!!! osc-Cart4nuke Admin Error Fix 4 Ravennuke !!!

Posted: Thu Nov 26, 2009 6:29 am

If you get this Error:

Installed on a ravennuke 2.40 but get the following error in the admin section. Unable to locate the RavenNukeTM configuration file - INCLUDE_PATHrnconfig.php

It could be missing or not readable. Please verify that the file exists and is readable in the root folder.

Fix:

Open Your config.php in Your Ravennuke root with a Editor and go to Line 94.
Change this lines ( 96-98 )

to:

Code:




   //echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";


   //echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';


   //die();

Now you can enter the osc Admin Panel.

Best Regards

Peter

registered · Posted: Thu Nov 26, 2009 8:13 am

Just be aware that it is possible other functions with RavenNuke(tm) now will not work per the settings in rnconfig.php. The better fix would be to make sure INCLUDE_PATH is set properly within the OSC code.

Do an:

If (!defined('INCLUDE_PATH')) {
define('INCLUDE_PATH', 'put the correct path here');
}

Posted: Thu Nov 26, 2009 4:21 pm

Ok thanx i will fix it directly and its comes with the next Version

Best Regards

Peter

Posted: Thu Nov 26, 2009 5:28 pm

Montego, you are right. After making that change and attempting to fix the security hole in the osc admin I can no longer sign it on my nuke admin page.

Peter where would that change go? I am working with a non-production setup so I can make any type of changes for testing purposes.

Posted: Thu Nov 26, 2009 5:48 pm

bobbyg wrote:

Montego, you are right. After making that change and attempting to fix the security hole in the osc admin I can no longer sign it on my nuke admin page.

Peter where would that change go? I am working with a non-production setup so I can make any type of changes for testing purposes.

The Security fix is only a changing of the osc admin Loginpage.

Original osc Admin Loginpage:

Code:




<?php


/*


  $Id: login.php 1739 2007-12-20 00:52:16Z hpdl $





  osCommerce, Open Source E-Commerce Solutions


  http://www.oscommerce.com





  Copyright (c) 2007 osCommerce





  Released under the GNU General Public License


*/





  require('includes/application_top.php');


  require('includes/functions/password_funcs.php');





  $action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');





  if (tep_not_null($action)) {


    switch ($action) {


      case 'process':


        $username = tep_db_prepare_input($HTTP_POST_VARS['username']);


        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);





        $check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");





        if (tep_db_num_rows($check_query) == 1) {


          $check = tep_db_fetch_array($check_query);





          if (tep_validate_password($password, $check['user_password'])) {


            tep_session_register('admin');





            $admin = array('id' => $check['id'],


                           'username' => $check['user_name']);





            if (tep_session_is_registered('redirect_origin')) {


              $page = $redirect_origin['page'];


              $get_string = '';





              if (function_exists('http_build_query')) {


                $get_string = http_build_query($redirect_origin['get']);


              }





              tep_session_unregister('redirect_origin');





              tep_redirect(tep_href_link($page, $get_string));


            } else {


              tep_redirect(tep_href_link(FILENAME_DEFAULT));


            }


          }


        }





        $messageStack->add(ERROR_INVALID_ADMINISTRATOR, 'error');





        break;





      case 'logoff':


        tep_session_unregister('selected_box');


        tep_session_unregister('admin');


        tep_redirect(tep_href_link(FILENAME_DEFAULT));





        break;





      case 'create':


        $check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");





        if (tep_db_num_rows($check_query) == 0) {


          $username = tep_db_prepare_input($HTTP_POST_VARS['username']);


          $password = tep_db_prepare_input($HTTP_POST_VARS['password']);





          tep_db_query('insert into ' . TABLE_ADMINISTRATORS . ' (user_name, user_password) values ("' . $username . '", "' . tep_encrypt_password($password) . '")');


        }





        tep_redirect(tep_href_link(FILENAME_LOGIN));





        break;


    }


  }





  $languages = tep_get_languages();


  $languages_array = array();


  $languages_selected = DEFAULT_LANGUAGE;


  for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {


    $languages_array[] = array('id' => $languages[$i]['code'],


                               'text' => $languages[$i]['name']);


    if ($languages[$i]['directory'] == $language) {


      $languages_selected = $languages[$i]['code'];


    }


  }





  $admins_check_query = tep_db_query("select id from " . TABLE_ADMINISTRATORS . " limit 1");


  if (tep_db_num_rows($admins_check_query) < 1) {


    $messageStack->add(TEXT_CREATE_FIRST_ADMINISTRATOR, 'warning');


  }


?>


<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">


<html <?php echo HTML_PARAMS; ?>>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">


<meta name="robots" content="noindex,nofollow">


<title><?php echo TITLE; ?></title>


<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">


<script language="javascript" src="includes/general.js"></script>


</head>


<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF" onload="SetFocus();">


<!-- header //-->


<?php require(DIR_WS_INCLUDES . 'header.php'); ?>


<!-- header_eof //-->





<!-- body //-->


<table border="0" width="100%" cellspacing="2" cellpadding="2">


  <tr>


    <td><table border="0" width="100%" cellspacing="0" cellpadding="0" height="40">


      <tr>


        <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>


        <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onChange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td>


      </tr>


    </table></td>


  </tr>


  <tr>


    <td>





<?php


  $heading = array();


  $contents = array();





  if (tep_db_num_rows($admins_check_query) > 0) {


    $heading[] = array('text' => '<b>' . HEADING_TITLE . '</b>');





    $contents = array('form' => tep_draw_form('login', FILENAME_LOGIN, 'action=process'));


    $contents[] = array('text' => TEXT_USERNAME . '<br>' . tep_draw_input_field('username'));


    $contents[] = array('text' => '<br>' . TEXT_PASSWORD . '<br>' . tep_draw_password_field('password'));


    $contents[] = array('align' => 'center', 'text' => '<br><input type="submit" value="' . BUTTON_LOGIN . '" />');


  } else {


    $heading[] = array('text' => '<b>' . HEADING_TITLE . '</b>');





    $contents = array('form' => tep_draw_form('login', FILENAME_LOGIN, 'action=create'));


    $contents[] = array('text' => TEXT_CREATE_FIRST_ADMINISTRATOR);


    $contents[] = array('text' => '<br>' . TEXT_USERNAME . '<br>' . tep_draw_input_field('username'));


    $contents[] = array('text' => '<br>' . TEXT_PASSWORD . '<br>' . tep_draw_password_field('password'));


    $contents[] = array('align' => 'center', 'text' => '<br><input type="submit" value="' . BUTTON_CREATE_ADMINISTRATOR . '" />');


  }





  $box = new box;


  echo $box->infoBox($heading, $contents);


?>





    </td>


  </tr>


</table>


<!-- body_eof //-->





<!-- footer //-->


<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>


<!-- footer_eof //-->


<br>


</body>


</html>


<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Did you have delete Your old Cookies ??

The osc admin login page of the osc modules has nothing to with the intervention Nukelogin. You should also can log in with the fix in Nuke.
I use it on Nuke Platinum and on Ravennuke 2.4 without login problems.

Try it with the original osc admin Loginpage Code.

The Security Fix redirect only Guests nto the Index page, if the will go on the osc adminlogin Page directly.

The Reason:

If you dont have a osc Admin in the osc database someone can make a admin and manipulate your shop.

If you have osc Admins, too you dont need the security fix.
You need it only if you dont have osc Admins (Only Nuke Admin).

The osc-Cart4nuke Modules dont need the security patch, because the patch are in the Modules installed

The End of the config.php must look so:

config.php:

Code:




if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';


else {


   //echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";


   //echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';


   //die();


    require_once 'rnconfig.php';


}

Only the echos are comments out.

Edit: go to line 59 in the Mainfile and change the Code to:

Code:




if ($phpver >= '4.0.4pl1' && isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'],'compatible')) {


   if (extension_loaded('zlib')) {


      @ob_end_clean();


  //ob_start('ob_gzhandler');


  ini_set("zlib.output_compression", '6');


   }


} elseif ($phpver > '4.0' && isset($_SERVER['HTTP_ACCEPT_ENCODING']) && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])) {


   if (strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {

Best Regards

Peter

Posted: Thu Nov 26, 2009 6:11 pm

That die() is there for a reason and should NOT be commented out.

Posted: Thu Nov 26, 2009 6:18 pm

Ok so i must fix it on a other way.

If i commented the die() in i get a blank admin Page.

Tomorow not today. I go sleep now.

Best Reagrds

Peter

Posted: Fri Nov 27, 2009 10:30 am

Ok, now i find a good way for the fix:

Open in /modules/catalog/admin/includes the application_top.php:

Change the code from line 16 - 17 to:

Old:

Code:




// Set the level of error reporting


  error_reporting(E_ALL & ~E_NOTICE);

New:

Code:




// Set the level of error reporting


  define('CATALOG_ADMIN', true);


  error_reporting(E_ALL & ~E_NOTICE);

Line 29 - 32:

From Old:

Code:




// Include application configuration parameters


  //require('includes/configure.php');


  @require('./../../../config.php');


  //require('includes/configure.php');


  define('CATALOG_ADMIN', true);


  error_reporting(E_ALL & ~E_NOTICE);

To New:

Code:




// Include application configuration parameters


  //require('includes/configure.php');


if(defined('FORUM_ADMIN')) define('INCLUDE_PATH', '../../../');


elseif(defined('CATALOG_ADMIN')) define('INCLUDE_PATH', './../../../');


else define('INCLUDE_PATH', './../../../');





  @require_once('./../../../config.php');


  if (file_exists('./../../../rnconfig.php')) {


 include('./../../../rnconfig.php');


}


  require('includes/configure.php');

You can set now the lines in the config.php on Line 94 - 100 back to:

Code:




if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';


else {


   echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br><br>";


   echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';


   die();


    require_once 'rnconfig.php';


}

Now you can login without the error in the Osc Admin Panel.

This new Fix is Tested only with the osc-Cart4nuke Modules

//Edit

Open in modules/catalog/admin/includes the configure.php and change the completly Code to this Code:

Code:




<?php


  //-----  autodetect values start -----


  $script_filename = getenv('PATH_TRANSLATED');


  if (empty($script_filename)) $script_filename = getenv('SCRIPT_FILENAME');





  $script_filename = str_replace('\\', '/', $script_filename);


  $script_filename = str_replace('//', '/', $script_filename);





  $dir_fs_www_root_array = explode('/', dirname($script_filename));


  $dir_fs_www_root = array();


  for ($i=0, $n=sizeof($dir_fs_www_root_array); $i<$n; $i++) {


    $dir_fs_www_root[] = $dir_fs_www_root_array[$i];


  }


  $dir_fs_www_root = implode('/', $dir_fs_www_root) . '/';


  $www_location = 'http://' . getenv('HTTP_HOST') . getenv('SCRIPT_NAME');


  $www_location_array = explode('/', dirname($www_location));


  $www_location = array();


  for ($i=0, $n=sizeof($www_location_array); $i<$n; $i++) {


    $www_location[] = $www_location_array[$i];


  }


  $www_location = implode('/', $www_location) . '/';


  $sub_folder = "http://" . getenv('HTTP_HOST')."";


  $sub_folder = str_replace($sub_folder, "", $www_location);


  $admin_path = str_replace('modules/catalog/admin/', "", $dir_fs_www_root);


  $catalog_path = str_replace('admin/', "", $sub_folder);


  $thepath = "http://" . getenv('HTTP_HOST');


      


  define('STORE_SESSIONS', 'mysql');


  define('HTTP_SERVER', $thepath); // eg, http://localhost - should not be empty for productive servers


  define('HTTPS_CATALOG_SERVER', $thepath);


  define('ENABLE_SSL_CATALOG', false); // secure webserver for catalog module


  define('DIR_FS_DOCUMENT_ROOT', $admin_path); // where the pages are located on the server


  define('DIR_WS_ADMIN', $sub_folder); // absolute path required


  define('DIR_FS_ADMIN', $dir_fs_www_root); // absolute pate required


  define('DIR_WS_CATALOG', $catalog_path); // absolute path required


  define('DIR_FS_CATALOG', $admin_path. 'modules/catalog/'); // absolute path required


  define('DIR_WS_IMAGES', 'images/');


  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');


  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');


  define('DIR_WS_INCLUDES', 'includes/');


  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');


  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');


  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');


  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');


  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');


  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');


  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');


  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');


  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');


  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');


  define('DIR_WS_PDF_CATALOGS', DIR_FS_CATALOG. 'modules/catalog/catalogues/');


      


  define('DB_SERVER', $dbhost); // eg, localhost - should not be empty for productive servers


  define('DB_SERVER_USERNAME', $dbuname);


  define('DB_SERVER_PASSWORD', $dbpass);


  define('DB_DATABASE', $dbname);


  define('USE_PCONNECT', 'false'); // use persistent connections?


