Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Security Token vs my mod

    I have a small problem with the concept of securityToken, and I hope you can bring me some light!

    I understand that this securityToken is sent together with the login and password to prevent fraudulent identification, but I don't get where theat token is generated.

    In my case, I try to adapt the login_as_customer module, which allow an admin to click on a button to directly login in the catalog part of the shop using the customer's email and the master password.

    Information is sent that way :

    Code:
    <form target="_blank" name="login" action="' . $login_as_customer . '" method="get">
    <input type="hidden" name="email_addr" id="login-email-address" value="' . $email_address . '">
    <input type="hidden" name="password" id="login-password" value="' . $pass . '">
    <input type="image" src="' . $place_order_button . '">
    </form>
    I would expect the following to work with 1.3.8a :

    Code:
    <form target="_blank" name="login" action="' . $login_as_customer . '" method="get">
    <input type="hidden" name="email_addr" id="login-email-address" value="' . $email_address . '">
    <input type="hidden" name="password" id="login-password" value="' . $pass . '">
    ' . zen_draw_hidden_field('securityToken', $_SESSION['securityToken']) . '
    <input type="image" src="' . $place_order_button . '">
    </form>
    (the code might look a little strange, it is in fact only an abstract of a long string sent, but it is working - no parse error)

    But this seems not to work. Do I have a problem with the way I generate the token??

    Thanks,

    sanji

  2. #2
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,569
    Plugin Contributions
    25

    Default Re: "There was a security error when trying to login" - v1.3.8

    Sanji

    Don't worry about how the security token is generated. Rather your problem looks to me to be that your form is using the get method for passing information, but Zen Cart is expecting to receive the security token in the $_POST array.

    Indeed, I'm not sure that you can pass hidden variables with the get method as they are visibly tagged onto the URL.
    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  3. #3
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Re: "There was a security error when trying to login" - v1.3.8

    Thanks Kuroi, I tried both post and get methods, but the result is exactly the same...

    sanji

  4. #4
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Re: "There was a security error when trying to login" - v1.3.8

    This is the way the information is sent for login, with post :

    Code:
    <form name='form1' action='/index.php?main_page=login&amp;action=process' method='post'>
    <input type='hidden' name='email_address' id='login-email-address' value='[email protected]' />
    <input type='hidden' name='password' id='login-password' value='12345678' />
    <input type='hidden' name='securityToken' id='securityToken' value='xxxxxxxx49eb4cdfd90ba277c409aa22' />
    <input type='submit' value='Place Order' />
    <input type='button' value='Cancel Order' onclick='window.close()'>
    </form>
    Does that look OK? I still get that Security Error...

    sanji

 

 

Similar Threads

  1. Security Token
    By Leowald in forum Upgrading to 1.5.x
    Replies: 10
    Last Post: 22 Jan 2016, 03:00 AM
  2. security token error
    By nour72sy in forum Addon Language Packs
    Replies: 0
    Last Post: 24 Oct 2011, 02:38 PM
  3. login security token
    By cameoflage in forum Templates, Stylesheets, Page Layout
    Replies: 4
    Last Post: 14 May 2010, 10:14 PM
  4. Security Token Generation
    By glenelkins in forum General Questions
    Replies: 3
    Last Post: 4 Feb 2009, 07:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR