Jump to content
Sign in to follow this  
spooks

Anti-hacker Account Mods, Secure your account pages

Recommended Posts

Hello & thank-you in advance,

Has anyone added Sam's anti-hacker add on to osc v2.3.1 and if not what would some of the problems be?

Share this post


Link to post
Share on other sites

Hello,

 

When a customer uses "password forgotten" or changes their password in "my account" the new password is not being stored on the database. Any idea of what could be causing this problem?

 

Thanks!

Share this post


Link to post
Share on other sites

Hello all,

 

Has anyone got this to work with master password 1.0?

 

Every time I enter the master password it tells me that it is incorrect.

 

Thanks


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

Also while changing password within the front end it keeps telling me that, Your Current Password did not match the password in our records. Please try again.


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

This code is Sams contact us page with recaptcha added

<?php
/*
 $Id: contact_us.php,v 1.5 2010/02/02 Spooks Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2010 osCommerce

 Released under the GNU General Public License
*/
// anti-hacker account	
	require('includes/functions/account_secure.php');
	clean_post ();
// EOF anti-hacker account	
 require('includes/application_top.php');

 require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US);

 $error = false;
 if (isset($_GET['action']) && ($_GET['action'] == 'send')) {
   $name = tep_db_prepare_input($_POST['name']);
   $email = tep_db_prepare_input($_POST['email']);
   $enquiry = tep_db_prepare_input($_POST['enquiry']);
	$subject = tep_db_prepare_input($_POST['subject']);
	$phone = tep_db_prepare_input($_POST['phone']);
	$date = 'Date Sent: ' . date("d M Y H:i:s");
	$orders_id = tep_not_null($_POST['orders_id']) ? $_POST['orders_id'] : false;
	$xipaddress = $_SERVER["REMOTE_ADDR"];
	$subject = $subject ? $subject : EMAIL_SUBJECT;
$captchaurl = "captchaerror.php" ;
require_once('captcha/recaptchalib.php');
$privatekey = "private key goes here";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
   // What happens when the CAPTCHA was entered incorrectly
   die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." .
        "(reCAPTCHA said: " . $resp->error . ")");
 } else {
   // Your code here to handle a successful verification
 }

	//$enquiry = preg_replace('/\r/','\', \'',$enquiry);
	//$enquiry = preg_replace('/\(|\)/','\'',$enquiry);
	//$_POST['enquiry'] = $result;

	if (strlen($name) < ENTRY_LAST_NAME_MIN_LENGTH) {
     $error = true;

     $messageStack->add('contact', ENTRY_LAST_NAME_ERROR);
   }
	if (strlen($enquiry) < 8) {
     $error = true;

     $messageStack->add('contact', ENTRY_ERROR_ENQUIRY);
   }
	if (!tep_validate_email($email)) {
		$error = true;

     $messageStack->add('contact', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);
   }
   if (!$error) {
	  $enquiry = MESSAGE_FROM . $name . "\n" . $date . "\n" . ($phone ? ENTRY_TELEPHONE_NUMBER .  $phone . "\n" : '' ) . ($customer_id ? MAIL_CLIENT_ID .  $customer_id . "\n" : '')  . ($orders_id ? MAIL_ORDER_ID .  $orders_id . "\n" : '') . "\n" . MAIL_IP . $xipaddress . '.' . "\n\n" . ENTRY_ENQUIRY . "\n" . $enquiry;
     tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, $subject, $enquiry, $name, $email);

     tep_redirect(tep_href_link(FILENAME_CONTACT_US, 'action=success'));
   } 
 }

 $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CONTACT_US));
$account = array();$orders = array();$name = '';$email = '';$phone = '';
if (tep_session_is_registered('customer_id')) {
		$account_query = tep_db_query("select customers_firstname, customers_lastname, customers_telephone, customers_id, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
		$account = tep_db_fetch_array($account_query);
		$name = $account['customers_firstname'].' '.$account['customers_lastname'] ;
		$email = $account['customers_email_address'] ;
		$phone = $account['customers_telephone'] ;
		$history_query = tep_db_query("select orders_id, date_purchased from " . TABLE_ORDERS . " where customers_id = '" . (int)$customer_id . "' order by orders_id DESC");
		$orders[0] = array('id' => '0', 'text' => ENTRY_ORDER_ID);
		while ($history = tep_db_fetch_array($history_query)) {
			$orders[] = array('id' => $history['orders_id'], 'text' => $history['orders_id'] . ENTRY_ORDERED . tep_date_short($history['date_purchased']));

		} 
}		


?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">
<link rel="stylesheet" type="text/css" href="stylesheet.css">
</head>
<body>
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

<!-- body //-->
<table border="0" summary="" width="100%" cellspacing="3" cellpadding="3">
 <tr>
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" summary="" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
   </table></td>
<!-- body_text //-->
   <td width="100%" valign="top"><?php echo tep_draw_form('contact_us', tep_href_link(FILENAME_CONTACT_US, 'action=send')); ?><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="0">
         <tr>
           <td class="pageHeading"><?php echo HEADING_TITLE; ?></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 if ($messageStack->size('contact') > 0) {
?>
     <tr>
       <td><?php echo $messageStack->output('contact'); ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
<?php
 }

 if (isset($_GET['action']) && ($_GET['action'] == 'success')) {
?>
     <tr>
       <td class="main" align="center"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_man_on_board.gif', HEADING_TITLE, '0', '0', 'align="left"') . TEXT_SUCCESS; ?></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
           <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
<?php
 } else {
echo tep_draw_hidden_field('phone',$phone);
?>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2" class="infoBox">
         <tr class="infoBoxContents">
				 <td valign="top" width="40%">
				   <table>
					 	<tr>
							<td class="main" >
        				<b><?php echo nl2br(STORE_NAME_ADDRESS); ?></b><br><br>
               <?php echo (OPENING_HOURS); ?>
							</td>
         		</tr>
       		</table>		
          </td><td valign="top" width="50%"><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td class="main"><?php echo ENTRY_NAME; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo (isset($account['customers_lastname']) ? $name . tep_draw_hidden_field('name',$name) : tep_draw_input_field('name', $name, 'size="28"')); ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo ENTRY_EMAIL; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo tep_draw_input_field('email', $email, 'size="28"'); ?></td>
             </tr>
						<tr>
               <td class="main"><?php echo BOX_HEADING_SUBJECT; ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo tep_draw_input_field('subject', '', 'size="28"'); 
							if (sizeof($orders) > 1) {
									echo '    ' . tep_draw_pull_down_menu('orders_id', $orders); 
							  }

							?></td>
             </tr>
             <tr>
               <td class="main"><?php echo ENTRY_ENQUIRY; ?></td>
             </tr>
             <tr>
               <td><?php echo tep_draw_textarea_field('enquiry', 'soft', 40, 15); ?></td>
             </tr>
             <tr>
               <td class="main"><?php echo SPAM_CODE; ?></td>
             </tr>
             <tr>
                <td><?php require_once('captcha/recaptchalib.php'); $publickey = "Public Key Goes Here"; // you got this from the signup page
   if ($request_type =='SSL') echo recaptcha_get_html($publickey, 0, $request_type);
      else
   echo recaptcha_get_html($publickey); ?></td>
            </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
     <tr>
       <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>
     </tr>
     <tr>
       <td><table border="0" summary="" width="100%" cellspacing="1" cellpadding="2">
         <tr>
           <td><table border="0" summary="" width="100%" cellspacing="0" cellpadding="2">
             <tr>
               <td align="middle"><a href="javascript:onclick=history.go(-1)"><?php echo tep_image_button('button_back.gif', IMAGE_BUTTON_BACK); ?></a></td>
               <td width="10px"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
               <td align="middle"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td>
               <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
             </tr>
           </table></td>
         </tr>
       </table></td>
     </tr>
<?php
 }
?>
   </table></form></td>
<!-- body_text_eof //-->
   <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" summary="" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">
<!-- right_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>
<!-- right_navigation_eof //-->
   </table></td>
 </tr>
</table>
<!-- body_eof //-->

<!-- footer //-->
<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Change the 2 public key and private key sections to include your keys


Eric

 

Keep up on osCommerce changes and updates at

Github | Understand osCommerce a little further at OsCommerce Documentation | Copy and paste your error message in Google add "in osCommerce" at the end to get relevant answers to most issues.