?>

//Edit End

Best Regards

Peter

Posted: Fri Nov 27, 2009 1:23 pm

bdmdesign, good job.

BTW, you added the additional line:

require_once 'rnconfig.php';

after the die(); that is not in the main distribution. It shouldn't affect your processing, but it is unnecessary.

Posted: Fri Nov 27, 2009 2:09 pm

montego wrote:

bdmdesign, good job.

BTW, you added the additional line:

require_once 'rnconfig.php';

after the die(); that is not in the main distribution. It shouldn't affect your processing, but it is unnecessary.

Yes you are rigth.

Please use this Code for the config.php:

Code:




if (defined('INCLUDE_PATH') && file_exists(INCLUDE_PATH . 'rnconfig.php')) require_once INCLUDE_PATH . 'rnconfig.php';


else {


   echo 'Unable to locate the RavenNuke&trade; configuration file - ' . INCLUDE_PATH . 'rnconfig.php' . "\n<br /><br />";


   echo 'It could be missing or not readable.  Please verify that the file exists and is readable in the root folder.';


   die();


}

Best Regards

Peter

Posted: Fri Nov 27, 2009 6:44 pm

Applied those changes and was able to get to the catalog administration. However, somehow during the original install of osc and the login to the admin did not work because it would not recognize the captcha code. I got to the admin by setting the status $gfx_chk = 0;

Also, new registration would not work at all. I cleared the cache numerous times in as many different attempts. I am wondering if deleting and doing a complete new install followed by the addon would make a difference or have the same result.

I can't determine how the captcha and registration module for Ravennuke got affected.

Posted: Fri Nov 27, 2009 7:23 pm

I have the captcha Code off, too but the new registrations works (not with Opera)

I have your E-Mail and send you tomorow my settings in the rnconfig.

Best Regards

Peter

Posted: Sat Nov 28, 2009 6:23 am

OK the Capatcha issues cames from the osc Modules.

I will try to fix it now.

Best Regards

Peter

Posted: Sat Nov 28, 2009 6:35 am

the captcha bug is a session issue.

Posted: Sat Nov 28, 2009 6:40 am

wHiTeHaT wrote:

the captcha bug is a session issue.

Yes, but in RN 2.4.x your Fix dont works:

Quote:

To avoid problem with security code and sessions of oscommerce, you have to
change on top of your phpnuke mainfile.php the zlib compression
find the following code

ob_start('ob_gzhandler');

quote it

//ob_start('ob_gzhandler');

and put instead

ini_set("zlib.output_compression", '6');

so you finaly have

//ob_start('ob_gzhandler');
ini_set("zlib.output_compression", '6');

Best Regards

Peter

Posted: Sat Nov 28, 2009 6:48 am

that fix has nothing to do with the captcha, it is a server enviroment fix.
The problem with the captcha is couse of the session is already created by oscommerce.
To fix this you need to recode either RN session (suggested is to completely take it out),or oscommerces sessions(not recommended).

The choice is simple ,you either try to fix a complete store based on sessions, or a 1 time only used captcha code.

Posted: Sat Nov 28, 2009 6:55 am

Assoon as i configurated my laptop , i continue to work on the new Only registered users can see links on this board! Get registered or login!
For now i only have to sort out some header stuff.

Posted: Sat Nov 28, 2009 7:30 am

Since osc is added to RN as a module, then RN the sessions for both should be controlled by RN.

Posted: Sat Nov 28, 2009 7:39 am

Best would be if the captcha runs as a module aswell. Wink

Posted: Sun Nov 29, 2009 5:00 am

When developing third party code and using PHP sessions you should be able to use a named session
session_name('cart');
session_start(cart);
If you use just the defaulet
session_start() it appends that session to the previous one.

Posted: Mon Aug 01, 2011 11:12 am

Moin Moin Brothers and Sisters Very Happy

I worked now on the new osc4pragmamx 2.3.1 Modules and I work my way into the Se4ssions on the Store and the PragmaMx CMS. If the Modules works without a bridge without Erros, so i can port it easier to Ravennuke

Best Regards

Peter