Force Login

[spike210957]

I'm trying to force cubecart to auto login if a user has been authenticated by my site.

I found this bit of code in user.class.php:

//If there is a cookie for the username and they are not logged in
			if (isset($_COOKIE['username']) && !empty($_COOKIE['username']) && !$this->is()) {
				//If we haven't pushed the user to the login
				if (!$GLOBALS['session']->get('login_push')) {
					$GLOBALS['session']->set('login_push', true);
					//Try to have them login
					if (!isset($_GET['_a']) || $_GET['_a'] != 'login') {
						httpredir('index.php?_a=login');
					}
				}
			}

So I though all I needed to do was to create the username cookie in my site and bingo cubecart would pick it up and force a login.  But it isn't working and I can't suss why.....

[bsmither]

The Session's 'login_push' must be vestigial, as I cannot find any other code that uses it going back to CubeCart 5.1.1. But it may have had something to do with something called OAuth, which was removed from CubeCart many versions ago.

So, I think the code snippet above is not the 'droid you're looking for.

 

[spike210957]

ok I'll have to carry on digging....

I think what I need to do is instantiate a cubecart user object at the point that the user get's validated by my web site and set $IS_USER to true

So here's what I'm trying in my page that calls the store:
 

include('store\ini.inc.php');
include('store\classes\cache\memcache.class.php');
include('store\classes\user.class.php');
include CC_ROOT_DIR.CC_DS.'controllers'.CC_DS.'controller.admin.pre_session.inc.php';
//
//Instantiate a user

$myuser = user::getInstance();

$IsValid = $myuser->authenticate('[email protected]','mypassword');

Trouble is it's falling over with:

Class 'Memcache' not found in memcache.class.php on line 35

Edited January 13, 2016 by spike210957

[spike210957]

Well I'm now trying a different approach in the page that opens the store I the code below.  However, cubecart is catching my post in sessions.class.php (line 651) and deciding that it's a session hijack, which I suppose it is.  Any suggestions for work round?

  // Post variables.
$postdata = array(
  'username' => 'value1',
  'password' => 'value2'
  );

do_post_request("store/index.php?_a=login", $postdata);

function do_post_request($url, $postdata)
{
  $content = "";

  // Add post data to request.
  foreach($postdata as $key => $value)
  {
    $content .= "{$key}={$value}&";
  }

  $params = array('http' => array(
    'method' => 'POST',
    'header' => 'Content-Type: application/x-www-form-urlencoded',
    'content' => $content
  ));

  $ctx = stream_context_create($params);
  $fp = fopen($url, 'rb', false, $ctx);

  if (!$fp) {
    throw new Exception("Connection problem, {$php_errormsg}");
  }

  $response = @stream_get_contents($fp);
  if ($response === false) {
    throw new Exception("Response error, {$php_errormsg}");
  }

  return $response;
}

 

[spike210957]

Ok tried another approach and this now works.  The code for the  page that kicks off the store is below.  My only remaining issue is that when I come back to the site from the shop my session variables are gone...

 

<?php

session_start();

echo "<html>";
echo "<head>";
echo "<script>";
echo "function load()";
echo "{";
echo "document.frm1.submit()";
echo "}";
echo "</script>";
echo "</head>";

echo "<body onload='load()'>";
echo "<form action= 'store/index.php?_a=login' id='frm1' name='frm1' method='post'>";
echo "<input name='username' type='text' value='" . $_SESSION['Store_username'] . "' />";
echo "<input name='password' type='text' value='" . $_SESSION['Store_password'] . "' />";
echo "</form>";
echo "</body>";
echo "</html>";

?>