Post by bugless » Thu Oct 19, 2017 8:49 am

I am interested to hear the thoughts of some experts on this...

A module I purchased a while back has a couple of extra files in the upload folder. These files do not have any effect on the actual module. One is catalog/controller/module/hbnp_core.php (the other is an associated language file).
It allows anyone to create a "blank" customer account by going to the following path:
index.php?route=module/hbnp_core/register
The blank account has no email or password and allows anyone to log in to it by simply clicking the login button on the register account page (leaving the email and password fields blank)
The code from the hbnp_core.php file is below. If anyone wants more information regarding this please let me know.

Code: Select all

<?php  
class ControllerModuleHbnpCore extends Controller {
	private $error = array();
	public function index() {
		
		$email = $_POST['email'];	
		$register_screen = $_POST['register'];
		
		$form = '0';
		$this->language->load('module/hbnp');
		$query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE email = '".$this->db->escape($email)."' LIMIT 1");
		$records = $query->num_rows;
		if ($records > 0){
			$newsletter = $query->row['newsletter'];
		}else {
			$newsletter = 2;
		}
		
		if (($records > 0) and ($newsletter == 0)){
			$this->db->query("UPDATE " . DB_PREFIX . "customer SET newsletter = '1'");
			$text = '<div class="hbnp-success">'.$this->language->get('text_subscribed').'</div>';
			
		}
		if (($records > 0) and ($newsletter == 1)){
			$text = '<div class="hbnp-success">'.$this->language->get('text_already_subscribed').'</div>';
		}
		if ($records == 0){
		
			//$form = '1';//$form = '0';
			$form = ($register_screen == '1')?'1':'0';
			$this->db->query("DELETE FROM " . DB_PREFIX . "guest_newsletter WHERE guest_email = '".$this->db->escape($email)."'");
			$this->db->query("INSERT INTO " . DB_PREFIX . "guest_newsletter SET store_id = '" . (int)$this->config->get('config_store_id') . "', guest_email = '" . $this->db->escape($email) . "', guest_ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', date_added = NOW()");
			
			if ($register_screen == '1'){
				$text = '<div class="hbnp-success">'.$this->language->get('text_not_registered').'</div>		<input type="hidden" value="'.$email.'" id="hidden_email">';
			}else{
				$text = '<div class="hbnp-success">'.$this->language->get('text_subscribed').'</div>';
			}
		}
		
		$json['form'] = $form;
		$json['success'] = $text;
		$this->response->setOutput(json_encode($json));	
	}
	
	public function register() {
		
		$hbemail = $_POST['email'];	
		$fname = $_POST['fname'];
		$lname = $_POST['lname'];
		$pwd = $_POST['pwd'];
		$cpwd = $_POST['cpwd'];	
		
		$this->language->load('module/hbnp');
		
		$customer_group_id = $this->config->get('config_customer_group_id');

		$this->load->model('account/customer_group');

		$customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id);

		$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET store_id = '" . (int)$this->config->get('config_store_id') . "', firstname = '" . $this->db->escape($fname) . "', lastname = '" . $this->db->escape($lname) . "', email = '" . $this->db->escape($hbemail) . "', telephone = '', salt = '" . $this->db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($pwd)))) . "', newsletter = '1', customer_group_id = '" . (int)$customer_group_id . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '1', approved = '1', date_added = NOW()");
		$this->db->query("DELETE FROM " . DB_PREFIX . "guest_newsletter WHERE guest_email = '".$this->db->escape($hbemail)."'");
		
		//copying the code from catalog/model/customer.php for sending email with little variable changes
		$this->language->load('mail/customer');

		$subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name'));

		$message = sprintf($this->language->get('text_welcome'), $this->config->get('config_name')) . "\n\n";

		if (!$customer_group_info['approval']) {
			$message .= $this->language->get('text_login') . "\n";
		} else {
			$message .= $this->language->get('text_approval') . "\n";
		}

		$message .= $this->url->link('account/login', '', 'SSL') . "\n\n";
		$message .= $this->language->get('text_services') . "\n\n";
		$message .= $this->language->get('text_thanks') . "\n";
		$message .= $this->config->get('config_name');

		$mail = new Mail();
		$mail->protocol = $this->config->get('config_mail_protocol');
		$mail->parameter = $this->config->get('config_mail_parameter');
		$mail->hostname = $this->config->get('config_smtp_host');
		$mail->username = $this->config->get('config_smtp_username');
		$mail->password = $this->config->get('config_smtp_password');
		$mail->port = $this->config->get('config_smtp_port');
		$mail->timeout = $this->config->get('config_smtp_timeout');				
		$mail->setTo($hbemail);
		$mail->setFrom($this->config->get('config_email'));
		$mail->setSender($this->config->get('config_name'));
		$mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
		$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
		$mail->send();

		// Send to main admin email if new account email is enabled
		if ($this->config->get('config_account_mail')) {
			$message  = $this->language->get('text_signup') . "\n\n";
			$message .= $this->language->get('text_website') . ' ' . $this->config->get('config_name') . "\n";
			$message .= $this->language->get('text_firstname') . ' ' . $fname . "\n";
			$message .= $this->language->get('text_lastname') . ' ' . $lname . "\n";
			$message .= $this->language->get('text_customer_group') . ' ' . $customer_group_info['name'] . "\n";

			$message .= $this->language->get('text_email') . ' '  .  $hbemail . "\n";

			$mail->setTo($this->config->get('config_email'));
			$mail->setSubject(html_entity_decode($this->language->get('text_new_customer'), ENT_QUOTES, 'UTF-8'));
			$mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
			$mail->send();

			// Send to additional alert emails if new account email is enabled
			$emails = explode(',', $this->config->get('config_alert_emails'));

			foreach ($emails as $email) {
				if (strlen($email) > 0 && preg_match('/^[^\@]+@.*\.[a-z]{2,6}$/i', $email)) {
					$mail->setTo($email);
					$mail->send();
				}
			}
		}
		
		$this->customer->login($hbemail, $pwd);
		unset($this->session->data['guest']);
		$json['hbnp_redirect'] = '1';
		
		$json['success'] = '<div class="hbnp-success">'.sprintf($this->language->get('text_registered'),$fname,$hbemail).'</div>';
		$this->response->setOutput(json_encode($json));	
	}
		
}
?>

Newbie

Posts

Joined
Wed Jul 20, 2011 8:31 pm

Post by IP_CAM » Thu Oct 19, 2017 10:57 am

Oops, you should better contact the opencart administration on this,
if this extension is available in the OC Extension Section ! ;)
I already alerted the Site Owner mentioned below...
Ernie
---
view-source:https://arabestore.com/

Code: Select all

$('#hbnp_subscribe').click(function(){
	var email = $('#hbnp_email').val();
	var emailReg = /^([\w-\.]+@([\w-]+\.)+[\w-]{2,4})?$/;
	  if((!emailReg.test(email)) || ($.trim(email) == '') ) {
	  	alert ('Invalid email');
	    return false;
	  }
	 $('#loadgif_hbnp').show();
	$.ajax({
		  type: 'post',
		  url: 'index.php?route=module/hbnp_core',
		  data: {email: $('#hbnp_email').val(), register: '0', hbemail: '0' , subject: '', body:''},
		  dataType: 'json',
		  success: function(json) {
				if (json['success']) {
					  $('#nl_form').html('');
					  $('#hbnp_msg').html(json['success']);
					  if (json['form'] == '1'){
					 	 $('#hbnp_register').show();
					  }else {
					  	sethbnpcookie();
					  	autoclose();
					  }
					  $('#loadgif_hbnp').hide();
				}
		  },
		  error: function(xhr, ajaxOptions, thrownError) {
			alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
		  }
	 });

 });
 
 $('#hbnp_btn_register').click(function(){
 	var fname = $('#fname').val();
 	var lname = $('#lname').val();
 	var pwd = $('#pwd').val();
 	var cpwd = $('#cpwd').val();
	
	var hbemail = $('#hidden_email').val();
	//alert (hbemail);
 	
 	if ($.trim(fname)==''){
 		alert ('Please enter First Name!');
 		return false;
 	}
 	if ($.trim(lname)==''){
 		alert ('Please enter Last Name!');
 		return false;
 	}
 	if ($.trim(pwd)==''){
 		alert ('Please set a password!');
 		return false;
 	}
 	if ($.trim(cpwd)==''){
 		alert ('Please re-enter password!');
 		return false;
 	}
 	if (pwd != cpwd){
 		alert ('Both Password does not match!');
 		return false;
 	}

	$('#loadgif_hbnp').show();
	$.ajax({
		  type: 'post',
		  url: 'index.php?route=module/hbnp_core/register',
		  data: {email: hbemail, fname: $('#fname').val(), lname: $('#lname').val(), pwd: $('#pwd').val(), cpwd: $('#cpwd').val(), hbemail: '0' , subject: '', body:''},
		  dataType: 'json',
		  success: function(json) {
				if (json['success']) {
					  $('#hbnp_register').html('');
					  $('#hbnp_msg').html(json['success']);
					  $('#loadgif_hbnp').hide();
					  sethbnpcookie();
					  autoclose();
					  setTimeout(function(){
						  if (json['hbnp_redirect'] == '1') {
							window.location.href = window.location.href;
						  }
					  }, 7000);

				}
		  },
		  error: function(xhr, ajaxOptions, thrownError) {
			alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
		  }
	 });
 });
</script>

My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by bugless » Fri Oct 20, 2017 9:50 am

Yeah I did send a message to opencart about it. They told me to delete the offending file. Not sure what else they are doing about it.
I found another site that had it so I alerted that store owner also.

Newbie

Posts

Joined
Wed Jul 20, 2011 8:31 pm

Post by Johnathan » Fri Oct 20, 2017 10:23 pm

Seems like kind of a strange thing to add if the extension doesn't need it. Have you contacted the developer, and asked them why they include that file? There may be valid reason, but you'd have to see if they have an answer.

Image Image Image Image Image


User avatar
Administrator

Posts

Joined
Fri Dec 18, 2009 3:08 am

Who is online

Users browsing this forum: No registered users and 135 guests