function execute() { global $login_customer_id, $messageStack, $oscTemplate; $OSCOM_Db = Registry::get('Db'); $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = HTML::sanitize($_POST['email_address']); $password = HTML::sanitize($_POST['password']); // Check if email exists $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1); if ($Qcustomer->fetch() === false) { $error = true; } else { // Check that password is good if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = $Qcustomer->valueInt('customers_id'); // migrate old hashed password to new phpass password if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') { $OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]); } } } } if ($error == true) { $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR); } ob_start(); include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
function _process() { global $messageStack, $osC_Database, $osC_Customer; if (!isset($_POST['password_current']) || strlen(trim($_POST['password_current'])) < ACCOUNT_PASSWORD) { $messageStack->add('account_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (!isset($_POST['password_new']) || strlen(trim($_POST['password_new'])) < ACCOUNT_PASSWORD) { $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif (!isset($_POST['password_confirmation']) || trim($_POST['password_new']) != trim($_POST['password_confirmation'])) { $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($messageStack->size('account_password') === 0) { $Qcheck = $osC_Database->query('select customers_password from :table_customers where customers_id = :customers_id'); $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS); $Qcheck->bindInt(':customers_id', $osC_Customer->id); $Qcheck->execute(); if (tep_validate_password(trim($_POST['password_current']), $Qcheck->value('customers_password'))) { $Qupdate = $osC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id'); $Qupdate->bindTable(':table_customers', TABLE_CUSTOMERS); $Qupdate->bindValue(':customers_password', tep_encrypt_password(trim($_POST['password_new']))); $Qupdate->bindInt(':customers_id', $osC_Customer->id); $Qupdate->execute(); $Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_account_last_modified = now() where customers_info_id = :customers_info_id'); $Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO); $Qupdate->bindInt(':customers_info_id', $osC_Customer->id); $Qupdate->execute(); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } }
function execute() { global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) { $email_address = tep_db_prepare_input($_POST['email_address']); $password = tep_db_prepare_input($_POST['password']); // Check if email exists $customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1"); if (!tep_db_num_rows($customer_query)) { $error = true; } else { $customer = tep_db_fetch_array($customer_query); // Check that password is good if (!tep_validate_password($password, $customer['customers_password'])) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = (int) $customer['customers_id']; // migrate old hashed password to new phpass password if (tep_password_type($customer['customers_password']) != 'phpass') { tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'"); } } } } if ($error == true) { $messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR); } ob_start(); include 'includes/modules/content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
http://www.osCmax.com Copyright 2000 - 2011 osCmax Released under the GNU General Public License */ require 'includes/application_top.php'; require DIR_WS_LANGUAGES . $language . '/login.php'; $current_boxes = DIR_FS_ADMIN . DIR_WS_BOXES; if ($_GET['action']) { switch ($_GET['action']) { case 'check_password': $check_pass_query = tep_db_query("select admin_password as confirm_password from " . TABLE_ADMIN . " where admin_id = '" . $_POST['id_info'] . "'"); $check_pass = tep_db_fetch_array($check_pass_query); // Check that password is good if (!tep_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) { tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=check_account&error=password')); } else { //$confirm = 'confirm_account'; tep_session_register('confirm_account'); tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT, 'action=edit_process')); } break; case 'save_account': $admin_id = tep_db_prepare_input($_POST['id_info']); $admin_email_address = tep_db_prepare_input($_POST['admin_email_address']); $stored_email[] = 'NONE'; $hiddenPassword = '******'; $check_email_query = tep_db_query("select admin_email_address from " . TABLE_ADMIN . " where admin_id <> " . $admin_id . ""); while ($check_email = tep_db_fetch_array($check_email_query)) { $stored_email[] = $check_email['admin_email_address'];
