SEOPerfectCart Articles

According to the standard, the comma
operator has lower precedence than any of the JOIN variants.
Thus the query:
select * from t1, t2 join t3 on a=b;
actually means:
select * from t1, (t2 join t3 on a=b);
Since (according to ANSI SQL) column names in an ON
condition are resolved against the join operands (t2, t3 in
this case), then the first query above must produce a
name resolution error, because there is no column 'a' in
tables t2, t3.

On the other hand the query:
select * from (t1, t2) join t3 on a=b;
means that the whole cross-product (t1, t2) is the left
join operand. Consequently column 'a' in the ON
condition can be resolved against the table (t1, t2).

All this is described in the latest 5.0 manual:
http://dev.mysql.com/doc/refman/5.0/en/join.html

therefore:

catalog/wishlist.php around line 50

replace $products_query with the following

$products_query = tep_db_query("
SELECT pd.products_id,
pd.products_name,
pd.products_description,
p.products_image,
p.products_status,
p.products_price,
p.products_tax_class_id,
IF(s.status, s.specials_new_products_price, NULL)
AS specials_new_products_price,
IF(s.status, s.specials_new_products_price, p.products_price)
AS final_price
FROM (" . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd)
LEFT JOIN " . TABLE_SPECIALS . " s
ON (p.products_id = s.products_id)
WHERE pd.products_id = '" . $product_id . "' AND p.products_id = pd.products_id AND pd.language_id = '" . $languages_id . "' order by products_name");

and in file catalog/includes/boxes/wishlist.php

near line 45 replace $products_query with the following

$products_query = tep_db_query("
SELECT pd.products_id,
pd.products_name,
pd.products_description,
p.products_image,
p.products_price,
p.products_tax_class_id,
IF(s.status, s.specials_new_products_price, NULL)
AS specials_new_products_price,
IF(s.status, s.specials_new_products_price, p.products_price)
AS final_price from (" . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_DESCRIPTION . " pd)
LEFT JOIN " . TABLE_SPECIALS . " s
ON (p.products_id = s.products_id)
WHERE pd.products_id = '" . $wishlist_id . "' AND p.products_id = pd.products_id AND pd.language_id = '" . $languages_id . "' order by products_name");

See this in action at OBAZAAR or download at SEOPerfectCart

epharma and adult sites are hacking the internet and its worldwide using hidden div ’s after the footer

Recently some of my blogs began showing a higher risk rating on the security Toolbar. After some chin scratching, I decided to start looking at the code. I could not find anything obvious on the top level files. Then I pulled a HTML raw source code on my blog by right clicking and using the application View Page Source on FireFox or View Source on IE. Right after the FOOTER in the source I found about 1000 links to a few dot coms: mattworkman, weddingsatwork, reclaiminghistory, pop77, internetmarketingtowomenblog, which have probably been hacked. I will give them the benefit of the doubt and say they must have been hacked as I was. The difference being that these sites have hundreds of blog pages dedicated to e-pharmacy sites. The pages have head statements that look like this:

All three of these sites have been compromised and if you follow the links in the source code on each site you will spend the rest of your life opening sites that have been hacked with pages that iframe to epharma such as tablets-city dot com or topmeds10 dot com

At this time I am leaning towards xmlrpc.php as the exploit. This is just a guess since I do not understand how they could be logging into the admin area without having my passwords. In WordPress the footer can be changed from admin. The HTML is actually being written directly into the wp-content/themes/*** your-template *** which is a cool trick on my site considering that all the folders are protected from direct http access.

In WordPress you can edit site content by typing in:

http://www.yourdomain.com/wp-admin/templates.php?file=wp-content/themes/yourtemplate/footer.php

Usually you have to be logged in as an administrator to do this.

The truth is I am not much of a BLUE HAT when it comes to exploiting search engines. I believe it is survival of the fittest. What these hackers are doing is actually stealing bandwidth and causing sites to be delisted and marked as security risks. That crosses the line. I am putting a call out to responsible hackers and wordpress experts to help in closing the expliot. Use the comment field and leave a few links I will allow them.

I have updated WordPress from 2.3.1 to 2.6.1 and have added quite a few htaccess files hoping to close the exploit. I will wait and see and report back.

What is the underscore mean? In PHP code on request variables such as ($_GET and $_POST)?

When submitting a form, it is possible to use an image instead of the standard submit button with a tag like:

If you happen to have Microsoft Outlook and paid Adobe huge money for Adobe PDF 7.0 Professional they want you to upgrade at a price to fix the following problem.

Across the top of the toolbar in Microsoft Outlook 2000 you will have multiple instances of the following tab

Adobe PDF Adobe PDF Adobe PDF Adobe PDF Adobe PDF

Everytime you restart your computer another one will be added.

Adobe shows its true colors. Basically they could not figure out how to fix the problem so their answer is for you to buy Acrobat 8. I do not believe this fixes the problem only stops new occurrences.

http://kb.adobe.com/selfservice/viewContent.do?externalId=331832&sliceId=2

If you have attempted to install Wishlist 3.5 on a server running MySQL 5 you may have received the following error

1054 - Unknown column ‘p.products_id’ in ‘on clause’

SEOPerfectCart forum has recently experienced a rash of spammers. These are people who obviously are trying for a quick link and failed to read the conduct and permissions on the forum. We have devised a quick fix to deny spammers the ability to benefit from creating accounts and having bots index the links without actually adding content to the site. If you want the code you need to follow the READ MORE link ……

Has Google lost its mind!!??

I recently checked out my Adwords account and I found every one of my keywords and phrases on all my campaigns say the following or a derivative thereof:

Inactive for search
Increase quality or bid $10.00 to activate

After hours of scouring the internet I have found what I think is the answer!!

Blocking robots using robots.txt or IP addresses are both bad ideas.
Bad robots generally do not pay attention to robots.txt.
Blocking IP addresses as some have suggested has all kinds repercussions.

The following suggestings should help …..

Have you lost the ability to display html or javascript or google adsense banners in phpnuke 7.9 3.2 patched?

Change line 1458 in mainfile.php from

1458 $ad_code = filter($row2['ad_code'], "nohtml");

to
1458 $ad_code = $row2['ad_code'];

this will re-enable your banners in 7.9 3.2 patched

Changing Line 227 will allow you to add html in the Content pages

$Default_Theme = filter($row["Default_Theme'], "nohtml");

to

$Default_Theme = filter($row['Default_Theme']);

Use these fixes with care I am sure there may be security issues with the fixes

Most web designers are still using gifs due to the fact that pngs are not transparent on Internet Explorer. There are fixes throughout the internet but I have discovered a fix that does not require any CSS or HTML or JAVASCRIPT programming.

So whats the secret you ask?