Hi, i would like to know how to fix this problem, when i try to conect to mysql database and the server database is unvaliable the site return with a message error shows the password and username
when the server has a connection problem, opencart returns with an error message, I would like to add a new code to hide the error of the database conect, it shows the password and user i want it not appear
i would like to add
PHP mysqli connect_error() Function
Well, this Extension could be of help, it's made for OC v.2+, but
it should also be adaptable for OC-3, by possibly replacing the
with the OC-3 Error Line, if it's different from OC-2 Versions ...
https://github.com/open-cat/opencart-db-driver-fix
---
I created a VqMod out of it, to also work on OC v.1.5.6.x Versions:
Good Luck!
Ernie
it should also be adaptable for OC-3, by possibly replacing the
Code: Select all
trigger_error('Error: Could not make a database link (' .... https://github.com/open-cat/opencart-db-driver-fix
---
I created a VqMod out of it, to also work on OC v.1.5.6.x Versions:
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<modification>
<id><![CDATA[Database Security Fix]]></id>
<version><![CDATA[OC v.1.5.6.5]]></version>
<vqmver><![CDATA[2.6.1]]></vqmver>
<author><![CDATA[open-cat - IP_CAM]]></author>
<email><![CDATA[webmaster@opencart.li]]></email>
<link><![CDATA[http://www.opencart.li]]></link>
<file name="system/database/mysqli.php">
<operation error="log">
<search position="replace"><![CDATA[trigger_error('Error: Could not make a database link (' . $this->link->connect_errno . ') ' . $this->link->connect_error);]]></search>
<add><![CDATA[die('Unable to connect to database');]]></add>
</operation>
<operation error="log">
<search position="replace"><![CDATA[trigger_error('Error: ' . $this->link->error . '<br />Error No: ' . $this->link->errno . '<br />' . $sql);]]></search>
<add><![CDATA[die('Unable to connect to database');]]></add>
</operation>
</file>
</modification>Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
You never use die() on a production system.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Well, then publish a better solution. 
I seldom or never get confronted
with such problems, so I cannot really judge.
Ernie
I seldom or never get confrontedwith such problems, so I cannot really judge.
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Well, you should never have display errors ON when in production.
See here - https://github.com/opencart/opencart/is ... -545074292
also more recently there was a generic fix submitted on master branch which will exit() with a generic error . https://github.com/opencart/opencart/issues/8654, can easily be adapted to 3.0.x series.
In anycase display errors should be off when in production regardless.
See here - https://github.com/opencart/opencart/is ... -545074292
also more recently there was a generic fix submitted on master branch which will exit() with a generic error . https://github.com/opencart/opencart/issues/8654, can easily be adapted to 3.0.x series.
In anycase display errors should be off when in production regardless.
Full Stack Web Developer :: Send a PM for Custom Work.
Backup and learn how to recover before you make any changes!
system/framework.php
Найти:
if ($config->get('error_display')) { echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>'; }
Заменить на:
if ($config->get('error_display')) { if (strpos($message, $config->get('db_username')) !== false) { $message = 'База легла поспать!'; error_reporting(0); } echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>'; } else { error_reporting(0); }
didint work it shows error command line
Найти:
if ($config->get('error_display')) { echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>'; }
Заменить на:
if ($config->get('error_display')) { if (strpos($message, $config->get('db_username')) !== false) { $message = 'База легла поспать!'; error_reporting(0); } echo '<b>' . $error . '</b>: ' . $message . ' in <b>' . $file . '</b> on line <b>' . $line . '</b>'; } else { error_reporting(0); }
didint work it shows error command line
i solved the problem, i have change somes files to error show false and the startup.php
// Error Reporting
ini_set('display_errors',1);
ini_set('display_startup_erros',1);
error_reporting(E_ALL);
to
// Error Reporting
ini_set('display_errors',off);
ini_set('display_startup_erros',off);
error_reporting(false);
it worked for me
// Error Reporting
ini_set('display_errors',1);
ini_set('display_startup_erros',1);
error_reporting(E_ALL);
to
// Error Reporting
ini_set('display_errors',off);
ini_set('display_startup_erros',off);
error_reporting(false);
it worked for me
It shows.Well, then publish a better solution.
with such problems, so I cannot really judge.
We created a static maintenance page (no database access required) and put it in our includes directory.
When we cannot establish a database connection, we show that page instead of a database error, those we write to the logs.
I.e., you never show technical errors to users and you do not throw exceptions you do not catch which is what happens when you simply copy classes from the internet and use them in OC production releases..
system/library/db.php
we use this for the construct function:
Code: Select all
public function __construct($adaptor, $hostname, $username, $password, $database, $port = NULL) {
$class = 'DB\\' . $adaptor;
if (class_exists($class)) {
$this->adaptor = new $class($hostname, $username, $password, $database, $port);
if (!$this->connected()) {
error_log('DB Error: No Connection, sending static maintenance page');
ob_start();
include(DIR_INCLUDES.'maintenance-en.html');
$maintenance_page = ob_get_clean();
http_response_code(503);
header('Retry-After: 300');
echo $maintenance_page;
exit();
}
} else {
error_log('DB Error: Could not load database adaptor '.$adaptor.', sending static maintenance page');
ob_start();
include(DIR_INCLUDES.'maintenance-en.html');
$maintenance_page = ob_get_clean();
http_response_code(503);
header('Retry-After: 300');
echo $maintenance_page;
exit();
}
}system/library/db/mysqli.php
we use this for the construct function:
Code: Select all
public function __construct($hostname, $username, $password, $database, $port = '3306') {
$this->connection = new \mysqli($hostname, $username, $password, $database, $port);
if ($this->connection->connect_error !== NULL) {
error_log('DB Error: [' . $this->connection->connect_error . '] No: [' . $this->connection->connect_errno.']');
} else {
$this->connection->set_charset("utf8");
$this->connection->query("SET SQL_MODE = ''");
}
}That will give you error logs like:
Code: Select all
[10-Oct-2020 03:57:52 UTC] DB Error: [No connection could be made because the target machine actively refused it.] No: [2002]
[10-Oct-2020 03:57:52 UTC] DB Error: No Connection, sending static maintenance page
and this:
[10-Oct-2020 03:58:52 UTC] DB Error: [Access denied for user 'root'@'127.0.0.1' (using password: YES)] No: [1045]
[10-Oct-2020 03:58:52 UTC] DB Error: No Connection, sending static maintenance pageCrystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Forgive me but this is a bad headache day so I am going to ask a dumb question....
The code you posted above you just replace the __construct functions you mention?
If so, seems like a good solution BUT why wasn't this done in the base OC code? Also I have never ran into this in as many years as I have been running OC... Is it possible I could have exposed passwords without knowing it happened?
Thanks,
Mike
P.S. I hate headaches so bad it makes me dumb ....
cue4cheap not cheap quality
@hacjsu
should probably be:// Error Reporting
ini_set('display_errors',off);
ini_set('display_startup_erros',off);
error_reporting(false);
// Error Reporting
ini_set('display_errors',off);
ini_set('display_startup_errors',off);
error_reporting(false);
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
yesThe code you posted above you just replace the __construct functions you mention?
Alternatively, you can also put this in your catalog/controller/startup/startup.php, does the same.
Code: Select all
if (!$this->db->connected()) {
error_log('CCSS74: Error (01): Database not connected, maintenance page shown.');
error_log($_SERVER['REMOTE_ADDR'].' '.$_SERVER['REQUEST_URI'].' '.$_SERVER['HTTP_USER_AGENT']);
ob_start();
include(DIR_INCLUDES.'maintenance-en.html');
$maintenance_page = ob_get_clean();
http_response_code(503);
header('Retry-After: 300');
echo $maintenance_page;
exit();
}You don't want me to answer that question.If so, seems like a good solution BUT why wasn't this done in the base OC code?
Not if you haven't displayed notice/warning and error messages.Also I have never ran into this in as many years as I have been running OC... Is it possible I could have exposed passwords without knowing it happened?
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Hmm, not sure that's true.
UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk
Well, only in the UK's Covid 19 Track and Trace App, there it is OK.Hmm, not sure that's true.
Crystal Light Centrum Taiwan
Extensions: MailQueue | SUKHR | VBoces
“Data security is paramount at [...], and we are committed to protecting the privacy of anyone who is associated with our [...]. We’ve made a lot of improvements and will continue to make them.”
When you know your life savings are gone.
Well, I'm not so familiar with DB 'handling', but I assume, that it died already,
or then, it would not 'display' such 'content'. But since I was not able yet, to
reproduce something like that on my Screen, I cannot judge ...
Ernie
or then, it would not 'display' such 'content'.
But since I was not able yet, to reproduce something like that on my Screen, I cannot judge ...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
@IP_CAM Ernie, just edit config.php and change user, password or server and view result.
Then change code in system/library/db/mysqli.php
Code still shows username @ server !!!!!
Perhaps better to let die with text only ?
Then change code in system/library/db/mysqli.php
Code: Select all
public function __construct($hostname, $username, $password, $database, $port = '3306') {
try {
mysqli_report(MYSQLI_REPORT_STRICT);
$this->connection = @new \mysqli($hostname, $username, $password, $database, $port);
} catch (\mysqli_sql_exception $e) {
// what's in $e
//print_r($e);
// only show error message, died anyway
//die($e->getMessage());
// or throw new exeption and see how OC handles it: Dies with all login info shown on sccreen !!!!!!
throw new \Exception('Error: Could not make a database link using ' . $username . '@' . $hostname . '!');
}
$this->connection->set_charset("utf8");
$this->connection->query("SET SQL_MODE = ''");
}Code: Select all
$this->connection = new \mysqli($hostname, $username, $password, $database, $port);
if ($this->connection->connect_error) {
die ('Error: Could not make a database link'); // still shows username @ server !!!!! Have to use Try !!!
//throw new \Exception('Error: ' . $this->connection->error . '<br />Error No: ' . $this->connection->errno);
}
Perhaps better to let die with text only ?
Code: Select all
die('Error: Could not make a database link!');
Who is online
Users browsing this forum: nonnedelectari, OSWorX, pprmkr and 332 guests
