about it : when i delete the htaccess, my directory is not protected anymore and they could find an access to my DB, isn't it?


"The only revolutionary power is the power of human creativity..."

Share this post


Link to post
Share on other sites

That's why I suggested to add blank index.html files to all subdirectories. It will prevent the surfer from actually seeing the files in that directory.

 

Normally there is no real risk involved, as it is not possible to see the sources of the php files that are in these directories. When called from a browser the server will interpret the php files and will show only the output.

 

The php-files in includes normally don't output anything, so you should be safe.

 

I might be terribly wrong though. Maybe some more experienced hacker can show us a better solution.


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites

Only your include directory will be unprotected. Make sure you still have your admin directory protected and the most important file to protect is application_top.php as your database login is stored there in plain text. Ideally you would want to encode your password and info in application_top.php(I believe there's something in the FAQ on this). Your database will still be password protected and isn't in your includes directory anyways so that shouldn't be a concern. If you're on any kind of virtual server your admin should be able to help you protect your database(actually it should already be taken care of). All in all, OSCommerce isn't exactly the most secure product available, but if you don't store credit card numbers unencrypted really the worse thing that anyone can do is vandalize your store or steal your customer info(still things you don't want to happen). Deleting the .htaccess in includes isn't that big of a problem in the grand scheme of things.

Share this post


Link to post
Share on other sites

In your httpd.conf, you need to do:

 

#

# Each directory to which Apache has access, can be configured with respect

# to which services and features are allowed and/or disabled in that

# directory (and its subdirectories).

#

# First, we configure the "default" to be a very restrictive set of

# permissions.

#

<Directory />

Options FollowSymLinks Includes

AllowOverride AuthConfig FileInfo Limit

 

</Directory>

 

Make sure that the Limit tag is in there, and then the problem will be solved.

Share this post


Link to post
Share on other sites

The most important file to protect is dependent on the version of osCommerce you are using:

 

2.1: includes/application_top.php

 

2.2: includes/configure.php

 

Hint: Add the .htaccess file to the includes/local directory and move the configure.php there. Add a blank configure.php to includes. That will at least make it a bit more difficult for hackers.

 

Better solution: Store the configure.php outside the DOCUMENT_ROOT and change the include() statement in application_top.php accordingly.

 

HTH


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites
Make sure that the Limit tag is in there, and then the problem will be solved.

 

Can this be confirmed by other people with the same problem? If yes we will update this in CVS.

 

Sounds great :-) Thanks for sharing this!


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites

If a person accesses a PHP file in a browser, they won't get to see the PHP, only the output. So your file is safe anyway.

 

But if you do have to remove that htaccess file, then stick in a index.php with a naughty message, or a redirect back to your catalog...

Share this post


Link to post
Share on other sites
Make sure that the Limit tag is in there, and then the problem will be solved.

 

Can this be confirmed by other people with the same problem? If yes we will update this in CVS.

 

Sounds great :-) Thanks for sharing this!

 

Caveat Emptor :) It worked for me - might not work for all. I'm running -

* Apache 1.3.26

* MySQL 3.23.51

* PHP-4.2.2

Share this post


Link to post
Share on other sites

I should read more carefully. :-(


You can't have everything. That's why trains have difficulty crossing oceans, and hippos did not adapt to fly. -- from the OpenBSD mailinglist.

Share this post


Link to post
Share on other sites
That cant be added to CVS as that change needs to go in httpd.conf directly, not .htaccess.

 

But could it go as a contribution so its easy to find and follow??

Share this post


Link to post
Share on other sites

I had this problem (no flags/no buttons) on this server:

 

HTTP Server: Apache/1.3.27 (Unix)

FrontPage/4.0.4.3

PHP Version: 4.1.2 (Zend: 1.1.1)

 

EVERYTHING WAS ALRIGHT!!!! (...also the chmod-changing from 755 to 707.......)

...but i tried everything (!) to make the flags/icons visible.

 

In the end I had to delete the .access in the includes-directory.

I throwed an blank html-file into it. Now it works.

 

I'll post this under tips and tricks. :D


just create...and sell..sell...sell.....

Share this post


Link to post
Share on other sites
Can this be confirmed by other people with the same problem? If yes we will update this in CVS.

Sounds great :-) Thanks for sharing this!

 

Had the same problem of buttons not showing. It solved my problem!!

 

about the security issues.

if you move the languages folder to say catalog/ronk/languages/

and change the DIR_WS_languages to the new adress. you dont need to remove htaccess from includes. Or would this mess up the place completly?

Share this post


Link to post
Share on other sites

I'm having this problem with new buttons, I'm trying to connect to a new site, as we speak. Any serious system that can't (under circumstances) hook up buttons reminds me about that "shooting in the foot" allegory.

Share this post


Link to post
Share on other sites
I had this problem (no flags/no buttons) on this server:

HTTP Server: Apache/1.3.27 (Unix)

FrontPage/4.0.4.3

PHP Version: 4.1.2 (Zend: 1.1.1)

EVERYTHING WAS ALRIGHT!!!! (...also the chmod-changing from 755 to 707.......)

...but i tried everything (!) to make the flags/icons visible.

In the end I had to delete the .access in the includes-directory.

I throwed an blank html-file into it. Now it works.

I'll post this under tips and tricks. :D

 

Well, I've done it and it's not working for me for a site VPS hosted by websitesource.com. Also, I'm rather reluctant to mess with the server's system files. Since I'm going to use only English, how I can redirect the OSCommerce outside of /include, if that helps, to look for the !&%##%# buttons?

Share this post


Link to post
Share on other sites

Silly me! My server setting was OK and my button images were perfectly available all along. My problem was that I was unaware that my copy of html_output.php contained already a CSS overwrite that practically blocked usage of any bitmap buttons. So, I just coded new .cssButton class, I needed, in the stylesheet.css and I'm back in business. Glad I don't need to deal anymore with them pesky language-dependant bitmap buttons.

 

I bet some folks here, who had the same no-button-access "problem", may be not aware of that either.

Share this post


Link to post
Share on other sites

×