function execute() { global $login_customer_id, $messageStack, $oscTemplate; $OSCOM_Db = Registry::get('Db'); $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = HTML::sanitize($_POST['email_address']); $password = HTML::sanitize($_POST['password']); // Check if email exists $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1); if ($Qcustomer->fetch() === false) { $error = true; } else { // Check that password is good if (!Hash::verify($password, $Qcustomer->value('customers_password'))) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = $Qcustomer->valueInt('customers_id'); // migrate old hashed password to new php password_hash if (Hash::needsRehash($Qcustomer->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]); } } } } if ($error == true) { $messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error')); } ob_start(); include 'includes/modules/content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
function tep_random_name() { $letters = 'abcdefghijklmnopqrstuvwxyz'; $dirname = '.'; $length = floor(Hash::getRandomInt(16, 20)); for ($i = 1; $i <= $length; $i++) { $q = floor(Hash::getRandomInt(1, 26)); $dirname .= $letters[$q]; } return $dirname; }
public function execute() { $OSCOM_Session = Registry::get('Session'); // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt()); } // verify the ssl_session_id if the feature is enabled if (HTTP::getRequestType() === 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && $OSCOM_Session->hasStarted()) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { $OSCOM_Session->kill(); OSCOM::redirect('ssl_check.php'); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; } if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) { $OSCOM_Session->kill(); OSCOM::redirect('login.php'); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { if (!isset($_SESSION['SESSION_IP_ADDRESS'])) { $_SESSION['SESSION_IP_ADDRESS'] = HTTP::getIpAddress(); } if ($_SESSION['SESSION_IP_ADDRESS'] != HTTP::getIpAddress()) { $OSCOM_Session->kill(); OSCOM::redirect('login.php'); } } }
} if ($error == true) { OSCOM::redirect('password_forgotten.php'); } if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $password_new = HTML::sanitize($_POST['password']); $password_confirmation = HTML::sanitize($_POST['confirmation']); if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('password_reset', OSCOM::getDef('entry_password_new_error', ['min_length' => ENTRY_PASSWORD_MIN_LENGTH])); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('password_reset', OSCOM::getDef('entry_password_new_error_not_matching')); } if ($error == false) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password_new)], ['customers_id' => $Qcheck->valueInt('customers_id')]); $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()', 'password_reset_key' => 'null', 'password_reset_date' => 'null'], ['customers_info_id' => $Qcheck->valueInt('customers_id')]); $messageStack->add_session('login', OSCOM::getDef('success_password_reset'), 'success'); OSCOM::redirect('login.php'); } } $breadcrumb->add(OSCOM::getDef('navbar_title_1'), OSCOM::link('login.php')); $breadcrumb->add(OSCOM::getDef('navbar_title_2')); require $oscTemplate->getFile('template_top.php'); ?> <div class="page-header"> <h1><?php echo OSCOM::getDef('heading_title'); ?> </h1>
$OSCOM_Db->save('configuration', ['configuration_value' => $_POST['CFG_STORE_NAME']], ['configuration_key' => 'STORE_NAME']); $OSCOM_Db->save('configuration', ['configuration_value' => $_POST['CFG_STORE_OWNER_NAME']], ['configuration_key' => 'STORE_OWNER']); $OSCOM_Db->save('configuration', ['configuration_value' => $_POST['CFG_STORE_OWNER_EMAIL_ADDRESS']], ['configuration_key' => 'STORE_OWNER_EMAIL_ADDRESS']); if (!empty($_POST['CFG_STORE_OWNER_NAME']) && !empty($_POST['CFG_STORE_OWNER_EMAIL_ADDRESS'])) { $OSCOM_Db->save('configuration', ['configuration_value' => '"' . trim($_POST['CFG_STORE_OWNER_NAME']) . '" <' . trim($_POST['CFG_STORE_OWNER_EMAIL_ADDRESS']) . '>'], ['configuration_key' => 'EMAIL_FROM']); } else { $OSCOM_Db->save('configuration', ['configuration_value' => $_POST['CFG_STORE_OWNER_EMAIL_ADDRESS']], ['configuration_key' => 'EMAIL_FROM']); } if (!empty($_POST['CFG_ADMINISTRATOR_USERNAME'])) { $Qcheck = $OSCOM_Db->prepare('select user_name from :table_administrators where user_name = :user_name'); $Qcheck->bindValue(':user_name', $_POST['CFG_ADMINISTRATOR_USERNAME']); $Qcheck->execute(); if ($Qcheck->fetch() !== false) { $OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt(trim($_POST['CFG_ADMINISTRATOR_PASSWORD']))], ['user_name' => $_POST['CFG_ADMINISTRATOR_USERNAME']]); } else { $OSCOM_Db->save('administrators', ['user_name' => $_POST['CFG_ADMINISTRATOR_USERNAME'], 'user_password' => Hash::encrypt(trim($_POST['CFG_ADMINISTRATOR_PASSWORD']))]); } } if (FileSystem::isWritable(OSCOM::BASE_DIR . 'Work')) { if (!is_dir(Cache::getPath())) { mkdir(Cache::getPath(), 0777); } if (!is_dir(OSCOM::BASE_DIR . 'Work/Session')) { mkdir(OSCOM::BASE_DIR . 'Work/Session', 0777); } } foreach (glob(Cache::getPath() . '*.cache') as $c) { unlink($c); } $dir_fs_document_root = $_POST['DIR_FS_DOCUMENT_ROOT']; if (substr($dir_fs_document_root, -1) != '\\' && substr($dir_fs_document_root, -1) != '/') {
function before_process() { global $sagepay_server_transaction_details, $order, $order_totals; $OSCOM_Db = Registry::get('Db'); $sagepay_server_transaction_details = null; $error = null; if (isset($_GET['check']) && $_GET['check'] == 'PROCESS') { if (isset($_GET['skcode']) && isset($_SESSION['sagepay_server_skey_code']) && $_GET['skcode'] == $_SESSION['sagepay_server_skey_code']) { $skcode = HTML::sanitize($_GET['skcode']); $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['verified', 'transaction_details'], ['code' => $skcode], null, 1); if ($Qsp->fetch() !== false) { unset($_SESSION['sagepay_server_skey_code']); $OSCOM_Db->delete('sagepay_server_securitykeys', ['code' => $skcode]); if ($Qsp->value('verified') == '1') { $sagepay_server_transaction_details = $Qsp->value('transaction_details'); return true; } } } } else { if (!isset($_SESSION['sagepay_server_skey_code'])) { $_SESSION['sagepay_server_skey_code'] = Hash::getRandomString(16); } $params = array('VPSProtocol' => $this->api_version, 'ReferrerID' => 'C74D7B82-E9EB-4FBD-93DB-76F0F551C802', 'Vendor' => substr(MODULE_PAYMENT_SAGE_PAY_SERVER_VENDOR_LOGIN_NAME, 0, 15), 'VendorTxCode' => substr(date('YmdHis') . '-' . $_SESSION['customer_id'] . '-' . $_SESSION['cartID'], 0, 40), 'Amount' => $this->format_raw($order->info['total']), 'Currency' => $_SESSION['currency'], 'Description' => substr(STORE_NAME, 0, 100), 'NotificationURL' => $this->formatURL(OSCOM::link('ext/modules/payment/sage_pay/server.php', 'check=SERVER&skcode=' . $_SESSION['sagepay_server_skey_code'], false)), 'BillingSurname' => substr($order->billing['lastname'], 0, 20), 'BillingFirstnames' => substr($order->billing['firstname'], 0, 20), 'BillingAddress1' => substr($order->billing['street_address'], 0, 100), 'BillingCity' => substr($order->billing['city'], 0, 40), 'BillingPostCode' => substr($order->billing['postcode'], 0, 10), 'BillingCountry' => $order->billing['country']['iso_code_2'], 'BillingPhone' => substr($order->customer['telephone'], 0, 20), 'DeliverySurname' => substr($order->delivery['lastname'], 0, 20), 'DeliveryFirstnames' => substr($order->delivery['firstname'], 