Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> eCommerce
Author Message
bdmdesign
Worker
Worker



Joined: May 11, 2009
Posts: 154
Location: Winsen/Luhe; Germany

PostPosted: Thu Nov 26, 2009 6:29 am Reply with quote

If you get this Error:

Installed on a ravennuke 2.40 but get the following error in the admin section.   Unable to locate the RavenNukeTM configuration file - INCLUDE_PATHrnconfig.php

It could be missing or not readable. Please verify that the file exists and is readable in the root folder.


Fix:

Open Your config.php in Your Ravennuke root with a Editor and go to Line 94.
Change this lines ( 96-98 )

to:

Code:


   //echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";
   //echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';
   //die();


Now you can enter the osc Admin Panel.


Best Regards

Peter

_________________
CMS-Version: pragmaMx 1.12.3.1.33.4.14 :: PHP-Version: 5.3.14 :: MySQL-Version: 5.5.23-log :: Server-Version: Apache/2.2.21 (Linux/SUSE)
Projekt: osc4pragmaMx- 2.3.2 in development 
View user's profile Send private message Visit poster's website
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona

PostPosted: Thu Nov 26, 2009 8:13 am Reply with quote

Just be aware that it is possible other functions with RavenNuke(tm) now will not work per the settings in rnconfig.php. The better fix would be to make sure INCLUDE_PATH is set properly within the OSC code.

Do an:

If (!defined('INCLUDE_PATH')) {
define('INCLUDE_PATH', 'put the correct path here');
}

_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... 
View user's profile Send private message Visit poster's website
bdmdesign







PostPosted: Thu Nov 26, 2009 4:21 pm Reply with quote

Ok thanx i will fix it directly and its comes with the next Version

Best Regards

Peter
 
bobbyg
Worker
Worker



Joined: Dec 05, 2007
Posts: 212
Location: Tampa, Florida

PostPosted: Thu Nov 26, 2009 5:28 pm Reply with quote

Montego, you are right. After making that change and attempting to fix the security hole in the osc admin I can no longer sign it on my nuke admin page.

Peter where would that change go? I am working with a non-production setup so I can make any type of changes for testing purposes.
 
View user's profile Send private message Visit poster's website
bdmdesign







PostPosted: Thu Nov 26, 2009 5:48 pm Reply with quote

bobbyg wrote:
Montego, you are right. After making that change and attempting to fix the security hole in the osc admin I can no longer sign it on my nuke admin page.

Peter where would that change go? I am working with a non-production setup so I can make any type of changes for testing purposes.


The Security fix is only a changing of the osc admin Loginpage.

Original osc Admin Loginpage:

Code:


<?php
/*
  $Id: login.php 1739 2007-12-20 00:52:16Z hpdl $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/

  require('includes/application_top.php');
  require('includes/functions/password_funcs.php');

  $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');

  if (tep_not_null($action)) {
    switch ($action) {
      case 'process':
        $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

        $check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");

        if (tep_db_num_rows($check_query) == 1) {
          $check = tep_db_fetch_array($check_query);

          if (tep_validate_password($password, $check['user_password'])) {
            tep_session_register('admin');

            $admin = array('id' => $check['id'],
                           'username' => $check['user_name']);

            if (tep_session_is_registered('redirect_origin')) {
              $page = $redirect_origin['page'];
              $get_string = '';

              if (function_exists('http_build_query')) {
                $get_string = http_build_query($redirect_origin['get']);
              }

              tep_session_unregister('redirect_origin');

              tep_redirect(tep_href_link($page, $get_string));
            } else {
              tep_redirect(tep_href_link(FILENAME_DEFAULT));
            }
          }
        }

        $messageStack->add(ERROR_INVALID_ADMINISTRATOR, 'error');

        break;

      case 'logoff':
        tep_session_unregister('selected_box');
        tep_session_unregister('admin');
        tep_redirect(tep_href_link(FILENAME_DEFAULT));

        break;

      case 'create':
        $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");

        if (tep_db_num_rows($check_query) == 0) {
          $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
          $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

          tep_db_query('insert into ' . TABLE_ADMINISTRATORS . ' (user_name, user_password) values ("' . $username . '", "' . tep_encrypt_password($password) . '")');
        }

        tep_redirect(tep_href_link(FILENAME_LOGIN));

        break;
    }
  }

  $languages = tep_get_languages();
  $languages_array = array();
  $languages_selected = DEFAULT_LANGUAGE;
  for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
    $languages_array[] = array('id' => $languages[$i]['code'],
                               'text' => $languages[$i]['name']);
    if ($languages[$i]['directory'] == $language) {
      $languages_selected = $languages[$i]['code'];
    }
  }

  $admins_check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");
  if (tep_db_num_rows($admins_check_query) < 1) {
    $messageStack->add(TEXT_CREATE_FIRST_ADMINISTRATOR, 'warning');
  }
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<meta name="robots" content="noindex,nofollow">
<title><?php echo TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js"></script>
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
  <tr>
    <td><table border="0" width="100%" cellspacing="0" cellpadding="0" height="40">
      <tr>
        <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
        <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td>
      </tr>
    </table></td>
  </tr>
  <tr>
    <td>

<?php
  $heading = array();
  $contents = array();

  if (tep_db_num_rows($admins_check_query) > 0) {
    $heading[] = array('text' => '<b>' . HEADING_TITLE . '</b>');

    $contents = array('form' => tep_draw_form('login', FILENAME_LOGIN, 'action=process'));
    $contents[] = array('text' => TEXT_USERNAME . '<br>' . tep_draw_input_field('username'));
    $contents[] = array('text' => '<br>' . TEXT_PASSWORD . '<br>' . tep_draw_password_field('password'));
    $contents[] = array('align' => 'center', 'text' => '<br><input type="submit" value="' . BUTTON_LOGIN . '" />');
  } else {
    $heading[] = array('text' => '<b>' . HEADING_TITLE . '</b>');

    $contents = array('form' => tep_draw_form('login', FILENAME_LOGIN, 'action=create'));
    $contents[] = array('text' => TEXT_CREATE_FIRST_ADMINISTRATOR);
    $contents[] = array('text' => '<br>' . TEXT_USERNAME . '<br>' . tep_draw_input_field('username'));
    $contents[] = array('text' => '<br>' . TEXT_PASSWORD . '<br>' . tep_draw_password_field('password'));
    $contents[] = array('align' => 'center', 'text' => '<br><input type="submit" value="' . BUTTON_CREATE_ADMINISTRATOR . '" />');
  }

  $box = new box;
  echo $box->infoBox($heading, $contents);
?>

    </td>
  </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>


Did you have delete Your old Cookies ??

The osc admin login page of the osc modules has nothing to with the intervention Nukelogin. You should also can log in with the fix in Nuke.
I use it on Nuke Platinum and on Ravennuke 2.4 without login problems.

Try it with the original osc admin Loginpage Code.

The Security Fix redirect only Guests nto the Index page, if the will go on the osc adminlogin Page directly.

The Reason:

If you dont have a osc Admin in the osc database someone can make a admin and manipulate your shop.

If you have osc Admins, too you dont need the security fix.
You need it only if you dont have osc Admins (Only Nuke Admin).

The osc-Cart4nuke Modules dont need the security patch, because the patch are in the Modules installed

The End of the config.php must look so:

config.php:

Code:


if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';
else {
   //echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";
   //echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';
   //die();
    require_once 'rnconfig.php';
}


Only the echos are comments out.

Edit: go to line 59 in the Mainfile and change the Code to:

Code:


if ($phpver >= '4.0.4pl1' && isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'],'compatible')) {
   if (extension_loaded('zlib')) {
      @ob_end_clean();
  //ob_start('ob_gzhandler');
  ini_set("zlib.output_compression", '6');
   }
} elseif ($phpver > '4.0' && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])) {
   if (strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {



Best Regards

Peter
 
Guardian2003
Site Admin



Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam

PostPosted: Thu Nov 26, 2009 6:11 pm Reply with quote

That die() is there for a reason and should NOT be commented out.
 
View user's profile Send private message Send e-mail
bdmdesign







PostPosted: Thu Nov 26, 2009 6:18 pm Reply with quote

Ok so i must fix it on a other way.

If i commented the die() in i get a blank admin Page.

Tomorow not today. I go sleep now.

