Don't you *just* love hackers? (I hope you got the note of sarcasm there?)
I have just noticed a new and interesting Wordpress hack on one of my sites.
Just after the body tag on all the pages there was an iframe that had been injected.
However the src of the iframe wasn't any way external (hence I couldn't see it in the Net panel on Firebug)
but it was pointing to my own index.php - which had an obfuscated string after it.
I set off to track down this code. And found it eventually in the header.php of my theme just after the body; tag:
<?php include_once("wp-includes/common.class.php") ?gt;
common-class.php? Sounds so innocent right? It has to be part of the core WP files?
Nope, when I looked at it it was a quite complex (1000+ lines of php) program that inserted an iframe src
from an array gotten from some bloke's Tumblr site. Grrrrrr!
Anyway I've clearly removed this now and the site seems to be behaving itself now.
But I need now to figure out how he got in (change FTP passwords all round methinks) and feel like I need to report this hack to someone so they know how to track it down - should I post it on the Wordpress.org forum?
Useful web development tips & tricks we have collected from working with Wordpress, Zencart, Magento, jQuery, HTML & CSS over the years.
Thursday, 19 January 2012
Friday, 19 August 2011
Salemaker not working in Zen Cart
I had 2 clients who found that creating a 'Salemaker' sale had absolutely no effect on their shop's prices. Instructions were followed to the letter, yet still no discounts were applied to any products.
I then read up a bit about the 'salemaker' process, and noticed that the important element is the 'master_categories_id' field in the product record. If you happened to have imported all your products using the Easy Populate module, I don't think this field is populated, therefore salemaker won't work!
Fortunately you can reset this field from the Store Manager option on the admin page. Sure enough, I clicked the 'reset' button and all the sales magically appeared!
I then read up a bit about the 'salemaker' process, and noticed that the important element is the 'master_categories_id' field in the product record. If you happened to have imported all your products using the Easy Populate module, I don't think this field is populated, therefore salemaker won't work!
Fortunately you can reset this field from the Store Manager option on the admin page. Sure enough, I clicked the 'reset' button and all the sales magically appeared!
Monday, 11 July 2011
Editing existing products in Zen Cart admin blanks out title and description.
On a recent install of Zen cart I was baffled why, whenever I edited a product, I'd have to re-enter the product name & description each time.
What was even stranger that this was a working zen cart template I had used previously on another site.
I should have known it was going to be a server issue!
What was even stranger that this was a working zen cart template I had used previously on another site.
I should have known it was going to be a server issue!
Friday, 8 July 2011
How can I edit my photos easily for my website/blog?
I often build CMS (either off the shelf Wordpress ones or bespoke ones that use TinyMCE rich text editors) and I have clients wanting to add their own photos.
Sometimes they complain that the image editor/uploader incorporated in the CMS doesn't allow them to do fancy effects/resizing giant photos.
Well the thing is, web CMS are simply places to manage your content - if you want to edit pictures properly and deal with the large images that modern cameras produce, you really need proper image editing software (and no, Paint doesn't count)
Sometimes they complain that the image editor/uploader incorporated in the CMS doesn't allow them to do fancy effects/resizing giant photos.
Well the thing is, web CMS are simply places to manage your content - if you want to edit pictures properly and deal with the large images that modern cameras produce, you really need proper image editing software (and no, Paint doesn't count)
Monday, 4 July 2011
Zencart - EZ-Pages & CEO URI Mapping plugin
I love the CEON.dev's plugin for URI rewriting for ZenCart, but I always end up scratching my head when it comes to adding entries for extra pages. So for posterity here are the most useful bits of SQL.
Heres the insert SQL for a new EZ-Page:
For an about us page
Heres the insert SQL for a new EZ-Page:
INSERT INTO `DBNAME`.`ceon_uri_mappings` (`uri`, `language_id`, `current_uri`, `main_page`, `query_string_parameters`, `associated_db_id`, `alternate_uri`, `redirection_type_code`, `date_added`) VALUES ('YOUR_URL', '1', '1', 'page', NULL, 'YOUR_EZ_PAGE_ID', NULL, '301', '0000-00-00 00:00:00');
For an about us page
INSERT INTO `DBNAME`.`ceon_uri_mappings` (`uri`, `language_id`, `current_uri`, `main_page`, `query_string_parameters`, `associated_db_id`, `alternate_uri`, `redirection_type_code`, `date_added`) VALUES ('/about-us', '1', '1', 'about_us', NULL, NULL, NULL, '301', '0000-00-00 00:00:00');
Friday, 24 June 2011
Zen Cart orders mysteriously absent from Admin
I have a client who has been concerned for some time that he couldn't see any of his customer orders in the admin panel of Zen Cart. He was only mildly concerned, as the orders were being processed and paid for correctly, and the orders were appearing in the PayPal IPN module within the admin pages.
After a couple of hours unsuccessful trawling of the forums, I decided to copy the query from the orders.php source, and paste it into phpMyAdmin. Sure enough, no results even though there were orders in the 'orders' table. However, the query was returning nothing as it relied on a join with the 'orders_status' table, which for some reason was empty in this installation. I added the default values (pending, processing, delivered etc) and voila, orders appearing as expected.
It pays to check the easy stuff first - if you have no orders showing, check the localization-orders status section within admin and make sure it has some content.
After a couple of hours unsuccessful trawling of the forums, I decided to copy the query from the orders.php source, and paste it into phpMyAdmin. Sure enough, no results even though there were orders in the 'orders' table. However, the query was returning nothing as it relied on a join with the 'orders_status' table, which for some reason was empty in this installation. I added the default values (pending, processing, delivered etc) and voila, orders appearing as expected.
It pays to check the easy stuff first - if you have no orders showing, check the localization-orders status section within admin and make sure it has some content.
Tuesday, 21 June 2011
Zen cart customer login problems
This one had me scratching my head for a while...
Built a new Zen Cart site, registered as a customer and added some products to my cart. All fine until I try to checkout, when I just get redirected to the home page after re-entering my credentials. Occasionally I'd get the 'whoops, session expired' message, but mostly KC was fairly unhelpful in its responses.
Turns out you need to go to ADMIN-CONFIG-SESSIONS and set the 'Recreate Session' flag to 'false'. Absolutely no idea why, but it seems to fix the problem.
Gotta love it.
Built a new Zen Cart site, registered as a customer and added some products to my cart. All fine until I try to checkout, when I just get redirected to the home page after re-entering my credentials. Occasionally I'd get the 'whoops, session expired' message, but mostly KC was fairly unhelpful in its responses.
Turns out you need to go to ADMIN-CONFIG-SESSIONS and set the 'Recreate Session' flag to 'false'. Absolutely no idea why, but it seems to fix the problem.
Gotta love it.
Subscribe to:
Posts (Atom)