Share this post


Link to post
Share on other sites

When a customer is trying to edit an address in the address book, he is getting the following error:

 

Fatal error: Call to undefined function ajax_get_zones_html() in /home/XXX/public_html/includes/modules/address_fields.php on line 47

 

Also, the create account page is comming completely unformatted, i.e. the side boxes have moved down.

Share this post


Link to post
Share on other sites

@

 

You've missed bits of the install, make sure you do it all :huh:

 

I.E. you've missed some of the edits for catalog/address_book_process.php

Edited by spooks

Sam

 

Remember, What you think I ment may not be what I thought I ment when I said it.

 

Contributions:

 

Auto Backup your Database, Easy way

 

Multi Images with Fancy Pop-ups, Easy way

 

Products in columns with multi buy etc etc

 

Disable any Category or Product, Easy way

 

Secure & Improve your account pages et al.

Share this post


Link to post
Share on other sites

Hi Sam,

 

I have been using this mod since you released it - and to date it has helped me stay hacker free !

 

The problem I now have is that I am trying to install a change to the Create_account.php file for an automated postcode lookup system - but I cant get it to work at all. The install instructions for the mod are quite simple :

 

2.2 Installation Instructions (osCommerce 2.2)

Installation is easy, and should take no longer than 10 minutes on any website. To install please follow these steps;

  • First please register Click here, registration is free, and only takes 1 minute.
  • Select the suitable plan for your site, please note we have a FREE plan with FREE credits to start you off.
  • Place the following code before the </head> tag in create_account.php ensuring to change the bold XXX`s in this example below for your API Key given to you after you have selected your plan above. The same information with your unique key in place for you to cut and paste can be found here
    <script type="text/javascript">
    var pcs_conf = {
    postcode_id: 'postcode',
    city_id: 'city',
    county_id: 'state',
    street_id: 'street_address',
    house_number_id: 'street_address',
    onSelect: function (d) {
    /* Select drop down country */
    var country = document.forms['create_account'].elements['country'];
    var l = country.options.length;
     
    if(d.country == 'England') { d.country = 'United Kingdom'; }
    for(i=0;i<l;i++) {
    if(country.options.innerHTML == d.country) {
    var n = i;
    break;
    }
    }
    country.selectedIndex = n;
    }
    };
    </script>
    <script type="text/javascript" id="pcsdcom-v1" src="https://www.postcodesite.com/api?key=XXX-XXX"></script>
  • To make sure clients enter the postcode before filling in their address move the following:
    <tr>
    <td class="fieldKey"><?php echo ENTRY_POST_CODE; ?></td>
    <td class="fieldValue"><?php echo tep_draw_input_field('postcode') . ' ' . (tep_not_null(ENTRY_POST_CODE_TEXT) ? '<span class="inputRequirement">' . ENTRY_POST_CODE_TEXT . '</span>': ''); ?></td>
    </tr>To just under this line:
    <td><table border="0" cellspacing="2" cellpadding="2">

 

But try as I might neither me nor the writers of that mod can understand the heavily modified Create_account of anti hacker mods.

 

Any suggestions would be great thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Hi,

 

Ignore the above - I managed to sort it out

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

@@vampirehunter

 

NOT required on v2.3.x installations.

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

I'm hitting the wall trying to get http://addons.oscommerce.com/info/1560 (the older simpler visual-verify-code) working in both contact_us and create_account with Sam's Anti-hacker.

 

The thing is I've got it working in tell_a_friend, and that does include changing the $HTTP_GET_VARS[tep_session_name() to $_GET and $HTTP_POST_VARS to $_POST so that doesn't seem to be the issue. It works regardless if you're logged in on tell_a_friend depending on the admin/Allow Guest To Tell setting. Gives the proper error if the code is entered wrong and sends the email if you get it right.

 

Anybody else using this? Any thoughts on what to try?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×