A module I purchased a while back has a couple of extra files in the upload folder. These files do not have any effect on the actual module. One is catalog/controller/module/hbnp_core.php (the other is an associated language file).
It allows anyone to create a "blank" customer account by going to the following path:
index.php?route=module/hbnp_core/register
The blank account has no email or password and allows anyone to log in to it by simply clicking the login button on the register account page (leaving the email and password fields blank)
The code from the hbnp_core.php file is below. If anyone wants more information regarding this please let me know.
Code: Select all
<?php
class ControllerModuleHbnpCore extends Controller {
private $error = array();
public function index() {
$email = $_POST['email'];
$register_screen = $_POST['register'];
$form = '0';
$this->language->load('module/hbnp');
$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE email = '".$this->db->escape($email)."' LIMIT 1");
$records = $query->num_rows;
if ($records > 0){
$newsletter = $query->row['newsletter'];
}else {
$newsletter = 2;
}
if (($records > 0) and ($newsletter == 0)){
$this->db->query("UPDATE " . DB_PREFIX . "customer SET newsletter = '1'");
$text = '<div class="hbnp-success">'.$this->language->get('text_subscribed').'</div>';
}
if (($records > 0) and ($newsletter == 1)){
$text = '<div class="hbnp-success">'.$this->language->get('text_already_subscribed').'</div>';
}
if ($records == 0){
//$form = '1';//$form = '0';
$form = ($register_screen == '1')?'1':'0';
$this->db->query("DELETE FROM " . DB_PREFIX . "guest_newsletter WHERE guest_email = '".$this->db->escape($email)."'");
$this->db->query("INSERT INTO " . DB_PREFIX . "guest_newsletter SET store_id = '" . (int)$this->config->get('config_store_id') . "', guest_email = '" . $this->db->escape($email) . "', guest_ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', date_added = NOW()");
if ($register_screen == '1'){
$text = '<div class="hbnp-success">'.$this->language->get('text_not_registered').'</div> <input type="hidden" value="'.$email.'" id="hidden_email">';
}else{
$text = '<div class="hbnp-success">'.$this->language->get('text_subscribed').'</div>';
}
}
$json['form'] = $form;
$json['success'] = $text;
$this->response->setOutput(json_encode($json));
}
public function register() {
$hbemail = $_POST['email'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$pwd = $_POST['pwd'];
$cpwd = $_POST['cpwd'];
$this->language->load('module/hbnp');
$customer_group_id = $this->config->get('config_customer_group_id');
$this->load->model('account/customer_group');
$customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id);
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET store_id = '" . (int)$this->config->get('config_store_id') . "', firstname = '" . $this->db->escape($fname) . "', lastname = '" . $this->db->escape($lname) . "', email = '" . $this->db->escape($hbemail) . "', telephone = '', salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($pwd)))) . "', newsletter = '1', customer_group_id = '" . (int)$customer_group_id . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '1', approved = '1', date_added = NOW()");
$this->db->query("DELETE FROM " . DB_PREFIX . "guest_newsletter WHERE guest_email = '".$this->db->escape($hbemail)."'");
//copying the code from catalog/model/customer.php for sending email with little variable changes
$this->language->load('mail/customer');
$subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name'));
$message = sprintf($this->language->get('text_welcome'), $this->config->get('config_name')) . "\n\n";
if (!$customer_group_info['approval']) {
$message .= $this->language->get('text_login') . "\n";
} else {
$message .= $this->language->get('text_approval') . "\n";
}
$message .= $this->url->link('account/login', '', 'SSL') . "\n\n";
$message .= $this->language->get('text_services') . "\n\n";
$message .= $this->language->get('text_thanks') . "\n";
$message .= $this->config->get('config_name');
$mail = new Mail();
$mail->protocol = $this->config->get('config_mail_protocol');
$mail->parameter = $this->config->get('config_mail_parameter');
$mail->hostname = $this->config->get('config_smtp_host');
$mail->username = $this->config->get('config_smtp_username');
$mail->password = $this->config->get('config_smtp_password');
$mail->port = $this->config->get('config_smtp_port');
$mail->timeout = $this->config->get('config_smtp_timeout');
$mail->setTo($hbemail);
$mail->setFrom($this->config->get('config_email'));
$mail->setSender($this->config->get('config_name'));
$mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
$mail->send();
// Send to main admin email if new account email is enabled
if ($this->config->get('config_account_mail')) {
$message = $this->language->get('text_signup') . "\n\n";
$message .= $this->language->get('text_website') . ' ' . $this->config->get('config_name') . "\n";
$message .= $this->language->get('text_firstname') . ' ' . $fname . "\n";
$message .= $this->language->get('text_lastname') . ' ' . $lname . "\n";
$message .= $this->language->get('text_customer_group') . ' ' . $customer_group_info['name'] . "\n";
$message .= $this->language->get('text_email') . ' ' . $hbemail . "\n";
$mail->setTo($this->config->get('config_email'));
$mail->setSubject(html_entity_decode($this->language->get('text_new_customer'), ENT_QUOTES, 'UTF-8'));
$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
$mail->send();
// Send to additional alert emails if new account email is enabled
$emails = explode(',', $this->config->get('config_alert_emails'));
foreach ($emails as $email) {
if (strlen($email) > 0 && preg_match('/^[^\@]+@.*\.[a-z]{2,6}$/i', $email)) {
$mail->setTo($email);
$mail->send();
}
}
}
$this->customer->login($hbemail, $pwd);
unset($this->session->data['guest']);
$json['hbnp_redirect'] = '1';
$json['success'] = '<div class="hbnp-success">'.sprintf($this->language->get('text_registered'),$fname,$hbemail).'</div>';
$this->response->setOutput(json_encode($json));
}
}
?>