Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Redirect after Login when using password_forgotten.php


candycanes

Recommended Posts

Hi There,

 

When a user goes to login.php and logs in, it redirects to account.php.

 

But if a user clicks the forgotten_password link, and submits their email address, they get redirected to login.php. From here, if they put their new password from the email in, it just reloads login.php with the messageStack mesasge of 'a new password has been emailed to you' and the text 'the contents of your visitor basket will be added to your member basket once you have logged in' instead of redirecting to account.php. Obviously this makes people think the new password is broken, as they don't notice they have actually been logged in successfully.

 

I can't find a way to fix this, I've read lots of posts here but not yet found a solution. Can anybody help me?

 

In app_top.php I have:

 

if ( (basename($PHP_SELF) != FILENAME_LOGIN) && (basename($PHP_SELF) != FILENAME_LOGOFF) && (!strstr($PHP_SELF,'create')) && (!strstr($PHP_SELF,'popup'))) {
  $navigation->set_snapshot();
}

 

in login.php I have:

 

/ redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started)
 if ($session_started == false) {
   tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
 }

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

 $error = false;
 if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
   $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
   $password = tep_db_prepare_input($HTTP_POST_VARS['password']);



// Check if email exists
   $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (!tep_db_num_rows($check_customer_query)) {
     $error = true;
   } else {
     $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
     if (!tep_validate_password($password, $check_customer['customers_password'])) {
       $error = true;
     } else {
       if (SESSION_RECREATE == 'True') {
         tep_session_recreate();
       }

       $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
       $check_country = tep_db_fetch_array($check_country_query);

       $customer_id = $check_customer['customers_id'];
       $customer_default_address_id = $check_customer['customers_default_address_id'];
       $customer_first_name = $check_customer['customers_firstname'];
       $customer_country_id = $check_country['entry_country_id'];
       $customer_zone_id = $check_country['entry_zone_id'];
       tep_session_register('customer_id');
       tep_session_register('customer_default_address_id');
       tep_session_register('customer_first_name');
       tep_session_register('customer_country_id');
       tep_session_register('customer_zone_id');

       tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

// restore cart contents
       $cart->restore_contents();

       if (sizeof($navigation->snapshot) > 0) {
         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
         $navigation->clear_snapshot();
         tep_redirect($origin_href);
       } else {
         tep_redirect(tep_href_link(FILENAME_DEFAULT));
       }
     }
   }
 }

 if ($error == true) {
   $messageStack->add('login', TEXT_LOGIN_ERROR);
 }

 

And in password_forgotten.php I have:

 

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
   $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);

   $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (tep_db_num_rows($check_customer_query)) {
     $check_customer = tep_db_fetch_array($check_customer_query);

     $new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
     $crypted_password = tep_encrypt_password($new_password);

     tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");

     $email_text = EMAIL_TEMPLATE_START;
     $email_text .= sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password);
     $email_text .= EMAIL_TEMPLATE_END;

     tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);

     $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success');

     tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
   } else {
     $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND);
   }
 }

 

Any variations from the standard install were not made by me :)

 

Thanks for your help!

Link to comment
Share on other sites

I solved the problem like this.

 

In login.php I changed this code:

 

        if (sizeof($navigation->snapshot) > 0) { 
         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); 
         $navigation->clear_snapshot(); 
         tep_redirect($origin_href); 

To this:

 

        if (sizeof($navigation->snapshot) > 0) {
         $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);
         $navigation->clear_snapshot();
         if ( strpos($origin_href, 'forgot') !== false ) 
           tep_redirect(tep_href_link(FILENAME_DEFAULT));
         else
           tep_redirect($origin_href);

Not a perfect solution but it works.

 

If they came from the "password forgotten" page after login they are sent to the index page.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Ah yes I see your logic, thanks for that. I'm not very advanced at php so some things just totally baffle me, and the snapshot functionality is one of those things! I was so focussed on trying to decode it I didn't think of the simple work around option.

 

Thanks very much!

Susan

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...