Avatar of Jason Yu
Jason YuFlag for United States of America

asked on 

how could I find the application/plug-in which send order information to a website called easypost.com

I have an internal website written in php and java. its main function is collecting order information from online stores on ebay and Amazon. After it collect orders, it will send the order information to a third party website called www.easypost.com to print shipping labels.

since the company changed their office recently, they have to update the ship from address printed in the label. I have contacted the technical support in easypost.com and their tech said the "ship from " addres is in my website or in my plugin.

here is his reply:"Hi Jason,

You change this in the from_address you're sending us OR in your plugin.

Best,"

Dear support:

I have a label created from your website. We moved our office recently and want to change the "ship from" address which is "AA ECD…." On the label. Could you please advise where I can change it.

Thanks.

http://assets.geteasypost.com/postage_labels/labels/20160103/dd1ccce815bb4305bdb37988568ac1ab.png
"


I have full access to the hosted virtual server, here is the folder structure on the server.  The first folder "public_html" is the folder saving all php and java files. Dear experts here, please help me out. Thanks in advance.

root@server.ergbox.com [ergboxco]# ls -alth
total 65M
drwxr-xr-x  11 ergboxco nobody   4.0K Jan  5 16:19 public_html
drwx--x--x  19 ergboxco ergboxco 4.0K Jan  5 15:37 .
drwx------   6 ergboxco ergboxco 4.0K Jan  5 00:09 .cpanel
-rw-------   1 ergboxco ergboxco  229 Jan  5 00:09 .lastlogin
drwxr-xr-x   8 ergboxco ergboxco 4.0K Jan  1 11:15 tmp
-rw-------   1 ergboxco ergboxco   15 Jan  1 07:40 .ftpquota
drwx------   2 ergboxco ergboxco 4.0K Jan  1 04:04 logs
drwxr-xr-x   3 ergboxco ergboxco 4.0K Dec 30 21:38 perl
drwxrwxr-x   4 ergboxco ergboxco 4.0K Dec 30 20:38 perl5
drwxr-x---   3 ergboxco mail     4.0K Dec 30 20:37 etc
drwx--x--x.  9 root     root     4.0K Dec 21 09:38 ..
-rw-------   1 ergboxco ergboxco  28M Dec 21 09:38 backup-12.21.2015_09-37-49_ergboxco.tar.gz
drwxr-xr-x  16 ergboxco ergboxco 4.0K Dec 18 15:12 testerr
drwx------   6 ergboxco root     4.0K Nov 20 04:16 ssl
drwx------   4 ergboxco ergboxco 4.0K Nov 19 09:13 .cphorde
drwxr-xr-x   2 ergboxco ergboxco 4.0K Nov 19 09:12 cache
drwx------   2 ergboxco ergboxco 4.0K Oct  7 15:58 .ssh
drwxr-xr-x   2 ergboxco ergboxco 4.0K Oct  1 13:12 .cpan
-rw-------   1 ergboxco ergboxco  37M Sep  9 21:53 backup-9.9.2015_21-53-18_ergboxco.tar.gz
-rw-------   1 ergboxco ergboxco   15 Sep  8 20:19 .contactemail
drwx------   2 ergboxco ergboxco 4.0K Sep  8 19:55 .trash
drwxr-x--x   9 ergboxco ergboxco 4.0K Sep  8 17:57 mail
-rw-r--r--   1 root     root     4.5K Jun 12  2015 localhost_access_log.2015-06-12.txt
-rw-r--r--   1 ergboxco ergboxco  334 Mar 26  2015 2015-03-26 15:19:11.txt
-rw-r--r--   1 ergboxco ergboxco  339 Mar 26  2015 2015-03-26 15:19:10.txt
-rw-r--r--   1 ergboxco ergboxco  339 Mar 26  2015 2015-03-26 15:18:37.txt
-rw-r--r--   1 ergboxco ergboxco  339 Mar 26  2015 2015-03-26 15:18:25.txt
-rw-r--r--   1 ergboxco ergboxco  334 Mar 26  2015 2015-03-26 15:18:03.txt
-rw-r--r--   1 ergboxco ergboxco  339 Mar 26  2015 2015-03-26 15:17:30.txt
-rw-r--r--   1 root     root      29K Mar 20  2015 printed-abnormal-print.php
drwxr-xr-x   3 ergboxco ergboxco 4.0K Mar  8  2015 public_ftp
-rw-r-----   1 ergboxco ergboxco    1 Feb 27  2015 cpbackup-exclude.conf
lrwxrwxrwx   1 ergboxco ergboxco   34 Feb 27  2015 access-logs -> /usr/local/apache/domlogs/ergboxco
lrwxrwxrwx   1 ergboxco ergboxco   11 Feb 27  2015 www -> public_html
drwxr-x---   2 ergboxco nobody   4.0K Feb 27  2015 .htpasswds
-rw-r--r--   1 ergboxco ergboxco  321 Feb 27  2015 .bashrc
-rw-r--r--   1 ergboxco ergboxco  658 Nov  5  2014 .zshrc
-rw-r--r--   1 ergboxco ergboxco   18 Oct 16  2014 .bash_logout
-rw-r--r--   1 ergboxco ergboxco  176 Oct 16  2014 .bash_profile
root@server.ergbox.com [ergboxco]#

Open in new window

2016-01-05_15-58-44.png
PHPWeb DevelopmentScripting Languages

Avatar of undefined
Last Comment
Ray Paseur
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Jason Yu
Jason Yu
Flag of United States of America image

ASKER

hI, Ray:

Thank you for your kind reply, I used ultraedit to search the whole folder and couldn't find any file containing the above two strings. Is it possible the order information was sent from ebay and amazon account directly.

I was able to make a short call to the original developer, he said it is in java code, but which folder contains the java applications.

I also found a php file named account-shops.php, could you please take a look?

I checked the sql database too and indeed found a table called "shops". all the addresses in this table have been updated to the current one.

Thanks.
account-shops.php
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

You might want to lookout for cache versions of the information.  In a well-written application, the cache will be invalidated when an update to a corresponding data element occurs.  

But if the PHP code you posted is part of the application, you would not want to call it a well-written application.  I recommend you stop using that code and have it rewritten ASAP.  I did not go very far into it, but here is what I saw at the top.
$op = $_GET["op"];
if ($op != null) {
	if ($op == "delete") {
		$sql = "delete from shops where id=" . $_GET["id"];
        CommonDef::doSql($sql);
		header("location: account-shops.php");
		return;
	}

Open in new window

Why this matters... Anyone can take the URL, add "?op=delete&id=1%20OR1=1" to it, and the script will run the delete query, deleting all of the rows from the shops table.  This is dangerously bad code, and should be refactored by an experienced programmer.  Forewarned is forearmed!

In the course of rewriting the PHP to bring it up to standard, your developer will undoubtedly be able to find the address information (possibly in the database).

Best of luck, ~Ray
Avatar of Jason Yu
Jason Yu
Flag of United States of America image

ASKER

HI, Ray:

Thank you very much for your help. I will take your advice to rewrite the code.

Also, I found the source code about the address, it's in some part of java application. From the java source code I found this address. The java application send the address information to a third party company to print the labels.

Thank you again for help, your advise is valuable.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Hi, Jason and thanks for the points (and for using E-E).  Best of luck with the project! ~Ray
PHP
PHP

PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.

125K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo