Ejemplo n.º 1
0
 function execute()
 {
     global $login_customer_id, $messageStack, $oscTemplate;
     $OSCOM_Db = Registry::get('Db');
     $error = false;
     if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
         $email_address = HTML::sanitize($_POST['email_address']);
         $password = HTML::sanitize($_POST['password']);
         // Check if email exists
         $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
         if ($Qcustomer->fetch() === false) {
             $error = true;
         } else {
             // Check that password is good
             if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) {
                 $error = true;
             } else {
                 // set $login_customer_id globally and perform post login code in catalog/login.php
                 $login_customer_id = $Qcustomer->valueInt('customers_id');
                 // migrate old hashed password to new phpass password
                 if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') {
                     $OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]);
                 }
             }
         }
     }
     if ($error == true) {
         $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
     }
     ob_start();
     include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php';
     $template = ob_get_clean();
     $oscTemplate->addContent($template, $this->group);
 }
Ejemplo n.º 2
0
 function _process()
 {
     global $messageStack, $osC_Database, $osC_Customer;
     if (!isset($_POST['password_current']) || strlen(trim($_POST['password_current'])) < ACCOUNT_PASSWORD) {
         $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR);
     } elseif (!isset($_POST['password_new']) || strlen(trim($_POST['password_new'])) < ACCOUNT_PASSWORD) {
         $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
     } elseif (!isset($_POST['password_confirmation']) || trim($_POST['password_new']) != trim($_POST['password_confirmation'])) {
         $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
     }
     if ($messageStack->size('account_password') === 0) {
         $Qcheck = $osC_Database->query('select customers_password from :table_customers where customers_id = :customers_id');
         $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
         $Qcheck->bindInt(':customers_id', $osC_Customer->id);
         $Qcheck->execute();
         if (tep_validate_password(trim($_POST['password_current']), $Qcheck->value('customers_password'))) {
             $Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
             $Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS);
             $Qupdate->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password_new'])));
             $Qupdate->bindInt(':customers_id', $osC_Customer->id);
             $Qupdate->execute();
             $Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_account_last_modified = now() where customers_info_id = :customers_info_id');
             $Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO);
             $Qupdate->bindInt(':customers_info_id', $osC_Customer->id);
             $Qupdate->execute();
             $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
             tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
         } else {
             $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
         }
     }
 }
 function execute()
 {
     global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate;
     $error = false;
     if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) {
         $email_address = tep_db_prepare_input($_POST['email_address']);
         $password = tep_db_prepare_input($_POST['password']);
         // Check if email exists
         $customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1");
         if (!tep_db_num_rows($customer_query)) {
             $error = true;
         } else {
             $customer = tep_db_fetch_array($customer_query);
             // Check that password is good
             if (!tep_validate_password($password, $customer['customers_password'])) {
                 $error = true;
             } else {
                 // set $login_customer_id globally and perform post login code in catalog/login.php
                 $login_customer_id = (int) $customer['customers_id'];
                 // migrate old hashed password to new phpass password
                 if (tep_password_type($customer['customers_password']) != 'phpass') {
                     tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'");
                 }
             }
         }
     }
     if ($error == true) {
         $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
     }
     ob_start();
     include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
     $template = ob_get_clean();
     $oscTemplate->addContent($template, $this->group);
 }
Ejemplo n.º 4
0
  http://www.osCmax.com

  Copyright 2000 - 2011 osCmax

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
require DIR_WS_LANGUAGES . $language . '/login.php';
$current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES;
if ($_GET['action']) {
    switch ($_GET['action']) {
        case 'check_password':
            $check_pass_query = tep_db_query("select admin_password as confirm_password from " . TABLE_ADMIN . " where admin_id = '" . $_POST['id_info'] . "'");
            $check_pass = tep_db_fetch_array($check_pass_query);
            // Check that password is good
            if (!tep_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
                tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password'));
            } else {
                //$confirm = 'confirm_account';
                tep_session_register('confirm_account');
                tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process'));
            }
            break;
        case 'save_account':
            $admin_id = tep_db_prepare_input($_POST['id_info']);
            $admin_email_address = tep_db_prepare_input($_POST['admin_email_address']);
            $stored_email[] = 'NONE';
            $hiddenPassword = '******';
            $check_email_query = tep_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . "");
            while ($check_email = tep_db_fetch_array($check_email_query)) {
                $stored_email[] = $check_email['admin_email_address'];
Ejemplo n.º 5
0
  Released under the GNU General Public License
*/
require 'includes/application_top.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $username = tep_db_prepare_input($_POST['username']);
    $password = tep_db_prepare_input($_POST['password']);
    // Check if usename exists
    $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_username as login_username, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_username = '******'");
    if (!tep_db_num_rows($check_admin_query)) {
        //Added by PGM
        tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Username', now())");
        $_GET['login'] = '******';
    } else {
        $check_admin = tep_db_fetch_array($check_admin_query);
        // Check that password is good
        if (!tep_validate_password($password, $check_admin['login_password'])) {
            //Added by PGM
            tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())");
            $_GET['login'] = '******';
        } else {
            if (tep_session_is_registered('password_forgotten')) {
                tep_session_unregister('password_forgotten');
            }
            $login_id = $check_admin['login_id'];
            $login_groups_id = $check_admin['login_groups_id'];
            $login_username = $check_admin['login_username'];
            $login_logdate = $check_admin['login_logdate'];
            $login_lognum = $check_admin['login_lognum'];
            $login_modified = $check_admin['login_modified'];
            tep_session_register('login_id');
            tep_session_register('login_groups_id');
Ejemplo n.º 6
0
    $password_confirmation = tep_db_prepare_input($_POST['password_confirmation']);
    $error = false;
    if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('a_password', ENTRY_PASSWORD_CURRENT_ERROR);
    } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_affiliate_query = tep_db_query("select affiliate_password from " . TABLE_AFFILIATE . " where affiliate_id = '" . (int) $affiliate_id . "'");
        $check_affiliate = tep_db_fetch_array($check_affiliate_query);
        if (tep_validate_password($password_current, $check_affiliate['affiliate_password'])) {
            tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . (int) $affiliate_id . "'");
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
        } else {
            $error = true;
            $messageStack->add('a_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_AFFILIATE_PASSWORD, '', 'SSL'));
$content = affiliate_password;
include bts_select('main');
// BTSv1.5
require DIR_WS_INCLUDES . 'application_bottom.php';
Ejemplo n.º 7
0
function checkout_login($email_address, $password, $pass_crypt)
{
    global $error, $cart, $wishList;
    global $customer_id;
    global $customer_default_address_id;
    global $customer_first_name;
    global $customer_password;
    global $customer_country_id;
    global $customer_zone_id;
    $email_address = tep_db_prepare_input($email_address);
    $password = tep_db_prepare_input($password);
    // Check if email exists
    $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_customer_query)) {
        $error = true;
    } else {
        $check_customer = tep_db_fetch_array($check_customer_query);
        // Check that password is good
        if (isset($pass_crypt) ? $pass_crypt != $check_customer['customers_password'] : !tep_validate_password($password, $check_customer['customers_password'])) {
            $error = true;
        } else {
            if (SESSION_RECREATE == 'True') {
                tep_session_recreate();
            }
            $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
            $check_country = tep_db_fetch_array($check_country_query);
            $customer_id = $check_customer['customers_id'];
            $customer_default_address_id = $check_customer['customers_default_address_id'];
            $customer_first_name = $check_customer['customers_firstname'];
            $customer_password = $password;
            $customer_country_id = $check_country['entry_country_id'];
            $customer_zone_id = $check_country['entry_zone_id'];
            tep_session_register('customer_id');
            tep_session_register('customer_default_address_id');
            tep_session_register('customer_first_name');
            tep_session_register('customer_password');
            tep_session_register('customer_country_id');
            tep_session_register('customer_zone_id');
            tep_session_unregister('referral_id');
            //rmh referral
            tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
            $cart->restore_contents();
            $wishList->restore_wishlist();
        }
    }
}
Ejemplo n.º 8
0
if ($session_started == false) {
    tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
}
require DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN;
$error = false;
if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    // Check if email exists
    $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_customer_query)) {
        $error = true;
    } else {
        $check_customer = tep_db_fetch_array($check_customer_query);
        // Check that password is good
        if (!tep_validate_password($password, $check_customer['customers_password'])) {
            $error = true;
        } else {
            if (SESSION_RECREATE == 'True') {
                tep_session_recreate();
            }
            $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
            $check_country = tep_db_fetch_array($check_country_query);
            $customer_id = $check_customer['customers_id'];
            $customer_default_address_id = $check_customer['customers_default_address_id'];
            $customer_first_name = $check_customer['customers_firstname'];
            $customer_country_id = $check_country['entry_country_id'];
            $customer_zone_id = $check_country['entry_zone_id'];
            tep_session_register('customer_id');
            tep_session_register('customer_default_address_id');
            tep_session_register('customer_first_name');
Ejemplo n.º 9
0
function log_customer_in($email_address = '', $password = '')
{
    global $cart;
    $error = false;
    $check_customer_query = tep_db_query("select customers_id, abo_id, customers_firstname, customers_password, customers_email_address, customers_username, customers_default_address_id, status, customers_group from customers where customers_email_address = '" . tep_db_input($email_address) . "' OR customers_username = '******'");
    if (!tep_db_num_rows($check_customer_query)) {
        $error = true;
    } else {
        $check_customer = tep_db_fetch_array($check_customer_query);
        if (!tep_validate_password($password, $check_customer['customers_password'])) {
            $error = true;
        } else {
            if ($check_customer['status'] == '0') {
                $active_error = true;
            } else {
                if (SESSION_RECREATE == 'True') {
                    tep_session_recreate();
                }
                $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
                $check_country = tep_db_fetch_array($check_country_query);
                global $customer_id, $abo_id, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $customer_group, $customers_email_address, $customers_username;
                $customer_id = $check_customer['customers_id'];
                $abo_id = $check_customer['abo_id'];
                $customer_default_address_id = $check_customer['customers_default_address_id'];
                $customer_first_name = $check_customer['customers_firstname'];
                $customer_country_id = $check_country['entry_country_id'];
                $customer_zone_id = $check_country['entry_zone_id'];
                $customer_group = $check_customer['customers_group'];
                $customers_email_address = $check_customer['customers_email_address'];
                $customers_username = $check_customer['customers_username'];
                tep_session_register('customer_id');
                tep_session_register('abo_id');
                tep_session_register('customer_default_address_id');
                tep_session_register('customer_first_name');
                tep_session_register('customer_country_id');
                tep_session_register('customer_zone_id');
                tep_session_register('customer_group');
                tep_session_register('customers_email_address');
                tep_session_register('customers_username');
                /*autologin*/
                $cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1));
                $cookie_path = $cookie_url_array['path'];
                if (ALLOW_AUTOLOGON == 'false' || $_POST['remember_me'] == '') {
                    setcookie("email_address", "", time() - 3600, $cookie_path);
                    // Delete email_address cookie
                    setcookie("password", "", time() - 3600, $cookie_path);
                    // Delete password cookie
                } else {
                    setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
                    setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0);
                }
                /*autologin*/
                tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
                $cart->restore_contents();
                /*FORUM*/
                if (FORUM_ACTIVE == 'true' && FORUM_CROSS_LOGIN == 'true') {
                    $user->session_begin();
                    $auth->acl($user->data);
                    $get_forum_username_query = tep_db_query("SELECT username_clean FROM " . FORUM_DB_DATABASE . ".users WHERE user_email = '" . $_POST['email_address'] . "'");
                    $get_forum_username = tep_db_fetch_array($get_forum_username_query);
                    if ($_POST['remember_me'] == 'on') {
                        $remember = 'true';
                    } else {
                        $remember = 'false';
                    }
                    $auth->login($get_forum_username['username_clean'], $_POST['password'], $remember, 1, 0);
                }
                /*FORUM*/
            }
        }
    }
    if ($error == true) {
        return Translate('Fout: er kon niet ingelogd worden met het ingegeven e-mailadres en wachtwoord. Gelieve opnieuw te proberen');
    }
    if ($active_error == true) {
        return Translate('Uw account werd nog niet geactiveerd.');
    }
    return true;
}
Ejemplo n.º 10
0
 function processAjaxLogin($emailAddress, $password)
 {
     global $cart, $customer_id, $onepage, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $sendto, $billto;
     $error = false;
     $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($emailAddress) . "'");
     if (!tep_db_num_rows($check_customer_query)) {
         $error = true;
     } else {
         $check_customer = tep_db_fetch_array($check_customer_query);
         // Check that password is good
         if (!tep_validate_password($password, $check_customer['customers_password'])) {
             $error = true;
         } else {
             if (SESSION_RECREATE == 'True') {
                 tep_session_recreate();
             }
             $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
             $check_country = tep_db_fetch_array($check_country_query);
             $customer_id = $check_customer['customers_id'];
             $onepage['customer']['email_address'] = $check_customer['customers_email_address'];
             $customer_default_address_id = $check_customer['customers_default_address_id'];
             $customer_first_name = $check_customer['customers_firstname'];
             $customer_country_id = $check_country['entry_country_id'];
             $customer_zone_id = $check_country['entry_zone_id'];
             $onepage['createAccount'] = false;
             $sendto = $customer_default_address_id;
             $billto = $customer_default_address_id;
             $this->setDefaultSendTo();
             $this->setDefaultBillTo();
             if (!tep_session_is_registered('customer_default_address_id')) {
                 tep_session_register('customer_default_address_id');
             }
             if (!tep_session_is_registered('customer_first_name')) {
                 tep_session_register('customer_first_name');
             }
             if (!tep_session_is_registered('customer_country_id')) {
                 tep_session_register('customer_country_id');
             }
             if (!tep_session_is_registered('customer_zone_id')) {
                 tep_session_register('customer_zone_id');
             }
             if (!tep_session_is_registered('sendto')) {
                 tep_session_register('sendto');
             }
             if (!tep_session_is_registered('billto')) {
                 tep_session_register('billto');
             }
             if (!tep_session_is_registered('customer_id')) {
                 tep_session_register('customer_id');
             }
             tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'");
             // restore cart contents
             $cart->restore_contents();
         }
     }
     $json = '';
     if ($error === false) {
         $json .= '{
       "success": "true",
       "msg": "Loading your account info"
     }';
     } else {
         $json .= '{
       "success": "false",
       "msg": "Authorization Failed"
     }';
     }
     return $json;
 }
Ejemplo n.º 11
0
 $check_customer = tep_db_fetch_array($check_customer_query);
 // Check that password is good
 // BOF PHONE ORDER
 $checked = '';
 // If $_POST(['action']) is set then lets check where they have come from
 if (isset($_POST['action'])) {
     $referrer = $_SERVER['HTTP_REFERER'];
     // We should have the admin folder name in the $_POST vars
     if (strpos($referrer, $_POST['admin']) !== false) {
         $checked = 'pass';
     } else {
         $checked = 'fail';
     }
 }
 //if (!tep_validate_password($password, $check_customer['customers_password'])) {
 if (!tep_validate_password($password, $check_customer['customers_password']) && !isset($_POST['action'])) {
     // Password does not match and customer did not come from admin
     $error = true;
     tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())");
 } elseif (isset($_POST['action']) && $checked == 'fail') {
     // Password does not match and customer looks like they came from admin but admin dir does not match - potential hack attempt
     $error = true;
     tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Hack Attempt', now())");
 } else {
     // Password matched or phone order via admin passed
     //if (SESSION_RECREATE == 'True' && !isset($_POST['action'])) {
     if ($checked == 'pass') {
         tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Admin as Customer', now())");
     } else {
         tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Logged In', now())");
     }
Ejemplo n.º 12
0
/**
 * Test if an user is authentified
 */
function isAuthenticated()
{
    if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) {
        $username = $_SERVER['PHP_AUTH_USER'];
        $password = $_SERVER['PHP_AUTH_PW'];
        $query = 'select user_password from ' . TABLE_ADMINISTRATORS . ' where user_name = "' . $username . '"';
        $db_query = tep_db_query($query);
        if (tep_db_num_rows($db_query) == 1) {
            $result = tep_db_fetch_array($db_query);
            if (tep_validate_password($password, $result['user_password'])) {
                return true;
            }
        }
    }
    return false;
}
Ejemplo n.º 13
0
// Most of this file is changed or moved to BTS - Basic Template System - format.
