Results 1 to 4 of 4
  1. 4 Feb 2009, 12:05 PM #1
    glenelkins
    glenelkins is offline New Zenner
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Security Token Generation

    Hi

    I didnt know which forum to post this in sorry!

    I am a programmer and im writing a login form for zen cart as iv also written some code to mine file sessions from zen cart... the problem is to login i need to send a security token to zen cart...but without actually being inside the system the $_SESSION['securityToken'] isnt an option!

    I need to know, how does zen cart generate this token? and how could i tie this into an external login form?

    thanks
  2. 4 Feb 2009, 12:42 PM #2
    glenelkins
    glenelkins is offline New Zenner
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: Security Token Generation

    or even if someone could tell me which file actually does the login processing...i cannot find it anywhere!
  3. 4 Feb 2009, 12:57 PM #3
    glenelkins
    glenelkins is offline New Zenner
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: Security Token Generation

    ha! found it! just modified the login routine a little to avoid the security token!
  4. 4 Feb 2009, 07:39 PM #4
    DrByte's Avatar
    DrByte
    DrByte is offline Sensei
    Join Date
    Jan 2004
    Posts
    66,373
    Blog Entries
    7
    Plugin Contributions
    274

    Default Re: Security Token Generation

    Quote Originally Posted by glenelkins View Post
    ha! found it! just modified the login routine a little to avoid the security token!
    Avoiding the security token will let you login from a form on other pages outside your store ... but now your site is vulnerable to XSF attack.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.
 

 
« Previous Thread | Next Thread »

Similar Threads

  1. Security Token
    By Leowald in forum Upgrading to 1.5.x
    Replies: 10
    Last Post: 22 Jan 2016, 03:00 AM
  2. v151 Question about Security Token
    By BlessIsaacola in forum General Questions
    Replies: 4
    Last Post: 9 Aug 2013, 12:18 AM
  3. security token error
    By nour72sy in forum Addon Language Packs
    Replies: 0
    Last Post: 24 Oct 2011, 02:38 PM
  4. login security token
    By cameoflage in forum Templates, Stylesheets, Page Layout
    Replies: 4
    Last Post: 14 May 2010, 10:14 PM
  5. Security Token vs my mod
    By sanji in forum Upgrading from 1.3.x to 1.3.9
    Replies: 3
    Last Post: 29 Dec 2007, 03:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR
Content and Graphics Copyright (c) 2003 - 2024 Zen Ventures, LLC - all rights reserved
Zen Cart® is a Registered Trademark of Zen Ventures, LLC