Contributions

Enable Login client obligatoire
1. Use Referral.sql script to modify database.

---------- Admin-------------------------------------------



configuration

--------->

Sessions

--------->

Enable Login client obligatoire


------------------------------------------------------------



--------------------------------------------
EXPLICATION : The small code php obliges the customer to pass by the login page to reach the site, only the following pages are authorized:

- catalog/create_account.php (creation of an account)
- catalog/password_forgotten.php (password forgotten)

The version published can very easily cicumvented. A cheater just has to ente a URL like
www.shop.com/catalog/product_info.php?pid=9/login.php

By suppling the name of one of the allowed files somewhere in the URL the block is lost. A very common trick.

My version is one step more robust in this aspect by testing on the correct URL.

Includes instructions to drop left and right columns before login. For the record: the original mod *works*, but probably on some version of php other than mine (4.3.9). Removed my redundant checks for login.php.

Just a quick fix. As written, the mod redirects until failure. All this does is add login.php to the list of allowed pages. Many thanks to the author for saving me some head-scratching with this mod!

Matt Bingham

EXPLICATION : Le petit bout de code php suivant oblige le client de passer par la page login
pour accéder au site, seul les pages suivantes sont autorisées :

- catalog/create_account.php (création d'un compte)
- catalog/password_forgotten.php (mot de passe oublié)

=======================

EXPLICATION : The small code php obliges the customer to pass by the login page to reach the site, only the following pages are authorized:

- catalog/create_account.php (creation of an account)
- catalog/password_forgotten.php (password forgotten)