标签归档:ecshop

宇宙超级烂的垃圾浏览器360

360真是垃圾到不能再垃圾了,搞个什么安全浏览器忽悠小白们用,居然会自动变HTTP_USER_AGENT,真不知道这帮人脑子怎么长的,送他们去朝鲜吧!下面是apache的日志里查出来一个ip访问网站的记录

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; 360SE)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; 360SE)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; 360SE)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; 360SE)
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; 360SE)

想不通,怎么会有这种弱智存在,导致有些程序ECSHOP会莫名其妙的session失效。现象为无法登录,购物车无法使用等。ECSHOP需要修改
include/cls_session.php
这个文件来解决问题

ecshop 2.6.2 sitemaps.php的一个bug

生成的sitemap文件,商品分类文件,如果是
http://www.abc.com/category-1-b0.html
在sitemap文件里面少了一个”/”
结果变成了
http://www.abc.comcategory-1-b0.html
分类是
修改代码
sitemaps.php大约第66行

'loc'        =>  "$site_url" . build_uri('category', array('cid' => $row['cat_id'])),

改成

'loc'        =>  "$site_url/" . build_uri('category', array('cid' => $row['cat_id'])),

即可

FCKEditor XML Request Error:Internal Server Error(500)

原来一直能用的ecshop后台信息发布里面的fckeditor上传功能,换了个机器后不能用了。以为是文件损坏,上传一边不行。
什么xml错误,还弹出一个大的JavaScript alert警告框,内容就是服务器端错误的500内容
网上搜,又说是配置问题,主题问题,想想都不应该,直接请求
filemanager/connectors/php/connector.php
出了服务器的500错误,html文件能访问,txt也行。
后来从根目录开始查,发现到fckeditor目录里面的php文件开始不能访问。
改了fckeditor目录的属性为755,问题解决。

修改ecshop后台admin目录为任意目录名

ecshop有个地方配置admin的目录名
data/config.php

$admin_dir = “admin”;
但是直接改不行,因为很多地方,这个目录名字被硬编码进去了,直接改会有很多地方报错。

网上搜到一篇文章,整理了一些需要修改的地方,内容转帖如下:

1.修改data/config.php
   1. $admin_dir = "admin";
修改成
   1. $admin_dir = "新目录名";
2.修改admin/index.php
   1.   //货号
   2.         require_once(ROOT_PATH . 'admin/includes/lib_goods.php');
修改成
   1. require_once(ROOT_PATH . $admin_dir.'/includes/lib_goods.php');
3.修改admin/database.php
   1. require_once(ROOT_PATH . 'admin/includes/cls_sql_dump.php');
修改成
   1. require_once(ROOT_PATH . $admin_dir.'/includes/cls_sql_dump.php');
4.修改admin/get_password.php
   1. $reset_email = $ecs->url() . 'admin/get_password.php?act=reset_pwd&uid='.$admin_id.'&code='.$code;
   2.   修改成
   3. $reset_email = $ecs->url() .  $admin_dir.'/get_password.php?act=reset_pwd&uid='.$admin_id.'&code='.$code;
5.修改admin/goods.php
   1. require_once(ROOT_PATH . '/admin/includes/lib_goods.php');
   2.   修改成
   3. require_once(ROOT_PATH . $admin_dir.'/includes/lib_goods.php');
6.修改admin/check_file_priv.php
   1. $dir[]                     = 'admin';
   2.   修改成
   3. $dir[]                     = $admin_dir;
7.修改admin/includes/init.php
   1. if (file_exists(ROOT_PATH . 'data/config.php'))
   2. {
   3.      include(ROOT_PATH . 'data/config.php');
   4. }
   5. else
   6. {
   7.      include(ROOT_PATH . 'includes/config.php');
   8. }
   9.   修改成下面代码,并将代码移至“/* 取得当前ecshop所在的根目录 */”注释之前。
  10. if (file_exists('../data/config.php'))
  11. {
  12.      include('../data/config.php');
  13. }
  14. else
  15. {
  16.      include('../includes/config.php');
  17. }
   1. define('ROOT_PATH', str_replace('admin/includes/init.php', '', str_replace('\\', '/', __FILE__)));
   2.   修改成
   3. define('ROOT_PATH', str_replace($admin_dir.'/includes/init.php', '', str_replace('\\', '/', __FILE__)));
 
   1. require(ROOT_PATH . 'admin/includes/lib_main.php');
   2.   修改成
   3. require(ROOT_PATH . $admin_dir.'/includes/lib_main.php');
   1. require(ROOT_PATH . 'admin/includes/cls_exchange.php');
   2.   修改成
   3. require(ROOT_PATH . $admin_dir.'/includes/cls_exchange.php');
   1. $smarty->template_dir  = ROOT_PATH . 'admin/templates';
   2.   修改成
   3. $smarty->template_dir  = ROOT_PATH . $admin_dir.'/templates';
 
   1. $admin_path = preg_replace('/:\d+/', '', $ecs->url()) . 'admin';
   2.   修改成
   3. $admin_path = preg_replace('/:\d+/', '', $ecs->url()) . $admin_dir;
8.修改include/lib_main.php
   1. include_once(ROOT_PATH . 'admin/includes/lib_template.php');
修改成
   1.
   2. global $admin_dir;
   3. include_once(ROOT_PATH . $admin_dir.'/includes/lib_template.php');
9.修改include/cls_ecshop.php
   1.     $curr = strpos(PHP_SELF, 'admin/') !== false ?
   2.   preg_replace('/(.*)(admin)(\/?)(.)*/i', '\1', dirname(PHP_SELF)) :
   3.   dirname(PHP_SELF);
修改成
   1. global $admin_dir;
   2.         $curr = strpos(PHP_SELF, $admin_dir.'/') !== false ?
   3.                 preg_replace('/(.*)('.$admin_dir.')(\/?)(.)*/i', '\1', dirname(PHP_SELF)) :
   4.                 dirname(PHP_SELF);
10.如果担心$admin_dir变量注入安全问题可以在data/config.php文件中define('EC_CHARSET','utf-8');后增加
   1. define('ADMIN_DIR','新目录名');
然后将所有修改的$admin_dir变量修改成ADMIN_DIR,例如:
   1. require_once(ROOT_PATH . $admin_dir.'/includes/lib_goods.php');
   2. 修改成
   3. require_once(ROOT_PATH . ADMIN_DIR.'/includes/lib_goods.php');
11.根据pjb126 网友提示修改/admin/picture_batch.php
将
   1. include_once(ROOT_PATH . '/admin/includes/lib_goods.php');
   2. 修改成
   3. include_once(ROOT_PATH .$admin_dir.'/includes/lib_goods.php');
12.新增修改quotation.php
   1. include_once(ROOT_PATH . 'admin/includes/lib_main.php');
修改成
   1.
   2. global $admin_dir;
   3.     include_once(ROOT_PATH . $admin_dir.'/includes/lib_main.php');

但是,我改过这些之后,还发现可能还有三个文件需要修改

admin/filecheck.php:
api/client/includes/lib_api.php
ecshopfiles.md5

关键字 ‘admin’

ecshop和discuz的2段代码

最近想装一下ecshop和discuz2个程序,装的时候看到2段代码
ecshop的

<script type=”text/javascript” src=”http://api.ecshop.com/checkver.php?ver=<?php
 echo $this->_var['ecs_version']; ?>&lang=<?php
 echo $this->_var['ecs_lang']; ?>&release=<?php 
echo $this->_var['ecs_release']; ?>&php_ver=<?php 
echo $this->_var['sys_info']['php_ver']; ?>&mysql_ver=<?php 
echo $this->_var['sys_info']['mysql_ver']; ?>&ocount=<?php 
echo $this->_var['order']['stats']['oCount']; ?>&oamount=<?php
 echo $this->_var['order']['stats']['oAmount']; ?>&gcount=<?php
 echo $this->_var['goods']['total']; ?>&charset=<?php
 echo $this->_var['ecs_charset']; ?>”></script>

discuz的

<script src=”http://<?=$insenz&#91;url&#93;?>/news.php?id=<?=$insenz&#91;siteid&#93;?>&t=<?=$timestamp?>&k=<?=md5($insenz&#91;authkey&#93;.$insenz&#91;siteid&#93;.$timestamp.’Discuz!’)?>&insenz_version=<?=INSENZ_VERSION?>&discuz_version=<?=DISCUZ_VERSION.’ - ‘.DISCUZ_RELEASE?>&random=<?=random(4)?>”
 type=”text/javascript” charset=”UTF-8″></script>
echo ‘<sc’
.'ript language=”Jav’.'aScript” src=”
ht’.'tp:/’.'/cus’.'tome’.'r.disc’.'uz.n’.'et/n’
.'ews’.’.p’.'hp?’.bbsinformation().’”></s’.'cri’.'pt>’;

恩,很好很强大