Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Problem with Simple Multiple Images (Unlimited) with Fancy Popups V1.3.5


SOPDIOS

Recommended Posts

Read this

 

You don't realize it but the shop is hacked now...

:o

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Hello is not hacked, this newly installed practically, please can you tell me I can do to fix the problem of the images?, thanks, I leave the product_info.php here if you see something strange

<?php
/*
 $Id: product_info.php 1739 2007-12-20 00:52:16Z hpdl $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

 require('includes/application_top.php');
 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_PRODUCT_INFO);
// Simple multi image addon	
 $image_group = TINY_IMAGE_GROUP_SIZE; //Number of images to show per row/column
$vertical_format = (ADDITIONAL_IMAGE_FORMAT == 'vertical');
$max_title_length = 40; //Set the maximm length of popup titles before they are broken into multiple lines.
 $product_info_query = tep_db_query("select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, p.products_image_array, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_date_available, p.manufacturers_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'");
   $product_info = tep_db_fetch_array($product_info_query);
	$products_image_array = unserialize($product_info['products_image_array']);
   if (!is_array($products_image_array)) $products_image_array = array();
// EOF Simple multi image addon	
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html <?php echo HTML_PARAMS; ?>>
<head>
<!-- Simple multi image addon -->
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<!-- Simple multi image addon -->
<script type="text/javascript" src="<?php echo DIR_WS_IMAGES ?>js/jquery.js"></script>
<script type="text/javascript" src="<?php echo DIR_WS_IMAGES ?>js/jquery.fancybox.js"></script>
<script type="text/javascript" src="<?php echo DIR_WS_IMAGES ?>js/jquery.easing.js"></script>
<script type="text/javascript" src="<?php echo DIR_WS_IMAGES ?>js/jquery.easydrag.handler.beta2.js"></script>
<link rel="stylesheet" href="<?php echo DIR_WS_IMAGES ?>js/fancybox.css" type="text/css" media="screen">
<script type="text/javascript">
var $jQ = jQuery.noConflict();

	$jQ(document).ready(function() {
	$jQ("div#fancy a").fancybox({
	'zoomSpeedIn':	800, 
	'zoomSpeedOut':	700, 
	'imageScale' : true,
	'centerOnScroll': 	true,
	'overlayShow':	<?php echo (DIM_BACKGROUND == 'true' ? 'true' : 'false'); ?>,
	'overlayOpacity': <?php echo (BKG_LUMA/10); ?>,
	'zoomOpacity': 	true,
	<?php if (SWING_POPUP == 'true') echo "'easingIn' : 'easeOutBack',"; ?>
	'hideOnContentClick': true,
	'hideOnOverlayClick': false

});
<?php if (DRAG_POPUP == 'true') echo '$("#fancy_outer").easydrag();'; ?>
});

</script>
<style type="text/css">
<?php if (SHOW_NAV == 'true') echo 'span#fancy_left_ico {left: 20px;}  span#fancy_right_ico {right: 20px;}';
				switch (POS_NAV) {
								case 'top':
								echo 'span.fancy_ico { top: 38px; }';
								break;
							case 'bottom':
								echo 'span.fancy_ico { bottom: 20px; }';
								break;
							default:
								echo 'span.fancy_ico { top: 50%; }';
								break;
								}		
								?>

</style>
<!-- EOF Simple multi image addon -->

<?php require(DIR_WS_INCLUDES . 'header_includes.php'); ?>

<script language="javascript"><!--
function popupWindow(url) {
 window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=yes,copyhistory=no,width=100,height=100,screenX=150,screenY=150,top=150,left=150')
}
//--></script>
</head>
<body>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" class="<?php echo MAIN_TABLE; ?>" cellspacing="0" cellpadding="0">
<tr>
   <td class="<?php echo BOX_WIDTH_TD_LEFT; ?>"><table border="0" class="<?php echo BOX_WIDTH_LEFT; ?>" cellspacing="0" cellpadding="0">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td class="<?php echo CONTENT_WIDTH_TD; ?>"><?php include(DIR_WS_BOXES . 'panel_top.php');?><?php echo tep_draw_form('cart_quantity', tep_href_link(FILENAME_PRODUCT_INFO, tep_get_all_get_params(array('action')) . 'action=add_product')); ?>



<?php
 // Simple multi image addon	
 if (!tep_db_num_rows($product_info_query)) {
// EOF Simple multi image addon	

?>
<?php echo tep_draw_top();?>

<?php echo tep_draw_title_top();?>

			<?php echo TEXT_PRODUCT_NOT_FOUND; ?>

<?php echo tep_draw_title_bottom();?>

<?php echo tep_draw1_top();?>

<?php echo tep_draw_infoBox2_top();?>

		<table border="0" width="100%" cellspacing="0" cellpadding="2">
			<tr><td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td></tr>
           </table>

<?php echo tep_draw_infoBox2_bottom();?>

<?php echo tep_draw1_bottom();?>

<?php
 } else {
 // Simple multi image addon	section moved
   $product_info_query = tep_db_query("select p.products_id, pd.products_name, pd.products_description, p.products_model, p.products_quantity, p.products_image, pd.products_url, p.products_price, p.products_tax_class_id, p.products_date_added, p.products_date_available, p.manufacturers_id from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd where p.products_status = '1' and p.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and pd.products_id = p.products_id and pd.language_id = '" . (int)$languages_id . "'");
   $product_info = tep_db_fetch_array($product_info_query);

   tep_db_query("update " . TABLE_PRODUCTS_DESCRIPTION . " set products_viewed = products_viewed+1 where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and language_id = '" . (int)$languages_id . "'");

   if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
     $products_price2 = '<span class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</span><br><s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s>';
   } else {
     $products_price2 = '<span class="productSpecialPrice">'.$currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])).'</span>';
   }

   if ($new_price = tep_get_products_special_price($product_info['products_id'])) {
     $products_price = '<s>' . $currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) . '</s>   <b class="productSpecialPrice">' . $currencies->display_price($new_price, tep_get_tax_rate($product_info['products_tax_class_id'])) . '</b>';
   } else {
     $products_price = '<b class="productSpecialPrice">'.$currencies->display_price($product_info['products_price'], tep_get_tax_rate($product_info['products_tax_class_id'])).'</b>';
   }

   if (tep_not_null($product_info['products_model'])) {
     $products_name = $product_info['products_name'] . '<br> <span class="smallText">[' . $product_info['products_model'] . ']</span>';
   } else {
     $products_name = $product_info['products_name'];
   }
?>

<?php echo tep_draw_top();?>

<?php echo tep_draw_title_top();?>

			<?php echo $breadcrumb->trail(' » ')?> »  <?php echo $products_name; ?>

<?php echo tep_draw_title_bottom();?>

<?php echo tep_draw4_top();?>

	<?php echo tep_draw2_top();  ?>

<?php /*  echo tep_pixel_trans();  */?>

<?php
   if (tep_not_null($product_info['products_image'])) {
?>

<!-- Simple multi image addon -->
			 <div id="fancy">
			  <table border="0" cellspacing="0" cellpadding="2" align="right">
           <tr>
             <td align="right" class="smallText">

<?php if (strlen($product_info['products_name']) > $max_title_length) {  $title = wordwrap(htmlspecialchars($product_info['products_name']), $max_title_length, '<br>');
        } else { $title = htmlspecialchars($product_info['products_name']); } 
$m_source = ''; $thumb = (class_exists('oscthumb') && CFG_MASTER_SWITCH == 'On'); if ($thumb) { preg_match('/"([^"]+)"/',htmlentities ( tep_image(DIR_WS_IMAGES . $product_info['products_image'],'','','','','',5), ENT_NOQUOTES), $image);  $m_source=str_replace('&','&',$image[1]); }
 echo '<a  rel="image_group" title="'.$title.'" href="' . ($m_source ? $m_source : DIR_WS_IMAGES . $product_info['products_image']) . '" alt="' . $product_info['products_name'] . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"', false, 5) . '<br /></a>'; 
              if(!$vertical_format) { echo ''; $row = 1; reset($products_image_array); foreach($products_image_array as $value) { 
						 if ($thumb) {					 
						 $source = ''; preg_match('/"([^"]+)"/',htmlentities ( tep_image(DIR_WS_IMAGES . $value,'','','','','',5), ENT_NOQUOTES), $image);  $source=str_replace('&','&',$image[1]); 
						 } 
						 echo '<a  rel="image_group" title="'.$title.'" href="' . ($source ? $source : DIR_WS_IMAGES . $value) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $value, $product_info['products_name'], TINY_IMAGE_WIDTH, TINY_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '</a>'; 

