Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Ain't this the odd'st thing?


BeatToBeat

Recommended Posts

Posted

Hello Gang,

 

I was playing around in my store one day, when I noticed I went to login and his [ENTER] right after my e-mail address (no password) and it let me in. Since then, in an attempt to resolve my situation, I realized that there were ways of setting a "Master Password" - of which is not on my .php file.

 

Please see below:

 

// Check if email exists
   $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (!tep_db_num_rows($check_customer_query)) {
     $error = true;
   } else {
     $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good


       $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
       $check_country = tep_db_fetch_array($check_country_query);

       $customer_id = $check_customer['customers_id'];
       $customer_default_address_id = $check_customer['customers_default_address_id'];
       $customer_first_name = $check_customer['customers_firstname'];
       $customer_country_id = $check_country['entry_country_id'];
       $customer_zone_id = $check_country['entry_zone_id'];
       tep_session_register('customer_id');
       tep_session_register('customer_default_address_id');
       tep_session_register('customer_first_name');
       tep_session_register('customer_country_id');
       tep_session_register('customer_zone_id');

 $cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1));
 $cookie_path = $cookie_url_array['path'];

           if ((ALLOW_AUTOLOGONLOGON == 'true') || ($HTTP_POST_VARS['remember_me'] == '')) {

 }
           else {
             setcookie('email_address', $email_address, time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0));
             setcookie('password', $check_customer['customers_password'], time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0));
 }

       tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

// restore cart contents

 

I seem to be missing even the origional part. Now, when I paste in the password validation portion, it comes back with some error involving the "$" sign... of which through out all my attempts of finding out why a program returns such a value error on a line that doesn't exist - I've found no one else knows why either.

 

Simply put - I am have attempted thus far, the "PWA" Mod, "AutoLogin" Mod, as well as the "Silver Template". Is anyone else running the same? (Minus the Silver Template)? Would you be willing to share with me your Login.php?

 

Thanks in advance,

Robert

 

This program is completely AWESOME!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...