Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Register Globals Support


Guest

Recommended Posts

  • Replies 280
  • Created
  • Last Reply

Top Posters In This Topic

what do you all mean by commented/commenting?

Comments in the PHP code.

where do you add the new patches too?

Read the instructions, though if you are asking a question like "what is a comment" then I would suggest you are somewhat out of your depth. You need to understand the environment that OSC runs in - ie - apache ( www.apache.org ), if you are using apache, of course, PHP ( www.php.net ), mysql ( www.mysql.com ), though the last is less important from a starting-to-learn point of view.

I have register_globals enabled on my linux server but I still can't get passed the error

What error ?

 

Rich.

Edited by CMOTD
Link to comment
Share on other sites

Sorry about that.

The admin section is working fine. the problem is in the catalog section.

Well, the contribution DOES work, so I would suggest you go back and check your changes. If you have some other contribution installed then there could be some conflict there that needs resolving. As I mentioned in my previous reply, I have included some words in the contribution to point you in the right direction to try and get other contribtions working with this (though the error you are reporting would suggest you have made a mistake changing the code).

 

Rich.

Link to comment
Share on other sites

Anyone here done any work getting the contribution "Authorize.net Consolidated 1.7b" (or any previous version) working with RegGlobals off? The trouble we seem to be having is that none of the entered credit card information is being POSTed to the payment gateway's process correctly. (A debug output shows the fields sent as being blank and we get back a "You need to provide a card number" error....)

 

I've run the excellent investigation script provided by Richard in the v1.3 release package of the RegGlobals mod (and it shows several POST variables), but would naturally prefer to avoid hours of tinkering to find and fix (and break other things and then find and fix THEM, etc...) if someone else here has already got it all figured out.

 

Thanks!

Link to comment
Share on other sites

If you look back through this thread, you will find a post from me dated 23 October 2004 and titled "HANDY HINT FOR FINDING REGISTER GLOBALS PROBLEMS AND SOME BUG-HUNTING TIPS"

 

Maybe this will help you

 

Rich.

 

 

Hi Richard

 

Further to my previous post i have been trying to solve this problem and have had no luck so far. :(

 

I put the code in that you suggested into application_top, went to the page that i think is causing problem, product_info and get this..

 

GET

 

product_id '33'

 

Everything works fine except for my wishlist and dynamic mopics contribs all the other info is displayed correctly like the product image and description etc..

 

With the wishlist i have found that the products id is not being passed to the database and i assume it is the same sort of problem with the dynamic mopics not being displayed. Not being able to find/match the products id :blink:

 

I have tried the code fixes you suggested but with no luck. :(

 

Would you be able to have a look at the code for me?

 

Thanks

 

Mike :'(

Edited by Mighty Mike
Link to comment
Share on other sites

...Further to my previous post i have been trying to solve this problem and have had no luck so far.  :(

Try this (wishlist) :

 

FILE: .../catalog/includes/application_top.php

In this file, there are two lines that have been modified to read as follows...

 

tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$products_id");

tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$products_id");

 

...try changing them to this...

 

tep_db_query("delete from " . TABLE_WISHLIST . " WHERE customers_id=$customer_id AND products_id=$_GET['products_id']");

tep_db_query("delete from " . TABLE_WISHLIST_ATTRIBUTES . " WHERE customers_id=$customer_id AND products_id=$_GET['products_id']");

 

I note that this was actually correct in the unmodified code and has been broken by sloppy coding in the wishlist contribution.

 

Later on, in the same file, there's another problem. Change this...

 

tep_db_query("insert into " . TABLE_WISHLIST_ATTRIBUTES . " (customers_id, products_id, products_options_id , products_options_value_id) values ('" . $customer_id . "', '" . $products_id . "', '" . $att_option . "', '" .$att_value . "' )");

 

...to this....

 

tep_db_query("insert into " . TABLE_WISHLIST_ATTRIBUTES . " (customers_id, products_id, products_options_id , products_options_value_id) values ('" . $customer_id . "', '" . $_POST['products_id'] . "', '" . $att_option . "', '" .$att_value . "' )");

 

There could be others (I only had a quick look) - search for $product_id and change to $_GET['product_id'] or $_POST['product_id'] as required. You can usually tell whether you need GET or POST based on how the surrounding ines use the variable. You MUST get this correct for it to work !

 

Where do I send the invoice ?

 

Rich.

Edited by CMOTD
Link to comment
Share on other sites

Hi Richard

 

Thanks for your post.

 

I made the changes but still have the same problem (products_id not being passed to the db). I dont have the "TABLE_WISHLIST_ATTRIBUTES" part as i dont need it. But made changes to the other parts.

 

This is the code for adding/(deleting?) products to the wishlist

case 'add_wishlist' :   if (ereg('^[0-9]+$', $HTTP_GET_VARS['products_id'])) {
                               if ($HTTP_GET_VARS['products_id']) {
                                 tep_db_query("delete from " . TABLE_WISHLIST . " where products_id = '" . $HTTP_GET_VARS['products_id'] . "' and customers_id = '" . $customer_id . "'");
                                 tep_db_query("insert into " . TABLE_WISHLIST . " (customers_id, products_id, products_model, products_name, products_price) values ('" . $customer_id . "', '" . $_POST['products_id'] . "', '" . $products_model . "', '" . $products_name . "', '" . $products_price . "' )");

 

I have tried $HTTP_POST_VARS and that didnt work, i removed the delete function from the above code (why is it there anyway) and that made no difference.

 

Dont know what else i could try :blink:

 

Any ideas?

 

Thanks for your time Richard

 

Mike

Link to comment
Share on other sites

Hi Richard

 

Got it to work :D

 

This is my code now, i removed the delete query as i can not see why it is needed there and used "$HTTP_GET_VARS['products_id']" instead of "POST"

tep_db_query("insert into " . TABLE_WISHLIST . " (customers_id, products_id, products_model, products_name, products_price) values ('" . $customer_id . "', '" . $HTTP_GET_VARS['products_id'] . "', '" . $products_model . "', '" . $products_name . "', '" . $products_price . "' )");

 

Does this look correct to you Richard?

 

For anybody else out there hope this helps.

 

Thanks for all your help Richard :thumbsup:

 

Cheers

 

Mike

Link to comment
Share on other sites

Any ideas how i can fix this?

 

<table width="100%">

<?php

$products_id = (($product_info['products_id']) ? $product_info['products_id'] : $product_info_values['products_id']);

$products_name = (($product_info['products_name']) ? $product_info['products_name'] : $product_info_values['products_name']);

$image_name = (($product_info['products_image']) ? $product_info['products_image'] : $product_info_values['products_image']);

$thumb_len = ((MAIN_THUMB_IN_SUBDIR == 'true') ? strlen(IN_IMAGE_THUMBS) : 0);

$image_base = substr($image_name, $thumb_len, -4);

$image_ext = '.' . THUMB_IMAGE_TYPE;

$image_path = DIR_WS_IMAGES . IN_IMAGE_THUMBS;

 

if (is_file(DIR_FS_CATALOG . $image_path . $image_base . MORE_PICS_EXT . '1' . $image_ext)) {

 

echo ' <tr width="100%">';

 

$row = 0;

$i = 1;

while(is_file(DIR_FS_CATALOG . $image_path . $image_base . MORE_PICS_EXT . $i . $image_ext)) {

$image = $image_base . MORE_PICS_EXT . $i . $image_ext;

$row++;

?>

<td align="center" class="smallText">

<script language="javascript"><!--

document.write('<?php echo '<a href="java script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $products_id . '&pic=' . $i) . '\\\')">' . tep_image($image_path . $image, addslashes($products_name), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'class=shadow1', 'hspace="2" vspace="2"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');

//--></script>

<noscript>

<?php echo '<a href="' . tep_href_link($image_path . $image) . '" target="_blank">' . tep_image($image_path . $image, $products_name, SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'class=shadow1', 'hspace="2" vspace="2"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>

</noscript>

</td>

<?php

$i++;

if ( (($row / THUMBS_PER_ROW) == floor($row / THUMBS_PER_ROW)) && (is_file(DIR_FS_CATALOG . $image_path . $image_base . MORE_PICS_EXT . $i . $image_ext)) ) {

echo ' </tr>';

echo ' <tr width="100%">';

}

}

 

echo ' </tr>';

 

} else {

?>

<tr width="100%">

<td align="center" class="smallText"><?php echo TEXT_NO_MOPICS; ?></td>

</tr>

<?php

}

?>

</table>

Link to comment
Share on other sites

After applying the latest patch to the OsCommerce install files I was able to install the software succesfully without any Register_Globals errors or what so ever.

I then deleted the install dir en reassigned the rights on both configure.php files to read only.

 

However..When I try to log in on the admin section a blank page is displayed and nothing more. When connecting to the catalog/idex.php I first (and only once) get to see the default page. However, after clicking on a random link a ..Blank page.

When returning back to the index of 'catalog' once again a blank empty page is displayed.

 

Afeter restarting my browser the same ritual repeats it self.

First I get to see the default page and then nothing more.

 

catalog/admin same deal...an empty blank page.

 

No errors, it just won't open.

 

Could someone please point me in a direction as to what might be the cause of this weird problem? >_<

 

Test Page

Link to comment
Share on other sites

However..When I try to log in on the admin section a blank page is displayed....

You've made a mistake applying the patch. Sorry if this sounds unhelpful, but that's what it boils down to (unless you have also put some other contribution in that is causing a problem).

 

You will get a blank page if the error is generated before the http headers are constructed. And as you have this problem on all the pages then it's obviously a common bit of code that you have messed up. Secondly, as it works the first time you view a page but not on subsequent views, then it's probably an error in the session handling (the session won't exist on the first view, but will on subsequent views, hence the different behaviour). It also sounds like you have made the same mistake in both the catalog and admin code. Either that, or you are just unlucky.

 

I would look in the session.php file (the one with lots of changes in it !)

 

RIch.

Link to comment
Share on other sites

Any ideas how i can fix this?

I have absolutely no idea what 'this' is, no idea what it should do, and what it IS doing that is incorrect.

 

...and you haven't paid me yet for my last assignment.

 

Rich.

Link to comment
Share on other sites

I have absolutely no idea what 'this' is, no idea what it should do, and what it IS doing that is incorrect.

 

...and you haven't paid me yet for my last assignment.

 

Rich.

 

Hi Rich,

 

My apologies for being so blunt and not to the point in my last post :-"

 

Its is taken from the dynamic mopics contrib v2.2 http://www.oscommerce.com/community/contributions,1114

 

It displays extra images on the product info page, but currently no extra images are being shown. It has worked fine in the past.

 

I still get the same msg as before when i put your code into application_top (products_id = '32').

 

So i assume it might have something to do with the first line of code

$products_id = (($product_info['products_id']) ? $product_info['products_id'] : $product_info_values['products_id']);

 

Any help would be appreciated

 

Thanks

 

Mike

Link to comment
Share on other sites

So i assume it might have something to do with the first line of code

$products_id = (($product_info['products_id']) ? $product_info['products_id'] : $product_info_values['products_id']);

So, you are passing $products_id as a POST or GET variable and it is being overwritten by the first line ?

 

Are you sure that's right ? I really don't know. if you can't work it out then ask the contribution's author.

 

Rich.

Link to comment
Share on other sites

Hello, thanks Richard for this much needed fix for osc. I've installed your contribution, and it works pretty well for me, except that I'm having the problem logging off that Alex described on the first page of this thread. I attempt to log off, and the cart empties, but continuing on from logoff.php leads to the index where I'm greeted by name, still have the option to log off. Also I can proceed to account info. just as if I hadn't tried to log off. If I log in again, the cart contents from before are restored. If I open a new window, the site gives the correct unlogged greeting. I've checked the code for unregister in catalog/includes/functions/sessions.php to confirm that it is correct, and it is.

 

Any suggestions would be appreciated, thanks,

Jeremy

www.oddlyenoughmosaics.com

Link to comment
Share on other sites

...I'm having the problem logging off that Alex described on the first page of this thread....

The first thing I would do is check that ALL the patch has been applied correctly (not just the session unregister function).

 

If you are absolutely certain that it is all correct, then I would (a) check again and then (b) maybe stick some debug in the session unregister function to make sure the session is being unregistered correctly.

 

eg :

 

  function tep_session_unregister($variable) {
// >>> BEGIN REGISTER_GLOBALS
   // Work-around to allow disabling of register_gloabls - unmap session variable
echo '### VAR='.$variable.'='.$_SESSION[$variable].'!<br />'; // Should print the var. name and its value
   link_session_variable($variable, false);
   unset($_SESSION[$variable]);
echo '### UNREG ='.$_SESSION[$variable].'!<br />'; // Should show that the variable is no longer set

//  return session_unregister($variable);
   return true;
// <<< END REGISTER_GLOBALS
 }

 

I would also check that the tep_session_close() and tep_session_destroy() functions are being called by sticking some debug lines in there.

 

Note that because of the page redirection that *typically) takes place when you close the session, you will probably have to stick a...

exit(0);

....line somewhere otherwise you won't see your debug (it will get overwritten following the redirect). I would suggest putting the exit(0) line maybe just after the call to tep_session_close() and/or tep_session_destroy() in the logout.php page (or whatever page it is - I don't have the code in front of me). If you can' find a suitable place, then you coudl put it at the end of these two functions (within the function) as appropriate.

 

Rich.

Link to comment
Share on other sites

You've made a mistake applying the patch. Sorry if this sounds unhelpful, but that's what it boils down to (unless you have also put some other contribution in that is causing a problem).

 

You will get a blank page if the error is generated before the http headers are constructed.? And as you have this problem on all the pages then it's obviously a common bit of code that you have messed up. Secondly, as it works the first time you view a page but not on subsequent views, then it's probably an error in the session handling (the session won't exist on the first view, but will on subsequent views, hence the different behaviour). It also sounds like you have made the same mistake in both the catalog and admin code. Either that, or you are just unlucky.

 

I would look in the session.php file (the one with lots of changes in it !)

 

RIch.

 

I encountered some errors while using the osCommerce on a Linux machine.

 

In my Apache log the following error occurred:

 

PHP Fatal error:? main(): Failed opening required 'includ

es/languages/.php' (include_path='.:/usr/share/pear') in /var/www/html/shop/catalog/includes/application_top.php on line 286

 

Looking at the code:

// set the language
?if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) {
? ?if (!tep_session_is_registered('language')) {
? ? ?tep_session_register('language');
? ? ?tep_session_register('languages_id');
? ?}

? ?include(DIR_WS_CLASSES . 'language.php');
? ?$lng = new language();

? ?if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) {
? ? ?$lng->set_language($HTTP_GET_VARS['language']);
? ?} else {
? ? ?$lng->get_browser_language();
? ?}

? ?$language = $lng->language['directory'];
? ?$languages_id = $lng->language['id'];
?}

// include the language translations
?require(DIR_WS_LANGUAGES . $language . '.php');

It seems to me that it?s possible that $language is not set, so I would suggest to add the following above? the //include the language translations

 ?if (!isset($language)) {
? ? ? ?$language = "english";
?}

 

Then, after I fixed that, I encountered another problem:

 

PHP Fatal error:? Call to a member function on a non-object in /var/www/html/shop/catalog/includes/application_top.php on line 316, referer: http://[private].com/shop/catalog/

 

This is the code:

// navigation history
?if (tep_session_is_registered('navigation')) {
? ?if (PHP_VERSION < 4) {
? ? ?$broken_navigation = $navigation;
? ? ?$navigation = new navigationHistory;
? ? ?$navigation->unserialize($broken_navigation);
? ?}
?} else {
? ?tep_session_register('navigation');
? ?$navigation = new navigationHistory;
?}
?$navigation->add_current_page();

It seems the ELSE clause for ?if(PHP_VERSION<4)? is missing. And since I use PHP 4.3.10 The navigation object is not created.. The next code will fix the problem I think:

// navigation history
?if (tep_session_is_registered('navigation')) {
? ?if (PHP_VERSION < 4) {
? ? ?$broken_navigation = $navigation;
? ? ?$navigation = new navigationHistory;
? ? ?$navigation->unserialize($broken_navigation);
? ?} else {
? ? ? ?$navigation = new navigationHistory;
? ?}
?} else {
? ?tep_session_register('navigation');
? ?$navigation = new navigationHistory;
?}
?$navigation->add_current_page();

 

 

This fixed the display problem...However now I can not add any Catalog entries in the databae thru the admin section.

After the installations the Catergory section displays 0 and so does the Product section.

Upon adding a catergory it still displays 0.

 

Above code is a work around Madman81 came with.

I have apllied the patch 3 times..Carefully checking whether I did not make any mistake !!

 

But the vague thing is...It works fine on a Win2k3 server with the Register_globals=OFF .

 

So I am begiining to wonder whether it isn't a 'rights' matter..

Edited by BigJim
Link to comment
Share on other sites

Firstly, thanks Richard for the register_globals contribution :) You're great!

 

Anyway, I also had the same logout session_unregister problem for the catalog.. Not sure if I'm doing the right thing, but I followed your instructions and suggestions and got mine working finally.

 

In the logout.php file, I added this:

tep_session_destroy();

 

on the line just above:

require(DIR_WS_INCLUDES . 'application_bottom.php');

 

It worked but as I'm a php newbie, so please correct me if I'm wrong.

 

Thanks again :)

 

The first thing I would do is check that ALL the patch has been applied correctly (not just the session unregister function).
Link to comment
Share on other sites

...In the logout.php file, I added this:

tep_session_destroy();

 

on the line just above:

require(DIR_WS_INCLUDES . 'application_bottom.php');

 

It worked but as I'm a php newbie, so please correct me if I'm wrong.

Mmm.... It's not so much whether it's correct as far as PHP is concerned. It's really whether it is correct as far as the OSC application is concerned.

 

...and I don't know. I'm not SO familiar with the app to give you an answer. It strikes me that if you are correct then this would be wrong when register globals is enabled as well.

 

Interesting thought though - maybe there are some more knowledgeable people out there who could offer some thoughts ?

 

Rich.

Link to comment
Share on other sites

Ahum, could anyone be so kind to at least look into the matter?

Is it something I am doing wrong or is OSC just not suitable to run on a Linux machine? >_<

'cause if so I'll have to search for annother source progranm that will. B)

Link to comment
Share on other sites

Ahum, could anyone be so kind to at least look into the matter?

I don't know why you are having the problems you are, but it sound like it has nothing to do with this contribution. As you say, you have tried this on a Windows machine and it works ok.

 

OSC will run fine on Linux BTW, so yes, it's something you are doing wrong.

 

Rich.

Link to comment
Share on other sites

Hey all I just installed the patch and when I try to access my admin section i get teh following error.

 

Fatal error: Cannot re-assign $this in D:\Clients\11204\seantaylor36.com\seantaylor36.com\catalog\admin\includes\classes\upload.php on line 31

 

The store is at http://www.seantaylor36.com/catalog/index.php

 

It was a standard configuration with no contributions added.

 

Please help. thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...