Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. I am new to this forum and have very little or no experience with this so I need help please, be gentle ok. I am in the process of setting up a digital download store, have put in some test items to check and test. I have a problem with the latest products that appear below the box slider (I am just using the default skin) when they are selected to add to cart, the cart message comes up saying your cart is empty. i can add product to cart from all other areas accept this Latest product boxes. how can I resolve this please?
  3. Thanks Brian. I'm just going to empty my error log.
  4. Nothing one can do about it. One just relies on the programmer to code things in such a way as to render impotent such shenanigans. It's only bad if it succeeds.
  5. Should I do anything? Is this bad? It's a GoDaddy IP
  6. Yesterday
  7. It looks like 132.148.132.7 is doing some penetration testing.
  8. I think this might be it 24.51.244.139 - - [14/Jun/2019:18:38:14 +0100] "GET /images/source/tools-locks-scales/bone-saw/04-old-bone-saw-handle-back.jpg HTTP/1.1" 200 47133 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" 132.148.132.7 - - [14/Jun/2019:18:38:30 +0100] "GET /tools-and-locks.html?page=2'\" HTTP/1.1" 200 89912 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:31 +0100] "GET /tools-and-locks.html?page=2 HTTP/1.1" 200 79856 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:32 +0100] "GET /tools-and-locks.html?page=22121121121212.1 HTTP/1.1" 200 74625 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:34 +0100] "GET /tools-and-locks.html?page=2%20and%201%3D1 HTTP/1.1" 200 89654 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:35 +0100] "GET /tools-and-locks.html?page=2%20and%201%3E1 HTTP/1.1" 200 89654 "-" "-" 54.36.148.63 - - [14/Jun/2019:18:38:35 +0100] "GET /vintage-ornate-brass-and-copper-metal-pitcher-mug-creamer.html HTTP/1.1" 200 16325 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.150.90 - - [14/Jun/2019:18:38:36 +0100] "GET /purepac-blue-stone-copper-sulfate-weed-control-tin.html HTTP/1.1" 200 16653 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 132.148.132.7 - - [14/Jun/2019:18:38:36 +0100] "GET /tools-and-locks.html?page=2%27%20and%20%27x%27%3D%27x HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:37 +0100] "GET /tools-and-locks.html?page=2%27%20and%20%27x%27%3D%27y HTTP/1.1" 200 90328 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:39 +0100] "GET /tools-and-locks.html?page=2\"%20and%20\"x\"%3D\"x HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:40 +0100] "GET /tools-and-locks.html?page=2%22%20and%20%22x%22%3D%22y HTTP/1.1" 200 90326 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:41 +0100] "GET /tools-and-locks.html?page=2%20AND%201=1 HTTP/1.1" 200 89754 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:45 +0100] "GET /tools-and-locks.html?page=2999999.1%20union%20select%20unhex(hex(version()))%20--%20and%201%3D1 HTTP/1.1" 200 90406 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:46 +0100] "GET /tools-and-locks.html?page=299999%27%20union%20select%20unhex(hex(version()))%20--%20%27x%27=%27x HTTP/1.1" 200 90881 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:47 +0100] "GET /tools-and-locks.html?page=299999%22%20union%20select%20unhex(hex(version()))%20--%20%22x%22=%22x HTTP/1.1" 200 90983 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:49 +0100] "GET /tools-and-locks.html?page=2%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3D1 HTTP/1.1" 200 92601 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:50 +0100] "GET /tools-and-locks.html?page=2%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%27x%27=%27x HTTP/1.1" 200 93123 "-" "-" 132.148.132.7 - - [14/Jun/2019:18:38:51 +0100] "GET /tools-and-locks.html?page=2%22%20or%20(1,2)=(select*from(select%20name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20%22x%22=%22x HTTP/1.1" 200 93123 "-" "-"
  9. MyISAM by default (and the way that CubeCart is written) locks the whole table so a far worse situation - imagine a situation on a busy site taking lots of orders with 2, 4 or 8 admin users updating orders and stock and you can imagine what would happen. InnoDB by default locks at row level so a much better situation but still locked by the database connection making that transaction as you say. New CubeCart stores are created with most tables as InnoDB now (the reason that some were left as MyISAM was that full text searches wouldnt work on InnoDB but that was fixed all the way back in MySQL 5.6.4 so to my mind every table should now be InnoDB. Older sites (not even that long ago) were created with all tables using MyISAM and upgrades unfortunately do not change this
  10. That is a "custom_sort" URL, but this particular request (made from incense-gift-sets) is for the (combined) cached javascript file that does not exist (404).
  11. How about this? 66.249.64.141 - - [14/Jun/2019:16:38:52 +0100] "GET /cache/0873f.js_foot.cbquick-620_20190130185210.js HTTP/1.1" 404 13 "https://www.claudiasbargains.com/incense-gift-sets.html?_a=category&sort%5Bcustom_sort%5D=ASC" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
  12. Would "database locking" actually effect everyone? I mean, lock a row and no one but the database connection making that transaction that locked it gets to do anything with it? Everyone else needs to wait. So, as I see it, queries (transactions) made by different admin accounts will still have to wait until the row lock is released.
  13. Yes. No. But be careful of timezone differences.
  14. Hahaha. I'm humbly sorry I got the wrong end of the stick. Don't give up... Have a beer.
  15. I give up ! As I have explained multiple times there are other "possible" problems such as database locking that are completely separate and to which I was referring - this was on the assumption which I CLEARLY stated that they should always be using different admin logins
  16. Yes you said that but you also said that "you shouldn't have problems". All I'm saying is that you WILL.
  17. The whole point of my last answer is that I never said that !! Read it again - I very clearly said that two admins should always be using two DIFFERENT logins - so really not sure why you keep saying that what I said was wrong. As the OP didnt go into any detail, I initially said that as long as they are doing that (using two different logins), then there should be no problems - it was only when he mentioned the database that I then replied with a little detail about database locking
  18. Agreed that will work but not at the same time. If you login on computer A then login on computer B the next page load on computer A will show the login screen. That's all I'm trying to say. I agree that in theory as Ian said it should work but in reality it won't (or at least shouldn't). It's supposed to prevent session hijacking.
  19. "[14-Jun-2019 14:59:56 America/Louisville] PHP Warning: Use of undefined constant cid - assumed 'cid' (this will throw an Error in a future version of PHP) in /home/claudias/public_html/modules/plugins/PayPal_Pro/gateway.class.php on line 470" Can I go ahead and make the changes you suggested in the GitHub? "The SQL error is interesting. It would be fun to search the web access logs to find the time-matched URL string. I suspect it was a search-based URL where the querystring part included: &page=100000000000000000000000000000000000000000000000000000000000000000000000000 which got rewritten into scientific notation. " Could it be any of these? The time of the error was Yesterday, 13:38 ( there wasnt anything for that exact time 13:38) 157.55.39.35 - - [14/Jun/2019:07:38:14 +0100] "GET /images/source/lunchboxes-and-thermos/strawberry-shortcake-lunchbox-with-thermos/06-vintage-strawberry-shortcake-lunchbox-with-thermos-bottom.jpg HTTP/1.1" 200 101555 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" 54.36.150.25 - - [14/Jun/2019:07:38:57 +0100] "GET /images/source/telephones/tel209/05-beige-gte-starlite-telephone-left.jpg HTTP/1.1" 301 241 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.148.233 - - [14/Jun/2019:09:38:30 +0100] "GET /images/source/bowl-short-pedestal-footed/01-vintage-short-footed-diamond-point-ruby-flash-bowl-front.jpg HTTP/1.1" 200 63795 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.149.70 - - [14/Jun/2019:12:38:02 +0100] "GET /vintage-1949-parson-s-jersey-dairy-quart-milk-bottle.html HTTP/1.1" 200 15635 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 54.36.150.164 - - [14/Jun/2019:14:38:05 +0100] "GET /organization-and-storage.html HTTP/1.1" 200 15103 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)" 66.249.70.7 - - [14/Jun/2019:15:38:08 +0100] "GET /log-cabin-bicentennial-eagle-pancake-syrup-brown-bottle.html HTTP/1.1" 200 16523 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
  20. My 2-pence... I routinely log in to my installation of CubeCart from two computers using the same admin account. I also routinely log in from the same computer using two different browsers. As long as the cookie is different (thus separate sessions are maintained and session hijacking is thwarted) I have, have had, and expect to continue to have, absolutely no problems with multiple logins using the same admin account.
  21. The count() messages are a known issue. The Stored session data message is when CubeCart sees two different browsers using the same cookie. CubeCart considers this possibly malevolent and will kill the session (logging you out) and log the warning. A different browser includes updating the browser -- Chrome had a minor update. The undefined constant issue has just now been posted in the Github. The SQL error is interesting. It would be fun to search the web access logs to find the time-matched URL string. I suspect it was a search-based URL where the querystring part included: &page=100000000000000000000000000000000000000000000000000000000000000000000000000 which got rewritten into scientific notation.
  22. Ah thanks for the pointer, it would seem that AIOSM doesn't like a phone number in the store address box ! Seems to be working OK now
  23. I got these in my error logs and the last ones in my admin System Error Logs. I'm using PHP 7.3 ... Any help is appreciated. Also I had someone abandon their cart yesterday that was going to use PayPal Pro. [13-Jun-2019 15:50:11 America/Louisville] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/claudias/public_html/classes/cart.class.php on line 1196 [14-Jun-2019 09:25:52 America/Louisville] PHP Warning: Stored session data did not match DB record. Session aborted as possible session hijack. Old IP Address: '' New IP Address: '' Old User Agent: 'Mozilla/5.0 (Linux; Android 8.0.0; ASUS_Z017DC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.67 Mobile Safari/537.36' New User Agent: 'Mozilla/5.0 (Linux; Android 8.0.0; ASUS_Z017DC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.89 Mobile Safari/537.36' in /home/claudias/public_html/classes/session.class.php on line 700 [14-Jun-2019 13:38:33 America/Louisville] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/claudias/public_html/classes/db/database.class.php on line 691 [14-Jun-2019 14:59:56 America/Louisville] PHP Warning: Use of undefined constant cid - assumed 'cid' (this will throw an Error in a future version of PHP) in /home/claudias/public_html/modules/plugins/PayPal_Pro/gateway.class.php on line 470 ADMIN SYSYTEM ERROR LOG File: [catalogue.class.php] Line: [1045] "SELECT SQL_CALC_FOUND_ROWS * FROM `CubeCart_inventory` WHERE `product_id` IN (443,414,416,418,422,423,774,1040,914,917,920,929,939,940,1514,1515) AND CubeCart_inventory.status = '1' AND `live_from` < UNIX_TIMESTAMP() ORDER BY `custom_sort` ASC LIMIT 12 OFFSET 2.6545345345453E+14;" - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2.6545345345453E+14' at line 1
  24. It shouldn't be possible "at the same time". Calm down Ian! LOL
  25. No, I am not wrong as you are just repeating what I originally said !! It is very clear that I said they should be using different logins ! @Lots Moore then asked about possible database issues, so I answered that as well
  26. Ian is wrong. Logging in with the same staff account will kick out the other staff member who will need to login again thus kicking the other out. It's a security feature to prevent session hijacking. You'll need an account for each staff member.
  27. It is actually slightly more complicated than a simple yes or no but for all practical purposes, you shouldnt have problems. CubeCart is not written to use row level locking although if the table uses InnoDB (rather than MYISAM) then row level locking is used automatically.
  1. Load more activity


  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...