Released under the GNU General Public License */ require 'includes/application_top.php'; if (isset($_GET['action']) && $_GET['action'] == 'process') { $username = tep_db_prepare_input($_POST['username']); $password = tep_db_prepare_input($_POST['password']); // Check if usename exists $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_username as login_username, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_username = '******'"); if (!tep_db_num_rows($check_admin_query)) { //Added by PGM tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Username', now())"); $_GET['login'] = '******'; } else { $check_admin = tep_db_fetch_array($check_admin_query); // Check that password is good if (!tep_validate_password($password, $check_admin['login_password'])) { //Added by PGM tep_db_query("insert into " . TABLE_ADMIN_LOG . " values (NULL, '" . tep_db_input($username) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())"); $_GET['login'] = '******'; } else { if (tep_session_is_registered('password_forgotten')) { tep_session_unregister('password_forgotten'); } $login_id = $check_admin['login_id']; $login_groups_id = $check_admin['login_groups_id']; $login_username = $check_admin['login_username']; $login_logdate = $check_admin['login_logdate']; $login_lognum = $check_admin['login_lognum']; $login_modified = $check_admin['login_modified']; tep_session_register('login_id'); tep_session_register('login_groups_id');
$password_confirmation = tep_db_prepare_input($_POST['password_confirmation']); $error = false; if (strlen($password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('a_password', ENTRY_PASSWORD_CURRENT_ERROR); } elseif (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('a_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_affiliate_query = tep_db_query("select affiliate_password from " . TABLE_AFFILIATE . " where affiliate_id = '" . (int) $affiliate_id . "'"); $check_affiliate = tep_db_fetch_array($check_affiliate_query); if (tep_validate_password($password_current, $check_affiliate['affiliate_password'])) { tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_password = '******' where affiliate_id = '" . (int) $affiliate_id . "'"); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL')); } else { $error = true; $messageStack->add('a_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } } $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_AFFILIATE, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_AFFILIATE_PASSWORD, '', 'SSL')); $content = affiliate_password; include bts_select('main'); // BTSv1.5 require DIR_WS_INCLUDES . 'application_bottom.php';
function checkout_login($email_address, $password, $pass_crypt) { global $error, $cart, $wishList; global $customer_id; global $customer_default_address_id; global $customer_first_name; global $customer_password; global $customer_country_id; global $customer_zone_id; $email_address = tep_db_prepare_input($email_address); $password = tep_db_prepare_input($password); // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good if (isset($pass_crypt) ? $pass_crypt != $check_customer['customers_password'] : !tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_password = $password; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_password'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); tep_session_unregister('referral_id'); //rmh referral tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'"); $cart->restore_contents(); $wishList->restore_wishlist(); } } }
if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } require DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN; $error = false; if (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name');
function log_customer_in($email_address = '', $password = '') { global $cart; $error = false; $check_customer_query = tep_db_query("select customers_id, abo_id, customers_firstname, customers_password, customers_email_address, customers_username, customers_default_address_id, status, customers_group from customers where customers_email_address = '" . tep_db_input($email_address) . "' OR customers_username = '******'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if ($check_customer['status'] == '0') { $active_error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); global $customer_id, $abo_id, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $customer_group, $customers_email_address, $customers_username; $customer_id = $check_customer['customers_id']; $abo_id = $check_customer['abo_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; $customer_group = $check_customer['customers_group']; $customers_email_address = $check_customer['customers_email_address']; $customers_username = $check_customer['customers_username']; tep_session_register('customer_id'); tep_session_register('abo_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); tep_session_register('customer_group'); tep_session_register('customers_email_address'); tep_session_register('customers_username'); /*autologin*/ $cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1)); $cookie_path = $cookie_url_array['path']; if (ALLOW_AUTOLOGON == 'false' || $_POST['remember_me'] == '') { setcookie("email_address", "", time() - 3600, $cookie_path); // Delete email_address cookie setcookie("password", "", time() - 3600, $cookie_path); // Delete password cookie } else { setcookie('email_address', $email_address, time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0); setcookie('password', $check_customer['customers_password'], time() + 365 * 24 * 3600, $cookie_path, '', getenv('HTTPS') == 'on' ? 1 : 0); } /*autologin*/ tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'"); $cart->restore_contents(); /*FORUM*/ if (FORUM_ACTIVE == 'true' && FORUM_CROSS_LOGIN == 'true') { $user->session_begin(); $auth->acl($user->data); $get_forum_username_query = tep_db_query("SELECT username_clean FROM " . FORUM_DB_DATABASE . ".users WHERE user_email = '" . $_POST['email_address'] . "'"); $get_forum_username = tep_db_fetch_array($get_forum_username_query); if ($_POST['remember_me'] == 'on') { $remember = 'true'; } else { $remember = 'false'; } $auth->login($get_forum_username['username_clean'], $_POST['password'], $remember, 1, 0); } /*FORUM*/ } } } if ($error == true) { return Translate('Fout: er kon niet ingelogd worden met het ingegeven e-mailadres en wachtwoord. Gelieve opnieuw te proberen'); } if ($active_error == true) { return Translate('Uw account werd nog niet geactiveerd.'); } return true; }
function processAjaxLogin($emailAddress, $password) { global $cart, $customer_id, $onepage, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id, $sendto, $billto; $error = false; $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($emailAddress) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $onepage['customer']['email_address'] = $check_customer['customers_email_address']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; $onepage['createAccount'] = false; $sendto = $customer_default_address_id; $billto = $customer_default_address_id; $this->setDefaultSendTo(); $this->setDefaultBillTo(); if (!tep_session_is_registered('customer_default_address_id')) { tep_session_register('customer_default_address_id'); } if (!tep_session_is_registered('customer_first_name')) { tep_session_register('customer_first_name'); } if (!tep_session_is_registered('customer_country_id')) { tep_session_register('customer_country_id'); } if (!tep_session_is_registered('customer_zone_id')) { tep_session_register('customer_zone_id'); } if (!tep_session_is_registered('sendto')) { tep_session_register('sendto'); } if (!tep_session_is_registered('billto')) { tep_session_register('billto'); } if (!tep_session_is_registered('customer_id')) { tep_session_register('customer_id'); } tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int) $customer_id . "'"); // restore cart contents $cart->restore_contents(); } } $json = ''; if ($error === false) { $json .= '{ "success": "true", "msg": "Loading your account info" }'; } else { $json .= '{ "success": "false", "msg": "Authorization Failed" }'; } return $json; }
$check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good // BOF PHONE ORDER $checked = ''; // If $_POST(['action']) is set then lets check where they have come from if (isset($_POST['action'])) { $referrer = $_SERVER['HTTP_REFERER']; // We should have the admin folder name in the $_POST vars if (strpos($referrer, $_POST['admin']) !== false) { $checked = 'pass'; } else { $checked = 'fail'; } } //if (!tep_validate_password($password, $check_customer['customers_password'])) { if (!tep_validate_password($password, $check_customer['customers_password']) && !isset($_POST['action'])) { // Password does not match and customer did not come from admin $error = true; tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Wrong Password', now())"); } elseif (isset($_POST['action']) && $checked == 'fail') { // Password does not match and customer looks like they came from admin but admin dir does not match - potential hack attempt $error = true; tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Hack Attempt', now())"); } else { // Password matched or phone order via admin passed //if (SESSION_RECREATE == 'True' && !isset($_POST['action'])) { if ($checked == 'pass') { tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Admin as Customer', now())"); } else { tep_db_query("insert into " . TABLE_CUSTOMER_LOG . " values ('', '" . addslashes($email_address) . "', '" . $_SERVER['REMOTE_ADDR'] . "', 'Logged In', now())"); }
/** * Test if an user is authentified */ function isAuthenticated() { if (isset($_SERVER['PHP_AUTH_USER']) and isset($_SERVER['PHP_AUTH_PW'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $query = 'select user_password from ' . TABLE_ADMINISTRATORS . ' where user_name = "' . $username . '"'; $db_query = tep_db_query($query); if (tep_db_num_rows($db_query) == 1) { $result = tep_db_fetch_array($db_query); if (tep_validate_password($password, $result['user_password'])) { return true; } } } return false; }
// Most of this file is changed or moved to BTS - Basic Template System - format. // For adding in contribution or modification - parts of this file has been moved to: catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change). // catalog\templates\fallback\contents\<filename>.tpl.php as a default (sub 'fallback' with your current template to see if there is a template specife change). // (Sub 'fallback' with your current template to see if there is a template specific file.) require 'includes/application_top.php'; if (isset($_GET['action']) && $_GET['action'] == 'process') { $affiliate_username = tep_db_prepare_input($_POST['affiliate_username']); $affiliate_password = tep_db_prepare_input($_POST['affiliate_password']); // Check if username exists $check_affiliate_query = tep_db_query("select affiliate_id, affiliate_firstname, affiliate_password, affiliate_email_address from " . TABLE_AFFILIATE . " where affiliate_email_address = '" . tep_db_input($affiliate_username) . "'"); if (!tep_db_num_rows($check_affiliate_query)) { $_GET['login'] = '******'; } else { $check_affiliate = tep_db_fetch_array($check_affiliate_query); // Check that password is good if (!tep_validate_password($affiliate_password, $check_affiliate['affiliate_password'])) { $_GET['login'] = '******'; } else { $affiliate_id = $check_affiliate['affiliate_id']; tep_session_register('affiliate_id'); $date_now = date('Ymd'); tep_db_query("update " . TABLE_AFFILIATE . " set affiliate_date_of_last_logon = now(), affiliate_number_of_logons = affiliate_number_of_logons + 1 where affiliate_id = '" . $affiliate_id . "'"); tep_redirect(tep_href_link(FILENAME_AFFILIATE_SUMMARY, '', 'SSL')); } } } require bts_select('language', FILENAME_AFFILIATE); $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_AFFILIATE, '', 'SSL')); $content = CONTENT_AFFILIATE; include bts_select('main'); // BTSv1.5
$partners_password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['partners_password_confirmation']); $error = false; if (strlen($partners_password_current) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('header', ENTRY_PARTNER_PASSWORD_CURRENT_ERROR); } elseif (strlen($partners_password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR); } elseif ($partners_password_new != $partners_password_confirmation) { $error = true; $messageStack->add('header', ENTRY_PARTNER_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_partner_query = tep_db_query("select partners_password from " . TABLE_PARTNERS . " where partners_id = '" . (int) $partner_id . "'"); $check_partner = tep_db_fetch_array($check_partner_query); if (tep_validate_password($partners_password_current, $check_partner['partners_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $partners_password_current == ACCOUNT_UNIVERSAL_PASSWORD) { tep_db_query("update " . TABLE_PARTNERS . " set partners_password = '******', last_modified = now() where partners_id = '" . (int) $partner_id . "'"); $messageStack->add_session('header', SUCCESS_PARTNER_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL')); } else { $error = true; $messageStack->add('header', ERROR_PARTNER_CURRENT_PASSWORD_NOT_MATCHING); } } break; case 'logoff': tep_session_unregister('partner_id'); tep_session_unregister('partner_name'); $messageStack->add_session('header', SUCCESS_PARTNER_LOGOFF, 'success'); tep_redirect(tep_href_link(FILENAME_PARTNER, '', 'SSL')); break;
if ($osC_Session->is_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } require DIR_WS_LANGUAGES . $osC_Session->value('language') . '/' . FILENAME_LOGIN; $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process') { // Check if email exists $Qcheck = $osC_Database->query('select customers_id, customers_password from :table_customers where customers_email_address = :customers_email_address'); $Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS); $Qcheck->bindValue(':customers_email_address', $_POST['email_address']); $Qcheck->execute(); if ($Qcheck->numberOfRows() < 1) { $error = true; } else { // Check that password is good if (!tep_validate_password($_POST['password'], $Qcheck->value('customers_password'))) { $error = true; } else { if (SERVICE_SESSION_REGENERATE_ID == 'True') { $osC_Session->recreate(); } $osC_Customer->setCustomerData($Qcheck->valueInt('customers_id')); $Qupdate = $osC_Database->query('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = :customers_info_id'); $Qupdate->bindTable(':table_customers_info', TABLE_CUSTOMERS_INFO); $Qupdate->bindInt(':customers_info_id', $osC_Customer->id); $Qupdate->execute(); // restore cart contents $cart->restore_contents(); $navigation->remove_current_page(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array($osC_Session->name)), $navigation->snapshot['mode']);
Copyright (c) 2007 osCommerce Released under the GNU General Public License */ require 'includes/application_top.php'; require 'includes/functions/password_funcs.php'; $action = isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : ''; if (tep_not_null($action)) { switch ($action) { case 'process': $username = tep_db_prepare_input($HTTP_POST_VARS['username']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); $check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'"); if (tep_db_num_rows($check_query) == 1) { $check = tep_db_fetch_array($check_query); if (tep_validate_password($password, $check['user_password'])) { tep_session_register('admin'); $admin = array('id' => $check['id'], 'username' => $check['user_name']); if (tep_session_is_registered('redirect_origin')) { $page = $redirect_origin['page']; $get_string = ''; if (function_exists('http_build_query')) { $get_string = http_build_query($redirect_origin['get']); } tep_session_unregister('redirect_origin'); tep_redirect(tep_href_link($page, $get_string)); } else { tep_redirect(tep_href_link(FILENAME_DEFAULT)); } } }
/** * If a native user tries log in with Amazon, prompt them to merge the accounts. * * @return bool */ private function renderMergePost() { $user_data = LoginWithAmazon_Tools::get_userdata(); $email = $user_data->email; $password = isset($_POST['password']) ? $_POST['password'] : NULL; if (empty($email)) { return TRUE; } $cust_id = LoginWithAmazon_Tools::get_customer_id_by_email($email); if (!$cust_id) { return TRUE; } $password_hash = LoginWithAmazon_Tools::get_customer_password_hash_by_id($cust_id); if (!LoginWithAmazon_Tools::is_amazon_user_any($cust_id)) { global $messageStack; $authenticated = tep_validate_password($password, $password_hash); if ($authenticated) { LoginWithAmazon_Tools::add_user_to_merge_table($cust_id); LoginWithAmazon_Tools::login_user($cust_id); tep_redirect(tep_href_link(FILENAME_ACCOUNT, LoginWithAmazon_Tools::MERGE_ACCOUNTS_SUCCESS . '=1')); } else { // Set an error message $messageStack->add('login', MODULE_HEADER_TAGS_LOGINWITHAMAZON_MERGE_FAIL, 'error'); } } }
if (isset($HTTP_POST_VARS['action']) && $HTTP_POST_VARS['action'] == 'process' && isset($HTTP_POST_VARS['formid']) && $HTTP_POST_VARS['formid'] == $sessiontoken) { $password_current = tep_db_prepare_input($HTTP_POST_VARS['password_current']); $password_new = tep_db_prepare_input($HTTP_POST_VARS['password_new']); $password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $check_customer_query = tep_db_query("select customers_password from " . TABLE_CUSTOMERS . " where customers_id = '" . (int) $customer_id . "'"); $check_customer = tep_db_fetch_array($check_customer_query); if (tep_validate_password($password_current, $check_customer['customers_password'])) { tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $customer_id . "'"); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int) $customer_id . "'"); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } } $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_ACCOUNT, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL')); require DIR_WS_INCLUDES . 'template_top.php'; require 'includes/form_check.js.php'; ?>
$password_current = HTML::sanitize($_POST['password_current']); $password_new = HTML::sanitize($_POST['password_new']); $password_confirmation = HTML::sanitize($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING); } if ($error == false) { $Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id'); $Qcheck->bindInt(':customers_id', $_SESSION['customer_id']); $Qcheck->execute(); if (tep_validate_password($password_current, $Qcheck->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]); $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); OSCOM::redirect('account.php', '', 'SSL'); } else { $error = true; $messageStack->add('account_password', ERROR_CURRENT_PASSWORD_NOT_MATCHING); } } } $breadcrumb->add(NAVBAR_TITLE_1, OSCOM::link('account.php', '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, OSCOM::link('account_password.php', '', 'SSL')); require 'includes/template_top.php'; ?>
function validateUser() { $this->username = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSUSERID'), $this->arrOutput); $this->password = $this->getNodeData(array('ACCESSREQUEST', 'ACCESSPASSWORD'), $this->arrOutput); if (!$this->username || !$this->password) { return $this->responseXML('10', SOAP_NO_USER_PW, 'error'); } // validate user with db (call validation function) $result = tep_db_query("select user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . $this->username . "'"); if (tep_db_num_rows($result) == 0) { return $this->responseXML('11', SOAP_USER_NOT_FOUND, 'error'); } $fields = tep_db_fetch_array($result); if (!tep_validate_password($this->password, $fields['user_password'])) { return $this->responseXML('12', SOAP_PASSWORD_NOT_FOUND, 'error'); } return true; // if both the username and password are correct }
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } elseif (isset($HTTP_GET_VARS['action']) && $HTTP_GET_VARS['action'] == 'process') { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); // Check if email exists $check_customer_query = tep_db_query("select c.customers_id, c.customers_firstname, c.customers_lastname, c.customers_password, c.customers_email_address, c.customers_email_address_confirmed, c.customers_default_address_id, c.customers_type, c.customers_status, co.companies_name, co.companies_corporate from " . TABLE_CUSTOMERS . " c left join " . TABLE_COMPANIES . " co on (c.customers_id = co.customers_id) where c.customers_email_address = '" . tep_db_input($email_address) . "' and customers_is_dummy_account = '0'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; $error_message = TEXT_ACCOUNT_DOESNT_EXIST_ERROR; } else { $check_customer = tep_db_fetch_array($check_customer_query); if ($check_customer['customers_email_address_confirmed'] == '0') { $error = true; $error_message = sprintf(TEXT_ACCOUNT_NOT_CONFIRMED_ERROR, tep_href_link(FILENAME_LOGIN, 'action=repeat&email=' . urlencode($email_address), 'SSL')); // Check that password is good } elseif (tep_validate_password($password, $check_customer['customers_password']) || tep_not_null(ACCOUNT_UNIVERSAL_PASSWORD) && $password == ACCOUNT_UNIVERSAL_PASSWORD) { $check_country_query = tep_db_query("(select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ")) union (select address_book_id, entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id <> '" . (int) $check_customer['customers_default_address_id'] . "' and entry_country_id in (select countries_id from " . TABLE_COUNTRIES . ") order by address_book_id desc) order by '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_type = $check_customer['customers_type']; if (ACCOUNT_MIDDLE_NAME == 'true') { list($customer_first_name, $customer_middle_name) = explode(' ', trim($check_customer['customers_firstname'])); } else { $customer_first_name = $check_customer['customers_firstname']; $customer_middle_name = ''; } $customer_last_name = $check_customer['customers_lastname']; $customer_status = $check_customer['customers_status']; $customer_company = $check_customer['companies_name']; $customer_corporate = $check_customer['companies_corporate']; $customer_default_address_id = $check_country['address_book_id'];