, Guest!
Already a Member? Login or Register.

Menu



Showcase


Due to the volume of spam happening on our forums, posting is now restricted to verified members only.  If you're not verified, drop us a note with your username.

Home > FlexCMS Support Forum > User Help > General Support Requests > ftp wont upload install.php saying virus?

FlexCMS Support Forum


ftp wont upload install.php saying virus?
Started November 7, 2008 @ 7:27pm by Rory
Post Message 
Pages:  [1]  2  

Rory


Posts: 30
 
ftp wont upload install.php saying virus?November 7, 2008 @ 7:27pm
Virus Detected and Removed: PHP.Iframe.Exploit.WHQ1.ASL.190703202802.UNOFFICIAL

Tried two ftps terrapin and ws_fpt tried uploading the 2.5 version install.php in ascii mode as instucted but the above message came up on both? Why?
 
DCSun
Administrator



Posts: 625
 
November 7, 2008 @ 9:05pm
Hi Rory,

Well that's a new one I've never seen before! Is this a client side (ie: installed on your computer) or server side antivirus package? Any information about the package you can provide would be helpful. If it's a client side package, try turning it off for the upload process.

The installation package uses an IFrame to detect whether your server needs the Windows query string patch, so perhaps that's what it's picking up. There's definitely no virus in it.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
November 10, 2008 @ 8:22am
Sorry for the delay in getting back to you, no access to a pc on weekends. Just raised this matter with my son (who is better than me at this sort of stuff) and he said he'd had the same problem with iframe uploading. So it IS a server problem which we are now raising with them. my son has also showed me a way round the problem by uploading directly via the server and not using ftp. Will let you know how I get on. Thanx for the quick reply.
 
Rory


Posts: 30
 
How can we link to a config fileNovember 12, 2008 @ 8:06am
Glad to say the flexi is up and running and so far I have come accross no problems.
Now we are trying to include a php script my son wrote and integrating it to be used with flexi.
We have so far copied all the files so they are in the same database as flexi. Now comes a problem my sons php opperates via a config file called cfg.php which is in a folder admin/includes
The current file that is not showing has this script at the top,
~~~~
<?php # index.php
// This is the main page for the site.

// Include the configuration file for error management and such.
require_once ('admin/includes/error.inc');
require_once ('admin/includes/cfg.php');

// Set the page title and include the HTML header.
$page_title = "{$MD_title_base}";
include_once ('admin/includes/header.html');

if (!isset($_SESSION['first_name'])) {

header ("Location: {$MD_url_login_forward}");
ob_end_clean();
exit();

} else {
....etc etc
~~~~~
what do I need to change it to to link with the cfg.php please

I have tried with and with out the <? php and ?> in the script.
 

Last Edit: November 12, 2008 @ 8:35am by Rory
DCSun
Administrator



Posts: 625
 
November 12, 2008 @ 12:14pm
Assuming the cfg.php file is in the admin/includes directory, you should be able to just do your existing "require_once" statement. Maybe try adding "./" to the beginning, so you get "require_once('./admin/includes/cfg.php')"?

That said, if you're within the same database as FlexCMS and running your code included in a FlexCMS page, you don't need to do any database connections, just start calling your MySQL commands.

As far as PHP tags, the FlexCMS blocks and pages use the PHP Eval(), so it's already treating them as PHP when you've got that set in the content options. So remove the <?php or <? from the top, and the ?> from the bottom. You can still use them to turn PHP on and off in the middle of the script, but remove them from the top and bottom.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
No Luck YetNovember 14, 2008 @ 5:58pm
By uploading an image into the admin/includes folder I found out the link to it needed just a / before admin
i.e.('/admin/includes/pic.jpg');
so I assume the way to the cfg file is the same, so the top of the script now reads....

// Include the configuration file for error management and such.
require_once ('/admin/includes/error.inc');
require_once ('/admin/includes/cfg.php');

if (!isset($_SESSION['first_name'])) {

header ("Location: {$MD_url_login_forward}");
ob_end_clean();
exit();

} else { etc etc.....

But the script still won't show.

Does the cfg file also have to have the <?php and ?> removed from both ends?
I have tried with and without, with no luck, but it could half my problem by knowing which is right.

The script currently has four pages within it, depending on how the form is filled out depends on which page they go to next, do iframes allow this? i.e.
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
cheers
R
 
DCSun
Administrator



Posts: 625
 
November 14, 2008 @ 8:06pm
You may very well run into problems making the subsequent pages display within FlexCMS, but the first one should display no matter what.

The included files do need the <? or <?php at the top and ?> at the end.

So what happens when you make a new file (say something.php), with the PHP open and close tags in it, along with the code you're trying to add to FlexCMS? If you can't run that script by itself outside of FlexCMS from the same folder where Flex is installed, you've got other issues.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
I give up on that route..November 17, 2008 @ 3:12pm
Just can't get that script to work using the pages in flex, so I have decide to recreate the header for a seperate page still using the same database and form script that works seperately, then at the end of the form link back, that way it will not look any different, could you please help by letting me know what is needed between the <?php and if ($LoggedIn == 'y') for the logged in name to show.
so far this what I have.
The MainUrl links work ok.

<?php


if ($LoggedIn == 'y') {
$NamePrint = $UserDisplayName.'!<td align="right" valign="top" width="*"><font size="1" color="'.$Colors['BText'].'"><A

HREF="'.$MainURL.'/options.html" class="BlockColors"><font face="'.$FontFace.'" size="1">Control Panel</font></A> | <A

HREF="'.$MainURL.'/profile-edit.html" class="BlockColors"><font face="'.$FontFace.'" size="1">Edit Profile</font></A> | <A

HREF="'.$MainURL.'/logout.html" class="BlockColors"><font face="'.$FontFace.'" size="1">Logout</font></A></font></td>';
} else {
$NamePrint = 'Guest!<td align="right" valign="top" width="*"><font face="'.$FontFace.'" size="1"

color="'.$Colors['BText'].'">Already a Member? <A HREF="'.$MainURL.'/login.html" class="BlockColors"><font

face="'.$FontFace.'" size="1">Login</font></A> or <a href="'.$MainURL.'/register.html"

class="BlockColors">Register</a></font></td>';
}
print ' etc etc....
many thanks
R
 
DCSun
Administrator



Posts: 625
 
November 17, 2008 @ 3:37pm

Code

include_once('./settings.php');

mysql_connect($DBServer, $DBUser, $DBPass) or die ("Could not connect to database");

mysql_select_db($DBDatabase) or die ("Could not select database");

$DBConnected = 'y';


$Settings['DBPrefix'] = $DBPrefix;




$query = "select * from `".$Settings['DBPrefix']."core-Settings`";
$result = mysql_query($query) or die (mysql_error());
while ($row = mysql_fetch_array($result)) {
$Settings[$row['Name']] = $row['Value'];
}

$CookieName = $Settings['CookieName'];

$CookieData = $_COOKIE[$CookieName];

$LoggedIn = 'n';
$UserLevel = 0;

// if the cookie exists and isn't empty
if ($CookieData != '' && $CookieData != 'not_logged_in') {

// split the username and password out
list ($CookieUsername, $CookiePassword) = split('==', $CookieData, 2);

// if username and password are both not empty
if ($CookieUsername != '' && $CookiePassword != '') {

//query the database and validate the input from the login page
//assign $result to do a lookup up in the database flexcms users table
//where the username is equal to the database field username, validates password
$query = "select RecordNumber,Level,Password,DisplayName,SessionLength from `".$Settings['DBPrefix']."core-Users` where Username='$CookieUsername' LIMIT 1";
$result = mysql_query($query) or die (mysql_error());

// if any rows are returned, the username exists
if (mysql_num_rows($result) != 0) {

$row = mysql_fetch_array($result);
// check the password returned from the database against the one in the cookie
if ($row['Password'] == $CookiePassword ) {
// passwords match
$LoggedIn = 'y';

$UserLevel = $row['Level'];
$UserNumber = $row['RecordNumber'];


if ($row['DisplayName'] != '') {
$UserDisplayName = $row['DisplayName'];
}
else {
$UserDisplayName = $CookieUsername;
}



if ($Arguments1 != 'count') {

$query2 = "select LastAction,LastLocation from `".$Settings['DBPrefix']."core-RecentActivity` where User='".$CookieUsername."' LIMIT 1";
$result2 = mysql_query($query2) or die (mysql_error());

// check to see if they're still in the recent activity table
if (mysql_num_rows($result2) != 0) {
// if they are, just update their current location and last action

$row2 = mysql_fetch_array($result2);
if (str_replace('\'', '\\\'', $row2['LastLocation']) != $QSData && $row2['LastLocation'] != $QSData) {
// if they've gone to a different page
$query = "update `".$Settings['DBPrefix']."core-RecentActivity` set LastAction='".time()."', LastLocation='".$QSData."', PreviousLocation='".str_replace('\'', '\\\'', $row2['LastLocation'])."' where User='".$CookieUsername."' LIMIT 1";
}
else {
// if they've just refreshed the current page
$query = "update `".$Settings['DBPrefix']."core-RecentActivity` set LastAction='".time()."' where User='".$CookieUsername."' LIMIT 1";
}
$result = mysql_query($query) or die (mysql_error());
}
else {
// if they're not still there, put them back in

$query = "insert into `".$Settings['DBPrefix']."core-RecentActivity` (User,Name,LastLocation,LastAction,SessionLength,UserOrGuest) values ('".$CookieUsername."','".$row['DisplayName']."','".$QSData."','".time()."','10','u')";
$result = mysql_query($query) or die (mysql_error());
}

$query = "update `".$Settings['DBPrefix']."core-Users` set LastAction='".time()."' where Username='".$CookieUsername."' LIMIT 1";
$result = mysql_query($query) or die (mysql_error());

} // end if not just the counter

}
else{
// passwords don't match
$LoggedIn = 'n';
}
}
// no rows returned, username doesn't exist
else {
$LoggedIn = 'n';
}
}

}



David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
Nearly there!!November 18, 2008 @ 8:21am
Just a couple of errors now showing on my new page outside of flex, I did have about a dozen, most were to do with the font color and $QSData which no longer show up. But I still have a couple to sort..
They are
This shows if the page is visited by a guest

An error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/admin/includes/header.html on line 78: Undefined index: FCLoginData12345

This error I am not too bothered about, as the link to the page will be for members only, but it would be nice if it was not there. I make line 78 as..... $CookieData = $_COOKIE[$CookieName];
~~~~~~~~~~~~~~~~
This shows if the page is visited when logged in

An error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/admin/includes/header.html on line 120: Undefined variable: Arguments1

I make line 120 as..... if ($Arguments1 != 'count') {

Here is what I added to the top of the .php text on the new page, can you tell me if it is right and what else is needed please?

$QSData = '/mypagename.php';
$ScriptName = "{$MD_title_base}";

~~~~~~~~~~~~~~~~~~~~
With the above in mind the link on the 'where are they now' auto adds .html so it becomes /mypagename.php.html is there a way around this?
Your help is much appreciated, my headache has nearly gone!!!
Many thanks
R
 

Last Edit: November 18, 2008 @ 8:55am by Rory
DCSun
Administrator



Posts: 625
 
November 18, 2008 @ 1:27pm
Take these two lines:

$CookieName = $Settings['CookieName'];
$CookieData = $_COOKIE[$CookieName];

and make it into:

$CookieData = $_COOKIE[$Settings['CookieName']];



At the top add the following:

$Arguments1 = 'mypagename.php';



As for the Where Are They Now page, that would be in its own file. inc-core-admin-where.php, lines 109 through 124. You can just remove the .html you see in those lines of code.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
Excellent !!November 19, 2008 @ 8:47am
Great help all works fine.
re the removing of the .html from the inc-core-admin-where.php file, wont that effect the other links or new page links (in the where section) that I ceate within flex?

Also I just purchased your pro package and upon testing the Guestbook, forum and news, they show six hours behind.
In Modify Advance Settings the server time is -7 (which is in the USA) my pc time (here in the UK) correct.
Ive tried changing to and from GMT to and from -7 and +6 but which ever way I try all still show six hours behind. Any ideas?
cheers
R
ps this forum shows 5 hours behind?
 

Last Edit: November 19, 2008 @ 12:33pm by Rory
DCSun
Administrator



Posts: 625
 
November 19, 2008 @ 1:28pm
No, the removal of .html from FlexCMS links won't have any impact. It's added purely for cosmetic reasons. If you're in index.php you'll see it looks for that and removes if it exists before doing any processing.

We recently became aware of the problem of times being incorrect because of servers being located in a different timezone than the website. While not really a bug or problem, it is something we'll be addressing in the next version. We also have a patched v2.5 available here: http://www.flexcms.com/downloads/flexcms_v2.5_time_change_beta.zip if you'd like to try it. To use it back up your database and any source files you've made changes to, then overlay all the files from the zip onto your site. What it does is replaces all calls to the PHP time() function with its own function that takes into account the timezone you've selected in the settings compared with the timezone reported by the server. Please note that is a beta version, and while very similar to the production FlexCMS you should test it all out before making the site live.

As for the forum here, that would need to be set in your profile on the site, an option which we'll look into adding in the near future.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
No LuckNovember 19, 2008 @ 7:08pm
The new Flex time_change just gave me a blank white page. So I had nothing to test. I uploaded all except the .gif's and .jpg's.

Have now reloaded original backup.

Also just noticed in the store block Shopping Cart it is still showing $ sign in total value, although on the main page it reads as £ as required.
 

Last Edit: November 19, 2008 @ 7:31pm by Rory
DCSun
Administrator



Posts: 625
 
November 19, 2008 @ 8:14pm
Blank white page isn't much to go on. Was that for all pages or one in particular? If you'd like to give us FTP information I'm happy to try debugging it for you. Otherwise I don't really have any suggestions.

As for the shopping cart block, there's a line about 10 up from the bottom that looks like this:

$CartContents = 'Items: '.number_format($ItemsCount,0).'<br>Total Value: $'.number_format($Total,2);

it should be replaced with:


Code

if ($ecSettings['CurrencyLocation'] == '' || $ecSettings['CurrencyLocation'] == 'b') {
if ($ecSettings['Currency'] == '') {
$CurrencyBefore = '$';
}
else {
$CurrencyBefore = $ecSettings['Currency'];
}
}
else {
if ($ecSettings['Currency'] == '') {
$CurrencyAfter = '$';
}
else {
$CurrencyAfter = $ecSettings['Currency'];
}
}



if ($ecSettings['PriceDecimals'] == '') {
$ecSettings['PriceDecimals'] = 2;
}


if ($ecSettings['DecimalSymbol'] == '') {
$ecSettings['DecimalSymbol'] = '.';
}


if ($ecSettings['ThousandsSep'] == '') {
$ecSettings['ThousandsSep'] = ',';
}


$CartContents = 'Items: '.number_format($ItemsCount,0).'<br>Total Value: '.$CurrencyBefore.number_format($Total,$ecSettings['PriceDecimals'], $ecSettings['DecimalSymbol'], $ecSettings['ThousandsSep']).$CurrencyAfter;



David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
$ sign still showing in place!November 20, 2008 @ 9:57am
£ sign shows in the block section most of the time. However in the main page in
Manage Shipping Options, Store Sales and the View Order Details
The $ sign still shows.
And it reverts back to a $ sign in the block (except the in View order details where it stays as £). $ also shows in the block when in Control Panel and Switch Templates.
~~~~~~~~~~~~~~
How about a link to a currency types that paypal accepts, near the box wher you put USD (dollar) or GBP (pound), just an idea.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My son had a quick look at the Guestbook inc-gb-idx and added gm before date to read gmdate which converted all the entries to UK time, the only problem I can see with his alteration is it can not be altered from the control panel.
I have now changed .date in all areas to read gmdate and it seemed to do the trick. No plans on moving from the UK!
Thanks for the offer to delve in, may hold you to that for something else.
~~~~~~~~~~~~~~
Also I Found in the 'Modify Settings & Preferences' where it shows
Display Actual Stock?:
Determines whether the actual number of items in stock is displayed.
It has two Yes's in the dropdown bar. The top one should read No!
This is the reason why
No number of 'stock left' is shown (when below the set ten items) if the top yes is picked.
I picked the other Yes and the figure did show how many were left.
Where do I change the top Yes to a No please?
~~~~~~~~~~~~~
Finally how do I stop say a £3.00 item showing up as 1 @ £3.0000 in the checkout section?
many thanks
R
 
DCSun
Administrator



Posts: 625
 
November 20, 2008 @ 6:29pm
Yes, the GMDate trick should solve it for you. It only works if you're in the same timezone as GMT though!

The PayPal currency list isn't a bad idea. They're hard to get information out of and things can always change on their end, which was why we left that an input box rather than a dropdown. Something to take another look at in the future I guess.

Yes we're aware of the dropdown issue. You can fix that on your site by changing line 218 in inc-ec-admin-store-prefs.php to the following:
<option value="n"'.$DisplayActualStockSelected['n'].'> '.$MsgText[0][119].'</option>
(should have the 119 part instead of both being 118).

I'll have a look at the other currency issues as soon as possible and get back to you. Note that it's just a symbol display problem, and they're not actually converted to dollars.


David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
November 21, 2008 @ 9:47am
Many thanks, sorted the two yes's.
Is there a place where I can view what all the '$MsgText[0][?]' mean?
i.e.
119 = yes
118 = No
etc etc?

Just await the answer to the £3.0000 prob and the remaining $
many thanks.
 

Last Edit: November 21, 2008 @ 9:48am by Rory
DCSun
Administrator



Posts: 625
 
November 21, 2008 @ 12:15pm
Yes, all those strings can be easily viewed (and modified if you wish) in the language pack. Those are stored in the languages folder, for example inc-core-lang-english.php is the English one.

David


FlexCMS v3.2 Has Been Released!
 
Rory


Posts: 30
 
BrillNovember 22, 2008 @ 12:53pm
Great, helps me understand where everything is.

If I wanted to add say....
<? echo $MsgText[10][1]; ?>
in a html page I made (outside of flex).
I have so far added
<?
include_once('languages/inc-core-lang-english.php');
?>
to the top of the page and the text required shows ok, but I get a lot of error messages all relating to SPN, is there any way around these please?

An error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 248: Undefined variable: SPNAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 335: Undefined variable: SPNAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 438: Undefined variable: SPNAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 441: Undefined variable: SPNAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 465: Undefined variable: ManualLinkAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 465: Undefined variable: SPNAn error occurred in script /var/www/vhosts/mydomain.co.uk/httpdocs/languages/inc-core-lang-english.php on line 663: Undefined variable: SPN

Cheers
R
 

Last Edit: November 22, 2008 @ 2:12pm by Rory

Pages:  [1]  2  

Post Message 




Try & Buy FeedForAll - Easy to use RSS Feed Creator - great for iTunes users!

MEMBERS




All Contents, Code, Scripts and Technologies Copyright 2003-2009 FlexCMS.
All Rights Reserved. Software License Agreement

Processing Time: 0.08180 seconds.
 
Management Login

Powered By FlexCMS
Powered By FlexCMS