Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17
  1. #11
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Sales and Special prices not being applied at checkout

    Ummm. I highly suggest that you continue a full file comparison of your site with a clean install as it would appear that you're site has been hacked. The method of entry is not evident and would likely need to be discovered and closed, but that code is an attempt to access data on/in your system.

    Please follow the advise of this ZC posting on addressing being hacked: http://www.zen-cart.com/wiki/index.p...ing_From_Hacks
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  2. #12
    Join Date
    Oct 2017
    Location
    NE PA
    Posts
    8
    Plugin Contributions
    0

    Default Re: Sales and Special prices not being applied at checkout

    Thank you very much! I shall do a full file comparison.
    Its hard to see how a hacker got in, as ftp and ssh are closed to all but my own ip address. I run on a private server.
    BTW, removing that garbage fixed the price in the shopping cart, but the system still charged full price.

  3. #13
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Sales and Special prices not being applied at checkout

    Quote Originally Posted by wgpeters1 View Post
    Thank you very much! I shall do a full file comparison.
    Its hard to see how a hacker got in, as ftp and ssh are closed to all but my own ip address. I run on a private server.
    BTW, removing that garbage fixed the price in the shopping cart, but the system still charged full price.
    Yeah, guessing that there are/will be other such garbage in your files. The path to get there... Well, it only takes one vulnerability one time to be made accessible whether it is/was an admin login from a computer that had a keystroke logger or other infection or an image obtained that offered a way in or similar and it could have been there for a long time but only now has been discovered...

    Anyways, yeah there are more things to have to review to try to "complete" the remainder of the checkout process, but it seems like the issue could exist in multiple locations and possibly just come back anyways...
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  4. #14
    Join Date
    Oct 2017
    Location
    NE PA
    Posts
    8
    Plugin Contributions
    0

    Default Re: Sales and Special prices not being applied at checkout

    So far, I have found a handful of bad files:

    ./docs/javascript9.php
    ./includes/extra_configures/search.php
    ./includes/index_filters/ydeldjbz.php
    ./includes/classes/ajax/ajax.php
    ./includes/classes/shopping_cart.php
    ./includes/functions/extra_functions/help.php
    ./work/includes/languages/blog.php
    ./work/includes/auto_loaders/ini1.php

    I have gone through all the files twice. Everything appears to function properly now.
    As a precaution, I changed my zencart passwords, and the root password on my private server.

    I do really appreciate the help you have given me. It never even occurred to me that my site might have been hacked.

    I am a C programmer, and truthfully not at all proficient with php. I find the architecture of zencart very confusing but it does work well :)

    Thanks,

    Bill

  5. #15
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Sales and Special prices not being applied at checkout

    I get ya' on the architecture and/or language differences. Once the additional aspects of php/web related data are considered, the issues seem to sort of fall away.

    The code does and does not process straight through like you might expect a c program to go. There's all these "external" input that can have a significant impact, between session data, post data, get data, specific class data, database definitions that could change between one load and the next, server specific data, etc... I think I eventually found that somewhat going through the includes/application_top.php file and taking the time to both skim the called files and actually review them offered a lot of understanding in how all the things were brought together. There's still a myriad of parts that I haven't really looked at, but mostly a matter of if/when I need to look I do.

    I apologize for not suggesting some comparison tools that could (have?) made the task a little easier for comparison. Generically there's say WinCompare as an open source app. I've seen a few others recently discussed that are considered favorable. I still primarily use Beyond Compare until I find something that could be considered better. Yes, most definitely want to look at what files are present that shouldn't be in addition to what files have been modified, but also want to take another look at what files may be missing that shouldn't be: for example in many of the sub-directories should be an .htaccess file to support security controls. That said, it also depends on the server setup if the existing content of the file(s) are sufficient or if the same file(s) from a newer version need to be used or otherwise modified. While I expect that you've gotten through the how to recover instruction and seen the part about file/folder permissions, that too is important and if you're not planning to significantly modify your existing site you could lock down most of your files/folders to reduce the chances and opportunities for them to get altered.

    As to the discovery. Well, it's kind of why many of the posting tip questions are presented. Most things should work out-of-the-box. There are a few issues for various reasons and ways to get around/correct most of them if they are an issue to one site or another. Generally when something doesn't work it's because something else made an alteration... from there, process of elimination right? :)

    Anyways, glad that you were able to get things back on track. May want to adjust any/all username password combinations associated with your site including the database username/password, cpanel, etc... take a look through the admin user profiles associated with your store, etc... etc... etc... I'm probably repeating things from the recover actions, I just can't stress enough the importance of not stopping at just the surface. Figure if someone was able to place a file, they were also able to read one...
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

  6. #16
    Join Date
    Oct 2017
    Location
    NE PA
    Posts
    8
    Plugin Contributions
    0

    Default Re: Sales and Special prices not being applied at checkout

    I think I will do one more thing. I will run 'find . | xargs touch' on my zencart files to change the date stamps on all the files to be the same.
    Knowing the install date for my year old site helped a lot in finding files that were added or changed.

  7. #17
    Join Date
    Jul 2012
    Posts
    16,718
    Plugin Contributions
    17

    Default Re: Sales and Special prices not being applied at checkout

    Quote Originally Posted by wgpeters1 View Post
    I think I will do one more thing. I will run 'find . | xargs touch' on my zencart files to change the date stamps on all the files to be the same.
    Knowing the install date for my year old site helped a lot in finding files that were added or changed.
    I'm sure it helped, hopefully it wasn't the only method used though, that is an attribute that could just as easily be "reproduced" in a future attempt. Content and what occurs, those things help identify discrepancies. It's also a good reason why more than one backup copy should exist to be able to go back to the time before and be able to recover from that particular edit.
    ZC Installation/Maintenance Support <- Site
    Contribution for contributions welcome...

 

 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Wholesale price is not applied at special prices
    By dmagic in forum Setting Up Specials and SaleMaker
    Replies: 0
    Last Post: 23 Nov 2011, 09:25 AM
  2. Special pricing % not being applied to quantity discount ranges set
    By Inudat1966 in forum Setting Up Specials and SaleMaker
    Replies: 0
    Last Post: 24 Aug 2010, 04:35 PM
  3. Sales Tax not being applied
    By JimCrown in forum Managing Customers and Orders
    Replies: 1
    Last Post: 26 Sep 2007, 05:50 PM
  4. Coupon Not Being Applied at Checkout
    By SarahMD in forum Discounts/Coupons, Gift Certificates, Newsletters, Ads
    Replies: 1
    Last Post: 25 May 2006, 05:38 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR