Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PHP Intrusion Detection System for osCommerce


celextel

Recommended Posts

hi celextel, i really aprecited your contributions, thank you very much.

 

I've been trying to install this addons to my live webstore. http://www.harcomas I'm using oscommerce 2.2.

When i loggin to my admin page i got an error

1146 - Table 'xxxxx_xxx.phpids_intrusions' doesn't exist

select id, ip, name, impact, value, page, created from phpids_intrusions order by id 

 

what should i do?

 

I felt i was run according to the instructions but i got error, should i restart my brain??

 

needed your advice celextel.. thanks

 

Step-D: [Testing - Mandatory for Database Creation]

 

The module at the front end would automatically create the required database during its first test call. Access the website Catalog Main Page [or any other page in which application_top.php is called] and do the testing as mentioned herein, after completing the installation, before going to the admin for accessing the PHPIDS Log Report.

 

Please go through both the test processes first and then go to Admin.

Link to comment
Share on other sites

Step-D: [Testing - Mandatory for Database Creation]

 

The module at the front end would automatically create the required database during its first test call. Access the website Catalog Main Page [or any other page in which application_top.php is called] and do the testing as mentioned herein, after completing the installation, before going to the admin for accessing the PHPIDS Log Report.

 

Please go through both the test processes first and then go to Admin.

 

oh boy... i'm too stupid to ignore that step. Right now everything is working for me, bravo celextel, you are my hero.

May i kiss you??? lol

i mean million thank you for your great jobs celextel

Link to comment
Share on other sites

NEW!!

 

PHPIDS for osCommerce 1.4

>>> with IP Containment Management System and Version Checker

 

1. DB creation code shifted to admin file.

 

2. IP Containment and Management System files [modified] included in this package. Added two more columns to the Banned IP table. One to add reason for banning and another to create the Time Stamp for reference purpose. These columns would be automatically created when you click Banned IP under Tools after going through the upgrade process.

 

3. Version Checker files included in this package.

Link to comment
Share on other sites

Hi , thanks for the great add-on , till now had version 1.3 , today i upgraded into 1.4 but something is going wrong with the IP trap

 

When i run the tests i get this message

 

1146 - Table 'database_name.TABLE_BANNED_IP' doesn't exist

 

select * from TABLE_BANNED_IP where ip_address = '999.199.173.230'

 

[TEP STOP]

Link to comment
Share on other sites

What i have found out is that the line : define('TABLE_BANNED_IP', 'banned_ip'); must be added not only in admin/includes/database_tables.php

but in catalog/includes/database_tables.php

Link to comment
Share on other sites

What i have found out is that the line : define('TABLE_BANNED_IP', 'banned_ip'); must be added not only in admin/includes/database_tables.php

but in catalog/includes/database_tables.php

You are correct. Thanks for bringing this to our notice. We have updated the Read Me file with this instruction. Thanks.

Link to comment
Share on other sites

Hi all,

Please excuse me if I am in the wrong place, just point me in the right direction.

This is the problem:

I installed oscommerce on my server and everything worked fine with the default installation.

Then I added an addon called Sales Force and that is where the problems begin.

I did post a question on that thread but it didn't help much.

 

The error is saying the database change hasn't been made. Assuming you have a working oscommerce shop, you need to login to your hosts control panel and use the program named phpmyadmin to run the sql comands. Your host should be able to guide you through that, though some won't, or there are threads in these forums and on the web.

 

I extracted the files and uploaded each to the proper directory. The database was created automatically when I installed OSC, so from the PHPAdmin I inserted the salesrep.sql. I can see the Sales Force in admin and I have added some data. From the PHPadmin I can see the tables with the correct data in the fields.

When I go to the store and click checkout it suppose to put a dropdown for the sales reps name.

Instead I get this

1146 - Table 'C250884_oscommerce2.TABLE_SALES_REPS' doesn't exist

 

select * from TABLE_sales_reps order by sales_rep_lastname ASC

 

[TEP STOP]

I am guessing it is saying it can't find the table, but I know it is in the database.

I am really, really new at SQL so if anyone can help me with this I would really appreciate it.

What is my next step?

My hosting provider was unable to help me (maybe because I didn't ask the right questions lol)

 

Thanks in advance,

dink

Link to comment
Share on other sites

When I go to the store and click checkout it suppose to put a dropdown for the sales reps name.

Instead I get this

1146 - Table 'C250884_oscommerce2.TABLE_SALES_REPS' doesn't exist

 

select * from TABLE_sales_reps order by sales_rep_lastname ASC

 

[TEP STOP]

I am guessing it is saying it can't find the table, but I know it is in the database.

I am really, really new at SQL so if anyone can help me with this I would really appreciate it.

What is my next step?

My hosting provider was unable to help me (maybe because I didn't ask the right questions lol)

 

Thanks in advance,

dink

 

You seem to have not done the following:

18) In catalog/includes/database_tables.php before the last ?>

ADD:

 /*** Begin SalesForce ***/
 define('TABLE_SALES_GROUPS', 'sales_groups');
 define('TABLE_SALES_REPS', 'sales_reps');
 /*** End SalesForce ***/

 

If you still get the error even after adding this, let us know.

Link to comment
Share on other sites

Hello, I'm installing a new store these days and I want to install your add on.

Please tell me the compability with the others major security add ons like:

 

-Security Pro

-SiteMonitor

-IP trap

-htaccess protection

-Anti XSS

 

Maybe someone will be superfluous once istalled your add-on, may you suggest me a right formula to protect the new site?

 

Thanks.

 

 

NEW!!

 

PHPIDS for osCommerce 1.4

>>> with IP Containment Management System and Version Checker

 

1. DB creation code shifted to admin file.

 

2. IP Containment and Management System files [modified] included in this package. Added two more columns to the Banned IP table. One to add reason for banning and another to create the Time Stamp for reference purpose. These columns would be automatically created when you click Banned IP under Tools after going through the upgrade process.

 

3. Version Checker files included in this package.

Link to comment
Share on other sites

Hello, I'm installing a new store these days and I want to install your add on.

Please tell me the compability with the others major security add ons like:

 

-Security Pro

-SiteMonitor

-IP trap

-htaccess protection

-Anti XSS

 

Maybe someone will be superfluous once istalled your add-on, may you suggest me a right formula to protect the new site?

 

Thanks.

 

PHPIDS for osCommerce 1.4 is compatible with the following add-ons:

>> Security Pro

- Please refer to our Read Me file [included in the package] in regard to this.

>> Site Monitor

 

We use both of these add-ons along with PHPIDS.

 

>> IP trap

You do not require this as we have integrated IP Containment and Management System [similar and more advanced one] with PHPIDS.

 

>> htaccess protection

You could use most of those codes along with PHPIDS. There should not be any problem.

 

>> Anti XSS [XSS Shield]

PHPIDS would not work fully if you use this as some of the query strings get sanitized.

You would not require this if you use Security Pro as both of them have almost same functions.

 

Right formula to protect osCommerce based sites could be:

>> PHPIDS for osCommerce 1.4

>> Security Pro

>> Site Monitor and

>> htaccess protection codes [which are essential]

Link to comment
Share on other sites

You seem to have not done the following:

18) In catalog/includes/database_tables.php before the last ?>

ADD:

 /*** Begin SalesForce ***/
 define('TABLE_SALES_GROUPS', 'sales_groups');
 define('TABLE_SALES_REPS', 'sales_reps');
 /*** End SalesForce ***/

 

If you still get the error even after adding this, let us know.

 

Thanks for your response celextel,

 

I did as you suggested and entered the code, fixed an email problem by unchecking validate email, and now the store/catalog/checkout_shipping.php is showing a blank page. Where do I go from here?

dink

Link to comment
Share on other sites

Thank you very much, I appreciate your explanation and suggestion. I'll reply here when all will be installed to let you know.

