Inveo Community • [osCommerce] Register Globals MOD

Re: [osCommerce] Register Globals MOD

Posted: Mon Mar 03, 2008 1:52 am

by Chris

Hi,
I don't want to hijack the thread,but have some issues since I also installed the Register Globals Easy to Oscommerce 2.2 -MS2 with 051112, 051113 and 060817 security updates/patches.
Environment - PHP Version 5.2.4 Mysql 5
When I clear cache and go to the site I get the following error message - This error goes away after the first click . We have force cookies set to true - if this is set to false the warning does not show. :
Warning: extract() [function.extract]: First argument should be an array in /home/xxxxxx/public_html/includes/application_top.php on line 224
Code in application top file:

Code: Select all

// Register Globals MOD - http://www.magic-seo-url.com
  if (!ini_get("register_globals")) {
    if (version_compare(phpversion(), "4.1.0", "<") === true) {
      if (isset($HTTP_SESSION_VARS)) $_SESSION &= $HTTP_SESSION_VARS;
    }
    extract($_SESSION, EXTR_SKIP); //*****Line 224*****
  }

We also lose the permanent cart - When we log off with some items in the cart and clear the cache and cookies and log back in again the cart is empty. So the permanent cart feature is no longer working.
Does anyone have any ideas/suggestions.
Thanks,
Chris

Re: [osCommerce] Register Globals MOD

Posted: Sun May 25, 2008 1:10 pm

by inveo

Please change your line 224 to:

Code: Select all

if(!empty($_SESSION)) extract($_SESSION, EXTR_SKIP);

Re: [osCommerce] Register Globals MOD

Posted: Tue May 27, 2008 3:54 am

by Leveera

Hello,

I have the problem with latest version Register Globals MOD on my 2.2MS2
Problem is only in admin section
and only if to set Register_globals Off in php.ini

No problem if Register_globals ON

1. Admin language doesnt save selected language to browse admin pages. It is use default Windows or browser language
2. No open folder function in Admin ->Tools -> File manager (file_manager.php)
3. No customer shoping cart contents in Admin -> Tools -> Who is online (whos_online.php)

I checked mod installation many times and it is very simple and corrrect, so Im very confused. Here is my admin/includes/aplication_top.php
May be you can suggest something

Hope on you help

Code: Select all

 
<?php
/*
  $Id: application_top.php,v 1.162 2003/07/12 09:39:03 hpdl Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2003 osCommerce

  Released under the GNU General Public License
*/

  // Register Globals MOD - http://www.magic-seo-url.com
  if (version_compare(phpversion(), "4.1.0", "<") === true) {
    $_GET &= $HTTP_GET_VARS;
    $_POST &= $HTTP_POST_VARS;
    $_SERVER &= $HTTP_SERVER_VARS;
    $_FILES &= $HTTP_POST_FILES;
    $_ENV &= $HTTP_ENV_VARS;
    if (isset($HTTP_COOKIE_VARS)) $_COOKIE &= $HTTP_COOKIE_VARS;
  }

  if (!ini_get("register_globals")) {
    extract($_GET, EXTR_SKIP);
    extract($_POST, EXTR_SKIP);
    extract($_COOKIE, EXTR_SKIP);
  }

// Start the clock for the page parse time log
  define('PAGE_PARSE_START_TIME', microtime());

// Set the level of error reporting
  error_reporting(E_ALL & ~E_NOTICE);

// Check if register_globals is enabled.
// Since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized.
  /*if (function_exists('ini_get')) { // Register Globals MOD - http://www.magic-seo-url.com
    ini_get('register_globals') or exit('Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.');
  }*/

// Set the local configuration parameters - mainly for developers
  if (file_exists('includes/local/configure.php')) include('includes/local/configure.php');

// Include application configuration parameters
  require('includes/configure.php');

// Define the project version
  define('PROJECT_VERSION', 'osCommerce 2.2-MS2');

// set php_self in the local scope
  $PHP_SELF = (isset($HTTP_SERVER_VARS['PHP_SELF']) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_SERVER_VARS['SCRIPT_NAME']);

// Used in the "Backup Manager" to compress backups
  define('LOCAL_EXE_GZIP', '/usr/bin/gzip');
  define('LOCAL_EXE_GUNZIP', '/usr/bin/gunzip');
  define('LOCAL_EXE_ZIP', '/usr/local/bin/zip');
  define('LOCAL_EXE_UNZIP', '/usr/local/bin/unzip');

// include the list of project filenames
  require(DIR_WS_INCLUDES . 'filenames.php');

// include the list of project database tables
  require(DIR_WS_INCLUDES . 'database_tables.php');

// customization for the design layout
  define('BOX_WIDTH', 125); // how wide the boxes should be in pixels (default: 125)

// Define how do we update currency exchange rates
// Possible values are 'oanda' 'xe' or ''
  define('CURRENCY_SERVER_PRIMARY', 'oanda');
  define('CURRENCY_SERVER_BACKUP', 'xe');

// include the database functions
  require(DIR_WS_FUNCTIONS . 'database.php');

// make a connection to the database... now
  tep_db_connect() or die('Unable to connect to database server!');

// Define the admin login module
  require('incSession.php');

// set application wide parameters
  $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
  while ($configuration = tep_db_fetch_array($configuration_query)) {
    define($configuration['cfgKey'], $configuration['cfgValue']);
  }

// define our general functions used application-wide
  require(DIR_WS_FUNCTIONS . 'general.php');
  require(DIR_WS_FUNCTIONS . 'html_output.php');

// initialize the logger class
  require(DIR_WS_CLASSES . 'logger.php');

// include shopping cart class
  require(DIR_WS_CLASSES . 'shopping_cart.php');

// some code to solve compatibility issues
  require(DIR_WS_FUNCTIONS . 'compatibility.php');

// check to see if php implemented session management functions - if not, include php3/php4 compatible session class
  if (!function_exists('session_start')) {
    define('PHP_SESSION_NAME', 'osCAdminID');
    define('PHP_SESSION_PATH', '/');
    define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);

    include(DIR_WS_CLASSES . 'sessions.php');
  }

// define how the session functions will be used
  require(DIR_WS_FUNCTIONS . 'sessions.php');

// set the session name and save path
  tep_session_name('osCAdminID');
  tep_session_save_path(SESSION_WRITE_DIRECTORY);

// set the session cookie parameters
   if (function_exists('session_set_cookie_params')) {
    session_set_cookie_params(0, DIR_WS_ADMIN);
  } elseif (function_exists('ini_set')) {
    ini_set('session.cookie_lifetime', '0');
    ini_set('session.cookie_path', DIR_WS_ADMIN);
  }

// lets start our session
  tep_session_start();
  
  // Register Globals MOD - http://www.magic-seo-url.com
  if (!ini_get("register_globals")) {
    if (version_compare(phpversion(), "4.1.0", "<") === true) {
      if (isset($HTTP_SESSION_VARS)) $_SESSION &= $HTTP_SESSION_VARS;
    }
    extract($_SESSION, EXTR_SKIP);
  }

// set the language
  if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) {
    if (!tep_session_is_registered('language')) {
      tep_session_register('language');
      tep_session_register('languages_id');
    }

    include(DIR_WS_CLASSES . 'language.php');
    $lng = new language();

    if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) {
      $lng->set_language($HTTP_GET_VARS['language']);
    } else {
      // $lng->get_browser_language();
        $lng->set_language(DEFAULT_LANGUAGE);
    }

    $language = $lng->language['directory'];
    $languages_id = $lng->language['id'];
  }

// include the language translations
  require(DIR_WS_LANGUAGES . $language . '.php');
  $current_page = basename($PHP_SELF);
  if (file_exists(DIR_WS_LANGUAGES . $language . '/' . $current_page)) {
    include(DIR_WS_LANGUAGES . $language . '/' . $current_page);
  }

// define our localization functions
  require(DIR_WS_FUNCTIONS . 'localization.php');

// Include validation functions (right now only email address)
  require(DIR_WS_FUNCTIONS . 'validations.php');

// setup our boxes
  require(DIR_WS_CLASSES . 'table_block.php');
  require(DIR_WS_CLASSES . 'box.php');

// initialize the message stack for output messages
  require(DIR_WS_CLASSES . 'message_stack.php');
  $messageStack = new messageStack;

// split-page-results
  require(DIR_WS_CLASSES . 'split_page_results.php');

// entry/item info classes
  require(DIR_WS_CLASSES . 'object_info.php');

// email classes
  require(DIR_WS_CLASSES . 'mime.php');
  require(DIR_WS_CLASSES . 'email.php');

// file uploading class
  require(DIR_WS_CLASSES . 'upload.php');

// calculate category path
  if (isset($HTTP_GET_VARS['cPath'])) {
    $cPath = $HTTP_GET_VARS['cPath'];
  } else {
    $cPath = '';
  }

  if (tep_not_null($cPath)) {
    $cPath_array = tep_parse_category_path($cPath);
    $cPath = implode('_', $cPath_array);
    $current_category_id = $cPath_array[(sizeof($cPath_array)-1)];
  } else {
    $current_category_id = 0;
  }

// default open navigation box
  if (!tep_session_is_registered('selected_box')) {
    tep_session_register('selected_box');
    $selected_box = 'configuration';
  }

  if (isset($HTTP_GET_VARS['selected_box'])) {
    $selected_box = $HTTP_GET_VARS['selected_box'];
  }

// the following cache blocks are used in the Tools->Cache section
// ('language' in the filename is automatically replaced by available languages)
  $cache_blocks = array(array('title' => TEXT_CACHE_CATEGORIES, 'code' => 'categories', 'file' => 'categories_box-language.cache', 'multiple' => true),
                        array('title' => TEXT_CACHE_MANUFACTURERS, 'code' => 'manufacturers', 'file' => 'manufacturers_box-language.cache', 'multiple' => true),
                        array('title' => TEXT_CACHE_ALSO_PURCHASED, 'code' => 'also_purchased', 'file' => 'also_purchased-language.cache', 'multiple' => true)
                       );

// check if a default currency is set
  if (!defined('DEFAULT_CURRENCY')) {
    $messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error');
  }

// check if a default language is set
  if (!defined('DEFAULT_LANGUAGE')) {
    $messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error');
  }

  if (function_exists('ini_get') && ((bool)ini_get('file_uploads') == false) ) {
    $messageStack->add(WARNING_FILE_UPLOADS_DISABLED, 'warning');
  }
?>

Re: [osCommerce] Register Globals MOD

Posted: Tue Jun 03, 2008 12:52 am

by Leveera

Ok, thinking of the reason of the problem I posted above I noted what you
code in admin/includes/application_top.php

Code: Select all

 // Register Globals MOD - http://www.magic-seo-url.com
  if (!ini_get("register_globals")) {
    if (version_compare(phpversion(), "4.1.0", "<") === true) {
      if (isset($HTTP_SESSION_VARS)) $_SESSION &= $HTTP_SESSION_VARS;
    }
    extract($_SESSION, EXTR_SKIP);
  }

is placed above
// set the language
and
// include the language translations

So I decided to move you code under language section to test if the language
function starts properly on my localhost.

With REGISTER_GLOBALS ON /admin works fine
With REGISTER_GLOBALS OFF /admin/index.php has error

Warning: require(includes/languages/.php) [function.require]: failed to open
stream: No such file or directory in
Z:\home\mydomain\www\info\admin\includes\application_top.php on line 149

Fatal error: require() [function.require]: Failed opening required
'includes/languages/.php' (include_path='.;/usr/local/php5/PEAR') in
Z:\home\mydomain\www\info\admin\includes\application_top.php on line 149

line 149 is
// include the language translations
require(DIR_WS_LANGUAGES . $language . '.php');

This line is standard OSC coded. Im sure it should work in OFF mode as well
as in ON but it is not so.
Now I have a question why in OFF mode it fails?

Re: [osCommerce] Register Globals MOD

Posted: Sat Aug 15, 2009 7:27 am

by websitehelper

Fixed! Just experienced the same problem with an older oscommerce cart that stopped working. The problem occurred when I moved the site to a different server that used a newer version of php. You could possibly be experiencing this problem when your host upgraded your php. This caused some php keywords (that were deprecated from 4.1.0) to no longer work.

Here is the simple fix. Globally replace the following two deprecated php keywords in all your source code:

1. $HTTP_GET_VARS - change to $_GET
2. $HTTP_SERVER_VARS --> change to $_SERVER

I read also, somewhere, that instead of changing the variables (as noted above), you could put an entry into the php.ini file as follows:

1. register_long_arrays = On

but I did not do this. I prefer to fix the problem instead of masking it now only to rear its ugly head later. If you do try this second solution, then don't forget to restart your server to make the php.ini change take effect.