Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Join Date
    Jun 2016
    Location
    Suffolk VA
    Posts
    423
    Plugin Contributions
    0

    Default Re: address in customer login

    Quote Originally Posted by DrByte View Post
    Helene, does the problem persist if you (temporarily) switch to a different template? eg: rule out customizations unique to your current template or its language files.
    I haven't tried that, because our system is busy all the time. We ship all over the world, so we have orders coming in at all hours of the day and night, and I'm reluctant to do anything that would screw up the site's appearance. But the template customization was all done shortly after downloading and installing the package in 2016 and has not changed since then.

  2. #12
    Join Date
    Jan 2004
    Posts
    66,350
    Blog Entries
    7
    Plugin Contributions
    271

    Default Re: address in customer login

    (If this weren't happening on multiple screens in exactly the same way, I'd be more focused on a single template file, but the repetition suggests a deeper issue.)

    Okay, then this is how I would tackle the situation if I were investigating:

    Online:
    I'd test on a browser that has javascript disabled, even if only temporarily -- to see whether some javascript is injecting the email address (Whether via a widget you've added recently, or via something you didn't expect). Knowing that would help focus on specific kinds of files for first phase of fixing. But if you do find something in that area, if you don't know exactly why/who "did" that, then you'd still want to do a deep search/clean, as follows:

    Offline: https://docs.zen-cart.com/user/troub...bscure_issues/
    - I'd make a fresh copy of your site's files and database, to my PC. (Copy the files via secure FTP to a PC that has been checked for viruses etc.)
    - I'd compare all your site's files against the last "known good" copy of your site's files that you already had on your PC. The goal is to check for unauthorized alterations that have been made to server files.
    - I'd then compare all your site's files against originals for your Zen Cart version, looking for alterations/surprises.
    - I'd then compare your template-specific override files against "default" files, to see if there's anything template-specific that's been changed.

    One thing I'm wondering about is if a language file or template file has been changed to put your email address in place of something that should be driven by logic instead of hard-coded.
    But there could be other things that have been changed that are causing the output you've described.

    I'd also go looking for unexpected changes in the database. All tables should be inspected, especially the configuration table and even the tables that "rarely change".

    While I'm not immediately suspecting any "hack" or malicious activity, I wouldn't rule it out without a deep inspection. The steps above are the abbreviation of what I recommend for inspecting for hacks. In short: inspect by assuming the worst so that the inspection is utterly thorough, until you can fully prove that it isn't something rogue.

    It might just be some innocent side-effect of something a team member or hosting company employee was trying to do, which needs correcting.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #13
    Join Date
    Jun 2016
    Location
    Suffolk VA
    Posts
    423
    Plugin Contributions
    0

    Default Re: address in customer login

    The 'team' consists of me, lol. Nobody else here would even know where to start. So if there has been a change, and I didn't do it, then hacker activity is at least a possibility. I can't figure out why any hacker wouldn't have done something more useful to the hacker and less obvious to the user, but they aren't all brilliant. Thanks for your suggestions. I can't tackle all of this right now--we're in the middle of a move to a new city with all the headaches that involves. But I will go down the list one at a time and look at each one. And I guess I'd better pull up the tpl_login_default.php file and see exactly where it's getting its data from and what it's doing with it. I was hoping this would turn out to be some known problem with a quick fix that wouldn't require me to debug anything.

  4. #14
    Join Date
    Jan 2004
    Posts
    66,350
    Blog Entries
    7
    Plugin Contributions
    271

    Default Re: address in customer login

    I would have asked more about template files too, but templates are fed from variables built in the /includes/modules files (sometimes page-specific, and sometimes more broadly generic), so it makes sense to investigate all the files, at least in the /includes/ directory and subdirectories. But since you're using a custom template, the comparison steps also involve checking everything template-specific.

    The situation you describe is not related to any known bug.

    Keep in mind: if only "you" have access to your server, then anything that "suddenly" changes is not something that's caused from external, and rarely from a pre-existing "bug". Those "sudden" changes are typically environmental like a server software upgrade (PHP, MySQL, Apache, etc), or someone adding something via an admin screen, or unauthorized access.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #15
    Join Date
    Oct 2008
    Location
    Croatia
    Posts
    1,347
    Plugin Contributions
    15

    Default Re: address in customer login

    One other thing you might wanna check - includes/functions/html_output.php (specifically the zen_draw_input_field() function) and also your includes/classes/observers/ to see if you have anything there that would alter the output. One thing I find very interesting is that it does the exact same thing where zen_draw_input_field('email') or zen_draw_input_field('email_address') is called. Smells like an observer, maybe...
    Zen Cart Point of Sale? Sure: ZX POS - v2 released
    My site - Pro ZC Help | My portfolio | My plugins

  6. #16
    Join Date
    Jun 2009
    Location
    Sparta, TN
    Posts
    121
    Plugin Contributions
    0

    Default Re: address in customer login

    Quote Originally Posted by HeleneWallis View Post
    I haven't tried that, because our system is busy all the time. We ship all over the world, so we have orders coming in at all hours of the day and night, and I'm reluctant to do anything that would screw up the site's appearance. But the template customization was all done shortly after downloading and installing the package in 2016 and has not changed since then.
    That's great to have so much business. If you were to put the site down for maintenance (of course making sure your IP remains active), switch templates, and check the contact us page, you should be able to eliminate the template in just a couple of minutes before switching the template back and dropping out of maintenance.

  7. #17
    Join Date
    Jun 2016
    Location
    Suffolk VA
    Posts
    423
    Plugin Contributions
    0

    Default Re: address in customer login

    If this is any help, here is the code that's actually being executed at this point. I haven't dug deep enough to see why it's filling in the value with our email address. Sorry, I hate asking other people to do things I should be able to figure out myself, but it's a three ring circus around here right now.


    <div class="centerColumn" id="loginDefault">

    <h1 id="loginDefaultHeading">Welcome, Please Sign In</h1>



    <!--BOF normal login-->
    <form name="login" action="https://www.newnaturalsonline.com/index.php?main_page=login&amp;action=process" method="post" id="loginForm"><input type="hidden" name="securityToken" value="3eb7d7d2636f6438c59fbb81d288f506" /><fieldset>
    <legend>Returning Customers: Please Log In</legend>

    <label class="inputLabel" for="login-email-address">Email Address:</label>
    <input type="email" name="email_address" value="newnaturalsonline @ gmail.com" size = "41" maxlength= "96" id="login-email-address" autofocus placeholder="*" required /><br class="clearBoth" />

    <label class="inputLabel" for="login-password">Password:</label>
    <input type="password" name="password" size = "41" maxlength= "255" id="login-password" autocomplete="off" placeholder="*" required /><br class="clearBoth" />
    <input type="hidden" name="securityToken" value="3eb7d7d2636f6438c59fbb81d288f506" /></fieldset>

    <div class="buttonRow forward"><input class="cssButton submit_button button button_login" onmouseover="this.className='cssButtonHover button_login button_loginHover'" onmouseout="this.className='cssButton submit_button button button_login'" type="submit" value="Sign In" /></div>
    <div class="buttonRow back important"><a href="https://www.newnaturalsonline.com/index.php?main_page=password_forgotten">Forgot your password?</a></div>
    </form>
    <br class="clearBoth" />

    <form name="create_account" action="https://www.newnaturalsonline.com/index.php?main_page=create_account" method="post" onsubmit="return check_form(create_account);" id="createAccountForm"><input type="hidden" name="securityToken" value="3eb7d7d2636f6438c59fbb81d288f506" /><input type="hidden" name="action" value="process" /><input type="hidden" name="email_pref_html" value="email_format" /><fieldset>
    <legend>New? Please Provide Your Billing Information</legend>

  8. #18
    Join Date
    Jun 2016
    Location
    Suffolk VA
    Posts
    423
    Plugin Contributions
    0

    Default Re: address in customer login

    Quote Originally Posted by balihr View Post
    One other thing you might wanna check - includes/functions/html_output.php (specifically the zen_draw_input_field() function) and also your includes/classes/observers/ to see if you have anything there that would alter the output. One thing I find very interesting is that it does the exact same thing where zen_draw_input_field('email') or zen_draw_input_field('email_address') is called. Smells like an observer, maybe...
    I do have a plug-in (for encrypted master password) in the observers section, but it's been there since 2017.

  9. #19
    Join Date
    Jun 2016
    Location
    Suffolk VA
    Posts
    423
    Plugin Contributions
    0

    Default Re: address in customer login

    Thanks much to balihr for his help with figuring this out. What he had to do was comment out the line in /includes/templates/MY_TEMPLATE/common/html_header.php that says

    //if $use_email is set to 1;
    $email_address = "newnaturalsonline######################"; // your email <--------- this line commented out

    This is in the AutoOpenGraph section. No idea why it suddenly started being a problem, because I've been running this version of Zencart since 2016 and this just started a few months ago. But now I also see why I'm getting emails with our address as the return address--people are seeing our email address in that field and not replacing it with their own.

    Thanks for everyone's input on this, problem fixed.

 

 
Page 2 of 2 FirstFirst 12

Similar Threads

  1. v139h Remove Default Email Address from Returning Customer Login
    By atomiksteve in forum General Questions
    Replies: 2
    Last Post: 15 Nov 2012, 04:22 AM
  2. v150 PayPal Canada won't accept Chinese address as customer's primary address
    By skyguard2000 in forum Built-in Shipping and Payment Modules
    Replies: 1
    Last Post: 11 May 2012, 03:13 AM
  3. Customer login and address not necessary.
    By thaidave in forum General Questions
    Replies: 4
    Last Post: 7 Dec 2010, 06:52 AM
  4. Customer Login time out error after adding confirm email address addon
    By abs007 in forum All Other Contributions/Addons
    Replies: 1
    Last Post: 29 Jan 2010, 08:02 PM
  5. Admin-Customer Last Login ip address lookup?
    By Justwade in forum General Questions
    Replies: 2
    Last Post: 20 Dec 2006, 08:01 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR