External Log In - Log a Customer in from another system

[Andy310]

I wanted to add a lil note, but i see that there is no edit button ???

anyways, this goes under the last Code Box...
this assumes the following:
you are using a zen_ table heading if you are not then you need to remove all occurrences of zen_ or replace them with your own table heading.
also $UserID should be gained by the authentication process which you should paste this into in order for things to work.

however you have things set up, you have to make sure that your custumer id comes from the zencart, in other words:

Code:

$mysql ="SELECT customers_id, customers_password FROM zen_customers WHERE customers_email_address='".$_POST['email-address-provided-by-custumer-as-login']."' LIMIT 1";
$result = mysql_query($mysql [, $connection_link]) or die ("most likey the user does not exist in this case..." . mysql_error());
$row = mysql_fetch_array($result);

$UserID = $row['customers_id'];
$pass = $row['customers_password'];

// now compare passwords and autheninticate the user and you can also perform the log in...

MODERATOR NOTE: The code suggested here is vulnerable to SQL Injection attack, since the input to the database query is not sanitized. USE AT OWN RISK

[Andy310]

yea, well that's totally true, however it seems that i was replying to someone with out a lot of experience... i guess leaset i could do is mention how to address that...
all you really have to do is add "mysql_real_escape_string()" before the direct input,
However, I do raccomand that this is changed into a function if you have enofgh experience to do so,
passing the parameters through the function allows to compleatly hide that bit of information, that togather with mysql_real_escape_string() will avoid ingections.


but let's get to what i was really here for...

The code i gave above for init_sessions.php can actually be edited to

Code:

<?php
/**
 * session handling
 * see {@link  http://www.zen-cart.com/wiki/index.php/Developers_API_Tutorials#InitSystem wikitutorials} for more details.
 *
 * @package initSystem
 * @copyright Copyright 2003-2005 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @version $Id: init_sessions.php 5164 2006-12-10 19:01:25Z drbyte $
 */
if (!defined('IS_ADMIN_FLAG')) {
  die('Illegal Access');
}
/**
 * require the session handling functions
 */
require(DIR_WS_FUNCTIONS . 'sessions.php');
/**
 * set the session ID if it exists
 */
if (isset($_POST[zen_session_name()])) {
  zen_session_id($_POST[zen_session_name()]);
} elseif ( ($request_type == 'SSL') && isset($_GET[zen_session_name()]) ) {
  zen_session_id($_GET[zen_session_name()]);
}

//memorize local IP before zencart changes it//
$LIP=$_SERVER['REMOTE_ADDR'];
/**
 * need to tidy up $_SERVER['REMOTE_ADDR'] here beofre we use it any where else
 * one problem we don't address here is if $_SERVER['REMOTE_ADDRESS'] is not set to anything at all
 */
$ipAddressArray = explode(',', $_SERVER['REMOTE_ADDR']);
$ipAddress = (sizeof($ipAddressArray) > 0) ? $ipAddressArray[0] : '';
$_SERVER['REMOTE_ADDR'] = $ipAddress;
/**
 * start the session
 */ 
$session_started = false;
if (SESSION_FORCE_COOKIE_USE == 'True') {
  zen_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, '/', (zen_not_null($current_domain) ? $current_domain : ''));

  if (isset($_COOKIE['cookie_test'])) {
    zen_session_start();
    $session_started = true;
  }
} elseif (SESSION_BLOCK_SPIDERS == 'True') {
  $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
  $spider_flag = false;
  if (zen_not_null($user_agent)) {
    $spiders = file(DIR_WS_INCLUDES . 'spiders.txt');
    for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
      if (zen_not_null($spiders[$i])) {
        if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
          $spider_flag = true;
          break;
        }
      }
    }
  }
  if ($spider_flag == false) {
    zen_session_start();
    $session_started = true;
  }
} else {
  zen_session_start();
  $session_started = true;
}

	// ADD YOUR OWN AUTHENTICATION CODE HERE

$session_started = true;
/**
 * set host_address once per session to reduce load on server
 */
if (!isset($_SESSION['customers_host_address'])) {
  if (SESSION_IP_TO_HOST_ADDRESS == 'true') {
    $_SESSION['customers_host_address']= @gethostbyaddr($_SERVER['REMOTE_ADDR']);
  } else {
    $_SESSION['customers_host_address'] = OFFICE_IP_TO_HOST_ADDRESS;
  }
}
/**
 * verify the ssl_session_id if the feature is enabled
 */
if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == 'true') && ($session_started == true) ) {
  $ssl_session_id = $_SERVER['SSL_SESSION_ID'];
  if (!$_SESSION['SSL_SESSION_ID']) {
    $_SESSION['SSL_SESSION_ID'] = $ssl_session_id;
  }
  if ($_SESSION['SSL_SESSION_ID'] != $ssl_session_id) {
    zen_session_destroy();
    zen_redirect(zen_href_link(FILENAME_SSL_CHECK));
  }
}
/**
 * verify the browser user agent if the feature is enabled
 */
if (SESSION_CHECK_USER_AGENT == 'True') {
  $http_user_agent = $_SERVER['HTTP_USER_AGENT'];
  if (!$_SESSION['SESSION_USER_AGENT']) {
    $_SESSION['SESSION_USER_AGENT'] = $http_user_agent;
  }
  if ($_SESSION['SESSION_USER_AGENT'] != $http_user_agent) {
    zen_session_destroy();
    zen_redirect(zen_href_link(FILENAME_LOGIN));
  }
}
/**
 * verify the IP address if the feature is enabled
 */
if (SESSION_CHECK_IP_ADDRESS == 'True') {
  $ip_address = zen_get_ip_address();
  if (!$_SESSION['SESSION_IP_ADDRESS']) {
    $_SESSION['SESSION_IP_ADDRESS'] = $ip_address;
  }
  if ($_SESSION['SESSION_IP_ADDRESS'] != $ip_address) {
    zen_session_destroy();
    zen_redirect(zen_href_link(FILENAME_LOGIN));
  }
}
?>

This gives you back some of the functions while it still makes it work as far as loggin in and all go, if you add your code where i tagged, you should now have no problems, and also be able to actually purchase a product, which was before not allowed since the information for the ZENID and all other stuff had been removed.

note that since zencart modifies the IP from what the server_remote_address is i sored the original value in $LIP
this will enable to use the zen version and still use a regualr version as well...

whoever is moderating my messages... would it be possible for you, kind person, to simply connect all of them into one?

i don't like double-quadruple-posting on top of that it keeps the whole thing more clear... ;)