Best Reagrds

Peter
 
bdmdesign







PostPosted: Fri Nov 27, 2009 10:30 am Reply with quote

Ok, now i find a good way for the fix:

Open in /modules/catalog/admin/includes the application_top.php:

Change the code from line 16 - 17 to:

Old:
Code:


// Set the level of error reporting
  error_reporting(E_ALL & ~E_NOTICE);


New:
Code:


// Set the level of error reporting
  define('CATALOG_ADMIN', true);
  error_reporting(E_ALL & ~E_NOTICE);


Line 29 - 32:

From Old:
Code:


// Include application configuration parameters
  //require('includes/configure.php');
  @require('./../../../config.php');
  //require('includes/configure.php');
  define('CATALOG_ADMIN', true);
  error_reporting(E_ALL & ~E_NOTICE);


To New:
Code:


// Include application configuration parameters
  //require('includes/configure.php');
if(defined('FORUM_ADMIN')) define('INCLUDE_PATH', '../../../');
elseif(defined('CATALOG_ADMIN')) define('INCLUDE_PATH', './../../../');
else define('INCLUDE_PATH', './../../../');

  @require_once('./../../../config.php');
  if (file_exists('./../../../rnconfig.php')) {
 include('./../../../rnconfig.php');
}
  require('includes/configure.php');


You can set now the lines in the config.php on Line 94 - 100 back to:

Code:


if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';
else {
   echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";
   echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';
   die();
    require_once 'rnconfig.php';
}


Now you can login without the error in the Osc Admin Panel.

This new Fix is Tested only with the osc-Cart4nuke Modules

//Edit

Open in modules/catalog/admin/includes the configure.php and change the completly Code to this Code:

Code:


<?php
  //-----  autodetect values start -----
  $script_filename = getenv('PATH_TRANSLATED');
  if (empty($script_filename)) $script_filename = getenv('SCRIPT_FILENAME');

  $script_filename = str_replace('\\', '/', $script_filename);
  $script_filename = str_replace('//', '/', $script_filename);

  $dir_fs_www_root_array = explode('/', dirname($script_filename));
  $dir_fs_www_root = array();
  for ($i=0, $n=sizeof($dir_fs_www_root_array); $i<$n; $i++) {
    $dir_fs_www_root[] = $dir_fs_www_root_array[$i];
  }
  $dir_fs_www_root = implode('/', $dir_fs_www_root) . '/';
  $www_location = 'http://' . getenv('HTTP_HOST') . getenv('SCRIPT_NAME');
  $www_location_array = explode('/', dirname($www_location));
  $www_location = array();
  for ($i=0, $n=sizeof($www_location_array); $i<$n; $i++) {
    $www_location[] = $www_location_array[$i];
  }
  $www_location = implode('/', $www_location) . '/';
  $sub_folder = "http://" . getenv('HTTP_HOST')."";
  $sub_folder = str_replace($sub_folder, "", $www_location);
  $admin_path = str_replace('modules/catalog/admin/', "", $dir_fs_www_root);
  $catalog_path = str_replace('admin/', "", $sub_folder);
  $thepath = "http://" . getenv('HTTP_HOST');
     
  define('STORE_SESSIONS', 'mysql');
  define('HTTP_SERVER', $thepath); // eg, http://localhost - should not be empty for productive servers
  define('HTTPS_CATALOG_SERVER', $thepath);
  define('ENABLE_SSL_CATALOG', false); // secure webserver for catalog module
  define('DIR_FS_DOCUMENT_ROOT', $admin_path); // where the pages are located on the server
  define('DIR_WS_ADMIN', $sub_folder); // absolute path required
  define('DIR_FS_ADMIN', $dir_fs_www_root); // absolute pate required
  define('DIR_WS_CATALOG', $catalog_path); // absolute path required
  define('DIR_FS_CATALOG', $admin_path. 'modules/catalog/'); // absolute path required
  define('DIR_WS_IMAGES', 'images/');
  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_INCLUDES', 'includes/');
  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('DIR_WS_PDF_CATALOGS', DIR_FS_CATALOG. 'modules/catalog/catalogues/');
     
  define('DB_SERVER', $dbhost); // eg, localhost - should not be empty for productive servers
  define('DB_SERVER_USERNAME', $dbuname);
  define('DB_SERVER_PASSWORD', $dbpass);
  define('DB_DATABASE', $dbname);
  define('USE_PCONNECT', 'false'); // use persistent connections?
?>


//Edit End


Best Regards

Peter
 
montego







PostPosted: Fri Nov 27, 2009 1:23 pm Reply with quote

bdmdesign, good job.

BTW, you added the additional line:

require_once 'rnconfig.php';

after the die(); that is not in the main distribution. It shouldn't affect your processing, but it is unnecessary.
 
bdmdesign







PostPosted: Fri Nov 27, 2009 2:09 pm Reply with quote

montego wrote:
bdmdesign, good job.

BTW, you added the additional line:

require_once 'rnconfig.php';

after the die(); that is not in the main distribution. It shouldn't affect your processing, but it is unnecessary.


Yes you are rigth.

Please use this Code for the config.php:

Code:


if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';
else {
   echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br /><br />";
   echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';
   die();
}


Best Regards

Peter
 
bobbyg







PostPosted: Fri Nov 27, 2009 6:44 pm Reply with quote

Applied those changes and was able to get to the catalog administration. However, somehow during the original install of osc and the login to the admin did not work because it would not recognize the captcha code. I got to the admin by setting the status $gfx_chk = 0;

Also, new registration would not work at all. I cleared the cache numerous times in as many different attempts. I am wondering if deleting and doing a complete new install followed by the addon would make a difference or have the same result.

I can't determine how the captcha and registration module for Ravennuke got affected.
 
bdmdesign







PostPosted: Fri Nov 27, 2009 7:23 pm Reply with quote

I have the captcha Code off, too but the new registrations works (not with Opera)

I have your E-Mail and send you tomorow my settings in the rnconfig.


Best Regards

Peter
 
bdmdesign







PostPosted: Sat Nov 28, 2009 6:23 am Reply with quote

OK the Capatcha issues cames from the osc Modules.

I will try to fix it now.

Best Regards

Peter
 
wHiTeHaT
Life Cycles Becoming CPU Cycles



Joined: Jul 18, 2004
Posts: 579

PostPosted: Sat Nov 28, 2009 6:35 am Reply with quote

the captcha bug is a session issue.
 
View user's profile Send private message Send e-mail
bdmdesign







PostPosted: Sat Nov 28, 2009 6:40 am Reply with quote

wHiTeHaT wrote:
the captcha bug is a session issue.


Yes, but in RN 2.4.x your Fix dont works:

Quote:

To avoid problem with security code and sessions of oscommerce, you have to
change on top of your phpnuke mainfile.php the zlib compression
find the following code

ob_start('ob_gzhandler');

quote it

//ob_start('ob_gzhandler');

and put instead

ini_set("zlib.output_compression", '6');

so you finaly have

//ob_start('ob_gzhandler');
ini_set("zlib.output_compression", '6');


Best Regards

Peter
 
wHiTeHaT







PostPosted: Sat Nov 28, 2009 6:48 am Reply with quote

that fix has nothing to do with the captcha, it is a server enviroment fix.
The problem with the captcha is couse of the session is already created by oscommerce.
To fix this you need to recode either RN session (suggested is to completely take it out),or oscommerces sessions(not recommended).

The choice is simple ,you either try to fix a complete store based on sessions, or a 1 time only used captcha code.
 
wHiTeHaT







PostPosted: Sat Nov 28, 2009 6:55 am Reply with quote

Assoon as i configurated my laptop , i continue to work on the new oscommerce 3.05 alpha.
For now i only have to sort out some header stuff.
 
bobbyg







PostPosted: Sat Nov 28, 2009 7:30 am Reply with quote

Since osc is added to RN as a module, then RN the sessions for both should be controlled by RN.
 
wHiTeHaT







PostPosted: Sat Nov 28, 2009 7:39 am Reply with quote

Best would be if the captcha runs as a module aswell. Wink
 
Guardian2003







PostPosted: Sun Nov 29, 2009 5:00 am Reply with quote

When developing third party code and using PHP sessions you should be able to use a named session
session_name('cart');
session_start(cart);
If you use just the defaulet
session_start() it appends that session to the previous one.
 
bdmdesign







PostPosted: Mon Aug 01, 2011 11:12 am Reply with quote

Moin Moin Brothers and Sisters Very Happy

I worked now on the new osc4pragmamx 2.3.1 Modules and I work my way into the Se4ssions on the Store and the PragmaMx CMS. If the Modules works without a bridge without Erros, so i can port it easier to Ravennuke

Best Regards

Peter
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> eCommerce

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©