A Very Basic Question About What Shopping Cart Software Is.

I need to know if a certain assumption of mine is correct.

It regards the relationship between shopping cart software and databases.



My assumption.

Shopping cart software can alter the contents of a database

but a database cannot alter the shopping cart software itself.



After closing my live store I plan to backup my database and use

it to tinker with a new store install.



I believe that if things go pear shaped I can restore my database,

re-open my live store and things will be back to normal.

I also asked a similar question to support.

“[color=#555555]Is the shopping cart script simply a way of looking at and adding to the database ?[/color]

[color=#555555]Can the database actually edit script in the cart software ?”[/color]

[color=#555555]Their answer[/color]

[color=#555555]"[/color][color=#555555]Unfortunately, you have run out of your support credit balance, so now we cannot render you assistance free of charge. If you want to continue using our support service, you need to order support credits on the [/color]Services[color=#555555] page in your Help Desk account "[/color]

Perhaps I should have mentioned that I was trying to gain a basic understanding

before attempting to remedy a situation that THEY caused.

I did in the reply. Now it's the waiting game.

Dear termalert,



Thank you for all your messages. Please let us check each of them separately:


[quote name='termalert' timestamp='1403350522' post='186200']

I need to know if a certain assumption of mine is correct.

It regards the relationship between shopping cart software and databases.



My assumption.

Shopping cart software can alter the contents of a database

but a database cannot alter the shopping cart software itself.



After closing my live store I plan to backup my database and use

it to tinker with a new store install.



I believe that if things go pear shaped I can restore my database,

re-open my live store and things will be back to normal.

[/quote]



CS-Cart software and the store database are closely related to each other. For example, you cannot use the database from CS-Cart version 2.x.x in CS-Cart 4.x.x due to the architecture and structure changes. If the store database backup of the old version is restored to the newest one, there you will find a lot of database errors. So, if your live and test copies base on the same version, in this case you can use the same database.



To learn more information about your store version, please refer to this article in our Knowledge base: http://kb.cs-cart.co…-cscart-version


[quote name='termalert' timestamp='1403505743' post='186254']

I also asked a similar question to support.

“[color=#555555]Is the shopping cart script simply a way of looking at and adding to the database ?[/color]

[color=#555555]Can the database actually edit script in the cart software ?”[/color]

[color=#555555]Their answer[/color]

[color=#555555]"[/color][color=#555555]Unfortunately, you have run out of your support credit balance, so now we cannot render you assistance free of charge. If you want to continue using our support service, you need to order support credits on the [/color]Services[color=#555555] page in your Help Desk account "[/color]

[/quote]



Unfortunately, your question was not understood correctly. We apologize for this.



Script files cannot be edited by the database. CS-Cart (as most other software) stores data in the database. All computational operations are executed by the script. If you mean something else, please clarify your question in more detail.


[quote name='termalert' timestamp='1403505854' post='186255']

Perhaps I should have mentioned that I was trying to gain a basic understanding

before attempting to remedy a situation that THEY caused.

I did in the reply. Now it's the waiting game.

[/quote]



We apologize for the inconvenience caused by this situation. As I mentioned above, your request was understood incorrectly for first time. After the clarification the answer was provided to you absolutely free of charge.



Please let us note that our technical support service is a paid service and we cannot render it free of charge for all basic questions. Explanation of setting up some standard CS-Cart functionality, general questions about setting up CS-Cart (not problems) are estimated at 5 credits. However, I would like to assure you if a problem is caused by a bug in the software, all the questions related to this bug are answered for free and no credits are subtracted from the customer's account.



For more information about how our technical support service works, please refer to this page: http://www.cs-cart.c…rt-service.html



Thank you.





Anastasiya Kozlova

CS-Cart Support team

Due to the absolute absence in my brain of anything php, I wouldn't know a rogue file if I tripped over it.

The ?dispatch=tools.view_changes is great but Orange= Original file ( or Original file with changes )

doesn't make sense. Wouldn't most of the files be orange and how can I differentiate unchanged from changed ?

At least now I know that a database can't edit the shopping cart script so that is a start.

All things were smooth until the hack facilitated by hackers knowing the current name of my admin.php file.

Was it my fault that they knew the name of my admin.php file ? No.

Was the ( then ) current name of my admin.php file the doorway hackers used to exploit a vulnerability

in a payment script ? Yes.

I have tried several times to install a fresh copy of my cart ( in a separate folder ) but just can't get it to communicate

with the database populated with my Live store data.

Now at least I can try to connect my fresh store to the Live store database without the fear of stuffing things up ( scriptwise ).

I will of course back up the db first in case things go pear shaped.

Dear termalert,


[quote name='termalert' timestamp='1403653320' post='186379']

Due to the absolute absence in my brain of anything php, I wouldn't know a rogue file if I tripped over it.

The ?dispatch=tools.view_changes is great but Orange= Original file ( or Original file with changes )

doesn't make sense. Wouldn't most of the files be orange and how can I differentiate unchanged from changed ?

[/quote]



Thank you for the reply.



We are sorry to hear that you are experiencing this issue. In this case we recommend you to compare the files from the fresh installation (you can download the distribution package) with the ones from your live store system by the content. Also, you can check the changed files by the data modified. For example, if you find out that all your store files were installed on January 6, 2014, but one of the files was modified on June 25, 2014, it means that the last file could be different from the original file in the distribution package.


[quote]

At least now I know that a database can't edit the shopping cart script so that is a start.

All things were smooth until the hack facilitated by hackers knowing the current name of my admin.php file.

Was it my fault that they knew the name of my admin.php file ? No.

Was the ( then ) current name of my admin.php file the doorway hackers used to exploit a vulnerability

in a payment script ? Yes.

I have tried several times to install a fresh copy of my cart ( in a separate folder ) but just can't get it to communicate

with the database populated with my Live store data.

Now at least I can try to connect my fresh store to the Live store database without the fear of stuffing things up ( scriptwise ).

I will of course back up the db first in case things go pear shaped.

[/quote]



We are sorry to hear that your site was attacked. As far as we understand, you decided to reinstall your store system. If you experience any issues with this process, please clarify them in more detail. Any screen shots are appreciated. With the information on what exactly does not work, it will be easier to identify the issue.



Thank you.





Anastasiya Kozlova

CS-Cart Support team

OK…here is my plan and I would like you to advise if it is a correct procedure.

  1. Install a fresh cart in a sub folder at root.
  2. Close my live store.
  3. Back up my live store database.
  4. Edit config.local.php of new store to connect to live store database.
  5. Test new store for correct function.
  6. If all is well pack all live store files ( but not sure which ones exactly ) into a new folder called, say, ZZNPQ.
  7. Move new store out of folder to root.

    IF new store doesn't function correctly
  8. Edit config.local.php to point new store to it's original database.
  9. Restore database from backup.
  10. Open original store again and return to 'possibly insecure' situation.

    Perhaps

Dear termalert,


[quote name='termalert' timestamp='1403689639' post='186413']

OK…here is my plan and I would like you to advise if it is a correct procedure.

  1. Install a fresh cart in a sub folder at root.
  2. Close my live store.
  3. Back up my live store database.
  4. Edit config.local.php of new store to connect to live store database.
  5. Test new store for correct function.
  6. If all is well pack all live store files ( but not sure which ones exactly ) into a new folder called, say, ZZNPQ.
  7. Move new store out of folder to root.

    [/quote]



    Thank you for the reply.



    If you wish to use the same database credentials, yes, these steps are correct. Please let me note that you need to edit only this part of code of the config.local.php file of your CS-Cart installation:



$config['db_host']
$config['db_name']
$config['db_user']
$config['db_password']





[quote]

IF new store doesn't function correctly

  1. Edit config.local.php to point new store to it's original database.
  2. Restore database from backup.
  3. Open original store again and return to 'possibly insecure' situation.

    Perhaps

    [/quote]



    Yes, these steps are correct as well if you mean the database of the fresh installation by “original database”.



    Thank you.





    Anastasiya Kozlova

    CS-Cart Support team

I won't be able to attempt things for another day.

One last thing.

The Images folder.

For testing, can I simply replace the Images folder in my new store with a copy of the Images folder

from my live store ?

If all goes well I will post a thread with all steps involved so that others with very limited knowledge

can follow the procedure.