CS-Cart Version: 1.3.5 Sp2
If a customer is to signup a new user account they cannot view pricing or login until their account is activated.
I have successfully worked around this by creating an account, running through “forgot password?” and retrieving a new password.
Does anyone aware how this can be locked down?
If you would prefer cash for a fix please let me know as it’s rather urgent due to the industry the website operates in.
The source code is below:
[FILE] /include/common/authentication.php [/FILE]
```php
* *
* Copyright (c) 2004-2007 CS-Cart.com. All rights reserved. *
* *
*******************************************************************************
* *
* CS-Cart is commercial software, only users who have purchased a valid *
* license through https://www.cs-cart.com/ and accept to the terms of this *
* License Agreement can install this product. *
* *
*******************************************************************************
* THIS CS-CART SHOP END-USER LICENSE AGREEMENT IS A LEGAL AGREEMENT BETWEEN *
* YOU AND YOUR COMPANY (COLLECTIVELY, "YOU") AND CS-CART.COM (HEREINAFTER *
* REFERRED TO AS "THE AUTHOR") FOR THE SOFTWARE PRODUCT IDENTIFIED ABOVE, *
* WHICH INCLUDES COMPUTER SOFTWARE AND MAY INCLUDE ASSOCIATED MEDIA, PRINTED *
* MATERIALS, AND "ONLINE" OR ELECTRONIC DOCUMENTATION (COLLECTIVELY, THE *
* "SOFTWARE"). BY USING THE SOFTWARE, YOU SIGNIFY YOUR AGREEMENT TO ALL *
* TERMS, CONDITIONS, AND NOTICES CONTAINED OR REFERENCED HEREIN. IF YOU ARE *
* NOT WILLING TO BE BOUND BY THIS AGREEMENT, DO NOT INSTALL OR USE THE *
* SOFTWARE. *
* *
* PLEASE READ THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" *
* FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE *
* AT THE FOLLOWING URL: https://www.cs-cart.com/license.html *
******************************************************************************/
//
// $Id: authentication.php 4491 2007-12-24 09:25:34Z brook $
//
if ( !defined('IN_CSCART') ) { die('Access denied'); }
if ($REQUEST_METHOD == 'POST') {
//
// Login mode
//
if ($mode == 'login') {
if (AREA != 'A') {
if ($settings['Image_verification']['use_for_login'] == 'Y' && fn_image_verification('login', empty($verification_answer) ? '' : $verification_answer) == false) {
$suffix = (strpos($HTTP_REFERER, '?') !== false ? '&' : '?') . 'login_type=login';
fn_redirect("$HTTP_REFERER$suffix");
}
}
$password = $_POST['password'];
$field = ($settings['General']['use_email_as_login'] == 'Y') ? 'email' : 'user_login';
$user_data = db_get_row("SELECT * FROM $db_tables[users] WHERE $field='$user_login'");
if (AREA == 'P' && !empty($user_data['user_id'])) {
$partner_profile = db_get_row("SELECT * FROM $db_tables[partner_profiles] WHERE user_id='$user_data[user_id]'");
$user_data = fn_array_merge($user_data, $partner_profile);
}
if (!empty($user_data) && $user_data['user_type'] != 'A' && AREA == 'A') {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_area_access_denied'));
fn_redirect(empty($HTTP_REFERER) ? $index_script : $HTTP_REFERER);
}
if (!empty($user_data) && $user_data['active'] == 'N') {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
fn_redirect(empty($HTTP_REFERER) ? $index_script : $HTTP_REFERER);
}
if (AREA=='P' && !empty($user_data) && (empty($user_data['approved']) || $user_data['approved'] == 'N')) {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_not_approved'));
fn_redirect(empty($HTTP_REFERER) ? $index_script : $HTTP_REFERER);
}
if (AREA=='P' && !empty($user_data['approved']) && $user_data['approved'] == 'D') {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_declined'));
fn_redirect(empty($HTTP_REFERER) ? $index_script : $HTTP_REFERER);
}
if (!empty($user_data) && md5($password) == $user_data['password'] && !empty($password)) {
//
// Success login
//
if ($password == $user_data['user_login'] && $demo_mode != true) {
sess_register('insecure_password');
$insecure_password = true;
}
//
// If customer placed orders before login, assign these orders to this account
//
if (!empty($auth['order_ids'])) {
foreach ($auth['order_ids'] as $k => $v) {
db_query("UPDATE $db_tables[orders] SET user_id='$user_data[user_id]' WHERE order_id='$v'");
}
}
$auth = fn_fill_auth($user_data);
if (!empty($remember_me)) {
fn_set_cookie(AREA_NAME . '_user_id', $user_data['user_id'], COOKIE_ALIVE_TIME);
fn_set_cookie(AREA_NAME . '_password', $user_data['password'], COOKIE_ALIVE_TIME);
}
// Set last login time
db_query("UPDATE $db_tables[users] SET last_login='".TIME."' WHERE user_id='$user_data[user_id]'");
if (AREA == 'C') {
if ($cu_id = fn_get_cookie('cu_id')) {
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_cookies('cu_id');
}
// Restore cart content
sess_register('cart');
// Cleanup cached shipping rates
sess_register('shipping_rates');
sess_unregister('shipping_rates');
fn_extract_cart_content($cart, $auth['user_id'], 'C');