							++$row; if ($row > $image_group) { echo '<br />'; $row = 1; } } } 
							echo '</td>';
						 if($vertical_format) { echo '<td>'; $row = 1; reset($products_image_array); foreach($products_image_array as $value) { 
						 if ($thumb) {					 
						 $source = ''; preg_match('/"([^"]+)"/',htmlentities ( tep_image(DIR_WS_IMAGES . $value,'','','','','',5), ENT_NOQUOTES), $image);  $source=str_replace('&','&',$image[1]); 
						 } 
						 echo '<a  rel="image_group" title="'.$title.'" href="' . ($source ? $source : DIR_WS_IMAGES . $value) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $value, $product_info['products_name'], TINY_IMAGE_WIDTH, TINY_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br />' . '</a>'; 

								++$row; if ($row > $image_group) { echo '</td><td>'; $row = 1; } } echo '</td>'; } ?>


           </tr><?php  echo '<tr><td class="smallText">' . TEXT_CLICK_TO_ENLARGE . '</td></tr>'; ?>
         </table>
				</div>
				<!-- EOF Simple multi image addon -->

<?php
   }
?>
<div class="main"><div class="desc2"><?php echo stripslashes($product_info['products_description']); ?></div><br>
			  <br><div><?php echo $products_price?></div></div><br>
<div style="clear:both;"></div>


	<?php echo tep_draw2_bottom();?>

<div class="cart_line_x padd2_gg"><?php echo tep_draw_separator('spacer.gif', '1', '2'); ?></div>        

	<?php  echo tep_draw2_top();  ?>

<?php
   $products_attributes_query = tep_db_query("select count(*) as total from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_ATTRIBUTES . " patrib where patrib.products_id='" . (int)$HTTP_GET_VARS['products_id'] . "' and patrib.options_id = popt.products_options_id and popt.language_id = '" . (int)$languages_id . "'");
   $products_attributes = tep_db_fetch_array($products_attributes_query);
   if ($products_attributes['total'] > 0) {
?>


         <table border="0" cellspacing="4" cellpadding="2">
           <tr>
             <td class="main" colspan="2"><strong class="strong"><?php echo TEXT_PRODUCT_OPTIONS; ?></strong></td>
           </tr>
<?php
     $products_options_name_query = tep_db_query("select distinct popt.products_options_id, popt.products_options_name from " . TABLE_PRODUCTS_OPTIONS . " popt, " . TABLE_PRODUCTS_ATTRIBUTES . " patrib where patrib.products_id='" . (int)$HTTP_GET_VARS['products_id'] . "' and patrib.options_id = popt.products_options_id and popt.language_id = '" . (int)$languages_id . "' order by popt.products_options_name");
     while ($products_options_name = tep_db_fetch_array($products_options_name_query)) {
       $products_options_array = array();
       $products_options_query = tep_db_query("select pov.products_options_values_id, pov.products_options_values_name, pa.options_values_price, pa.price_prefix from " . TABLE_PRODUCTS_ATTRIBUTES . " pa, " . TABLE_PRODUCTS_OPTIONS_VALUES . " pov where pa.products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "' and pa.options_id = '" . (int)$products_options_name['products_options_id'] . "' and pa.options_values_id = pov.products_options_values_id and pov.language_id = '" . (int)$languages_id . "'");
       while ($products_options = tep_db_fetch_array($products_options_query)) {
         $products_options_array[] = array('id' => $products_options['products_options_values_id'], 'text' => $products_options['products_options_values_name']);
         if ($products_options['options_values_price'] != '0') {
           $products_options_array[sizeof($products_options_array)-1]['text'] .= ' (' . $products_options['price_prefix'] . $currencies->display_price($products_options['options_values_price'], tep_get_tax_rate($product_info['products_tax_class_id'])) .') ';
         }
       }

       if (isset($cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']])) {
         $selected_attribute = $cart->contents[$HTTP_GET_VARS['products_id']]['attributes'][$products_options_name['products_options_id']];
       } else {
         $selected_attribute = false;
       }
?>
           <tr><td><?php echo tep_draw_separator('spacer.gif', '1', '9'); ?></td><td></td></tr>
		<tr>
             <td class="main"><?php echo $products_options_name['products_options_name'] . ':'; ?></td>
             <td class="main"><?php echo tep_draw_pull_down_menu('id[' . $products_options_name['products_options_id'] . ']', $products_options_array, $selected_attribute); ?></td>
           </tr>
<?php
     }
?>
         </table>
<?php 
   }
?>


