Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Anti-hacker Account Mods, Secure your account pages


spooks

Recommended Posts

Sam's Anti-hacker Account Page Mods

Secure your account pages against code/SQL injection attempts, yet allow strong passwords.

 

 

There are many instances now of websites being hacked (or cracked to use the correct term) and it is necessary to make your site as secure as possible, one important measure in this is to sanitize all visitor inputs to ensure no code injection etc. attempt can work.

 

However this creates an issue, if your user creates a strong password by using characters that are likely to be 'cleaned' either their password will not work, or the account gets a password that is different to what was input (as it was 'sanitized'). This is especially an issue if adding input sanitizing to an old site where visitors have added passwords that are now 'illegal'.

 

This contribution resolves this issue by safely allowing any character to be used within the password, it does this by processing all password inputs before anything else, passwords are translated to hex values, the inputs validated then deleted as no longer required (only the hex strings are processed further). An option is provided to allow string to be reverse translated at the point of password checking to ensure existing passwords will work. This means the passwords now stored in the dBase are salted hashes of the hex string. Once the initial processing is done, all inputs are sanitized.

 

A new option is added to require the user to input a 'strong' password.

 

Other account fields are also subject to additional checks or the input converted:

 

  • The date of birth field is now a drop down which automatically formats according to the store country, this ensures the format is correct, slashes (/) can still be sanitized and the visitor cannot transpose days & months.
  • The telephone field is checked its numeric (if entered) and contains only limited allowed chars.
  • The post code field is checked for the correct format, but only for UK & USA sites.
  • If strong password is enabled, password forgotten will generate strong passwords.
  • The State/Province/County: field is pre-filled with the zones for the store country, rather than a blank field that gets populated on submit!
  • The Country drop down is pre-selected to the store country.
  • All input fields are sanitized.

Contribution will be found at:

 

 

Keep your site & user data safe.
smile.gif

Edited by spooks

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Excellent addon for security. Much better than any type of false trap.

 

There was one error in includes/functions/account_secure.php:

At the end it has an extra ) needs to be replaced with ;

 

For those using Master Password v1.0 with MD5 hash, you will have a couple of querks getting it going. Just replace your includes/functions/password_funcs.php with the following:

////
// This funstion validates a plain text password with an
// encrpyted password
 function tep_validate_password($plain, $encrypted) {
  // anti-hacker account
  $old_exist = true; // if passwords exist in dbase that have not been hexed set to true
	// EOF anti-hacker account
   if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
     $stack = explode(':', $encrypted);

     if (sizeof($stack) != 2) return false;
  // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION
     if (md5($plain) == MASTER_PASS) { return true; }
     // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION
     if (md5($stack[1] . $plain) == $stack[0]) {
       return true;
		// anti-hacker account	
     }	elseif ($old_exist) {
				for ($i=0; $i < strlen($plain)-1; $i+=2)
   					{
       					$password .= chr(hexdec($plain[$i].$plain[$i+1]));
   					}
				 // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION
     				if (md5($password) == MASTER_PASS) { return true; }
     				// END MARTIN'S MASTER PASSWORD MD5 MODIFICATION
				if (md5($stack[1] . $password) == $stack[0]) return true;
		// EOF anti-hacker account		
     }
   }

   return false;
 }

////
// This function makes a new password from a plaintext password. 
 function tep_encrypt_password($plain) {
   $password = '';

   for ($i=0; $i<10; $i++) {
     $password .= tep_rand();
   }

   $salt = substr(md5($password), 0, 2);

   $password = md5($salt . $plain) . ':' . $salt;

   return $password;
 }

Link to comment
Share on other sites

 

 

Thanks for that, I`m not sure how that charcter got swapped, must have been a gremlin as I saved the last. blush.gif

 

Whats suprising is that your the first to spot it, ie the first to use this, implies that most could actually care less about security!!

 

 

 

Thanks for the mod for Master Password v1.0, I`ve not seen that add-on b4.

 

 

Glad you liked it biggrin.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Sam,

whilst I am using WinMerge I'm finding it quite troublesome to compare/ edit as I have Active Countries Mod installed (only UK activated but don't use zones). Is there any chance of listing the instructions in the form of = Find this code and replace with this code etc...although it may not help with mod-ed stores.

 

On create_account.php for instance there are a number of conflicts with the Active Countries code and my brain is fried... I hate when people post a whole file so should I break it down into the parts I'm unsure of or just post the file?

 

Thanks to Sky Diver for the heads up on Master Password fix as I have that installed (v1.4 I think).