$_fake = '';
$cart['user_data'] = fn_get_user_info($auth['user_id'], $_fake);
}
if (!empty($redirect_url) && strpos($redirect_url, "$index_script?$target_name=exceptions")!==false) {
$redirect_url = $index_script;
}
if (empty($redirect_url)) {
if (!empty($HTTP_REFERER)) {
$redirect_url = $HTTP_REFERER;
} else {
$redirect_url = $index_script;
}
}
if (!empty($checkout_login) && $checkout_login == 'Y') {
$profiles_num = db_get_field("SELECT COUNT(*) FROM $db_tables[user_profiles] WHERE user_id='$auth[user_id]'");
if ($profiles_num > 1 && $settings['General']['user_multiple_profiles'] == 'Y') {
$redirect_url = "$index_script?$target_name=checkout&$mode_name=customer_info";
} else {
$redirect_url = "$index_script?$target_name=checkout&$mode_name=checkout";
}
}
if (defined('AJAX_REQUEST') && $settings['General']['one_page_checkout'] == 'Y') {
$redirect_url = "$index_script?$target_name=checkout&$mode_name=checkout";
}
} else {
//
// Login incorrect
//
$auth = array();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_incorrect_login'));
$redirect_url = "$current_location/$index_script?$target_name=auth&$mode_name=login_form" . (!empty($redirect_url) ? '&redirect_url='.urlencode($redirect_url) : '');
}
}
//
// Change password mode
//
if ($mode == 'change_password') {
//
// NOT IMPLEMENTED YET
//
}
//
// Recover password mode
//
if ($mode == 'recover_password') {
$suffix = '';
if (!empty($user_login)) {
$field = ($settings['General']['use_email_as_login'] == 'Y') ? 'email' : 'user_login';
$u_data = db_get_row("SELECT $db_tables[users].user_id, $db_tables[users].email, $db_tables[users].lang_code FROM $db_tables[users] WHERE $db_tables[users].$field='$user_login'");
if (!empty($u_data['email'])) {
$_data = array (
'object_id' => $u_data['user_id'],
'object_type' => 'U',
'ekey' => md5(uniqid(rand())),
'ttl' => strtotime("+1 day")
);
db_insert_by_array($db_tables['ekeys'], $_data, true);
$smarty_mail->assign('index_script', $index_script);
$smarty_mail->assign('ekey', $_data['ekey']);
fn_send_mail($u_data['email'], $settings['Company']['company_users_department'], 'profiles/recover_password_subj.tpl','profiles/recover_password.tpl', '', $u_data['lang_code']);
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_password_recovery_instructions_sent'));
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_login_not_exists'));
$suffix = "?$target_name=auth&$mode_name=recover_password";
}
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_login_not_exists'));
$suffix = "?$target_name=auth&$mode_name=recover_password";
}
$redirect_url = $index_script.$suffix;
}
$CALLER = __FILE__;
include CORE_DIR . 'include_addons.php';
fn_redirect($redirect_url);
}
$CALLER = __FILE__;
include CORE_DIR . 'include_addons.php';
//
// Perform user log out
//
if ($mode == 'logout') {
sess_register('cart');
fn_save_cart_content($cart, $auth['user_id']);
$auth = array();
sess_unregister('auth');
sess_unregister('cart');
sess_unregister('insecure_password');
fn_delete_cookies(AREA_NAME . '_user_id', AREA_NAME . '_password');
if (!empty($redirect_url) && strpos($redirect_url, "$index_script?$target_name=exceptions")===false) {
fn_redirect($redirect_url);
} else {
fn_redirect($index_script);
}
}
//
// Recover password mode
//
if ($mode == 'recover_password') {
// Cleanup expired keys
db_query("DELETE FROM $db_tables[ekeys] WHERE ttl<'".TIME."'"); // FIXME: should be moved to another place
if (!empty($ekey)) {
$u_id = db_get_field("SELECT object_id FROM $db_tables[ekeys] WHERE ekey='$ekey' AND object_type='U' AND ttl>'".TIME."'");
if (!empty($u_id)) {
$udata = db_get_row("SELECT user_id, user_type, tax_exempt, last_login, membership_status, membership_id FROM $db_tables[users] WHERE user_id='$u_id'");
$auth = fn_fill_auth($udata, isset($auth['order_ids']) ? $auth['order_ids'] : array());
// Delete this key
db_query("DELETE FROM $db_tables[ekeys] WHERE ekey='$ekey'");
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_change_password'));
fn_redirect("$index_script?$target_name=profiles&$mode_name=update");
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('text_ekey_not_valid'));
$suffix = "?$target_name=auth&$mode_name=recover_password";
}
}
fn_add_breadcrumb(fn_get_lang_var('recover_password'));
$smarty->assign('content', 'recover_password');
}
//
// Display login form in the mainbox
//
if ($mode == 'login_form') {
if (defined('AJAX_REQUEST') && empty($auth)) {
exit;
}
if ($settings['General']['secure_auth'] == 'Y' && !defined('HTTPS') && AREA != 'A') {
fn_https_redirect($https_location.'/'.$current_url);
}
if (!empty($auth['user_id'])) {
fn_redirect($index_script);
}
if (!empty($redirect_url)) {
$smarty->assign('redirect_url', $redirect_url);
}
fn_add_breadcrumb(fn_get_lang_var('authentication'));
$smarty->assign('content', 'login_form');
}
?> ```