Jump to content

Category Bar gives incorrect URL with m.


harrisorganic

Recommended Posts

Hi Brian, Merry Christmas.

I started on reducing the security issues that came up on CC6 security plugin. I made some changes to php.ini and includes/global.inc..php and found that I could not log in as admin any more.

So I "undid all the changes" and am still unable to login as admin. :(  see https://tinyurl.com/gru44qq for more info

During that period of time I also found that the category bar gives an unusual url where as mousing over an item on the front page gives the correct url.

eg. https://www.harrisorganicwine.com.au/shop/ Hover over the word category sparkling gives https://www.m.harrisorganicwine.com.au/shop/sparkling.html where there should be no "m."

When I reversed the changes to php.ini (in the root directory) the above went away, but now it is back again. I emptied cache and checked the php.ini file again to find it was without changes.

todays error log shows:

[Fri Dec 25 17:13:17 2015] CURRENT SERVER TIME
MAIN error_log:
[Fri Dec 25 17:13:02 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php
[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Failed loading /usr/lib64/php/modules/ioncube_loader_lin.so:  /usr/lib64/php/modules/ioncube_loader_lin.so: undefined symbol: execute
[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Zend Optimizer requires Zend Engine API version 220060519.
[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] The Zend Engine API version 220131226 which is installed, is newer.
[Fri Dec 25 17:13:03 2015] [error] [client 66.249.69.104] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Optimizer.

Any suggestions please?

regards Duncan

Link to comment
Share on other sites

Well, the "Sparkling" link does not have an unwanted 'm' anymore, so if the problem was an inadvertent creating of the "Category Tree" when the domain name happened to have been misspelled, that cached file has been replaced.

It seems that the server does not have ionCube installed/enabled -- CubeCart does not need it anymore (but many plugins still do!).

So, if your plugins (not the Foundation skin and not the AIOS module -- must be something else) need ionCube, please get that PHP extension re-enabled. And make sure the ionCube Loader is the appropriately matched version for the version of PHP you are running. (Then there may still be issues with the encoded plugin file that may be encoded for a specific version of the Loader.)

So, by not being able to log in, do you even get the login page?

 

Link to comment
Share on other sites

Hi Brian,

When I type in /shop/admin/  I get a system 404 error

The requested URL /shop/admin/ was not found on this server.

If I use /shop/admin.php I get my 404 error page.

re ioncube, I cant remember  uploading any new plugins recently for this to happen. However I checked the php config. on host and found ioncube turned on and using PHP 5.4 (FastCGI) was  PHP 5.4 (Single php.ini) but seems to make no difference.

Additional extensions available for Installation
Http
Magick Wand  XX turned on
Mail Parse
OAuth
OCI8
Upload Progress
IonCube        XX turned on
SourceGuardian

Edited by harrisorganic
more info
Link to comment
Share on other sites

The subfolder /shop/ is present. The storefront works.

The URI /shop/admin/index.php will show a good copy of a standard nondescript 404 message if there does not exist the file /shop/admin.php. (The index.php in the (possibly renamed) /admin/ folder is currently coded to not respect $glob['adminFile'] in globals.inc.php.)

Note: the file at /shop/admin/index.php sends what looks like a 404 response, and in that content is the name of the requested URI -- which is NOT what was not found! What was not found was /shop/admin.php, but the message says /shop/admin/index.php was not found.

Then, just requesting /shop/admin.php where admin is possibly renamed has the 404 document you have created and the web server is delivering because the (possibly renamed) admin.php does not in fact exist.

Link to comment
Share on other sites

Hi Brian,

I took your last paragraph first: "Then, just requesting /shop/admin.php where admin is possibly renamed has the 404 document you have created and the web server is delivering because the (possibly renamed) admin.php does not in fact exist."

Yes I forgot to change admin****.php name back to admin.php. So once I had made the change, I thought that may be the last piece of the jig saw. NO.

I now get a 403 Forbidden error.with https://www.harrisorganicwine.com.au/shop/admin/index.php which changes to https://www.harrisorganicwine.com.au/shop/admin.php  Brian  - Changed url

regards Duncan

Edited by harrisorganic
Link to comment
Share on other sites

When I ask for /shop/admin/index.php, I get 301 Bounced to /shop/admin.php. So, /shop/admin/index.php is doing its job.

But then, I get a 403 Forbidden. I do not recall CubeCart issuing a 403 Forbidden under any circumstance.

This may be a PHP error (please check for include_file() errors).

Please check for CHMOD permissions on /shop/admin.php.

Each time I ask for /shop/admin.php, I get a new Cookie::expires value.

Request: Sun, 27 Dec 2015 03:21:32 GMT; Expires: Sun, 03-Jan-2016 03:21:32 GMT;
Request: Sun, 27 Dec 2015 03:29:53 GMT; Expires: Sun, 03-Jan-2016 03:29:53 GMT;
Request: Sun, 27 Dec 2015 03:31:29 GMT; Expires: Sun, 03-Jan-2016 03:31:29 GMT;

So, I think CubeCart is executing some part of itself, enough to send the headers with an updated cookie.

Link to comment
Share on other sites

Firstly the CHMOD permissions are 644 for the file /shop/admin.php.

php errors in ? 

here are some Error Logs
[Sat Dec 26 20:47:53 2015] CURRENT SERVER TIME
MAIN error_log:
[Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Optimizer.
[Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] 
[Sat Dec 26 20:47:01 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php
[Sat Dec 26 20:47:02 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php
[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] Zend Guard Loader requires Zend Engine API version 220100525.
[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] The Zend Engine API version 220131226 which is installed, is newer.
[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Guard Loader.
[Sat Dec 26 20:47:04 2015] [error] [client 180.76.15.5] 
[Sat Dec 26 20:47:07 2015] [error] [client 208.115.111.69] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sat Dec 26 20:47:07 2015] [error] [client 208.115.111.69] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Sat Dec 26 20:47:07 2015] [notice] [client 80.82.70.106] mod_rbl: 80.82.70.106 is listed in RBL.

 

Have included admin.php

admin.php

Link to comment
Share on other sites

Nothing is wrong with /shop/admin.php.

The above is the web server error log. None of those IP addresses are me.

We need to find the PHP error log.

I'm also thinking there is more work to do so sort out the Zend Guard/Optimizer. And, the error log does not say if the error is coming from /shop/index.php, or /index.php (your main site).

Link to comment
Share on other sites

Brian,

I found these in the /shop/error_log 

[22-Dec-2015 21:44:42 Australia/Perth] PHP Warning:  curl_exec() has been disabled for security reasons in /home1/maketext/public_html/harrisorganicwine/shop/classes/request.class.php on line 251
[24-Dec-2015 11:21:14 Australia/Perth] PHP Warning:  Invalid argument supplied for foreach() in /home1/maketext/public_html/harrisorganicwine/shop/modules/shipping/Postage/shipping.class.php on line 46

noting these is nothing today.

in shop/admin/ the last error_log was last made on 5th December 2013.

Back soon.

 

Link to comment
Share on other sites

Interesting about the curl_exec() message. The Request class checks for function_exists('curl_init'), and will not use curl if this function does not exist. But, the curl functions do exist, and checking function_exists() will return true, regardless that the function is disabled.

The Request class has an alternate method of getting data. So, perhaps a better test is needed to determine if curl can be used. in the meantime, we can force the Request class to use the alternate transport mechanism.

/classes/request.class.php, near line 61:

## Is cURL available?
$this->_curl   = (function_exists('curl_init')) ? curl_init() : false;


Change to:

## Is cURL available?
$this->_curl   = false; // (function_exists('curl_init')) ? curl_init() : false;

This is a pain in the butt for any site being hosted on a shared server.

I am curious. This site has been up and running for some months, yes? What has changed with your hosting provider?

Link to comment
Share on other sites

What has changed with your hosting provider?   Nothing that I can think off, have used this server for over 2 years. There was an issue with the SSL certificate some months ago. I did not renew it in the required time. I have a dedicated IP address for SSL, which is 173.254.45.80

Meanwhile the changes above have not changed the /admin.php

The main error log has changed
[Sun Dec 27 00:08:01 2015] [error] [client 74.220.215.221] Premature end of script headers: index.php
[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] Zend Guard Loader requires Zend Engine API version 220100525., referer: http://www.ambassador-baptist.org/category/media/videos/
[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] The Zend Engine API version 220131226 which is installed, is newer., referer: http://www.ambassador-baptist.org/category/media/videos/
[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] Contact Zend Technologies at http://www.zend.com/ for a later version of Zend Guard Loader., referer: http://www.ambassador-baptist.org/category/media/videos/
[Sun Dec 27 00:08:06 2015] [error] [client 42.60.20.26] , referer: http://www.ambassador-baptist.org/category/media/videos/
[Sun Dec 27 00:08:08 2015] [error] [client 77.75.76.171] Failed loading /usr/php/54/usr/lib64/php/modules/ZendGuardLoader.so:  /usr/php/54/usr/lib64/php/modules/ZendGuardLoader.so: undefined symbol: zend_new_interned_string

I have looked for more info on Zend and cannot find any info regarding php setup

but in the php.ini file I see
zend_loader.disable_licensing=0
extension=magickwand.so
zend_extension=/usr/php/54/usr/lib64/php/modules/ioncube_loader_lin.so
zend_extension=/usr/php/54/usr/lib64/php/modules/ZendGuardLoader.so

I contacted the hosting company and they provided the code for zend optimiser which is:

zend_extension=/usr/php/54/usr/lib64/php/modules/ZendGuardOptimizer.so  I added this to php.ini with no difference to login to admin

In error logs I found many days of this:

PHP error_log:

/home1/maketext/public_html/error_log: [26-Dec-2015 15:30:26 America/Denver] PHP Fatal error: require(): Failed opening required '/home1/maketext/public_html/wp-includes/load.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home1/maketext/public_html/wp-settings.php on line 21

I installed wp in November but did not use it on this site, I use it on another site on this server

Hope that sheds some light.

Edited by harrisorganic
More info
Link to comment
Share on other sites

AND here are some more:

/home1/maketext/public_html/admin/error_log: [28-Nov-2015 08:35:19 America/Denver] PHP Notice: Undefined index: logout in /home1/maketext/public_html/admin/index.php on line 11 [28-Nov-2015 08:35:19 America/Denver] PHP Notice: Undefined index: db_name in /home1/maketext/public_html/admin/index.php on line 79

Link to comment
Share on other sites

Undefined index: logout in /home1/maketext/public_html/admin/index.php

All of this does not include the part of the URL where CubeCart is supposedly located: /shop/.

Please look in the file /shop/includes/global.inc.php and determine if there are $glob elements that specify where CubeCart is installed. Such as:
 

$glob['storeURL']
$glob['standard_url']
$glob['ssl_url']
$glob['cookie_domain']
$glob['rootRel']

If any of the above exist in globals.inc.php, delete them.

 

Link to comment
Share on other sites

Thats true Brian, and I do not know why there is an admin folder under /home1/maketext/public_html/  anyway

Here is the current globals.inc.php, without any of the above

<?php
$glob['adminFile'] = 'admin.php';
$glob['adminFolder'] = 'admin';
$glob['dbdatabase'] = 'mart1';
$glob['dbhost'] = 'localhost';
$glob['dbpassword'] = '0i0';
$glob['dbprefix'] = '';
$glob['dbusername'] = 'ma1';
$glob['encoder'] = 'ioncube';
$glob['installed'] = '1';
?>

Edited by harrisorganic
remove private data
Link to comment
Share on other sites

Ok. Now remove all that private data from the above post.

I also notice this: [28-Nov-2015 08:35:19 America/Denver]

The time may be correct for Perth, but not for Denver. Please make an experiment (not that I expect this to fix anything) by setting the store's timezone (admin, Store Settings) to your timezone.

"I do not know why there is an admin folder under /home1/maketext/public_html/ anyway."

We should really find out what that folder belongs to.

Link to comment
Share on other sites

I think the server is in USA, probably Denver. I am pretty sure( from memory) the stores time zone is set for perth. However there is an issue with logging in as the 403 Forbidden raises its head with shop/admin.

re  home1/maketext/public_html/ admin I will change the name from admin to administ and see what happens. with the result of No change to shop and no change re login to admin. :( 

 

Edited by harrisorganic
Link to comment
Share on other sites

Using an external utility, such as phpMyAdmin, access your database directly.

Find a table named Cubecart_ccss_ip_addresses.

The Security Suite will cause a 403 header to be sent (and die() PHP) if the IP address currently accessing the site (probably in both admin and storefront) is in this table with a 'trusted' value of "0".

The Security Suite will also cause a 403 header to be sent (and die() PHP) if the module is set to allow only trusted IP addresses, and the IP address currently accessing the site (probably in admin only) is in this table with a 'trusted' value of "1".

You can try manually adding to this table. www.whatismyip.com

The setting, "Only allow trusted IP addresses" (checked or not checked), is probably in the database table Cubecart_config, the row where 'name' is "ccss". The 'array" column holds the module's settings. The value in this column is base_64 encoded. phpMyAdmin has some sort of method to decode, edit, and recode such values.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...