 

 

Sorry, forgot to add:

 

I noticed on line 385 of included file catalog/create_account.php it has

 

// anti-hacker account
$def_year = 1980;
$day = isset($HTTP_POST_VARS['dob_ind']) ? $HTTP_POST_VARS['dob_ind'] : '00';
$month = isset($HTTP_POST_VARS['dob_inm']) ? $HTTP_POST_VARS['dob_inm'] : '00';
?>

 

Should the $HTTP_POST_VARS be $_POST as I thought the installation page said they had all been changed to $_POST.

Edited by tigergirl

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

 

 

Yes they should be post, sorry, that got missed.

 

I don't have time to make a manual install, its a lot of effort to do them & rarely appreaciated, wouldn't you still have issues though, as iinstructions would still be with un-modded files, so still would'nt mathch your mods.

 

All changes are commented. They are many changes/additions to input validations. There are few content changes.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

I don't have time to make a manual install

 

I have written this minus 2 files (which are heavily moded so don't know original code) You are welcome to add my input to your contribution if you wish. Let me know if you want the file although I can't see a way to attach it on the forum!

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Ok, fresh day, fresh brain!

 

I'm still struggling with 2 changes in create_account.php due to Active Countries Mod - please can you take a look?

 

I have:

    //-MS- Added Active Countries
   if ($process == true) {
     if ($entry_state_has_zones == true) {
       $zones_array = array();
       $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
       $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' and zone_country_id = '" . (int)$country . "' order by zone_name");
       while ($zones_values = tep_db_fetch_array($zones_query)) {
         $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']);
       }
       echo tep_draw_pull_down_menu('state', $zones_array);
     } else {
       $zones_array = array();
       $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
       $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' order by zone_name");
       while ($zones_values = tep_db_fetch_array($zones_query)) {
       $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']);
       }
       echo tep_draw_pull_down_menu('state', $zones_array);
     }
   } else {
       $zones_array = array();
       $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT));
       $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' and zone_country_id = '" . (int)$country . "' order by zone_name");
       while ($zones_values = tep_db_fetch_array($zones_query)) {
         $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']);
       }
       echo tep_draw_pull_down_menu('state', $zones_array);
   }
//-MS- Added Active Countries EOM

   if (tep_not_null(ENTRY_STATE_TEXT)) echo ' <span class="inputRequirement">' . ENTRY_STATE_TEXT;

 

and your file has this:

    if ($process == true) {
     if ($entry_state_has_zones == true) {
       $zones_array = array();
       $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' order by zone_name");
       while ($zones_values = tep_db_fetch_array($zones_query)) {
         $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);
       }
       echo tep_draw_pull_down_menu('state', $zones_array);
     } else {
       echo tep_draw_input_field('state');
     }
    } else {
	 // anti-hacker account
 		// echo tep_draw_input_field('state');
		// FORM NOT PROCESSED YET
		$zone_id = 0;
     $check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)STORE_COUNTRY . "'");
     $check = tep_db_fetch_array($check_query);
     $entry_state_has_zones = ($check['total'] > 0);
     if ($entry_state_has_zones == true) {
		$zones_array = array();
		$zones_array[] = array('id' => PULL_DOWN_DEFAULT, 'text' => PULL_DOWN_DEFAULT);
       $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)STORE_COUNTRY . "' order by zone_name");
       while ($zones_values = tep_db_fetch_array($zones_query)) {
         $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']);
       }
       echo tep_draw_pull_down_menu('state', $zones_array);
     } else {
       echo tep_draw_input_field('state'); }
		// EOF anti-hacker account	
   }

   if (tep_not_null(ENTRY_STATE_TEXT)) echo ' <span class="inputRequirement">' . ENTRY_STATE_TEXT. '</span>';

 

AND

I have this:

                <td class="main"><b><?php echo ($tmp_object = tep_get_country_active_list('country', $country, 'onChange="this.form.submit();"')) . tep_draw_hidden_field('country_old', $country) . ' ' . (is_array($tmp_object) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': ''); ?></b></td>

 

your file says:

<!-- anti-hacker account -->
               <td class="main"><?php echo tep_get_country_list('country',($country ? $country : STORE_COUNTRY)) . ' ' . (tep_not_null(ENTRY_COUNTRY_TEXT) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': ''); ?></td>
								<!-- EOF anti-hacker account -->

 

So I'm unsure what's required here, afriad I break the page!

 

Have done all the other changes that state //anti-hacker account but not tested yet.

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

I have written this minus 2 files (which are heavily moded so don't know original code) You are welcome to add my input to your contribution if you wish. Let me know if you want the file although I can't see a way to attach it on the forum!

 

Well done thumbsup.gif

 

You could simply add that to the contrib download section as a update/mod to this, I`ve not locked the contrib. smile.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

You could simply add that to the contrib download section as a update/mod to this, I`ve not locked the contrib. smile.gif

That would be my first - arrgghhh! Will do but there are a few things I noticed in testing (mostly because I am fussy, sorry :blush: ):

 

1) in catalog/account_edit.php

a) phone no min set to 11 but I can enter 0123456789B (11 chars), B is cleaned off leaving 10 chars which doesn't meet my 11 chars min.

b ) I assume my Anti-Robot Registration field is fine as it will only accept the given validation code?

c) fax cleaned to "working" but not restricted to numbers only (not a problem)

 

2) in catalog/account_edit.php

If customers postcode is invalid they get the pink warning at top of page but postcode remains the same as before, that's fine but I wondered if customer might think they have changed it when they haven't and perhaps a pop-up box (like what you get if you don't meet the minimum tel no characters) may be better. Otherwise it "may" cause address issues and we don't want to send products to a mismatching address!

 

3) in catalog/contact_us.php

email address field still said [w](o)%3Cr%3Ek|i*n^g even though there was the email address invalid error message. Shouldn't it be cleaned to "working"?

 

4) can't test catalog/create_account.php due to previous post re Active Countries.

 

Mod seems pretty wicked though. ThanQ Sam :thumbsup:

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

That would be my first - arrgghhh! Will do but there are a few things I noticed in testing (mostly because I am fussy, sorry blush.gif ):

 

1) in catalog/account_edit.php

a) phone no min set to 11 but I can enter 0123456789B (11 chars), B is cleaned off leaving 10 chars which doesn't meet my 11 chars min.

b ) I assume my Anti-Robot Registration field is fine as it will only accept the given validation code?

c) fax cleaned to "working" but not restricted to numbers only (not a problem)

 

2) in catalog/account_edit.php

If customers postcode is invalid they get the pink warning at top of page but postcode remains the same as before, that's fine but I wondered if customer might think they have changed it when they haven't and perhaps a pop-up box (like what you get if you don't meet the minimum tel no characters) may be better. Otherwise it "may" cause address issues and we don't want to send products to a mismatching address!

 

3) in catalog/contact_us.php

email address field still said [w](o)%3Cr%3Ek|i*n^g even though there was the email address invalid error message. Shouldn't it be cleaned to "working"?

 

4) can't test catalog/create_account.php due to previous post re Active Countries.

 

Mod seems pretty wicked though. ThanQ Sam thumbsup.gif

 

 

1a simply due to order of checks, easily changed.

1b yes

1c fax not checked for numeric on this version (it is the initial release)

 

2 post code only checks for valid format, if you want a more extensive check requires a subscription service, popup wuold need javascript version.

 

3 Would imply an error in your instal, does not happen in my tests.

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

I applied it with active countries. Just leave your files as is anywhere you have the active country code. I believe for that particular section of Sams code, it does basically the same thing and provides dropdown menus of the Providences/states.

 

And I do use Master Password 1.4 as well. So those changes will work for you.

Link to comment
Share on other sites

3 Would imply an error in your instal, does not happen in my tests.

Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit.

 

I just replaced my contact_us.php with what you provided.

Link to comment
Share on other sites

Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit.

 

I just replaced my contact_us.php with what you provided.

 

 

Ok, I'll take a closer look as soon as I have a moment. sweatingbullets.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit.

 

Although I had [w](o)%3Cr%3Ek|i*n^g I still had the text field so was able to amend the email address and sucessfully send the contact_us form.

 

If it helps I didn't make all the changes in Sam's contact_us file as there were the "unrelated extra's" mentioned in the instructions that I wasn't sure about - wasn't sure if they were version related so I left them out for now. So it could be my mistake in the install.

Edited by tigergirl

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

OOPS, I don't know why that resent my post when I was trying to edit!!

 

The mods you posted for Master Password worked for me on V1.4 - thankQ

 

2 post code only checks for valid format, if you want a more extensive check requires a subscription service, popup wuold need javascript version.

After I posted that I recalled OSC doesn't behave like that anyway, have been considering if a subscription would be beneficial to improve conversion rates. Although what I think would be really cool would be if the postcode input was changed from lower case to upper case. I've always wanted to insert code that dealt with that as it's such a pain when lazy customers don't capitalize properly. Only a suggestion and not necessary for this security mod.

Edited by tigergirl

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

 

 

It does reformat post code for UK sites, ie df543we will become DF54 3WE what is your store country set to?

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

It does reformat post code for UK sites, ie df543we will become DF54 3WE what is your store country set to?

 

My apologies, you are of course right, I hadn't noticed that. It was a long day yesterday and I was dreaming code last night... Mod gets more awesome by the minute :thumbsup:

I will check out what sky-diver says about the county drop down in Active Countries when I get the chance. I'm sure there's nout on telly anyway.

