Jump to content

Search the Community

Showing results for tags 'reset password'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • News and Announcements
    • News and Announcements
  • osCommerce Online Merchant v2.x
    • General Support
    • osCommerce Online Merchant Community Bootstrap Edition
    • Add-Ons
  • Development
  • General
    • General Discussions
    • Live Shop Reviews
    • Security
    • Developer Feedback
  • PayPal's Announcements
  • Sage Pay's Announcements
  • Solomono - new level osCommerce templates's Announcements
  • German Community's OSCOM v2.x
  • German Community's Allgemein

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Real Name


Location


Interests


Website

Found 2 results

  1. raiwa

    reset password vulnerability

    I got the following reported: Matt @ecartz, provided the following script/hook to fix this: class hook_shop_siteWide_reset_all_sessions { public function listen_accountUpdateTables($parameters) { if (isset($parameters['db']['customers']['customers_password'])) { $sessions_query = tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$_SESSION['customer_id']); } } } I made the hook which should be placed in: Phoenix 1.0.7.2.+: templates/default/includes/hooks/shop/siteWide/ Phoenix 1.0.5.1. - 1.0.7.1: includes/hooks/shop/siteWide/ reset_all_sessions.php Lower Phoenix and OSCommerce versions need to add the query to account_password.php line 49-50. So it should look like this: if (tep_validate_password($password_current, $check_customer['customers_password'])) { tep_db_query("update customers set customers_password = '" . tep_encrypt_password($password_new) . "' where customers_id = '" . (int)$customer_id . "'"); tep_db_query("update customers_info set customers_info_date_account_last_modified = now() where customers_info_id = '" . (int)$customer_id . "'"); // session destroy on password reset tep_db_query("DELETE s FROM sessions s INNER JOIN whos_online wo ON s.sesskey = wo.session_id WHERE wo.customer_id = " . (int)$customer_id ); $messageStack->add_session('account', SUCCESS_PASSWORD_UPDATED, 'success'); tep_redirect(tep_href_link('account.php', '', 'SSL')); Matt asked me to publish this here so other users can test it before adding it to core. It is already in use in one live store. Please test and report back.
  2. Hi I can not find anywhere in 2.3.3 to change the customers password via the admin panel only. Can anyone point me in the direction on how to do this? Also is there a way to select what is a new product?
×