                                SiteMonitor
                         by Jack York (aka Jack_mcs)
                         www. oscommerce-solution.com


Version: 3.6
Updated: 2020-11-29 
- Added icon for Phoenix shops.
- Cleaned up code a little.
- Fixed php warnings for Phoenix.

Version: 3.5
Updated: 2019-12-01
- Added headers to the mail function.
- Added a global entry in functions file to fix problem with php 7.2 Found by member mhsuffolk. 
- Corrected coding mistake that stopped some configurations from being recognized.
- Removed the BOX_WIDTH usage for newer shops.
- Removed definitions missed in the last version.

Version: 3.4
Updated: 2018-05-11 by Jack_mcs
Changes: - Changed code in admin/sitemonitor_config_setup.php to remove a strict standards error.
         - Changed code in admin/sitemonitor_config_setup.php to close table properly.
         - Replaced defined filenames to work with the latest oscommerce version.

Version: 3.3
Updated: 2015-12-30 by Jack_mcs
Changes - Added a success message when saving the config file.
        - Added a test for hacker files masquerading as google verification files.
        - Changed code for the delete dates in the configure setup file to properly handle any setting. 
        - Fixed a code mistake for the create directory function.

Version: 3.2
Updated: 2012-07-01 by Jack_mcs
Changes - Added a link to quickly delete the reference an db reference files.
        - Added code to check for the existence of an .htaccess file in the includes directory.
        - Expanded startup file checking code to check for six types instead of two in the images directory.
        - Changed hacker test to skip certain legitimate cases where eval is part of the name. Removes a lot false results from the test.
        - Changed initial file checking for the images directory so empty entries are ignored.
        - Corrected mistake in 2.9 -> 3.0 update instructions found by user razeryokes.
        - Corrected messageStack code in sitemonitor_admin.php.
        - Fixed log code. It wasn't truncating logs correctly.

Version: 3.1
Updated: 2011-12-10 by Jack_mcs
Changes - updated the sitemonitor_admin.php file for 2.3 that was missed in the last version.

Version: 3.0
Updated: 2011-09-05 by Jack_mcs
Changes - Added a check for common database hacking.
        - Added an exclude all button on the configure page to allow quickly adding all directories. Useful when multiple instances are ran.
        - Added an exclude difference button on the configure page to allow quickly adding all un-excluded directories. Useful when multiple instances are ran.
        - Added an option to allow setting the location of the log files.
        - Added code to display the number of instances which have been setup.
        - Added code to allow manually running any instance. Just select the instance and click the third update button.
        - Added createCSS and auto_append_file, common hacker names, to the hacker checking code.
        - Added code to record reference file replacement in the log when the number of days in the reference reset setting is reached.
        - Added error checking for checking the modified date of the reference file since some sites reported this failed.
        - Changed sitemonitor_hacker_cron file to use the email address from the SiteMonitor settings instead of the shops.
        - Changed how the start directory is loaded on a new installation.
        - Changed extensions for configure and reference files to .txt.
        - Cleaned up instructions - fixed mistakes and added more.
        - Removed admin/quaranteen and admin from stock configure file. The former will be added by the code - the latter is up to the user as to if it should be excluded.
        - Removed restriction on start directory. Start where you like and all files below that location will be checked.       


Version: 2.9
Updated: 2011-01-30 by Jack_mcs
Changes - Added an option to the configure settings to delete log files after a set number of days.
        - Added a log reader.
        - Changed filter code so sitemonitor files are ignored in a scan.
        - Changed code that checks for possible hacker files in the images directory (suggested by user burt).
        - Changed the setting that add error checking to false since too many sites were having problems with it.
        - Corrected instructions for creatnig cron jobs (found by user csiemons).
        - Declared a variable at the beginning of sitemonitor_admin.php to prevent a missing variable warning.
        - Fixed coding mistake in sitemonitor_hacker_cron.php that prevented the reference file that was causing the array_flip error.

Version: 2.8
Updated: 2011-01-09 by Jack_mcs
Changes - Added a check for the start directory to ensure it is not trying to load the complete server.
        - Added javascript code to check the start directory on update.
        - Added to hacker code segments checks as posted in the support thread.
        - Added some usage notes to the readme file.
        - Added code to close open files.
        - Added code to change the servers settings for error reporting.
        - Added code to check if the log and reference files can be written to.
        - Added code to allow multiple instances of SiteMonitor to be ran.
        - Added code for oscommerce 2.3.
        - Fixed coding mistake introduced in last update that caused the admin name to be renamed.
        - Fixed coding mistake introduced in last update that caused some messages to not show in the result email.
        - Fixed minor problems like spelling mistakes and removed some code that wasn't being used.  

Version: 2.7
Updated: 2010-11-07 by Jack_mcs
Changes - Added instructions regarding Version Checker
        - Added option to replace the hacker exclude file on updates
        - Added checkbox to allow the checking/unchecking of all hacker files at once
        - Added new entries to the hacker code list
        - Added basic security checks which are displayed in admin->SiteMonitor->Admin, if present
        - Added code to display the start directory and the shops directory when a username error occurs so that differences can be seen
        - Added cron file so hacker tests can be performed automatically
        - Added an override option that allows the configure section to load without building a files list for sites that timeout initially
        - Changed file search code so deleted files no longer prevent checking the other conditions
        - Changed variable name in sitemonitor_configure-setup.php since it was conflicting with other code in RC2 shops
        - Made other various small changes and code cleanup

Version: 2.6
Updated: 2010-09-04 by Jack_mcs
Changes - Added query_store to the exclude list for those shops that use that contribution
        - Changed code in configure to properly add the admin name
        - Changed how top two buttons work to prevent duplicate emails some receive
        - Changed how the run/delete button is handled which should fix the problem some have with many emails
        - Corrected spelling mistake in admin/includes/languages/english/sitemonitor_admin.php 
        - Fixed code in sitemonitor_configure_setup.php to prevent the username problem so many are having

Version: 2.5
Updated: 2010-06-14 by Jack_mcs
Changes - Fixed problem that was causing some installations to lose characters or have invalid paths

Version: 2.4
Updated: 2010-06-02 by Jack_mcs
Changes: - Fixed path problem - should correct the issue with not seeing the correct locations.
         - Fixed file scan problem that caused a failure on some servers.  

Version: 2.3
Updated: 2010-05-16 by Jack_mcs
Changes: - Added code to display correct line numbers in the hacker results.
         - Added ob_start("security_update") to the hacker list.
         - Added line numbers to the hacker popup to make it easier to find the offending code. 
         - Added hacker code word that was found in the file to the result display for easier identification.
         - Added ability to exclude hacked files from the search.
         - Changed code to allow hacker code with quotes to be tested.
         - Changed configuration and admin settings so that single, instead of double, quotes are used. 
         - Changed code to use correct function based on php version.
         - Changed code so that the glob function doesn't need to be type casted for some servers (hopefully).

Version: 2.2
Updated: 2010-04-30 by Jack_mcs
Changes: - Fixed problems in last two releases.
         - Added check in the hacker test to look for php files in images directories
         - Added color coding to hacker results for quicker checking of the results

Version: 2.1
Updated: 2010-04-13 by Jack_mcs
Changes: - Fixed problems introduced in last released.


Version: 2.0
Updated: 2010-04-11 by Jack_mcs
Changes: - Added another check for hacker code.
           Added version checker code (the Version Checker contribution still needs to be installed per the instructions).
           Added code to check for username as the username and redirect if found - only useful for new installs.
           Added box in admin to contain the file types to ignore on a hacker code search.
           Added box in admin to contain the hacker code segments used in the hacker code search.
           Added popup window to view suspected hacked files.
           Changed how exclude selection works so that excluded directories are no longer in the exclude list.
           Changed how createreferencefile code works so ignored files are checked in a more secure manner (as suggested by (Chad - chadcloman). 
           Changed search code so directories are scanned even if a similar name is excluded (as mentioned in the support thread).           
           Fixed problem that caused double slashes (//) in the hacker results.
           Fixed logic problem in functions/site_monitor.php that might cause empty results for the hacker test.
           Fixed some warnings seen in strict mode.
           Fixed some problems that prevented the contribution from running on php 5.3 or higher.
           Fixed invalid code in writeconfig code.
           Renamed timer function to avoid clashes with other contributions.
           Replaced $HTTP_POST_VARS with $_POST.
           Replaced ereg with equivalent preg function.
           Replaced some hard-coded text with definitions.
          

Site monitor for osCommerce v1.9 by Jack_mcs

Version: 1.9
Updated: 2009-09-26 by Jack_mcs
Changes: - Changed hacker code to be php 4 compatible 

Site monitor for osCommerce v1.8 by Jack_mcs

Version: 1.8
Updated: 2009-09-23 by Jack_mcs
Changes: - Changed empty call to tep_not_null in sitemonitor_configure_setup.php 
            to fix update problem with the configure settings
         - Added code to exclude checking .xml files
         - Added code to check for hacked files

Version: 1.7
Updated: 2008-11-23 by Jack_mcs
Changes: - Fixed mistake in cron instructions
         - Added code to read using curl. This could be a security
           problem so read the note in the install doc.
         - Rewrote much of the file handling code. Should fix the
           problem some people are having.   
         - Changed many of the mysql calls to work with mysql 5.
         - Made code changes that should improve speed.

Version: 1.6
Updated: 2008-07-06 by Jack_mcs
Changes: - Rewrote configure page to allow for easier setup.
           Added option to delete the reference file after X many
            days (setting in the configure file).
           Cleaned up to code to add checks for a number of things,
            like if a host is running in safe mode.
           Added a button to run the script manually.

Version: 1.5
Updated: 2008-02-02 by Jack_mcs
Changes: - Added a check for file open to reduce number of errors displayed.
           Added code so quarantine function works with nested directories
           Fixed problem with dated quarantine files not being named correctly

Version: 1.4
Updated: 2007-01-07 by Jack_mcs
Changes: - Added logfile size option. File will be saved and replaced
           once a preset limit is reached.
           Added Quarantine option for new files. If set, new files 
           will be moved to the quarantine directory. This can cause
           trouble if you add new files to your shop intentionally and 
           forget to create a new reference file.
           Fixed bug in exclude list checking that would cause it to 
           fail at times.

Version: 1.3
Updated: 2006-11-15 by Jack_mcs
Changes: - Removed includes statement for application_top.php
           Removed code that referenced DIR_FS_CATALOG
           Added set_time_limit to lengthen time on some servers.

Version: 1.2
Updated: 2006-10-30 by Jack_mcs
Changes: - Added error_log to the excluded files code (works now).
           Added admin control section.
           Added code to allow sub-directories to be excluded.
           Added log function.
           Fixed bug in functions file.

Version: 1.1
Updated: 2006-08-04 by Jack_mcs
Changes: - Added error_log to the excluded files code.

Version: 1.0
Updated: 2006-08-04 by Jack_mcs
Changes: - Initial release.

---------------------------------------------------------------
 
 
