Results 1 to 10 of 12

Hybrid View

  1. #1
    Join Date
    Jul 2007
    Posts
    18
    Plugin Contributions
    0

    Default Re: External Log In - Log a Customer in from another system

    I cannot get this to work, I beleive the error maybe the fact that I cannot use the notifier class with my script because of illegal access - what I have done is changed the template file which deals with user registration and redirected to my websites registration form and duplicated the zen cart process there during a sign up.

    Really anoying but you cant have everything you want and must adapt. Someone from the development team should really look into this as it is a much wanted feature.

  2. #2
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: External Log In - Log a Customer in from another system

    i'm just doing the same thing

    // if the customer is logged in already, redirect them to the My account page
    if (isset($_SESSION['customer_id']) and $_SESSION['customer_id'] != '') {
    zen_redirect(zen_href_link(FILENAME_ACCOUNT, '', 'SSL'));
    }

    so if the custumer is logged in then it would redirect if that is set.... and as a matter of fact it works...

  3. #3
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: External Log In - Log a Customer in from another system

    Here is a lil more detail on how to get it right.

    first let me explain what happens here...

    1) we 'denaturalize' the zen cart session code, for many resons... many functions are not needed if you want your custumer to be logged in.

    2) we create a somewhat less stable log in procedure... in fact it needs to base off of the session alone, which means that Yes, it can be hacked.

    so here is what i modify to make it so that the session is successfully passed from one place to another

    ncludes\init_includes\init_sessions.php

    looks like this:
    Code:
    <?php
    /**
     * session handling
     * see {@link  http://www.zen-cart.com/wiki/index.php/Developers_API_Tutorials#InitSystem wikitutorials} for more details.
     *
     * @package initSystem
     * @copyright Copyright 2003-2005 Zen Cart Development Team
     * @copyright Portions Copyright 2003 osCommerce
     * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
     * @version $Id: init_sessions.php 5164 2006-12-10 19:01:25Z drbyte $
     */
    if (!defined('IS_ADMIN_FLAG')) {
      die('Illegal Access');
    }
    /**
     * require the session handling functions
     */
    require(DIR_WS_FUNCTIONS . 'sessions.php');
    session_start();
    ?>
    which basically removes all sorts of zencart log in checks and all the other stuff that was there, which just does not fit my needs at least...

    \includes\functions\sessions.php

    looks like this:

    Code:
    <?php
    /**
     * functions/sessions.php
     * Session functions
     *
     * @package functions
     * @copyright Copyright 2003-2007 Zen Cart Development Team
     * @copyright Portions Copyright 2003 osCommerce
     * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
     * @version $Id: sessions.php 6662 2007-08-12 21:37:17Z wilt $
     */
    if (!defined('IS_ADMIN_FLAG')) {
      die('Illegal Access');
    }
    
    
      function zen_session_start() {
        @ini_set('session.gc_probability', 1);
        @ini_set('session.gc_divisor', 2);
        if (defined('DIR_WS_ADMIN')) {
          @ini_set('session.gc_maxlifetime', (SESSION_TIMEOUT_ADMIN < 900 ? (SESSION_TIMEOUT_ADMIN + 900) : SESSION_TIMEOUT_ADMIN));
        }
        $temp = session_start();
        if (!isset($_SESSION['securityToken'])) {
          $_SESSION['securityToken'] = md5(uniqid(rand(), true));
        }
      	if (ereg_replace('[a-zA-Z0-9]', '', session_id()) != '') session_regenerate_id();
        return $temp;
      }
    
      function zen_session_register($variable) {
        die('This function has been deprecated. Please use Register Globals Off compatible code');
      }
    
      function zen_session_is_registered($variable) {
        die('This function has been deprecated. Please use Register Globals Off compatible code');
      }
    
      function zen_session_unregister($variable) {
        die('This function has been deprecated. Please use Register Globals Off compatible code');
      }
    
      function zen_session_id($sessid = '') {
        if (!empty($sessid)) {
          return session_id($sessid);
        } else {
          return session_id();
        }
      }
    
      function zen_session_name($name = '') {
        if (!empty($name)) {
          return session_name($name);
        } else {
          return session_name();
        }
      }
    
      function zen_session_close() {
        if (function_exists('session_close')) {
          return session_close();
        }
      }
    
      function zen_session_destroy() {
        return session_destroy();
      }
    
      function zen_session_save_path($path = '') {
        if (!empty($path)) {
          return session_save_path($path);
        } else {
          return session_save_path();
        }
      }
    
      function zen_session_recreate() {
        global $http_domain, $https_domain, $current_domain;
          if ($http_domain == $https_domain) {
          $saveSession = $_SESSION;
          $oldSessID = session_id();
          session_regenerate_id();
          $newSessID = session_id();
          session_id($oldSessID);
          session_id($newSessID);
          if (STORE_SESSIONS == 'db') {
            session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
          }
          session_start();
          $_SESSION = $saveSession;
          if (IS_ADMIN_FLAG !== true) {
            whos_online_session_recreate($oldSessID, $newSessID);
          }
        } else {
        /*
          $saveSession = $_SESSION;
          $oldSessID = session_id();
          session_regenerate_id();
          $newSessID = session_id();
          session_id($oldSessID);
          session_destroy();
          session_id($newSessID);
          session_set_cookie_params(0, '/', (zen_not_null($http_domain) ? $http_domain : ''));
          session_id($newSessID);
          if (STORE_SESSIONS == 'db') {
            session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
          }
          session_start();
          session_set_cookie_params(0, '/', (zen_not_null($current_domain) ? $current_domain : ''));
          session_start();
          $_SESSION = $saveSession;
          */
        }
      }
    ?>
    all i removed here was getting the session back from the DB, this is because i do not want to store the session in the DB, and it was still checking there even thoug session storage was disabled by the install...

    now the coding part that you need to log in :

    Code:
    // BOF Zen Login
    					$location = mysql_fetch_array(mysql_query("SELECT entry_country_id, entry_zone_id FROM zen_address_book WHERE customers_id ='".$UserID."'", $con));
    					$custumer = mysql_fetch_array(mysql_query("SELECT customers_default_address_id, customers_authorization, customers_firstname, customers_lastname FROM zen_customers WHERE customers_id='".$UserID."'", $con));
    					$_SESSION['customer_id'] = $UserID;
    			        $_SESSION['customer_default_address_id'] = $custumer['customers_default_address_id'];
    			        $_SESSION['customers_authorization'] = $custumer['customers_authorization'];
    			        $_SESSION['customer_first_name'] = $custumer['customers_firstname'];
    			        $_SESSION['customer_last_name'] = $custumer['customers_lastname'];
    			        $_SESSION['customer_country_id'] = $location['entry_country_id'];
    			        $_SESSION['customer_zone_id'] = $location['entry_zone_id'];
    			        $_SESSION['SESSION_IP_ADDRESS'] = zen_get_ip_address();
    			        $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
    			        $_SESSION['securityToken'] = md5(uniqid(rand(), true));
    			        $sql = "UPDATE zen_customers_info SET customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 WHERE customers_info_id ='". $UserID. "'";
    					if (ereg_replace('[a-zA-Z0-9]', '', session_id()) != '') session_regenerate_id();
    					mysql_query($sql, $con);
    				// EOF Zen Login

    Remember, that which ever authentication mesures you are using on your site, should be included right after session_start on \includes\init_includes\init_sessions.php
    they are necessary to prevent basic hacking, and now they can just be whatver you use on your site, just copy paste and you should be OK... (evne though zen security is preatty good... )

    NOTE that... this removes ZENID and leaves the session named automatically with the session ID.

    you also need to modify the LOG OUT procedures (header) to log the user out of the whole system (yours) and maybe destroy the session, which stops log in.

    IMPORTANT THING to Think about...
    this does NOT check the ip address, simply the session id.
    it's a good idea to modify this code to use the zencart's original way of checking your IP address you need some kind of insureance that you are not being hacked,
    zencart uses all known methods, but you should at least use IP address, and Session ID to keep track of who is really logged in. ;)


    MODERATOR NOTE: There are many security risks, some mentioned, some not, introduced by making the changes mentioned here. USE AT OWN RISK.

  4. #4
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: External Log In - Log a Customer in from another system

    I wanted to add a lil note, but i see that there is no edit button ???

    anyways, this goes under the last Code Box...
    this assumes the following:
    you are using a zen_ table heading if you are not then you need to remove all occurrences of zen_ or replace them with your own table heading.
    also $UserID should be gained by the authentication process which you should paste this into in order for things to work.

    however you have things set up, you have to make sure that your custumer id comes from the zencart, in other words:
    Code:
    $mysql ="SELECT customers_id, customers_password FROM zen_customers WHERE customers_email_address='".$_POST['email-address-provided-by-custumer-as-login']."' LIMIT 1";
    $result = mysql_query($mysql [, $connection_link]) or die ("most likey the user does not exist in this case..." . mysql_error());
    $row = mysql_fetch_array($result);
    
    $UserID = $row['customers_id'];
    $pass = $row['customers_password'];
    
    // now compare passwords and autheninticate the user and you can also perform the log in...
    MODERATOR NOTE: The code suggested here is vulnerable to SQL Injection attack, since the input to the database query is not sanitized. USE AT OWN RISK

  5. #5
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: External Log In - Log a Customer in from another system

    yea, well that's totally true, however it seems that i was replying to someone with out a lot of experience... i guess leaset i could do is mention how to address that...
    all you really have to do is add "mysql_real_escape_string()" before the direct input,
    However, I do raccomand that this is changed into a function if you have enofgh experience to do so,
    passing the parameters through the function allows to compleatly hide that bit of information, that togather with mysql_real_escape_string() will avoid ingections.


    but let's get to what i was really here for...

    The code i gave above for init_sessions.php can actually be edited to
    Code:
    <?php
    /**
     * session handling
     * see {@link  http://www.zen-cart.com/wiki/index.php/Developers_API_Tutorials#InitSystem wikitutorials} for more details.
     *
     * @package initSystem
     * @copyright Copyright 2003-2005 Zen Cart Development Team
     * @copyright Portions Copyright 2003 osCommerce
     * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
     * @version $Id: init_sessions.php 5164 2006-12-10 19:01:25Z drbyte $
     */
    if (!defined('IS_ADMIN_FLAG')) {
      die('Illegal Access');
    }
    /**
     * require the session handling functions
     */
    require(DIR_WS_FUNCTIONS . 'sessions.php');
    /**
     * set the session ID if it exists
     */
    if (isset($_POST[zen_session_name()])) {
      zen_session_id($_POST[zen_session_name()]);
    } elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
      zen_session_id($_GET[zen_session_name()]);
    }
    
    //memorize local IP before zencart changes it//
    $LIP=$_SERVER['REMOTE_ADDR'];
    /**
     * need to tidy up $_SERVER['REMOTE_ADDR'] here beofre we use it any where else
     * one problem we don't address here is if $_SERVER['REMOTE_ADDRESS'] is not set to anything at all
     */
    $ipAddressArray = explode(',', $_SERVER['REMOTE_ADDR']);
    $ipAddress = (sizeof($ipAddressArray) > 0) ? $ipAddressArray[0] : '';
    $_SERVER['REMOTE_ADDR'] = $ipAddress;
    /**
     * start the session
     */ 
    $session_started = false;
    if (SESSION_FORCE_COOKIE_USE == 'True') {
      zen_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, '/', (zen_not_null($current_domain) ? $current_domain : ''));
    
      if (isset($_COOKIE['cookie_test'])) {
        zen_session_start();
        $session_started = true;
      }
    } elseif (SESSION_BLOCK_SPIDERS == 'True') {
      $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
      $spider_flag = false;
      if (zen_not_null($user_agent)) {
        $spiders = file(DIR_WS_INCLUDES . 'spiders.txt');
        for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
          if (zen_not_null($spiders[$i])) {
            if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
              $spider_flag = true;
              break;
            }
          }
        }
      }
      if ($spider_flag == false) {
        zen_session_start();
        $session_started = true;
      }
    } else {
      zen_session_start();
      $session_started = true;
    }
    
    	// ADD YOUR OWN AUTHENTICATION CODE HERE
    
    $session_started = true;
    /**
     * set host_address once per session to reduce load on server
     */
    if (!isset($_SESSION['customers_host_address'])) {
      if (SESSION_IP_TO_HOST_ADDRESS == 'true') {
        $_SESSION['customers_host_address']= @gethostbyaddr($_SERVER['REMOTE_ADDR']);
      } else {
        $_SESSION['customers_host_address'] = OFFICE_IP_TO_HOST_ADDRESS;
      }
    }
    /**
     * verify the ssl_session_id if the feature is enabled
     */
    if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == 'true') && ($session_started == true) ) {
      $ssl_session_id = $_SERVER['SSL_SESSION_ID'];
      if (!$_SESSION['SSL_SESSION_ID']) {
        $_SESSION['SSL_SESSION_ID'] = $ssl_session_id;
      }
      if ($_SESSION['SSL_SESSION_ID'] != $ssl_session_id) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_SSL_CHECK));
      }
    }
    /**
     * verify the browser user agent if the feature is enabled
     */
    if (SESSION_CHECK_USER_AGENT == 'True') {
      $http_user_agent = $_SERVER['HTTP_USER_AGENT'];
      if (!$_SESSION['SESSION_USER_AGENT']) {
        $_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
      }
      if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_LOGIN));
      }
    }
    /**
     * verify the IP address if the feature is enabled
     */
    if (SESSION_CHECK_IP_ADDRESS == 'True') {
      $ip_address = zen_get_ip_address();
      if (!$_SESSION['SESSION_IP_ADDRESS']) {
        $_SESSION['SESSION_IP_ADDRESS'] = $ip_address;
      }
      if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) {
        zen_session_destroy();
        zen_redirect(zen_href_link(FILENAME_LOGIN));
      }
    }
    ?>
    This gives you back some of the functions while it still makes it work as far as loggin in and all go, if you add your code where i tagged, you should now have no problems, and also be able to actually purchase a product, which was before not allowed since the information for the ZENID and all other stuff had been removed.

    note that since zencart modifies the IP from what the server_remote_address is i sored the original value in $LIP
    this will enable to use the zen version and still use a regualr version as well...

    whoever is moderating my messages... would it be possible for you, kind person, to simply connect all of them into one?

    i don't like double-quadruple-posting on top of that it keeps the whole thing more clear... ;)
    Last edited by Andy310; 14 Jul 2008 at 03:03 AM.

 

 

Similar Threads

  1. Replies: 1
    Last Post: 3 Feb 2015, 10:22 PM
  2. How can I log a customer out if they go to another site?
    By raunharman in forum General Questions
    Replies: 1
    Last Post: 2 Sep 2009, 11:57 PM
  3. Problem with Customer Log in/ Log out
    By tequila in forum General Questions
    Replies: 11
    Last Post: 3 Jul 2009, 02:39 AM
  4. Moving Site from one host to another. Can't log into admin
    By dinki in forum Installing on a Linux/Unix Server
    Replies: 5
    Last Post: 6 Mar 2009, 07:37 PM
  5. Log in and Log out from main page
    By gardengate in forum Installing on a Linux/Unix Server
    Replies: 5
    Last Post: 7 Sep 2006, 06:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg