Hello friends today i am sharing with you an interesting hack for Interspire Shopping Cart or BigCommerce admin login hack which i got to tasked some time ago :
Note : In this hack you must have at-least valid user name this hack only bypass wrong password
Follow below instructions :
1) login to FTP
2) Navigate to admin/includes/classes
3) Locate the class class.auth.php
4) And around line number 235 you will find the this code
[php]if ($autoLogin || $userManager->verifyPassword($uid, $loginPass) == true) [/php]
Replace this with this one do not forget to save the original code
[php] if (1) [/php]
And try login with valid username and any password.
Hope this could help someone :-)
Tuesday, July 30, 2013
Saturday, July 27, 2013
Magento : Basic debugging steps
Enable PHP Errors
This is key to most issues. For security or other reasons, PHP error display could likely be disabled by default by your PHP configuration.
You can enable errors with a more permanent solution, or merely something more temporary.
Permanent solution
For Apache/mod_php users
In your document root's .htaccess file - just drop this at the top.
[html]
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
php_flag log_errors on
php_value error_log /home/path/public_html/var/log/system.log
[/html]
For Nginx/FastCGI users
In your Nginx virtualhost configuration, in either the final location .php { directive, or in the fastcgi_params file (if you have one specified)
[html]
fastcgi_param PHP_VALUE display_startup_errors=on;
fastcgi_param PHP_VALUE display_errors=on;
fastcgi_param PHP_VALUE html_errors=on;
fastcgi_param PHP_VALUE log_errors=on;
fastcgi_param PHP_VALUE error_log=/home/path/public_html/var/log/system.log;
[/html]
Temporary/Universal solution
For any platform
Edit the Magento bootstrap index.php in your document root and uncomment the following line:
[html]#ini_set('display_errors', 1);[/html]
Enable Developer Mode
When you've had an error and suddenly hit the "Error Report" page, and been given a seemingly useless error string like 1184257287824 - you've got a few options.
Permanent solution
For Apache/mod_php users
In your document root .htaccess file - just drop this at the top.
[html]SetEnv MAGE_IS_DEVELOPER_MODE true[/html]
For Nginx/fastcgi users
In your Nginx virtualhost configuration, in either the final location .php { directive, or in the fastcgi_params file (if you have one specified)
[html]fastcgi_param MAGE_IS_DEVELOPER_MODE true;[/html]
Temporary/Universal solution
Edit the Magento bootstrap index.php in your document root and either make the if statement always true, or enabled for your specific IP.
[html]
if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE']) || true) {
Mage::setIsDeveloperMode(true);
}
[/html]
or
[html]
if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE']) || $_SERVER['REMOTE_ADDR'] == 'my.ip.add.ress') {
Mage::setIsDeveloperMode(true);
}
[/html]
Check your permissions
Incorrect permissions will cause a wealth of problems, a lot of which are not that easy to find at first glance.
[html]
For example.
If PHP cannot write to the ./media directory and you have JS combine enabled - Magento is unable to generate the combined file and associated unique URI for the media. So instead, what you'll find in your browser source code is a full server path to the media file /home/path/public_html/media/xxx
[/html]
Otherwise, the site can appear to be functioning as normal - with no critical errors actually visible.
Please bear in mind, this practice is secure for dedicated hosting but may present security issues with shared hosting if the Apache process isn’t chroot’ed per user.
In our example, the SSH/FTP user is magegurus, the Apache user is apache and the group is apache
Add the FTP/SSH user to the Apache group
Most importantly, we need to make sure that the FTP/SSH user is part of the Apache group, in our example, its apache(but is also commonly www-data)
[html]usermod -a -G apache magegurus[/html]
Keep adding as many users to the group as you have for FTP/SSH.
Reset original permissions
So before we start, lets make sure all the permissions are correct.
[html]chown -R magegurus:apache /home/path/public_html/
find /home/path/public_html/ -type d -exec chmod 775 {} \;
find /home/path/public_html/ -type f -exec chmod 664 {} \;[/html]
Making the changes permanent
ACLs and Sticky Bits
ACLs in Linux allow us to define specific rules, in our case, what permissions files should inherit upon creation. A
sticky bit
(mentioned later) takes care of group inheritance, but does not help with the permissions, which is why we use ACLs.Start by enabling ACL support on the active partition,
please ensure your Kernel was compiled with ACL support.
Your partition may be /, /home, /var or something else, replace as appropriate.
[html]mount -o remount,acl /home[/html]
Now ACLs are enabled, we can set the ACL rules and group sticky bits:
[html]setfacl -d -m u::rwx,g::rwx,o::rx /home/path/public_html/
chmod g+s /home/path/public_html/[/html]
But I don’t have ACL support
If your Kernel doesn’t support ACLs you can also use umask (which is a run time setting for BASH, FTP and PHP) to set the default file permissions. Magento usually sets umask(0) in index.php, however, it would be in your interests to change this.
In your index.php change the umask line to be
[html]umask(022);[/html]
And in your BASH environment for SSH, set this in either your .bashrc or .bash_profile
[html]umask 022[/html]
For your FTP server, you’ll need to read the documentation for it, but the principle is the same.
Revert theme to default
Its possible that either your theme or package is responsible for this issue. Reverting back to a vanilla Magento theme is a quick way to find out.
*This comes with the caveat that some modules may be dependent on certain theme features
Rather than change anything via the admin panel, it is much simpler to merely rename the offending directories.
Via SSH
[html]mv ./app/design/frontend/myBrokenTheme{,.tmp}
mv ./skin/frontend/myBrokenTheme{,.tmp}[/html]
Or via your FTP client, traverse and rename your package to something else. eg. myBrokenTheme.tmp
If this resolves your issue
Then you need to dig a bit deeper as to what part of the template is problematic. So restore your package and attempt the following, testing between each.
Essentially, the process is to gradually enable directories as you traverse down the file tree - until you can find the offending file.
Rename the layout directory to .tmp
Rename the template directory to .tmp
Then if either yields a fix, rename all files within the layout directory to .tmp - (for the SSH users ls | xargs -I {} mv {} {}.tmp or rename 's/^/.tmp/' *)
Then gradually enable each file 1 by 1 until resolved.
If this doesn't resolve your issue
There is potential that your base/default or enterprise/default directories have become contaminated - and are best replaced with a known clean version.
You can do this by downloading a clean build of Magento and replacing your directories as necessary. Via SSH you can do this:
[html]cd /home/path/public_html/
mkdir clean_mage
cd clean_mage
MAGENTO_VERSION=1.7.0.0
wget -O magento.tgz http://www.magentocommerce.com/downloads/assets/$MAGENTO_VERSION/magento-$MAGENTO_VERSION.tar.gz
tar xvfz magento.tgz
cd /home/path/public_html/app/design/frontend
mv base{,.tmp}
cp -par /home/path/public_html/clean_mage/magento/app/design/frontend/base .
cd /home/path/public_html/skin/frontend
mv base{,.tmp}
cp -par /home/path/public_html/clean_mage/magento/skin/frontend/base .[/html]
You can also take the opportunity to diff the two directories if you want to verify any changes.
[html]diff -r base base.tmp[/html]
NB. This method will cause more errors during the process, as module dependency dictates the existence of specific files. Unfortunately, its par for the course.
Disable local modules
By default, Magento defines the PHP include path to load classes in the following order
[html]Local > Community > Core[/html]
[html]If a file is in Local - load it and do no more.
If a file is in community - load it and do no more.
If a file can't be found anywhere else - load it from the core.[/html]
Again, rather than disable modules via the Magento admin panel, it is more practical to do this at a file level.
Typically, to disable a module the "proper" way, you would edit the respective ./app/etc/modules/MyModule.xml file and set
If another class extends a given class in a module (ignoring any Magento dependency declarations), it will still be loaded - regardless of whether the extension is disabled or not.
So again, the best means to disable an extension is to rename the directory.
Begin by disabling local
Just rename the directory via FTP, or use the following SSH command
[html]mv ./app/code/local{,.tmp}[/html]
Then disable community
[html]mv ./app/code/community{,.tmp}[/html]
If the issue is resolved from either
Then it is a case of understanding which module in particular the error stemmed from. As with the example given above for the package diagnosis, the same process applies.
So restore the X directory and attempt the following, testing between each.
Essentially, the process is to gradually enable directories (modules) one-by-one until the error re-occurs
1) Rename all the modules in the directory to .tmp (for the SSH users ls | xargs -I {} mv {} {}.tmp or rename 's/^/.tmp/' *)
2) Gradually enable each module one-by-one, by removing .tmp from the file name
If the issue is not resolved
Then it is possible the core itself is contaminated. The main Magento PHP core consists of
[html]./app/code/core./lib[/html]
So again, rename these directories and copy in a clean variant. Assuming you already downloaded a clean version of Magento as above, via SSH, you can do this:
[html]cd /home/path/public_html/app/code
mv core{,.tmp}
cp -par /home/path/public_html/clean_mage/magento/app/code/core .[/html]
Then if the issue still isn't resolved, replace the lib directory too
[html]cd /home/path/public_html
mv lib{,.tmp}
cp -par /home/path/public_html/clean_mage/magento/lib .[/html]
At this point, your Magento store will be nothing more than a vanilla installation with a modified database.
Some models are actually still stored in the database (Eg. order increment) - so at this point, it becomes a case of manually making those edits. So far, all the steps above have been reversible with no lasting damage. But if we were in import a clean Magento database too - it could prove irreversible (short of restoring a backup).
The guide above serves to get you on your way to identifying an error; not to fixing the resultant error.
Hope it helps some one :-)
Monday, July 15, 2013
Magento : How to add custom options programmatically
Here guys i am here with another interesting post on magento for creating product custom options programmatically.
[php]
$option = array(
'title' => 'Your custom option title',
'type' => 'radio', // could be drop_down ,checkbox , multiple
'is_require' => 1,
'sort_order' => 0,
'values' => getOptions()
);
function getOptions(){
return array(
array(
'title' => 'Option Value 1',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 1',
'sort_order' => '1'
),
array(
'title' => 'Option Value 2',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 2',
'sort_order' => '1'
),
array(
'title' => 'Option Value 3',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 3',
'sort_order' => '1'
)
);
}
//Suppose we are creating a new product.
$product = Mage::getModel('catalog/product');
$product->setProductOptions(array($option));
$product->setCanSaveCustomOptions(true);
//Or if we are adding the options to a already created product.
$product = Mage::getModel('catalog/product')->load($id);
$product->setProductOptions(array($option));
$product->setCanSaveCustomOptions(true);
//Do not forget to save the product
$product->save();
[/php]
Hope it helps some one :-)
[php]
$option = array(
'title' => 'Your custom option title',
'type' => 'radio', // could be drop_down ,checkbox , multiple
'is_require' => 1,
'sort_order' => 0,
'values' => getOptions()
);
function getOptions(){
return array(
array(
'title' => 'Option Value 1',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 1',
'sort_order' => '1'
),
array(
'title' => 'Option Value 2',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 2',
'sort_order' => '1'
),
array(
'title' => 'Option Value 3',
'price' =>100,
'price_type' => 'fixed',
'sku' => 'any sku for 3',
'sort_order' => '1'
)
);
}
//Suppose we are creating a new product.
$product = Mage::getModel('catalog/product');
$product->setProductOptions(array($option));
$product->setCanSaveCustomOptions(true);
//Or if we are adding the options to a already created product.
$product = Mage::getModel('catalog/product')->load($id);
$product->setProductOptions(array($option));
$product->setCanSaveCustomOptions(true);
//Do not forget to save the product
$product->save();
[/php]
Hope it helps some one :-)
Saturday, July 13, 2013
Magento : Get Product info from Order
Hi guys,
Today i am going to share with you a interesting bit of code that will help you finding the product order info from the order created in the admin.
For version 1.7 :
[php]
$orders = Mage::getResourceModel('sales/order_collection')
->addAttributeToSelect('*')
->addFieldToFilter('status', array("in" => array(
'complete', // If you want to get all orders just remove these filters.
'closed')
))
->addAttributeToFilter('store_id', Mage::app()->getStore()->getId())
->addAttributeToSort('created_at', 'asc')
->load();
foreach($orders as $order){
$items = $order->getAllVisibleItems();
foreach($items as $item){
$orderId = $order->getIncrementId();
$productid = $item->getSku();
$QtyOrdered = $item->getQtyOrdered();
$Price = $item->getPrice();
$Name = $item->getName();
}
}
[/php]
Today i am going to share with you a interesting bit of code that will help you finding the product order info from the order created in the admin.
For version 1.7 :
[php]
$orders = Mage::getResourceModel('sales/order_collection')
->addAttributeToSelect('*')
->addFieldToFilter('status', array("in" => array(
'complete', // If you want to get all orders just remove these filters.
'closed')
))
->addAttributeToFilter('store_id', Mage::app()->getStore()->getId())
->addAttributeToSort('created_at', 'asc')
->load();
foreach($orders as $order){
$items = $order->getAllVisibleItems();
foreach($items as $item){
$orderId = $order->getIncrementId();
$productid = $item->getSku();
$QtyOrdered = $item->getQtyOrdered();
$Price = $item->getPrice();
$Name = $item->getName();
}
}
[/php]
PHP : How to get external site cookies using php curl functions
If you work with PHP aggressively you may be came to think some time how you can get the cookies from the external site i.e. cookies from google.com or from your favorite site here is bit of code i want to share with you for this.
[php]
// open a site
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.google.com");
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0');
curl_setopt($ch, CURLOPT_HEADER ,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$content = curl_exec($ch);
// get cookies
$cookies = array();
preg_match_all('/Set-Cookie:(?<cookie>\s{0,}.*)$/im', $content, $cookies);
print_r($cookies['cookie']);
[/php]
Hope it helps someone. :-)
[php]
// open a site
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://www.google.com");
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0');
curl_setopt($ch, CURLOPT_HEADER ,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER ,1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION ,1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$content = curl_exec($ch);
// get cookies
$cookies = array();
preg_match_all('/Set-Cookie:(?<cookie>\s{0,}.*)$/im', $content, $cookies);
print_r($cookies['cookie']);
[/php]
Hope it helps someone. :-)
Monday, July 1, 2013
Magento : Remove prices from drop -down custom options
Hi.. guys here is a simple javascript code for removing prices from the custom options drop down text.
[js]
<script type="text/javascript">
//<![CDATA[
var $j = jQuery.noConflict();
$j(document).ready(function(e) {
$j("select.product-custom-option option:first-child").html("Select");
checkoptions();
$j("select.product-custom-option").change(function(){
checkoptions();
});
});
function checkoptions(){
$j("select.product-custom-option option").each(function(){
var optiontext = jQuery(this).text();
var addsignpos = optiontext.indexOf('+');
var subtractsignpos = optiontext.indexOf('-');
if(addsignpos>0){
var result = optiontext.substring(0,addsignpos-1);
$j(this).html(result);
}
if(subtractsignpos>0){
var result = optiontext.substring(0,subtractsignpos-1);
$j(this).html(result);
}
});
}
//]]>
</script>
[/js]
Hope it helps some one. enjoy :-)
[js]
<script type="text/javascript">
//<![CDATA[
var $j = jQuery.noConflict();
$j(document).ready(function(e) {
$j("select.product-custom-option option:first-child").html("Select");
checkoptions();
$j("select.product-custom-option").change(function(){
checkoptions();
});
});
function checkoptions(){
$j("select.product-custom-option option").each(function(){
var optiontext = jQuery(this).text();
var addsignpos = optiontext.indexOf('+');
var subtractsignpos = optiontext.indexOf('-');
if(addsignpos>0){
var result = optiontext.substring(0,addsignpos-1);
$j(this).html(result);
}
if(subtractsignpos>0){
var result = optiontext.substring(0,subtractsignpos-1);
$j(this).html(result);
}
});
}
//]]>
</script>
[/js]
Hope it helps some one. enjoy :-)
Subscribe to:
Comments (Atom)