// For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
//       catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change).
// (Sub 'fallback' with your current template to see if there is a template specific file.)
require 'includes/application_top.php';
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    $affiliate_username = tep_db_prepare_input($_POST['affiliate_username']);
    $affiliate_password = tep_db_prepare_input($_POST['affiliate_password']);
    // Check if username exists
    $check_affiliate_query = tep_db_query("select affiliate_id, affiliate_firstname, affiliate_password, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . tep_db_input($affiliate_username) . "'");
    if (!tep_db_num_rows($check_affiliate_query)) {
        $_GET['login'] = '******';
    } else {
        $check_affiliate = tep_db_fetch_array($check_affiliate_query);
        // Check that password is good
        if (!tep_validate_password($affiliate_password, $check_affiliate['affiliate_password'])) {
            $_GET['login'] = '******';
        } else {
            $affiliate_id = $check_affiliate['affiliate_id'];
            tep_session_register('affiliate_id');
            $date_now = date('Ymd');
            tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_date_of_last_logon = now(), affiliate_number_of_logons = affiliate_number_of_logons + 1 where affiliate_id = '" . $affiliate_id . "'");
            tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL'));
        }
    }
}
require bts_select('language', FILENAME_AFFILIATE);
$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_AFFILIATE, '', 'SSL'));
$content = CONTENT_AFFILIATE;
include bts_select('main');
// BTSv1.5
Ejemplo n.º 14
0
     $partners_password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['partners_password_confirmation']);
     $error = false;
     if (strlen($partners_password_current) < ENTRY_PASSWORD_MIN_LENGTH) {
         $error = true;
         $messageStack->add('header', ENTRY_PARTNER_PASSWORD_CURRENT_ERROR);
     } elseif (strlen($partners_password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
         $error = true;
         $messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR);
     } elseif ($partners_password_new != $partners_password_confirmation) {
         $error = true;
         $messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR_NOT_MATCHING);
     }
     if ($error == false) {
         $check_partner_query = tep_db_query("select partners_password from " . TABLE_PARTNERS . " where partners_id = '" . (int) $partner_id . "'");
         $check_partner = tep_db_fetch_array($check_partner_query);
         if (tep_validate_password($partners_password_current, $check_partner['partners_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $partners_password_current == ACCOUNT_UNIVERSAL_PASSWORD) {
             tep_db_query("update " . TABLE_PARTNERS . " set partners_password = '******', last_modified = now() where partners_id = '" . (int) $partner_id . "'");
             $messageStack->add_session('header', SUCCESS_PARTNER_PASSWORD_UPDATED, 'success');
             tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL'));
         } else {
             $error = true;
             $messageStack->add('header', ERROR_PARTNER_CURRENT_PASSWORD_NOT_MATCHING);
         }
     }
     break;
 case 'logoff':
     tep_session_unregister('partner_id');
     tep_session_unregister('partner_name');
     $messageStack->add_session('header', SUCCESS_PARTNER_LOGOFF, 'success');
     tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL'));
     break;
Ejemplo n.º 15
0
if ($osC_Session->is_started == false) {
    tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
}
require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_LOGIN;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process') {
    // Check if email exists
    $Qcheck = $osC_Database->query('select customers_id, customers_password from :table_customers where customers_email_address = :customers_email_address');
    $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
    $Qcheck->bindValue(':customers_email_address', $_POST['email_address']);
    $Qcheck->execute();
    if ($Qcheck->numberOfRows() < 1) {
        $error = true;
    } else {
        // Check that password is good
        if (!tep_validate_password($_POST['password'], $Qcheck->value('customers_password'))) {
            $error = true;
        } else {
            if (SERVICE_SESSION_REGENERATE_ID == 'True') {
                $osC_Session->recreate();
            }
            $osC_Customer->setCustomerData($Qcheck->valueInt('customers_id'));
            $Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = :customers_info_id');
            $Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO);
            $Qupdate->bindInt(':customers_info_id', $osC_Customer->id);
            $Qupdate->execute();
            // restore cart contents
            $cart->restore_contents();
            $navigation->remove_current_page();
            if (sizeof($navigation->snapshot) > 0) {
                $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array($osC_Session->name)), $navigation->snapshot['mode']);
Ejemplo n.º 16
0
  Copyright (c) 2007 osCommerce

  Released under the GNU General Public License
*/
require 'includes/application_top.php';
require 'includes/functions/password_funcs.php';
$action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '';
if (tep_not_null($action)) {
    switch ($action) {
        case 'process':
            $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
            $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
            $check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");
            if (tep_db_num_rows($check_query) == 1) {
                $check = tep_db_fetch_array($check_query);
                if (tep_validate_password($password, $check['user_password'])) {
                    tep_session_register('admin');
                    $admin = array('id' => $check['id'], 'username' => $check['user_name']);
                    if (tep_session_is_registered('redirect_origin')) {
                        $page = $redirect_origin['page'];
                        $get_string = '';
                        if (function_exists('http_build_query')) {
                            $get_string = http_build_query($redirect_origin['get']);
                        }
                        tep_session_unregister('redirect_origin');
                        tep_redirect(tep_href_link($page, $get_string));
                    } else {
                        tep_redirect(tep_href_link(FILENAME_DEFAULT));
                    }
                }
            }
 /**
  * If a native user tries log in with Amazon, prompt them to merge the accounts.
  *
  * @return bool
  */
 private function renderMergePost()
 {
     $user_data = LoginWithAmazon_Tools::get_userdata();
     $email = $user_data->email;
     $password = isset($_POST['password']) ? $_POST['password'] : NULL;
     if (empty($email)) {
         return TRUE;
     }
     $cust_id = LoginWithAmazon_Tools::get_customer_id_by_email($email);
     if (!$cust_id) {
         return TRUE;
     }
     $password_hash = LoginWithAmazon_Tools::get_customer_password_hash_by_id($cust_id);
     if (!LoginWithAmazon_Tools::is_amazon_user_any($cust_id)) {
         global $messageStack;
         $authenticated = tep_validate_password($password, $password_hash);
         if ($authenticated) {
             LoginWithAmazon_Tools::add_user_to_merge_table($cust_id);
             LoginWithAmazon_Tools::login_user($cust_id);
             tep_redirect(tep_href_link(FILENAME_ACCOUNT, LoginWithAmazon_Tools::MERGE_ACCOUNTS_SUCCESS . '=1'));
         } else {
             // Set an error message
             $messageStack->add('login', MODULE_HEADER_TAGS_LOGINWITHAMAZON_MERGE_FAIL, 'error');
         }
     }
 }
Ejemplo n.º 18
0
if (isset($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) {
    $password_current = tep_db_prepare_input($HTTP_POST_VARS['password_current']);
    $password_new = tep_db_prepare_input($HTTP_POST_VARS['password_new']);
    $password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']);
    $error = false;
    if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $check_customer_query = tep_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'");
        $check_customer = tep_db_fetch_array($check_customer_query);
        if (tep_validate_password($password_current, $check_customer['customers_password'])) {
            tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'");
            tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'");
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
        } else {
            $error = true;
            $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));
require DIR_WS_INCLUDES . 'template_top.php';
require 'includes/form_check.js.php';
?>
Ejemplo n.º 19
0
    $password_current = HTML::sanitize($_POST['password_current']);
    $password_new = HTML::sanitize($_POST['password_new']);
    $password_confirmation = HTML::sanitize($_POST['password_confirmation']);
    $error = false;
    if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR);
    } elseif ($password_new != $password_confirmation) {
        $error = true;
        $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING);
    }
    if ($error == false) {
        $Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id');
        $Qcheck->bindInt(':customers_id', $_SESSION['customer_id']);
        $Qcheck->execute();
        if (tep_validate_password($password_current, $Qcheck->value('customers_password'))) {
            $OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]);
            $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]);
            $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success');
            OSCOM::redirect('account.php', '', 'SSL');
        } else {
            $error = true;
            $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING);
        }
    }
}
$breadcrumb->add(NAVBAR_TITLE_1, OSCOM::link('account.php', '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2, OSCOM::link('account_password.php', '', 'SSL'));
require 'includes/template_top.php';
?>
Ejemplo n.º 20
0
 function validateUser()
 {
     $this->username = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSUSERID'), $this->arrOutput);
     $this->password = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSPASSWORD'), $this->arrOutput);
     if (!$this->username || !$this->password) {
         return $this->responseXML('10', SOAP_NO_USER_PW, 'error');
     }
     // validate user with db (call validation function)
     $result = tep_db_query("select user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . $this->username . "'");
     if (tep_db_num_rows($result) == 0) {
         return $this->responseXML('11', SOAP_USER_NOT_FOUND, 'error');
     }
     $fields = tep_db_fetch_array($result);
     if (!tep_validate_password($this->password, $fields['user_password'])) {
         return $this->responseXML('12', SOAP_PASSWORD_NOT_FOUND, 'error');
     }
     return true;
     // if both the username and password are correct
 }
Ejemplo n.º 21
0
    tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
} elseif (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process') {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    // Check if email exists
    $check_customer_query = tep_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_password, c.customers_email_address, c.customers_email_address_confirmed, c.customers_default_address_id, c.customers_type, c.customers_status, co.companies_name, co.companies_corporate from " . TABLE_CUSTOMERS . " c left join " . TABLE_COMPANIES . " co on (c.customers_id = co.customers_id) where c.customers_email_address = '" . tep_db_input($email_address) . "' and customers_is_dummy_account = '0'");
    if (!tep_db_num_rows($check_customer_query)) {
        $error = true;
        $error_message = TEXT_ACCOUNT_DOESNT_EXIST_ERROR;
    } else {
        $check_customer = tep_db_fetch_array($check_customer_query);
        if ($check_customer['customers_email_address_confirmed'] == '0') {
            $error = true;
            $error_message = sprintf(TEXT_ACCOUNT_NOT_CONFIRMED_ERROR, tep_href_link(FILENAME_LOGIN, 'action=repeat&email=' . urlencode($email_address), 'SSL'));
            // Check that password is good
        } elseif (tep_validate_password($password, $check_customer['customers_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $password == ACCOUNT_UNIVERSAL_PASSWORD) {
            $check_country_query = tep_db_query("(select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ")) union (select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id <> '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ") order by address_book_id desc) order by '" . (int) $check_customer['customers_default_address_id'] . "'");
            $check_country = tep_db_fetch_array($check_country_query);
            $customer_id = $check_customer['customers_id'];
            $customer_type = $check_customer['customers_type'];
            if (ACCOUNT_MIDDLE_NAME == 'true') {
                list($customer_first_name, $customer_middle_name) = explode(' ', trim($check_customer['customers_firstname']));
            } else {
                $customer_first_name = $check_customer['customers_firstname'];
                $customer_middle_name = '';
            }
            $customer_last_name = $check_customer['customers_lastname'];
            $customer_status = $check_customer['customers_status'];
            $customer_company = $check_customer['companies_name'];
            $customer_corporate = $check_customer['companies_corporate'];
            $customer_default_address_id = $check_country['address_book_id'];