<?php
   $reviews_query = tep_db_query("select count(*) as count from " . TABLE_REVIEWS . " where products_id = '" . (int)$HTTP_GET_VARS['products_id'] . "'");
   $reviews = tep_db_fetch_array($reviews_query);
   if ($reviews['count'] > 0) {
?>
   <table cellpadding="0" cellspacing="4" border="0">
  <tr>
       <td class="main"><?php echo TEXT_CURRENT_REVIEWS . ' ' . $reviews['count']; ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
</table>
<?php
   }

   if (tep_not_null($product_info['products_url'])) {
?>
   <table cellpadding="0" cellspacing="4" border="0">
  <tr>
       <td class="main"><?php echo sprintf(TEXT_MORE_INFORMATION, tep_href_link(FILENAME_REDIRECT, 'action=url&goto=' . urlencode($product_info['products_url']), 'NONSSL', true, false)); ?></td>
     </tr>
</table>

<?php echo tep_pixel_trans();?>

<?php
   }

   if ($product_info['products_date_available'] > date('Y-m-d H:i:s')) {
?>

<?php echo tep_pixel_trans();?>

<table cellpadding="0" cellspacing="4" border="0">    
  <tr>
       <td class="main"><?php echo sprintf(TEXT_DATE_AVAILABLE, tep_date_long($product_info['products_date_available'])); ?></td>
     </tr>
</table>
<?php
   } else {
?>

<?php echo tep_pixel_trans();?>

  <table cellpadding="0" cellspacing="4" border="0">   
  <tr>
       <td class="main"><?php echo sprintf(TEXT_DATE_ADDED, tep_date_long($product_info['products_date_added'])); ?></td>
     </tr>
</table>
<?php
   }
?>

<?php echo tep_draw2_bottom();?>

<?php echo tep_pixel_trans();?> 

<div class="cart_line_x padd2_gg"><?php echo tep_draw_separator('spacer.gif', '1', '2'); ?></div>

<?php  echo tep_draw2_top(); ?>

<?php echo tep_pixel_trans();?>
<?php echo tep_pixel_trans();?>

<?php  /* echo tep_draw_infoBox2_top(); */ ?>

		<table border="0" width="100%" cellspacing="0" cellpadding="0"><tr>
               <td class="main button_marg"><?php echo '<a href="' . tep_href_link(FILENAME_PRODUCT_REVIEWS, tep_get_all_get_params()) . '">' . tep_image_button('button_reviews.gif', IMAGE_BUTTON_REVIEWS) . '</a>'; ?></td>
               <td class="main button_marg" align="right"><?php echo tep_draw_hidden_field('products_id', $product_info['products_id']) . tep_image_submit('button_add_to_cart1.gif', IMAGE_BUTTON_IN_CART); ?></td>
             </tr>
           </table>

<?php  /* echo tep_draw_infoBox2_bottom(); */ ?>

	<?php  echo tep_draw2_bottom();?>


<?php echo tep_draw4_bottom();?>

<?php
   if ((USE_CACHE == 'true') && empty($SID)) {
     echo tep_cache_also_purchased(3600);
   } else {
    include(DIR_WS_MODULES . FILENAME_ALSO_PURCHASED_PRODUCTS);
   }
 }
?>

<?php echo tep_draw_bottom();?>	

</form></td>
<!-- body_text_eof //-->
<td class="<?php echo BOX_WIDTH_TD_RIGHT; ?>"><table border="0" class="<?php echo BOX_WIDTH_RIGHT; ?>" cellspacing="0" cellpadding="0">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
</body>
<?php require(DIR_WS_INCLUDES . 'footer_includes.php'); ?>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Link to comment
Share on other sites

Not hacked you say...

 

I suppose you're the one that put the r57 PHP Shell in the shop then?

:unsure:

 

If you don't know what that is then you'd better start checking your files....

:-"

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

  • 2 weeks later...

There are contributions that I think can do that (never tried them so no clue on how relialble they are).

 

Some people FTP their site to their PC and scan it with their antivirus (personally this sounds very unreliable to me for several reasons I won't go into detail about).

 

If you can't recognize "rogue code" when you see it you may have to get someone to do it for you.

 

And I hate to be the bearer of bad news but there are more "rogue" files now than the last time I looked...

:'(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...