Guest Posted September 1, 2005 Share Posted September 1, 2005 Hey all. I was browsing the gv_redeem.php fiel and I noticed a lot of code. It almost seems to me that it's from the readme, but somewhere along the way it was inserted into this file. I searched my files to see if this code was in the files it's talking about, but none of this code seems to be present. This is a lot of stuff here that's already commented out. My question is if this code should be deleted, moved to the right file, or just left where it is. Here's the code... /* GV_REDEEM_EXPLOIT_FIX (GVREF) --------------------------------------------- * case: guest accounts can exploit gift voucher sent using "Mail Gift Voucher" (admin area), * by sharing the code until somebody logs with a valid account * or successfully created new account. * * obv: the session remains on user while served as a guest. * The gift voucher can now be reused to all guest users until * gift voucher is redeemed * soln: before releasing the gift voucher, the user must login first * or asked to create an account. * * * -- Frederick Ricaforte */ /* * connected files: * /catalog/gv_redeem.php * /catalog/login.php * /catalog/create_account.php * /catalog/includes/languages/english/gv_redeem.php * */ /******************************************************* **** gv_redeem.php ************************************ *******************************************************/ //before: $redeem_query = tep_db_query("select coupon_id from ". TABLE_COUPON_REDEEM_TRACK . " where coupon_id = '" . $coupon['coupon_id'] . "'"); //---- // add:GVREF if ((tep_session_is_registered('customer_id')) && $voucher_not_redeemed) { $gv_id = $coupon['coupon_id']; $gv_query = tep_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')"); $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'"); tep_gv_account_update($customer_id, $gv_id); $error = false; } elseif($voucher_not_redeemed) { // endof_add:GVREF // replace: GVREF /* if (tep_db_num_rows($redeem_query) == 0 ) { // check for required session variables if (!tep_session_is_registered('gv_id')) { tep_session_register('gv_id'); } $gv_id = $coupon['coupon_id']; $error = false; } else { $error = true; } */ // with: GVREF if (!tep_session_is_registered('floating_gv_code')) { tep_session_register('floating_gv_code'); //} $floating_gv_code = $HTTP_GET_VARS['gv_no']; $gv_error_message = TEXT_NEEDS_TO_LOGIN; } else { $gv_error_message = TEXT_INVALID_GV; } } else { $gv_error_message = TEXT_INVALID_GV; } // endof_replace: GVREF // remove: GVREF /* if ((!$error) && (tep_session_is_registered('customer_id'))) { // Update redeem status $gv_query = tep_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')"); $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'"); tep_gv_account_update($customer_id, $gv_id); tep_session_unregister('gv_id'); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_GV_REDEEM); */ // endof_remove: GVREF // replace: GVREF // $message = TEXT_INVALID_GV; // with: $message = $gv_error_message; // endof_replace /******************************************************* **** login.php ****************************************** *******************************************************/ //before: $cart->restore_contents(); //--------- //add these new codes: if (tep_session_is_registered('floating_gv_code')) { $gv_query = tep_db_query("SELECT c.coupon_id, c.coupon_amount, IF(rt.coupon_id>0, 'true', 'false') AS redeemed FROM ". TABLE_COUPONS ." c LEFT JOIN ". TABLE_COUPON_REDEEM_TRACK." rt USING(coupon_id), ". TABLE_COUPON_EMAIL_TRACK ." et WHERE c.coupon_code = '". $floating_gv_code ."' AND c.coupon_id = et.coupon_id"); // check if coupon exist if (tep_db_num_rows($gv_query) >0) { $coupon = tep_db_fetch_array($gv_query); // check if coupon_id exist and coupon not redeemed if($coupon['coupon_id']>0 && $coupon['redeemed'] == 'false') { tep_session_unregister('floating_gv_code'); $gv_query = tep_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')"); $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'"); tep_gv_account_update($customer_id, $coupon['coupon_id']); } } } //********** /******************************************************* **** create_account.php *********************************** *******************************************************/ //before: tep_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); //--------- //add these: if (tep_session_is_registered('floating_gv_code')) { $gv_query = tep_db_query("SELECT c.coupon_id, c.coupon_amount, IF(rt.coupon_id>0, 'true', 'false') AS redeemed FROM ". TABLE_COUPONS ." c LEFT JOIN ". TABLE_COUPON_REDEEM_TRACK." rt USING(coupon_id), ". TABLE_COUPON_EMAIL_TRACK ." et WHERE c.coupon_code = '". $floating_gv_code ."' AND c.coupon_id = et.coupon_id"); // check if coupon exist if (tep_db_num_rows($gv_query) >0) { $coupon = tep_db_fetch_array($gv_query); // check if coupon_id exist and coupon not redeemed if($coupon['coupon_id']>0 && $coupon['redeemed'] == 'false') { tep_session_unregister('floating_gv_code'); $gv_query = tep_db_query("insert into " . TABLE_COUPON_REDEEM_TRACK . " (coupon_id, customer_id, redeem_date, redeem_ip) values ('" . $coupon['coupon_id'] . "', '" . $customer_id . "', now(),'" . $REMOTE_ADDR . "')"); $gv_update = tep_db_query("update " . TABLE_COUPONS . " set coupon_active = 'N' where coupon_id = '" . $coupon['coupon_id'] . "'"); tep_gv_account_update($customer_id, $coupon['coupon_id']); } } } /******************************************************* **** /includes/languages/english/gv_redeem.php ****************** *******************************************************/ // add: define('TEXT_NEEDS_TO_LOGIN', 'We are sorry but we are unable to process your Gift Voucher claim at this time. You need to login first or create an account with us, if you don\'t already have one, before you can claim your Gift Voucher. Please <a href="' . tep_href_link(FILENAME_LOGIN,'','SSL').'">click here to login or create an account.</a> '); Quote Link to comment Share on other sites More sharing options...
valeeum Posted June 23, 2006 Share Posted June 23, 2006 Hey all. I was browsing the gv_redeem.php fiel and I noticed a lot of code. It almost seems to me that it's from the readme, but somewhere along the way it was inserted into this file. I searched my files to see if this code was in the files it's talking about, but none of this code seems to be present. This is a lot of stuff here that's already commented out. My question is if this code should be deleted, moved to the right file, or just left where it is. As it stands in the code, it's pretty much dead weight! I tried to actually implement the code as it is described in the comments and it didnt come close to work. I looked closer at the code and there are serious bugs in it. My vote is delete it from the file to prevent any confusion in the future. Quote Link to comment Share on other sites More sharing options...
insomniac2 Posted June 23, 2006 Share Posted June 23, 2006 Thats what I ended up doing after spending about 10 hours trying to get the code to work and trying to recode things. I just took it out and never used any of it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.