?></td>
</tr>
(A) (UP) Add Support for Basic HTTP Authentication
(A) (UP) Add Support for Basic HTTP Authentication
Importance: High | Difficulty: Medium
Add support for Basic HTTP Authentication to the Administration Tool login routine. Administrator accounts can be saved in htpasswd files
using the Apache APR-MD5 algorithm. Upon successful Basic HTTP Authentication, an automatic login occurs if the authentication password
matches the administrator password stored in the database.
Affected Files
catalog/admin/.htpasswd_oscommerce --- (new file)
catalog/admin/administrators.php
catalog/admin/includes/application_top.php
catalog/admin/includes/functions/password_funcs.php
catalog/admin/includes/languages/english/administrators.php
catalog/admin/login.php
View Changes Online
This changeset includes an update to an English language definition file. Please perform similar changes to other
languages that are also installed.
catalog/admin/.htpasswd_oscommerce --- (new file)
This is a new empty file. (Download File)
catalog/admin/administrators.php
@@ -12,6 +12,37 @@
require('includes/application_top.php');
+  $htaccess_array = 
;
null
+  $htpasswd_array = 
;
null
+
+  $authuserfile_array = array('##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####',
+                              'AuthType Basic',
+                              'AuthName 
',
"osCommerce Online Merchant Administration Tool"
+                              'AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce',
+                              'Require valid-user',
+                              '##### OSCOMMERCE ADMIN PROTECTION - END #####');
+
+  
(file_exists(DIR_FS_ADMIN . '.htpasswd_oscommerce') && is_writable(DIR_FS_ADMIN .
if
'.htpasswd_oscommerce') && file_exists(DIR_FS_ADMIN . '.htaccess') && is_writable(DIR_FS_ADMIN .
'.htaccess')) {
+    $htaccess_array = array();
+    $htpasswd_array = array();
+
+    
(filesize(DIR_FS_ADMIN . '.htaccess') > 0) {
if
+      $fg = fopen(DIR_FS_ADMIN . '.htaccess', 'rb');
+      $data = fread($fg, filesize(DIR_FS_ADMIN . '.htaccess'));
+      fclose($fg);
+
+      $htaccess_array = explode(
, $data);
"\n"
+    }
+
+    
(filesize(DIR_FS_ADMIN . '.htpasswd_oscommerce') > 0) {
if
+      $fg = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'rb');
+      $data = fread($fg, filesize(DIR_FS_ADMIN . '.htpasswd_oscommerce'));
+      fclose($fg);
+
Pdf split pages in half - Split, seperate PDF into multiple files in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
Explain How to Split PDF Document in Visual C#.NET Application
break apart pdf; break pdf into single pages
Pdf split pages in half - VB.NET PDF File Split Library: Split, seperate PDF into multiple files in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Splitter Control to Disassemble PDF Document
break pdf password online; pdf split pages in half
+      $htpasswd_array = explode(
, $data);
"\n"
+    }
+  }
+
$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');
(tep_not_null($action)) {
if
@@ -26,6 +57,38 @@
(tep_db_num_rows($check_query) < 1) {
if
tep_db_query(
. TABLE_ADMINISTRATORS . 
"insert into "
" (user_name, user_password)
. tep_db_input($username) . 
. tep_db_input(tep_encrypt_password($password)) . 
values ('"
"', '"
);
"')"
+
+          
(is_array($htpasswd_array)) {
if
+            
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+              list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+              
($ht_username == $username) {
if
+                unset($htpasswd_array[$i]);
+              }
+            }
+
+            
(isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == '
')) {
if
true
+              $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password);
+            }
+
+            $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w');
+            fwrite($fp, implode(
, $htpasswd_array));
"\n"
+            fclose($fp);
+
+            
(!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce',
if
$htaccess_array) && !empty($htpasswd_array)) {
+              array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array);
+            } elseif (empty($htpasswd_array)) {
+              
($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) {
for
+                
(in_array($htaccess_array[$i], $authuserfile_array)) {
if
+                  unset($htaccess_array[$i]);
+                }
+              }
+            }
+
+            $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w');
+            fwrite($fp, implode(
, $htaccess_array));
"\n"
+            fclose($fp);
+          }
{
else
$messageStack->add_session(ERROR_ADMINISTRATOR_EXISTS, 'error');
}
@@ -38,17 +101,75 @@
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
-        $check_query = tep_db_query(
. TABLE_ADMINISTRATORS . 
"select id from "
" where user_name
. tep_db_input($admin['username']) . 
);
= '"
"'"
+        $check_query = tep_db_query(
. TABLE_ADMINISTRATORS . 
"select id, user_name from "
" where
. (
)$HTTP_GET_VARS['aID'] . 
);
id = '"
int
"'"
$check = tep_db_fetch_array($check_query);
-        
($admin['id'] == $check['id']) {
if
+// update username in current session 
changed
if
+        
( ($check['id'] == $admin['id']) && ($check['user_name'] != $admin['username']) ) {
if
$admin['username'] = $username;
}
+// update username in htpasswd 
changed
if
+        
(is_array($htpasswd_array)) {
if
+          
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+            list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+            
( ($check['user_name'] == $ht_username) && ($check['user_name'] != $username) ) {
if
+              $htpasswd_array[$i] = $username . ':' . $ht_password;
+            }
+          }
+        }
C# PDF: Use C# APIs to Control Fully on PDF Rendering Process
For example, to convert the left half of PDF document page, you can set the source rectangle to start at (0, 0) and with the original height in pixel and half
break a pdf into smaller files; break apart a pdf file
VB.NET Image: JPEG 2000 Codec for Image Encoding and Decoding in
Integrate PDF, Tiff, Word compression add-on with JPEG 2000 codec easily in VB.NET; That is to say you can display full size, full resolution or half size, one
break pdf into multiple pages; pdf split file
+
tep_db_query(
. TABLE_ADMINISTRATORS . 
.
"update "
" set user_name = '"
tep_db_input($username) . 
. (
)$HTTP_GET_VARS['aID'] . 
);
"' where id = '"
int
"'"
(tep_not_null($password)) {
if
+// update password in htpasswd
+          
(is_array($htpasswd_array)) {
if
+            
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+              list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+              
($ht_username == $username) {
if
+                unset($htpasswd_array[$i]);
+              }
+            }
+
+            
(isset($HTTP_POST_VARS['htaccess']) && ($HTTP_POST_VARS['htaccess'] == '
')) {
if
true
+              $htpasswd_array[] = $username . ':' . tep_crypt_apr_md5($password);
+            }
+          }
+
tep_db_query(
. TABLE_ADMINISTRATORS . 
.
"update "
" set user_password = '"
tep_db_input(tep_encrypt_password($password)) . 
. (
)$HTTP_GET_VARS['aID'] . 
"' where id = '"
int
);
"'"
+        } elseif (!isset($HTTP_POST_VARS['htaccess']) || ($HTTP_POST_VARS['htaccess'] != '
'))
true
{
+          
(is_array($htpasswd_array)) {
if
+            
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+              list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+              
($ht_username == $username) {
if
+                unset($htpasswd_array[$i]);
+              }
+            }
+          }
+        }
+
+// write 
htpasswd file
new
+        
(is_array($htpasswd_array)) {
if
+          $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w');
+          fwrite($fp, implode(
, $htpasswd_array));
"\n"
+          fclose($fp);
+
+          
(!in_array('AuthUserFile ' . DIR_FS_ADMIN . '.htpasswd_oscommerce', $htaccess_array)
if
&& !empty($htpasswd_array)) {
+            array_splice($htaccess_array, sizeof($htaccess_array), 0, $authuserfile_array);
+          } elseif (empty($htpasswd_array)) {
+            
($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) {
for
+              
(in_array($htaccess_array[$i], $authuserfile_array)) {
if
+                unset($htaccess_array[$i]);
+              }
+            }
+          }
+
+          $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w');
+          fwrite($fp, implode(
, $htaccess_array));
"\n"
+          fclose($fp);
}
tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . (int
)$HTTP_GET_VARS['aID']));
@@ -56,19 +177,57 @@
'deleteconfirm':
case
$id = tep_db_prepare_input($HTTP_GET_VARS['aID']);
-        $check_query = tep_db_query(
. TABLE_ADMINISTRATORS . 
"select id from "
" where user_name
. tep_db_input($admin['username']) . 
);
= '"
"'"
+        $check_query = tep_db_query(
. TABLE_ADMINISTRATORS . 
"select id, user_name from "
" where
. (
)$id . 
);
id = '"
int
"'"
$check = tep_db_fetch_array($check_query);
-        
($id == $check['id']) {
if
+        
($admin['id'] == $check['id']) {
if
tep_session_unregister('admin');
}
C# Word: Set Rendering Options with C# Word Document Rendering
& raster and vector images, such as PDF, tiff, png rendering and converting any Word document pages, you may get the image which sources the left half of page
break apart pdf pages; break a pdf
C# Excel: Customize Excel Conversion by Setting Rendering Options
rectangle to start at (0, 0) and with the original width and half of the can save created image object/collection to these file formats, like PDF, TIFF, SVG
break apart a pdf in reader; cannot print pdf no pages selected
tep_db_query(
. TABLE_ADMINISTRATORS . 
. (
)$id . 
);
"delete from "
" where id = '"
int
"'"
+        
(is_array($htpasswd_array)) {
if
+          
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+            list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+            
($ht_username == $check['user_name']) {
if
+              unset($htpasswd_array[$i]);
+            }
+          }
+
+          $fp = fopen(DIR_FS_ADMIN . '.htpasswd_oscommerce', 'w');
+          fwrite($fp, implode(
, $htpasswd_array));
"\n"
+          fclose($fp);
+
+          
(empty($htpasswd_array)) {
if
+            
($i=0, $n=sizeof($htaccess_array); $i<$n; $i++) {
for
+              
(in_array($htaccess_array[$i], $authuserfile_array)) {
if
+                unset($htaccess_array[$i]);
+              }
+            }
+
+            $fp = fopen(DIR_FS_ADMIN . '.htaccess', 'w');
+            fwrite($fp, implode(
, $htaccess_array));
"\n"
+            fclose($fp);
+          }
+        }
+
tep_redirect(tep_href_link(FILENAME_ADMINISTRATORS));
;
break
}
}
+
+  $secMessageStack = 
messageStack();
new
+
+  
(is_array($htpasswd_array)) {
if
+    
(empty($htpasswd_array)) {
if
+      $secMessageStack->add(sprintf(HTPASSWD_INFO, implode('<br />', $authuserfile_array)),
'error');
+    } 
{
else
+      $secMessageStack->add(HTPASSWD_SECURED, 'success');
+    }
+  } 
{
else
+    $secMessageStack->add(HTPASSWD_PERMISSIONS, 'error');
+  }
?>
<!doctype html 
public "-
>
//W3C//DTD HTML 4.01 Transitional//EN"
<html <?php echo HTML_PARAMS; ?>>
@@ -102,11 +261,19 @@
</table></td>
</tr>
<tr>
+        <td>
+<?php
+  echo $secMessageStack->output();
+?>
+        </td>
+      </tr>
+      <tr>
<td><table border=
width=
cellspacing=
cellpadding=
>
"0"
"100%"
"0"
"0"
<tr>
<td valign=
><table border=
width=
cellspacing=
cellpadding=
>
"top"
"0"
"100%"
"0"
"2"
<tr class=
>
"dataTableHeadingRow"
<td class=
><?php echo TABLE_HEADING_ADMINISTRATORS;
"dataTableHeadingContent"
?></td>
+                <td class=
align=
><?php echo
"dataTableHeadingContent"
"center"
TABLE_HEADING_HTPASSWD; ?></td>
<td class=
align=
><?php echo
"dataTableHeadingContent"
"right"
TABLE_HEADING_ACTION; ?>&nbsp;</td>
</tr>
<?php
@@ -116,6 +283,19 @@
$aInfo = 
objectInfo($admins);
new
}
C# PowerPoint: How to Set PowerPoint Rendering Parameters in C#
you use this SDK to render PowerPoint (2007 or above) slide into PDF document or For example, to convert the top half of the slide/page to image, you can set
break pdf file into parts; can't cut and paste from pdf
How to C#: Special Effects
LinearStretch. Level the pixel between the black point and white point. Magnify. Double the image size. Mignify. Half the image size. Normolize.
split pdf files; break a pdf file
+    $htpasswd_secured = tep_image(DIR_WS_IMAGES . 'icon_status_red.gif', 'Not Secured', 10, 10);
+
+    
(is_array($htpasswd_array)) {
if
+      
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+        list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+        
($ht_username == $admins['user_name']) {
if
+          $htpasswd_secured = tep_image(DIR_WS_IMAGES . 'icon_status_green.gif', 'Secured', 10,
10);
+          
;
break
+        }
+      }
+    }
+
( (isset($aInfo) && is_object($aInfo)) && ($admins['id'] == $aInfo->id) ) {
if
echo '                  <tr id=
class=
onmouseover=
"defaultSelected"
"dataTableRowSelected"
onmouseout=
onclick=
"rowOverEffect(
)"
this
"rowOutEffect(
)"
this
"document.location.href=\'' .
>' . 
;
tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id . '&action=edit') . '\'"
"\n"
{
else
@@ -123,13 +303,14 @@
}
?>
<td class=
><?php echo $admins['user_name']; ?></td>
"dataTableContent"
+                <td class=
align=
><?php echo $htpasswd_secured; ?></td>
"dataTableContent"
"center"
<td class=
align=
><?php 
( (isset($aInfo) &&
"dataTableContent"
"right"
if
is_object($aInfo)) && ($admins['id'] == $aInfo->id) ) { echo tep_image(DIR_WS_IMAGES .
'icon_arrow_right.gif', ''); } 
{ echo '<a href=
else
"' . tep_href_link(FILENAME_ADMINISTRATORS,
>' . tep_image(DIR_WS_IMAGES . 'icon_info.gif', IMAGE_ICON_INFO) .
'aID=' . $admins['id']) . '"
'</a>'; } ?>&nbsp;</td>
</tr>
<?php
}
?>
<tr>
-                <td colspan=
align=
><?php echo '<a href=
"2"
"right"
"' .
>' .
tep_href_link(FILENAME_ADMINISTRATORS, 'action=
') . '"
new
tep_image_button('button_insert.gif', IMAGE_INSERT) . '</a>'; ?></td>
+                <td colspan=
align=
><?php echo '<a href=
"3"
"right"
"' .
>' .
tep_href_link(FILENAME_ADMINISTRATORS, 'action=
') . '"
new
tep_image_button('button_insert.gif', IMAGE_INSERT) . '</a>'; ?></td>
</tr>
</table></td>
<?php
@@ -140,19 +321,40 @@
'
':
case
new
$heading[] = array('text' => '<b>' . TEXT_INFO_HEADING_NEW_ADMINISTRATOR . '</b>');
-      $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS,
'action=insert'));
+      $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS,
'action=insert', 'post', 'autocomplete=
'));
"off"
$contents[] = array('text' => TEXT_INFO_INSERT_INTRO);
$contents[] = array('text' => '<br>' . TEXT_INFO_USERNAME . '<br>' .
tep_draw_input_field('username'));
$contents[] = array('text' => '<br>' . TEXT_INFO_PASSWORD . '<br>' .
tep_draw_password_field('password'));
+
+      
(is_array($htpasswd_array)) {
if
+        $contents[] = array('text' => '<br>' . tep_draw_checkbox_field('htaccess', '
') . ' '
true
. TEXT_INFO_PROTECT_WITH_HTPASSWD);
+      }
+
$contents[] = array('align' => 'center', 'text' => '<br>' .
tep_image_submit('button_save.gif', IMAGE_SAVE) . '&nbsp;<a href="' .
>' . tep_image_button('button_cancel.gif',
tep_href_link(FILENAME_ADMINISTRATORS) . '"
IMAGE_CANCEL) . '</a>');
;
break
'edit':
case
$heading[] = array('text' => '<b>' . $aInfo->user_name . '</b>');
-      $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS, 'aID='
. $aInfo->id . '&action=save'));
+      $contents = array('form' => tep_draw_form('administrator', FILENAME_ADMINISTRATORS, 'aID='
. $aInfo->id . '&action=save', 'post', 'autocomplete=
'));
"off"
$contents[] = array('text' => TEXT_INFO_EDIT_INTRO);
C# Raster - Image Compression in C#.NET
B44. The value is 17. B44 This form of compression is lossy for half data and stores 32bit data uncompressed. B44A. The value is 18.
break pdf password; acrobat separate pdf pages
C# Image: C# Code to Encode & Decode JBIG2 Images in RasterEdge .
RegisteredDecoders.GetDecoderFromType(typeof(JBIG2Decoder)); JBIG2.ScaleFactor = JBIG2ScaleFactor.Half; and decompressing of Word & PDF documents as well as
combine pages of pdf documents into one; break pdf into pages
$contents[] = array('text' => '<br>' . TEXT_INFO_USERNAME . '<br>' .
tep_draw_input_field('username', $aInfo->user_name));
$contents[] = array('text' => '<br>' . TEXT_INFO_NEW_PASSWORD . '<br>' .
tep_draw_password_field('password'));
+
+      
(is_array($htpasswd_array)) {
if
+        $default_flag = 
;
false
+
+        
($i=0, $n=sizeof($htpasswd_array); $i<$n; $i++) {
for
+          list($ht_username, $ht_password) = explode(':', $htpasswd_array[$i], 2);
+
+          
($ht_username == $aInfo->user_name) {
if
+            $default_flag = 
;
true
+            
;
break
+          }
+        }
+
+        $contents[] = array('text' => '<br>' . tep_draw_checkbox_field('htaccess', '
',
true
$default_flag) . ' ' . TEXT_INFO_PROTECT_WITH_HTPASSWD);
+      }
+
$contents[] = array('align' => 'center', 'text' => '<br>' .
tep_image_submit('button_update.gif', IMAGE_UPDATE) . '&nbsp;<a href="' .
>' .
tep_href_link(FILENAME_ADMINISTRATORS, 'aID=' . $aInfo->id) . '"
tep_image_button('button_cancel.gif', IMAGE_CANCEL) . '</a>');
VB Imaging - Postnet Barcode Creation Tutorial
can encode 5, 6, 9 or 11 digits, excluding check digit, in half- and full image and document files, including PNG, BMP, GIF, JPEG, TIFF, PDF, Excel, PowerPoint
c# print pdf to specific printer; break pdf into smaller files
VB.NET Image: Image Scaling SDK to Scale Picture / Photo
After you run following VB.NET code demo, you will get a scaled image file whose height & width are all half of original image width & height.
break a pdf; pdf specification
;
break
'delete':
case
catalog/admin/includes/application_top.php
@@ -135,6 +135,13 @@
$current_page = basename($PHP_SELF);
+// 
the first page request is to the login page, set the current page to the index page
if
+// so the redirection on a successful login is not made to the login page again
+    
( ($current_page == FILENAME_LOGIN) && !tep_session_is_registered('redirect_origin') ) {
if
+      $current_page = FILENAME_DEFAULT;
+      $HTTP_GET_VARS = array();
+    }
+
($current_page != FILENAME_LOGIN) {
if
(!tep_session_is_registered('redirect_origin')) {
if
tep_session_register('redirect_origin');
@@ -143,6 +150,14 @@
'get' => $HTTP_GET_VARS);
}
+// 
to automatically login with the HTTP Authentication values 
it exists
try
if
+      
(!tep_session_is_registered('auth_ignore')) {
if
+        
(isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) &&
if
!empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) &&
!empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
+          $redirect_origin['auth_user'] = $HTTP_SERVER_VARS['PHP_AUTH_USER'];
+          $redirect_origin['auth_pw'] = $HTTP_SERVER_VARS['PHP_AUTH_PW'];
+        }
+      }
+
$redirect = 
;
true
}
@@ -151,7 +166,7 @@
}
($redirect == 
) {
if
true
-      tep_redirect(tep_href_link(FILENAME_LOGIN));
+      tep_redirect(tep_href_link(FILENAME_LOGIN, (isset($redirect_origin['auth_user']) ?
'action=process' : '')));
}
unset($redirect);
catalog/admin/includes/functions/password_funcs.php
@@ -43,4 +43,67 @@
$password;
return
}
+
+////
+// This function produces a crypted string using the APR-MD5 algorithm
+// Source: http://www.php.net/crypt
+  function tep_crypt_apr_md5($password, $salt = 
) {
null
+    
(empty($salt)) {
if
+      $salt_string = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+
+      $salt = '';
+
+      
($i = 0; $i < 8; $i++) {
for
+        $salt .= $salt_string[rand(0, 61)];
+      }
+    }
+
+    $len = strlen($password);
+
+    $result = $password . '$apr1$' . $salt;
+
+    $bin = pack('H32', md5($password . $salt . $password));
+
+    
($i=$len; $i>0; $i-=16) {
for
+      $result .= substr($bin, 0, min(16, $i));
+    }
+
+    
($i=$len; $i>0; $i>>= 1) {
for
+      $result .= ($i & 1) ? chr(0) : $password[0];
+    }
+
+    $bin = pack('H32', md5($result));
+
+    
($i=0; $i<1000; $i++) {
for
+      $
= ($i & 1) ? $password : $bin;
new
+
+      
($i % 3) {
if
+        $
.= $salt;
new
+      }
+
+      
($i % 7) {
if
+        $
.= $password;
new
+      }
+
+      $
.= ($i & 1) ? $bin : $password;
new
+
+      $bin = pack('H32', md5($
));
new
+    }
+
+    
($i=0; $i<5; $i++) {
for
+      $k = $i + 6;
+      $j = $i + 12;
+
+      
($j == 16) {
if
+        $j = 5;
+      }
+
+      $tmp = $bin[$i] . $bin[$k] . $bin[$j] . $tmp;
+    }
+
+    $tmp = chr(0) . chr(0) . $bin[11] . $tmp;
+    $tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
+
+    
'$apr1$' . $salt . '$' . $tmp;
return
+  }
?>
catalog/admin/includes/languages/english/administrators.php
@@ -13,6 +13,7 @@
define('HEADING_TITLE', 'Administrators');
define('TABLE_HEADING_ADMINISTRATORS', 'Administrators');
+define('TABLE_HEADING_HTPASSWD', 'Secured by htpasswd');
define('TABLE_HEADING_ACTION', 'Action');
define('TEXT_INFO_INSERT_INTRO', 'Please enter the 
administrator with its related data');
new
@@ -22,6 +23,11 @@ define('TEXT_INFO_HEADING_NEW_ADMINISTRATOR', 'New Administrator');
define('TEXT_INFO_USERNAME', 'Username:');
define('TEXT_INFO_NEW_PASSWORD', 'New Password:');
define('TEXT_INFO_PASSWORD', 'Password:');
+define('TEXT_INFO_PROTECT_WITH_HTPASSWD', 'Protect With htaccess/htpasswd');
define('ERROR_ADMINISTRATOR_EXISTS', 'Error: Administrator already exists.');
-?>
+
+define('HTPASSWD_INFO', '<b>Additional Protection With htaccess/htpasswd</b><p>This osCommerce
Online Merchant Administration Tool installation is not additionally secured through
htaccess/htpasswd means.</p><p>Enabling the htaccess/htpasswd security layer will automatically
store administrator username and passwords in a htpasswd file when updating administrator password
records.</p><p><b>Please note</b>, 
additional security layer is enabled and you can no
if this
longer access the Administration Tool, please make the following changes and consult your hosting
provider to enable htaccess/htpasswd protection:</p><p><u><b>1. Edit 
file:</b></u><br /><br
this
/>' . DIR_FS_ADMIN . '.htaccess</p><p>Remove the following lines 
they
if
exist:</p><p><i>%s</i></p><p><u><b>2. Delete 
file:</b></u><br /><br />' . DIR_FS_ADMIN .
this
'.htpasswd_oscommerce</p>');
+define('HTPASSWD_SECURED', '<b>Additional Protection With htaccess/htpasswd</b><p>This osCommerce
Online Merchant Administration Tool installation is additionally secured through htaccess/htpasswd
means.</p>');
+define('HTPASSWD_PERMISSIONS', '<b>Additional Protection With htaccess/htpasswd</b><p>This
osCommerce Online Merchant Administration Tool installation is not additionally secured through
htaccess/htpasswd means.</p><p>The following files need to be writable by the web server to enable
the htaccess/htpasswd security layer:</p><ul><li>' . DIR_FS_ADMIN . '.htaccess</li><li>' .
DIR_FS_ADMIN . '.htpasswd_oscommerce</li></ul><p>Reload 
page to confirm 
the correct file
this
if
permissions have been set.</p>');
+?>
catalog/admin/login.php
@@ -17,11 +17,21 @@
$action = (isset($HTTP_GET_VARS['action']) ? $HTTP_GET_VARS['action'] : '');
+// prepare to logout an active administrator 
the login page is accessed again
if
+  
(tep_session_is_registered('admin')) {
if
+    $action = 'logoff';
+  }
+
(tep_not_null($action)) {
if
($action) {
switch
'process':
case
-        $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
-        $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
+        
(tep_session_is_registered('redirect_origin') && isset($redirect_origin['auth_user']))
if
{
+          $username = tep_db_prepare_input($redirect_origin['auth_user']);
+          $password = tep_db_prepare_input($redirect_origin['auth_pw']);
+        } 
{
else
+          $username = tep_db_prepare_input($HTTP_POST_VARS['username']);
+          $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
+        }
$check_query = tep_db_query(
.
"select id, user_name, user_password from "
TABLE_ADMINISTRATORS . 
. tep_db_input($username) . 
);
" where user_name = '"
"'"
@@ -58,6 +68,12 @@
'logoff':
case
tep_session_unregister('selected_box');
tep_session_unregister('admin');
+
+        
(isset($HTTP_SERVER_VARS['PHP_AUTH_USER']) &&
if
!empty($HTTP_SERVER_VARS['PHP_AUTH_USER']) && isset($HTTP_SERVER_VARS['PHP_AUTH_PW']) &&
!empty($HTTP_SERVER_VARS['PHP_AUTH_PW'])) {
+          tep_session_register('auth_ignore');
+          $auth_ignore = 
;
true
+        }
+
tep_redirect(tep_href_link(FILENAME_DEFAULT));
;
break
(C) (UP) Generate a New Shopping Cart ID When Restoring Products
(C) (UP) Generate a New CartID When Restoring Products
Importance: Medium | Difficulty: Easy
Generare a new shopping cart ID (cartID) when restoring products stored in the database.
Affected Files
catalog/includes/classes/shopping_cart.php
View Changes Online
catalog/includes/classes/shopping_cart.php
Documents you may be interested
Documents you may be interested