Regards,

 

 

PHPIDS for osCommerce 1.4 is compatible with the following add-ons:

>> Security Pro

- Please refer to our Read Me file [included in the package] in regard to this.

>> Site Monitor

 

We use both of these add-ons along with PHPIDS.

 

>> IP trap

You do not require this as we have integrated IP Containment and Management System [similar and more advanced one] with PHPIDS.

 

>> htaccess protection

You could use most of those codes along with PHPIDS. There should not be any problem.

 

>> Anti XSS [XSS Shield]

PHPIDS would not work fully if you use this as some of the query strings get sanitized.

You would not require this if you use Security Pro as both of them have almost same functions.

 

Right formula to protect osCommerce based sites could be:

>> PHPIDS for osCommerce 1.4

>> Security Pro

>> Site Monitor and

>> htaccess protection codes [which are essential]

Link to comment
Share on other sites

Thanks for your response celextel,

 

I did as you suggested and entered the code, fixed an email problem by unchecking validate email, and now the store/catalog/checkout_shipping.php is showing a blank page. Where do I go from here?

dink

 

You should add the following code to the checkout_shipping.php file at the top

error_reporting(E_ALL);
ini_set('display_errors', '1');

after

<?php

and see as to what is wrong in that page.

Link to comment
Share on other sites

You should add the following code to the checkout_shipping.php file at the top

error_reporting(E_ALL);
ini_set('display_errors', '1');

after

<?php

and see as to what is wrong in that page.

Fatal error: Call to undefined method currencies::calculate_price() in D:\hshome\c250884\dink-a-do.net\store\catalog\includes\classes\order.php on line 320

 

This is line 320

 $shown_price = $currencies->calculate_price($this->products[$index]['final_price'], $this->products[$index]['tax'], $this->products[$index]['qty']);

Edited by dink
Link to comment
Share on other sites

Fatal error: Call to undefined method currencies::calculate_price() in D:.....\store\catalog\includes\classes\order.php on line 320

 

This is line 320

 $shown_price = $currencies->calculate_price($this->products[$index]['final_price'], $this->products[$index]['tax'], $this->products[$index]['qty']);

 

Avoid giving the full path info to the files.

 

Either you do not have the following file:

catalog\includes\classes\currencies.php

 

or the following function is missing in the catalog\includes\classes\currencies.php file:

   function calculate_price($products_price, $products_tax, $quantity = 1) {
     global $currency;

     return tep_round(tep_add_tax($products_price, $products_tax), $this->currencies[$currency]['decimal_places']) * $quantity;
   }

 

You should setup osCommerce directly in the root directory of your website or in the catalog directory. You have setup under store\catalog\. This is not usually done.

Link to comment
Share on other sites

Avoid giving the full path info to the files.

 

Either you do not have the following file:

catalog\includes\classes\currencies.php

 

or the following function is missing in the catalog\includes\classes\currencies.php file:

   function calculate_price($products_price, $products_tax, $quantity = 1) {
     global $currency;

     return tep_round(tep_add_tax($products_price, $products_tax), $this->currencies[$currency]['decimal_places']) * $quantity;
   }

 

 

 

 

You should setup osCommerce directly in the root directory of your website or in the catalog directory. You have setup under store\catalog\. This is not usually done.

 

 

Thank you so much!

I did not have the function in the currencies.php so I added your code and everything works fine now.

I agree with you about the setup. I am trying out a new hosting provider and it automatically installed the application.

Is it possible to move the setup by just moving the files to the root?

dink

Link to comment
Share on other sites

Thank you so much!

I did not have the function in the currencies.php so I added your code and everything works fine now.

I agree with you about the setup. I am trying out a new hosting provider and it automatically installed the application.

Is it possible to move the setup by just moving the files to the root?

dink

 

Glad to know about this.

 

Yes, you could move all the shop files and directories to the root. After completing the move, you have to change the path and URL info in the following two files:

includes/configure.php
admin/includes/configure.php

Link to comment
Share on other sites

I've just installed PHPIDS and when I try the first test I get this error:

 

Fatal error: Class 'PDO' not found in /home/ior49618/public_html/catalog/includes/phpids/lib/IDS/Log/Database.php on line 170

 

I have followed the instructions step-by-step. Can you help please?

Link to comment
Share on other sites

I've just installed PHPIDS and when I try the first test I get this error:

 

Fatal error: Class 'PDO' not found in /home/ior49618/public_html/catalog/includes/phpids/lib/IDS/Log/Database.php on line 170

 

I have followed the instructions step-by-step. Can you help please?

 

Please verify whether you have done the following:

 

Step-A: [Core]

6. Grant write access [chmod 777] to the "tmp" folder [phpids/lib/IDS/tmp] and also to phpids_log.txt log file which is inside the "tmp" folder.

 

Step-B: [Admin]

Important: Before going to the next step, go to your admin and click PHPIDS Log and then Banned IP under Tools for creating the required tables to the database automatically.

Link to comment
Share on other sites

Hi Celextel,

 

Step-A: Verified - both are set to 777

 

Step-B: Verified. My database contains tables "banned_ip" and "phpids_intrusions"

 

Regards, Mark

 

Are you still getting the error?

 

Did you make any changes to the osc_phpids.php module file?

 

What is PHP Version that your server is using?

 

Please verify that the catalog/includes/application_top.php file has the following codes:

// include the list of project filenames
 require(DIR_WS_INCLUDES . 'filenames.php');

// include the list of project database tables
 require(DIR_WS_INCLUDES . 'database_tables.php');

// customization for the design layout
 define('BOX_WIDTH', 125); // how wide the boxes should be in pixels (default: 125)

// include the database functions
 require(DIR_WS_FUNCTIONS . 'database.php');

// make a connection to the database... now
 tep_db_connect() or die('Unable to connect to database server!');

// set the application parameters
 $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
 while ($configuration = tep_db_fetch_array($configuration_query)) {
   define($configuration['cfgKey'], $configuration['cfgValue']);
 }

// if gzip_compression is enabled, start to buffer the output
 if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) {
   if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) {
     if (PHP_VERSION >= '4.0.4') {
       ob_start('ob_gzhandler');
     } else {
       include(DIR_WS_FUNCTIONS . 'gzip_compression.php');
       ob_start();
       ob_implicit_flush();
     }
   } else {
     ini_set('zlib.output_compression_level', GZIP_LEVEL);
   }
 }

 

just above the following code:

// include PHPIDS Module
include(DIR_WS_MODULES . 'osc_phpids.php');

Link to comment
Share on other sites

Celextel,

 

Yes, I'm still getting the error, which is

Fatal error: Class 'PDO' not found in /home/ior49618/public_html/catalog/includes/phpids/lib/IDS/Log/Database.php on line 170

 

The osc_phpids.php - yes I made the changes laid out in your documentation as well as setting line 75 to $show_result = 'true'; for the test.

 

My ISP is running PHP 5.2.5 on this host.

 

My application_top.php was as you've shown except that the

// include PHPIDS Module

include(DIR_WS_MODULES . 'osc_phpids.php');

was before the gzip compression section (because I don't have FWR Security Pro.

I moved it to follow the gzip bit, but the result is still the same.

 

Regards, Mark

Edited by kramster
Link to comment
Share on other sites

 

What’s required to run the PHPIDS

You need at least PHP 5.1.6 to use all features of the PHPIDS.

If you have an earlier version of PHP (5.0.x) will this contribution still work? What features would not be available?

Link to comment
Share on other sites

Excellent work Celextel. Glad to see you placed my Ip Containment and Management system into the code base. This is a great contribution that many store owners should find as a lifesaver.

 

Yes. Your IP Containment and Management System is a great and most useful contribution. Thanks for creating that one.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...