0, 20), 'DeliveryAddress1' => substr($order->delivery['street_address'], 0, 100), 'DeliveryCity' => substr($order->delivery['city'], 0, 40), 'DeliveryPostCode' => substr($order->delivery['postcode'], 0, 10), 'DeliveryCountry' => $order->delivery['country']['iso_code_2'], 'DeliveryPhone' => substr($order->customer['telephone'], 0, 20), 'CustomerEMail' => substr($order->customer['email_address'], 0, 255), 'Apply3DSecure' => '0'); $ip_address = HTTP::getIpAddress(); if (ip2long($ip_address) != -1 && ip2long($ip_address) != false) { $params['ClientIPAddress'] = $ip_address; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Payment') { $params['TxType'] = 'PAYMENT'; } elseif (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_METHOD == 'Deferred') { $params['TxType'] = 'DEFERRED'; } else { $params['TxType'] = 'AUTHENTICATE'; } if ($params['BillingCountry'] == 'US') { $params['BillingState'] = tep_get_zone_code($order->billing['country']['id'], $order->billing['zone_id'], ''); } if ($params['DeliveryCountry'] == 'US') { $params['DeliveryState'] = tep_get_zone_code($order->delivery['country']['id'], $order->delivery['zone_id'], ''); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE != 'Normal') { $params['Profile'] = 'LOW'; } $contents = array(); foreach ($order->products as $product) { $product_name = $product['name']; if (isset($product['attributes'])) { foreach ($product['attributes'] as $att) { $product_name .= '; ' . $att['option'] . '=' . $att['value']; } } $contents[] = str_replace(array(':', "\n", "\r", '&'), '', $product_name) . ':' . $product['qty'] . ':' . $this->format_raw($product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price']) . ':' . $this->format_raw($product['tax'] / 100 * $product['final_price'] + $product['final_price']) . ':' . $this->format_raw(($product['tax'] / 100 * $product['final_price'] + $product['final_price']) * $product['qty']); } foreach ($order_totals as $ot) { $contents[] = str_replace(array(':', "\n", "\r", '&'), '', strip_tags($ot['title'])) . ':---:---:---:---:' . $this->format_raw($ot['value']); } $params['Basket'] = substr(sizeof($contents) . ':' . implode(':', $contents), 0, 7500); $post_string = ''; foreach ($params as $key => $value) { $post_string .= $key . '=' . urlencode(trim($value)) . '&'; } if (MODULE_PAYMENT_SAGE_PAY_SERVER_TRANSACTION_SERVER == 'Live') { $gateway_url = 'https://live.sagepay.com/gateway/service/vspserver-register.vsp'; } else { $gateway_url = 'https://test.sagepay.com/gateway/service/vspserver-register.vsp'; } $transaction_response = $this->sendTransactionToGateway($gateway_url, $post_string); $string_array = explode(chr(10), $transaction_response); $return = array(); foreach ($string_array as $string) { if (strpos($string, '=') != false) { $parts = explode('=', $string, 2); $return[trim($parts[0])] = trim($parts[1]); } } if ($return['Status'] == 'OK') { $Qsp = $OSCOM_Db->get('sagepay_server_securitykeys', ['id', 'securitykey'], ['code' => $_SESSION['sagepay_server_skey_code']], null, 1); if ($Qsp->fetch() !== false) { if ($Qsp->value('securitykey') != $return['SecurityKey']) { $OSCOM_Db->save('sagepay_server_securitykeys', ['securitykey' => $return['SecurityKey'], 'date_added' => 'now()'], ['id' => $Qsp->valueInt('id')]); } } else { $OSCOM_Db->save('sagepay_server_securitykeys', ['code' => $_SESSION['sagepay_server_skey_code'], 'securitykey' => $return['SecurityKey'], 'date_added' => 'now()']); } if (MODULE_PAYMENT_SAGE_PAY_SERVER_PROFILE_PAGE == 'Normal') { HTTP::redirect($return['NextURL']); } else { $_SESSION['sage_pay_server_nexturl'] = $return['NextURL']; OSCOM::redirect('ext/modules/payment/sage_pay/checkout.php'); } } else { $error = $this->getErrorMessageNumber($return['StatusDetail']); $this->sendDebugEmail($return); } } OSCOM::redirect('checkout_payment.php', 'payment_error=' . $this->code . (tep_not_null($error) ? '&error=' . $error : '')); }
$password_new = HTML::sanitize($_POST['password_new']); $password_confirmation = HTML::sanitize($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error', ['min_length' => ENTRY_PASSWORD_MIN_LENGTH])); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error_not_matching')); } if ($error == false) { $Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id'); $Qcheck->bindInt(':customers_id', $_SESSION['customer_id']); $Qcheck->execute(); if (Hash::verify($password_current, $Qcheck->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]); $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]); $messageStack->add_session('account', OSCOM::getDef('success_password_updated'), 'success'); OSCOM::redirect('account.php'); } else { $error = true; $messageStack->add('account_password', OSCOM::getDef('error_current_password_not_matching')); } } } $breadcrumb->add(OSCOM::getDef('navbar_title_1'), OSCOM::link('account.php')); $breadcrumb->add(OSCOM::getDef('navbar_title_2'), OSCOM::link('account_password.php')); require $oscTemplate->getFile('template_top.php'); ?> <div class="page-header">
function generate_cart_id($length = 5) { return Hash::getRandomString($length, 'digits'); }
} else { $OSCOM_MessageStack->add(OSCOM::getDef('error_administrator_exists'), 'error'); } OSCOM::redirect(FILENAME_ADMINISTRATORS); break; case 'save': $username = HTML::sanitize($_POST['username']); $password = HTML::sanitize($_POST['password']); $Qcheck = $OSCOM_Db->get('administrators', ['id', 'user_name'], ['id' => (int) $_GET['aID']]); // update username in current session if changed if ($Qcheck->valueInt('id') === $_SESSION['admin']['id'] && $username !== $_SESSION['admin']['username']) { $_SESSION['admin']['username'] = $username; } $OSCOM_Db->save('administrators', ['user_name' => $username], ['id' => (int) $_GET['aID']]); if (tep_not_null($password)) { $OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => (int) $_GET['aID']]); } OSCOM::redirect(FILENAME_ADMINISTRATORS, 'aID=' . (int) $_GET['aID']); break; case 'deleteconfirm': $id = (int) $_GET['aID']; $Qcheck = $OSCOM_Db->get('administrators', ['id', 'user_name'], ['id' => $id]); if ($_SESSION['admin']['id'] === $Qcheck->valueInt('id')) { unset($_SESSION['admin']); } $OSCOM_Db->delete('administrators', ['id' => $id]); OSCOM::redirect(FILENAME_ADMINISTRATORS); break; } } $show_listing = true;
case 'logoff': $OSCOM_Hooks->call('Account', 'LogoutBefore'); unset($_SESSION['admin']); if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !empty($_SERVER['PHP_AUTH_PW'])) { $_SESSION['auth_ignore'] = true; } $OSCOM_Hooks->call('Account', 'LogoutAfter'); OSCOM::redirect(FILENAME_DEFAULT); break; case 'create': $Qcheck = $OSCOM_Db->get('administrators', 'id', null, null, 1); if (!$Qcheck->check()) { $username = HTML::sanitize($_POST['username']); $password = HTML::sanitize($_POST['password']); if (!empty($username)) { $OSCOM_Db->save('administrators', ['user_name' => $username, 'user_password' => Hash::encrypt($password)]); } } OSCOM::redirect(FILENAME_LOGIN); break; } } $Qcheck = $OSCOM_Db->get('administrators', 'id', null, null, 1); if (!$Qcheck->check()) { $OSCOM_MessageStack->add(OSCOM::getDef('text_create_first_administrator'), 'warning'); } require $oscTemplate->getFile('template_top.php'); ?> <h2><i class="fa fa-home"></i> <a href="<?php echo OSCOM::link('login.php');
*/ use OSC\OM\Hash; use OSC\OM\HTML; use OSC\OM\Mail; use OSC\OM\OSCOM; require 'includes/application_top.php'; $OSCOM_Language->loadDefinitions('password_forgotten'); $password_reset_initiated = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = HTML::sanitize($_POST['email_address']); $Qcheck = $OSCOM_Db->get('customers', ['customers_firstname', 'customers_lastname', 'customers_id'], ['customers_email_address' => $email_address]); if ($Qcheck->fetch() !== false) { $actionRecorder = new actionRecorder('ar_reset_password', $Qcheck->valueInt('customers_id'), $email_address); if ($actionRecorder->canPerform()) { $actionRecorder->record(); $reset_key = Hash::getRandomString(40); $OSCOM_Db->save('customers_info', ['password_reset_key' => $reset_key, 'password_reset_date' => 'now()'], ['customers_info_id' => $Qcheck->valueInt('customers_id')]); $reset_key_url = OSCOM::link('password_reset.php', 'account=' . urlencode($email_address) . '&key=' . $reset_key, false); if (strpos($reset_key_url, '&') !== false) { $reset_key_url = str_replace('&', '&', $reset_key_url); } $passwordEmail = new Mail($email_address, $Qcheck->value('customers_firstname') . ' ' . $Qcheck->value('customers_lastname'), STORE_OWNER_EMAIL_ADDRESS, STORE_OWNER, OSCOM::getDef('email_password_reset_subject', ['store_name' => STORE_NAME])); $passwordEmail->setBodyHTML(OSCOM::getDef('email_password_reset_body_html', ['store_name' => STORE_NAME, 'store_email_address' => STORE_OWNER_EMAIL_ADDRESS, 'reset_url' => $reset_key_url])); $passwordEmail->setBodyPlain(OSCOM::getDef('email_password_reset_body', ['store_name' => STORE_NAME, 'store_email_address' => STORE_OWNER_EMAIL_ADDRESS, 'reset_url' => $reset_key_url])); $passwordEmail->send(); $password_reset_initiated = true; } else { $actionRecorder->record(false); $messageStack->add('password_forgotten', OSCOM::getDef('error_action_recorder', ['module_action_recorder_reset_password_minutes' => defined('MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES') ? (int) MODULE_ACTION_RECORDER_RESET_PASSWORD_MINUTES : 5])); } } else {
} } } if (strlen($telephone) < ENTRY_TELEPHONE_MIN_LENGTH) { $error = true; $messageStack->add('create_account', OSCOM::getDef('entry_telephone_number_error', ['min_length' => ENTRY_TELEPHONE_MIN_LENGTH])); } if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('create_account', OSCOM::getDef('entry_password_error', ['min_length' => ENTRY_PASSWORD_MIN_LENGTH])); } elseif ($password != $confirmation) { $error = true; $messageStack->add('create_account', OSCOM::getDef('entry_password_error_not_matching')); } if ($error == false) { $sql_data_array = array('customers_firstname' => $firstname, 'customers_lastname' => $lastname, 'customers_email_address' => $email_address, 'customers_telephone' => $telephone, 'customers_fax' => $fax, 'customers_newsletter' => $newsletter, 'customers_password' => Hash::encrypt($password)); if (ACCOUNT_GENDER == 'true') { $sql_data_array['customers_gender'] = $gender; } if (ACCOUNT_DOB == 'true') { $sql_data_array['customers_dob'] = $dobDateTime->getRaw(false); } $OSCOM_Db->save('customers', $sql_data_array); $_SESSION['customer_id'] = $OSCOM_Db->lastInsertId(); $sql_data_array = array('customers_id' => $_SESSION['customer_id'], 'entry_firstname' => $firstname, 'entry_lastname' => $lastname, 'entry_street_address' => $street_address, 'entry_postcode' => $postcode, 'entry_city' => $city, 'entry_country_id' => $country); if (ACCOUNT_GENDER == 'true') { $sql_data_array['entry_gender'] = $gender; } if (ACCOUNT_COMPANY == 'true') { $sql_data_array['entry_company'] = $company; }
public function execute($parameters) { // reset session token $_SESSION['sessiontoken'] = md5(Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt()); }