Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Anti-hacker Account Mods, Secure your account pages


spooks

Recommended Posts

  • 3 weeks later...

Hello,

 

When a customer uses "password forgotten" or changes their password in "my account" the new password is not being stored on the database. Any idea of what could be causing this problem?

 

Thanks!

Link to comment
Share on other sites

  • 5 weeks later...

This code is Sams contact us page with recaptcha added

<?php
/*
 $Id: contact_us.php,v 1.5 2010/02/02 Spooks Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2010 osCommerce

 Released under the GNU General Public License
*/
// anti-hacker account	
	require('includes/functions/account_secure.php');
	clean_post ();
// EOF anti-hacker account	
 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 $error = false;
 if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
   $name = tep_db_prepare_input($_POST['name']);
   $email = tep_db_prepare_input($_POST['email']);
   $enquiry = tep_db_prepare_input($_POST['enquiry']);
	$subject = tep_db_prepare_input($_POST['subject']);
	$phone = tep_db_prepare_input($_POST['phone']);
	$date = 'Date Sent: ' . date("d M Y H:i:s");
	$orders_id = tep_not_null($_POST['orders_id']) ? $_POST['orders_id'] : false;
	$xipaddress = $_SERVER["REMOTE_ADDR"];
	$subject = $subject ? $subject : EMAIL_SUBJECT;
$captchaurl = "captchaerror.php" ;
require_once('captcha/recaptchalib.php');
$privatekey = "private key goes here";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
   // What happens when the CAPTCHA was entered incorrectly
   die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
        "(reCAPTCHA said: " . $resp->error . ")");
 } else {
   // Your code here to handle a successful verification
 }

	//$enquiry = preg_replace('/\r/','\', \'',$enquiry);
	//$enquiry = preg_replace('/\(|\)/','\'',$enquiry);
	//$_POST['enquiry'] = $result;

	if (strlen($name) < ENTRY_LAST_NAME_MIN_LENGTH) {
     $error = true;

     $messageStack->add('contact', ENTRY_LAST_NAME_ERROR);
   }
	if (strlen($enquiry) < 8) {
     $error = true;

     $messageStack->add('contact', ENTRY_ERROR_ENQUIRY);
   }
	if (!tep_validate_email($email)) {
		$error = true;

     $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
   }
   if (!$error) {
	  $enquiry = MESSAGE_FROM . $name . "\n" . $date . "\n" . ($phone ? ENTRY_TELEPHONE_NUMBER .  $phone . "\n" : '' ) . ($customer_id ? MAIL_CLIENT_ID .  $customer_id . "\n" : '')  . ($orders_id ? MAIL_ORDER_ID .  $orders_id . "\n" : '') . "\n" . MAIL_IP . $xipaddress . '.' . "\n\n" . ENTRY_ENQUIRY . "\n" . $enquiry;
     tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $subject, $enquiry, $name, $email);

     tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
   } 
 }

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));
$account = array();$orders = array();$name = '';$email = '';$phone = '';
if (tep_session_is_registered('customer_id')) {
		$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_telephone, customers_id, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
		$account = tep_db_fetch_array($account_query);
		$name = $account['customers_firstname'].' '.$account['customers_lastname'] ;
		$email = $account['customers_email_address'] ;
		$phone = $account['customers_telephone'] ;
		$history_query = tep_db_query("select orders_id, date_purchased from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by orders_id DESC");
		$orders[0] = array('id' => '0', 'text' => ENTRY_ORDER_ID);
		while ($history = tep_db_fetch_array($history_query)) {
			$orders[] = array('id' => $history['orders_id'], 'text' => $history['orders_id'] . ENTRY_ORDERED . tep_date_short($history['date_purchased']));

		} 
}		


?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" summary="" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" summary="" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if ($messageStack->size('contact') > 0) {
?>
     <tr>
       <td><?php echo $messageStack->output('contact'); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }

 if (isset($_GET['action']) && ($_GET['action'] == 'success')) {
?>
     <tr>
       <td class="main" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_SUCCESS; ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
<?php
 } else {
echo tep_draw_hidden_field('phone',$phone);
?>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
				 <td valign="top" width="40%">
				   <table>
					 	<tr>
							<td class="main" >
        				<b><?php echo nl2br(STORE_NAME_ADDRESS); ?></b><br><br>
               <?php echo (OPENING_HOURS); ?>
							</td>
         		</tr>
       		</table>		
          </td><td valign="top" width="50%"><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td class="main"><?php echo ENTRY_NAME; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo (isset($account['customers_lastname']) ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', $name, 'size="28"')); ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo ENTRY_EMAIL; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo tep_draw_input_field('email', $email, 'size="28"'); ?></td>
             </tr>
						<tr>
               <td class="main"><?php echo BOX_HEADING_SUBJECT; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo tep_draw_input_field('subject', '', 'size="28"'); 
							if (sizeof($orders) > 1) {
									echo '    ' . tep_draw_pull_down_menu('orders_id', $orders); 
							  }

							?></td>
             </tr>
             <tr>
               <td class="main"><?php echo ENTRY_ENQUIRY; ?></td>
             </tr>
             <tr>
               <td><?php echo tep_draw_textarea_field('enquiry', 'soft', 40, 15); ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo SPAM_CODE; ?></td>
             </tr>
             <tr>
                <td><?php require_once('captcha/recaptchalib.php'); $publickey = "Public Key Goes Here"; // you got this from the signup page
   if ($request_type =='SSL') echo recaptcha_get_html($publickey, 0, $request_type);
      else
   echo recaptcha_get_html($publickey); ?></td>
            </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2">
         <tr>
           <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td align="middle"><a href="javascript:onclick=history.go(-1)"><?php echo tep_image_button('button_back.gif', IMAGE_BUTTON_BACK); ?></a></td>
               <td width="10px"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td align="middle"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
<?php
 }
?>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" summary="" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Change the 2 public key and private key sections to include your keys

Link to comment
Share on other sites

  • 1 year later...

When a customer is trying to edit an address in the address book, he is getting the following error:

 

Fatal error: Call to undefined function ajax_get_zones_html() in /home/XXX/public_html/includes/modules/address_fields.php on line 47

 

Also, the create account page is comming completely unformatted, i.e. the side boxes have moved down.

Link to comment
Share on other sites

@

 

You've missed bits of the install, make sure you do it all :huh:

 

I.E. you've missed some of the edits for catalog/address_book_process.php

Edited by spooks

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Link to comment
Share on other sites

  • 4 weeks later...

Hi Sam,

 

I have been using this mod since you released it - and to date it has helped me stay hacker free !

 

The problem I now have is that I am trying to install a change to the Create_account.php file for an automated postcode lookup system - but I cant get it to work at all. The install instructions for the mod are quite simple :

 

2.2 Installation Instructions (osCommerce 2.2)

Installation is easy, and should take no longer than 10 minutes on any website. To install please follow these steps;

  • First please register Click here, registration is free, and only takes 1 minute.
  • Select the suitable plan for your site, please note we have a FREE plan with FREE credits to start you off.
  • Place the following code before the </head> tag in create_account.php ensuring to change the bold XXX`s in this example below for your API Key given to you after you have selected your plan above. The same information with your unique key in place for you to cut and paste can be found here
    <script type="text/javascript">
    var pcs_conf = {
    postcode_id: 'postcode',
    city_id: 'city',
    county_id: 'state',
    street_id: 'street_address',
    house_number_id: 'street_address',
    onSelect: function (d) {
    /* Select drop down country */
    var country = document.forms['create_account'].elements['country'];
    var l = country.options.length;
     
    if(d.country == 'England') { d.country = 'United Kingdom'; }
    for(i=0;i<l;i++) {
    if(country.options.innerHTML == d.country) {
    var n = i;
    break;
    }
    }
    country.selectedIndex = n;
    }
    };
    </script>
    <script type="text/javascript" id="pcsdcom-v1" src="https://www.postcodesite.com/api?key=XXX-XXX"></script>
  • To make sure clients enter the postcode before filling in their address move the following:
    <tr>
    <td class="fieldKey"><?php echo ENTRY_POST_CODE; ?></td>
    <td class="fieldValue"><?php echo tep_draw_input_field('postcode') . ' ' . (tep_not_null(ENTRY_POST_CODE_TEXT) ? '<span class="inputRequirement">' . ENTRY_POST_CODE_TEXT . '</span>': ''); ?></td>
    </tr>To just under this line:
    <td><table border="0" cellspacing="2" cellpadding="2">

 

But try as I might neither me nor the writers of that mod can understand the heavily modified Create_account of anti hacker mods.

 

Any suggestions would be great thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

Hi,

 

Ignore the above - I managed to sort it out

 

Thanks

Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Link to comment
Share on other sites

  • 3 months later...
  • 8 months later...

I'm hitting the wall trying to get http://addons.oscommerce.com/info/1560 (the older simpler visual-verify-code) working in both contact_us and create_account with Sam's Anti-hacker.

 

The thing is I've got it working in tell_a_friend, and that does include changing the $HTTP_GET_VARS[tep_session_name() to $_GET and $HTTP_POST_VARS to $_POST so that doesn't seem to be the issue. It works regardless if you're logged in on tell_a_friend depending on the admin/Allow Guest To Tell setting. Gives the proper error if the code is entered wrong and sends the email if you get it right.

 

Anybody else using this? Any thoughts on what to try?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...