login with manual code

[delickate]

Hi,

I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing???

here is my code

 

$email_address 	= $_REQUEST['txtemail'];
    				   $password 		= $_REQUEST['password'];

    					$check_customer_query = mysql_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = '" . $email_address . "'");
    					if (mysql_num_rows($check_customer_query)> 0) 
					{
					   $check_customer = mysql_fetch_assoc($check_customer_query);
					  if (!tep_validate_password($password, $check_customer['customers_password']))
					   {
					     echo "password not found.";
					   }else {

								  

									  tep_session_recreate();


									$check_country_query = mysql_query("select entry_country_id, entry_zone_id from address_book where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
									$check_country = mysql_fetch_array($check_country_query);

									$customer_id = $check_customer['customers_id'];
									$customer_default_address_id = $check_customer['customers_default_address_id'];
									$customer_first_name = $check_customer['customers_firstname'];
									$customer_country_id = $check_country['entry_country_id'];
									$customer_zone_id = $check_country['entry_zone_id'];
									tep_session_register('customer_id');
									tep_session_register('customer_default_address_id');
									tep_session_register('customer_first_name');
									tep_session_register('customer_country_id');
									tep_session_register('customer_zone_id');

									mysql_query("update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

 

anyone have any idea about?

 

 

[Kays]

1. Use

 tags next time.

2. Sanitize data. With the code that you have now, someone can really screw you over with a simple SQL injection. See SQL Injection @Wikipedia

3. Please address what the issue is.

I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing???

here is my code

^ That doesn't tell me what the issue is. Which part of your code is not working?

[delickate]

hi,

Thanks for prompt response and guide. I installed oscommerce on my local server. it is running fine. now i want to login oscommerce with my manual code pasted before. i place a file one folder up of oscommerce folder. so my login file path is

 

c:\wamp\www\cart\login.php

 

and my oscommerce path is

c:\wamp\www\cart\oscommerce\index.php

 

i want to log into oscommerce in my login.php file. after login it'll take me two oscommerce folder.

 

i copy past all the code from cart\oscommerce\login.php into cart\login.php

made some modification and try to run. it didn't give any error. says username password is correct and redirect to oscommerce\login.php

 

it seems that there is some session problem. even though my code is working fine it require again login access.

 

can you guide me how can i do that?

Thanks