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

TIP

Anyone wishing to use the STRONG passwords option may wish to amend the following:

 

in catalog/includes/languages/english.php

 

Find these two lines:

 

define('ENTRY_PASSWORD_TEXT', '*');
define('ENTRY_PASSWORD_NEW_TEXT', '*');

 

Change to:

define('ENTRY_PASSWORD_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');
define('ENTRY_PASSWORD_NEW_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)');

 

This will alert your customer to the password requirements (on create_account & account_password pages) before they get the error message (well that is the plan anyway).

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Uploaded new Version 1.1

 

 

  1. Modified cleaning code to allow any 'latin' characters, other continants will need to modify the character class.
  2. Locked $HTTP_POST_VARS to $_POST for sanitise function.
  3. Fixed typo bug in account_secure.php.
  4. Created phone validation function in account_secure.php.
  5. Modified phone validation to use new function.
  6. Added fax input validation (only applied if input made).
  7. Added compatibility with Master Password, thanks to sky_diver for code.
  8. Added manual install, created by Tigergirl, thanks for the effort.
  9. Modified order of some input validations.
  10. Fixed year bug in dob input.
  11. Changed post code validation to depend on provided country instead of store country.


 

Changed files:

 

account_secure.php, account_edit.php, address_book_process.php, create_account.php,

contact_us.php, english.php.

 

UPGRADING

If your upgading from any previous version, replace all the changed files listed in the Version History or modify your existing by comparing with the new versions.

 

 

Keep your site safe smile.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

email not cleaned

Ok, I'll take a closer look as soon as I have a moment. sweatingbullets.gif

 

 

I suspect this issue is related to your server settings, I have modified the sanitising function to allow, please can you confirm the issue is gone with the latest version. smile.gif

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

please can you confirm the issue is gone with the latest version

 

Issue is now gone and all works correctly. Thank you! :thumbsup:

 

With the checks in place as they are, there should be no need for an annoying CAPTCHA system, which will make things easier on the customer.

Link to comment
Share on other sites

Uploaded new Version 1.1

 

 

I've downloaded the latest but I need the following function added to check if email exists: Thanks for any suggestions on how or where I add in inside your mod.

 

/**
Validate an email address.
Provide email address (raw input)
Returns true if the email address has the email 
address format and the domain exists.
*/
function validEmail($email)
{
  $isValid = true;
  $atIndex = strrpos($email, "@");
  if (is_bool($atIndex) && !$atIndex)
  {
     $isValid = false;
  }
  else
  {
     $domain = substr($email, $atIndex+1);
     $local = substr($email, 0, $atIndex);
     $localLen = strlen($local);
     $domainLen = strlen($domain);
     if ($localLen < 1 || $localLen > 64)
     {
        // local part length exceeded
        $isValid = false;
     }
     else if ($domainLen < 1 || $domainLen > 255)
     {
        // domain part length exceeded
        $isValid = false;
     }
     else if ($local[0] == '.' || $local[$localLen-1] == '.')
     {
        // local part starts or ends with '.'
        $isValid = false;
     }
     else if (preg_match('/\\.\\./', $local))
     {
        // local part has two consecutive dots
        $isValid = false;
     }
     else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
     {
        // character not valid in domain part
        $isValid = false;
     }
     else if (preg_match('/\\.\\./', $domain))
     {
        // domain part has two consecutive dots
        $isValid = false;
     }
     else if
(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',str_replace("\\\\","",$local)))
     {
        // character not valid in local part unless 
        // local part is quoted
        if (!preg_match('/^"(\\\\"|[^"])+"$/',str_replace("\\\\","",$local)))
        {
           $isValid = false;
        }
     }
     if ($isValid && !(checkdnsrr($domain,"MX")))
     {
        // domain has no mail server
        $isValid = false;
     }
  }
  return $isValid;
}



Link to comment
Share on other sites

 

 

That seems to be doing a very similar function to the current tep_validate_email, perhaps you just need to enable the domain check of the existing by enabling Verify E-Mail Addresses Through DNS ?

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Spooks

 

Not sure where my error is but when I try to login or create an account I am not able to. I've carefully installed 1.1 and double checked the work. I followed your intructions verbatim step by step and used winmerge along with the step by step to double check. I was careful.

 

During login I place the username and password, submit, and the page loops back with the error "Error: No match for E-Mail Address and/or Password." and the email address used to login with is morphed to "p@l."

 

During create account, when I click submit it loops back to create account with just "@l." remaining in the email field, the address is truncated to the number and the two street initials only... and most of the other lines are blanked.

 

strong passwords at false

old exist set to true

I do have start martin master password installed

2.2rc2a on php/mysql5

 

Any ideas appreciated. I'll be triple checking in the meantime

message me if you wish or care to look at the site directly

-Dave

Link to comment
Share on other sites

 

It appears you have characters in the email that are being sanitised, what are the ones u have that are removed?

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...