Results 1 to 4 of 4
  1. #1
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Security Token vs my mod

    I have a small problem with the concept of securityToken, and I hope you can bring me some light!

    I understand that this securityToken is sent together with the login and password to prevent fraudulent identification, but I don't get where theat token is generated.

    In my case, I try to adapt the login_as_customer module, which allow an admin to click on a button to directly login in the catalog part of the shop using the customer's email and the master password.

    Information is sent that way :

    Code:
    <form target="_blank" name="login" action="' . $login_as_customer . '" method="get">
    <input type="hidden" name="email_addr" id="login-email-address" value="' . $email_address . '">
    <input type="hidden" name="password" id="login-password" value="' . $pass . '">
    <input type="image" src="' . $place_order_button . '">
    </form>
    I would expect the following to work with 1.3.8a :

    Code:
    <form target="_blank" name="login" action="' . $login_as_customer . '" method="get">
    <input type="hidden" name="email_addr" id="login-email-address" value="' . $email_address . '">
    <input type="hidden" name="password" id="login-password" value="' . $pass . '">
    ' . zen_draw_hidden_field('securityToken', $_SESSION['securityToken']) . '
    <input type="image" src="' . $place_order_button . '">
    </form>
    (the code might look a little strange, it is in fact only an abstract of a long string sent, but it is working - no parse error)

    But this seems not to work. Do I have a problem with the way I generate the token??

    Thanks,

    sanji

  2. #2
    Join Date
    Apr 2006
    Location
    London, UK
    Posts
    10,655
    Plugin Contributions
    25

    Default Re: "There was a security error when trying to login" - v1.3.8

    Sanji

    Don't worry about how the security token is generated. Rather your problem looks to me to be that your form is using the get method for passing information, but Zen Cart is expecting to receive the security token in the $_POST array.

    Indeed, I'm not sure that you can pass hidden variables with the get method as they are visibly tagged onto the URL.
    See and test drive Zen Cart's free templates at zencarttemplates.info

    Kuroi Web Design and Development | Twitter

    (Questions answered in the forum only - so that any forum member can benefit - not by personal message)

  3. #3
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Re: "There was a security error when trying to login" - v1.3.8

    Thanks Kuroi, I tried both post and get methods, but the result is exactly the same...

    sanji

  4. #4
    Join Date
    Jan 2005
    Posts
    153
    Plugin Contributions
    0

    Default Re: "There was a security error when trying to login" - v1.3.8

    This is the way the information is sent for login, with post :

    Code:
    <form name='form1' action='/index.php?main_page=login&amp;action=process' method='post'>
    <input type='hidden' name='email_address' id='login-email-address' value='name@domain.com' />
    <input type='hidden' name='password' id='login-password' value='12345678' />
    <input type='hidden' name='securityToken' id='securityToken' value='xxxxxxxx49eb4cdfd90ba277c409aa22' />
    <input type='submit' value='Place Order' />
    <input type='button' value='Cancel Order' onclick='window.close()'>
    </form>
    Does that look OK? I still get that Security Error...

    sanji

 

 

Similar Threads

  1. Just another Cross-Sell mod (support thread)
    By yellow1912 in forum All Other Contributions/Addons
    Replies: 702
    Last Post: 3 Nov 2012, 04:30 AM
  2. UPS xml Mod vs ZC UPS Mod
    By wysiwygmn in forum Built-in Shipping and Payment Modules
    Replies: 8
    Last Post: 7 Aug 2007, 11:41 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •