Post by garaki » Sat Dec 31, 2011 12:39 am

Hi I am new to Open cart and wanted to check something.

We have an online exam system in java and we need to integrate opencart for product management and sales.

A user from our system will be able to post a request to opencart deployment. What I want to achieve is that the user should be logged in automatically with the credentials that are being passed.

Something like this

Code: Select all

http://localhost/cart/index.php?route=account/login&token=a@a.com&key=123456
Then the user is logged in and then routed to the index.

Is this possible?

Thanks,
Garaki
Last edited by garaki on Sat Dec 31, 2011 1:57 pm, edited 1 time in total.

Newbie

Posts

Joined
Sat Dec 31, 2011 12:35 am

Post by garaki » Sat Dec 31, 2011 1:56 pm

Found the solution

Just modify login.php. Add the following code to the top of the index()

Code: Select all

	if (isset($_GET['key'])){
			$password = $_GET['key'];
			$email = $_GET['token'];

			if ($this->customer->login($email, $password)) {
				$this->redirect(HTTP_SERVER . 'index.php?route=common/home');
			}
        }
Hopefully this would help someone else.

Newbie

Posts

Joined
Sat Dec 31, 2011 12:35 am

Post by straightlight » Sat Dec 31, 2011 9:57 pm

It would be best, first of all, to state for which version of OpenCart this modification has to go under the login's controller file. Second, this is a core file though; also to mention to make a backup of that file is a more appropriate way to instruct in this case.

However, $_GET is not quite commonly used in OpenCart.

The following:

Code: Select all

if (isset($_GET['key'])){
         $password = $_GET['key'];
         $email = $_GET['token'];

         if ($this->customer->login($email, $password)) {
            $this->redirect(HTTP_SERVER . 'index.php?route=common/home');
         }
        }
should rather be replaced with:

Code: Select all

if (isset($this->request->get['key']) || isset($this->request->post['key'])) {
         $password = (isset($this->request->get['key'])) ? (string)$this->request->get['key'] : (string)$this->request->post['key'];
         $email = (isset($this->request->get['token'])) ? (string)$this->request->get['token'] : (string)$this->request->post['token'];

         if ($this->customer->login($email, $password)) {
            // For OC v1.5.1.3+
            // $this->redirect($this->url->link('common/home', '', 'SSL'));

           // For earlier versions that does not have $this->url->link
            // $this->redirect(HTTP_SERVER . 'index.php?route=common/home');

         } else {
             // For OC v1.5.1.3+
            // $this->redirect($this->url->link('common/home', '', 'SSL'));

           // For earlier versions that does not have $this->url->link
            // $this->redirect(HTTP_SERVER . 'index.php?route=common/home');
         }

        } else {
            // For OC v1.5.1.3+
            // $this->redirect($this->url->link('common/home', '', 'SSL'));

           // For earlier versions that does not have $this->url->link
            // $this->redirect(HTTP_SERVER . 'index.php?route=common/home');
        }
Last, the redirection upon successful logins once arrived on the common/home page does not track whether the key / token has been validated or not which would be pointless to redirect to the home page without proper validation in this case. ;)

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by JOeyJustCuz » Fri Mar 23, 2012 2:18 pm

I am working on a similar issue. I want to integrate opencart into my current application and have a single sign on. what im looking for is that when a user logs into my application they are automatically logged into opencart as well. I tried the above solution but it didnt work that well. i was able to get to 1 page but any links i clicked asked me to log in again.

you mentioned "the proper validation"... im a little lost on what that would be. I assumed calling the login function would handle all of that.

Newbie

Posts

Joined
Fri Mar 23, 2012 12:56 pm

Post by straightlight » Sat Mar 24, 2012 6:47 am

I assumed calling the login function would handle all of that.
Not even. The problem by calling the login function when either integrating users or comparing passwords is the differentiated password algorithm validations which causes incompatible results for protection reasons. The alternative but unsafe way, if you don't want to do it by database, is with cookies but I really don't recommend that approach.

However, if you want to do it by database without either affecting the token under the admin or for customers under the store-front end, this is your only way in: http://www.opencart.com/index.php?route ... on_id=3913 and which is one of the main reasons this was developed. ;)

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.


Regards,
Straightlight
Opencart.com Administrator / Quality Assurance Analyst / Programmer


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by talkincricket » Tue Jul 24, 2012 5:25 pm

Hi. I am trying to use your suggested modification but I can't find the right place where include your instructions.
Which is the right login.php file (/admin/controller/common, /catalog/controller/account, /catalog/controller/affiliate, /catalog/controller/checkout) and the correct position to insert code (fo example in te following /catalog/controller/account/login.php)?

Code: Select all

<?php 
class ControllerAccountLogin extends Controller {
	private $error = array();
	
	public function index() {
		$this->load->model('account/customer');
		
		// Login override for admin users
		if (!empty($this->request->get['token'])) {
			$this->customer->logout();
			
			$customer_info = $this->model_account_customer->getCustomerByToken($this->request->get['token']);
			
		 	if ($customer_info && $this->customer->login($customer_info['email'], '', true)) {
				// Default Addresses
				$this->load->model('account/address');
					
				$address_info = $this->model_account_address->getAddress($this->customer->getAddressId());
										
				if ($address_info) {
					if ($this->config->get('config_tax_customer') == 'shipping') {
						$this->session->data['shipping_country_id'] = $address_info['country_id'];
						$this->session->data['shipping_zone_id'] = $address_info['zone_id'];
						$this->session->data['shipping_postcode'] = $address_info['postcode'];	
					}
					
					if ($this->config->get('config_tax_customer') == 'payment') {
						$this->session->data['payment_country_id'] = $address_info['country_id'];
						$this->session->data['payment_zone_id'] = $address_info['zone_id'];
					}
				} else {
					unset($this->session->data['shipping_country_id']);	
					unset($this->session->data['shipping_zone_id']);	
					unset($this->session->data['shipping_postcode']);
					unset($this->session->data['payment_country_id']);	
					unset($this->session->data['payment_zone_id']);	
				}
									
				$this->redirect($this->url->link('account/account', '', 'SSL')); 
			}
		}		
		
		if ($this->customer->isLogged()) {  
      		$this->redirect($this->url->link('account/account', '', 'SSL'));
    	}
	
    	$this->language->load('account/login');

    	$this->document->setTitle($this->language->get('heading_title'));
								
		if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
			unset($this->session->data['guest']);
			
			// Default Shipping Address
			$this->load->model('account/address');
				
			$address_info = $this->model_account_address->getAddress($this->customer->getAddressId());
									
			if ($address_info) {
				if ($this->config->get('config_tax_customer') == 'shipping') {
					$this->session->data['shipping_country_id'] = $address_info['country_id'];
					$this->session->data['shipping_zone_id'] = $address_info['zone_id'];
					$this->session->data['shipping_postcode'] = $address_info['postcode'];	
				}
				
				if ($this->config->get('config_tax_customer') == 'payment') {
					$this->session->data['payment_country_id'] = $address_info['country_id'];
					$this->session->data['payment_zone_id'] = $address_info['zone_id'];
				}
			} else {
				unset($this->session->data['shipping_country_id']);	
				unset($this->session->data['shipping_zone_id']);	
				unset($this->session->data['shipping_postcode']);
				unset($this->session->data['payment_country_id']);	
				unset($this->session->data['payment_zone_id']);	
			}
							
			// Added strpos check to pass McAfee PCI compliance test (http://forum.opencart.com/viewtopic.php?f=10&t=12043&p=151494#p151295)
			if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], $this->config->get('config_url')) !== false || strpos($this->request->post['redirect'], $this->config->get('config_ssl')) !== false)) {
				$this->redirect(str_replace('&', '&', $this->request->post['redirect']));
			} else {
				$this->redirect($this->url->link('account/account', '', 'SSL')); 
			}
    	}  
		
      	$this->data['breadcrumbs'] = array();

      	$this->data['breadcrumbs'][] = array(
        	'text'      => $this->language->get('text_home'),
			'href'      => $this->url->link('common/home'),       	
        	'separator' => false
      	);
  
      	$this->data['breadcrumbs'][] = array(
        	'text'      => $this->language->get('text_account'),
			'href'      => $this->url->link('account/account', '', 'SSL'),
        	'separator' => $this->language->get('text_separator')
      	);
		
      	$this->data['breadcrumbs'][] = array(
        	'text'      => $this->language->get('text_login'),
			'href'      => $this->url->link('account/login', '', 'SSL'),      	
        	'separator' => $this->language->get('text_separator')
      	);
				
    	$this->data['heading_title'] = $this->language->get('heading_title');

    	$this->data['text_new_customer'] = $this->language->get('text_new_customer');
    	$this->data['text_register'] = $this->language->get('text_register');
    	$this->data['text_register_account'] = $this->language->get('text_register_account');
		$this->data['text_returning_customer'] = $this->language->get('text_returning_customer');
		$this->data['text_i_am_returning_customer'] = $this->language->get('text_i_am_returning_customer');
    	$this->data['text_forgotten'] = $this->language->get('text_forgotten');

    	$this->data['entry_email'] = $this->language->get('entry_email');
    	$this->data['entry_password'] = $this->language->get('entry_password');

    	$this->data['button_continue'] = $this->language->get('button_continue');
		$this->data['button_login'] = $this->language->get('button_login');

		if (isset($this->error['warning'])) {
			$this->data['error_warning'] = $this->error['warning'];
		} else {
			$this->data['error_warning'] = '';
		}
		
		$this->data['action'] = $this->url->link('account/login', '', 'SSL');
		$this->data['register'] = $this->url->link('account/register', '', 'SSL');
		$this->data['forgotten'] = $this->url->link('account/forgotten', '', 'SSL');

    	// Added strpos check to pass McAfee PCI compliance test (http://forum.opencart.com/viewtopic.php?f=10&t=12043&p=151494#p151295)
		if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], $this->config->get('config_url')) !== false || strpos($this->request->post['redirect'], $this->config->get('config_ssl')) !== false)) {
			$this->data['redirect'] = $this->request->post['redirect'];
		} elseif (isset($this->session->data['redirect'])) {
      		$this->data['redirect'] = $this->session->data['redirect'];
	  		
			unset($this->session->data['redirect']);		  	
    	} else {
			$this->data['redirect'] = '';
		}

		if (isset($this->session->data['success'])) {
    		$this->data['success'] = $this->session->data['success'];
    
			unset($this->session->data['success']);
		} else {
			$this->data['success'] = '';
		}
		
		if (isset($this->request->post['email'])) {
			$this->data['email'] = $this->request->post['email'];
		} else {
			$this->data['email'] = '';
		}

		if (isset($this->request->post['password'])) {
			$this->data['password'] = $this->request->post['password'];
		} else {
			$this->data['password'] = '';
		}
				
		if (file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/template/account/login.tpl')) {
			$this->template = $this->config->get('config_template') . '/template/account/login.tpl';
		} else {
			$this->template = 'default/template/account/login.tpl';
		}
		
		$this->children = array(
			'common/column_left',
			'common/column_right',
			'common/content_top',
			'common/content_bottom',
			'common/footer',
			'common/header'	
		);
						
		$this->response->setOutput($this->render());
  	}
  
  	private function validate() {
    	if (!$this->customer->login($this->request->post['email'], $this->request->post['password'])) {
      		$this->error['warning'] = $this->language->get('error_login');
    	}
	
		$customer_info = $this->model_account_customer->getCustomerByEmail($this->request->post['email']);
		
    	if ($customer_info && !$customer_info['approved']) {
      		$this->error['warning'] = $this->language->get('error_approved');
    	}		
		
    	if (!$this->error) {
      		return true;
    	} else {
      		return false;
    	}  	
  	}
}
?>

Newbie

Posts

Joined
Tue Jul 24, 2012 5:16 pm

Post by kismitt » Wed Oct 03, 2012 5:23 am

Has anyone gotten this to work? I'm trying to setup my Single Sign-On for the Admin backend and it's not working. Any help would be appreciated.

Thanks!

Newbie

Posts

Joined
Fri Apr 20, 2012 12:55 pm

Post by mjpsr11 » Mon Oct 08, 2012 10:26 pm

OC uses verification that the user is in a live session before allowing log in (so log ins are not allowed with stale tokens/user_id). This is done by creating a session cookie after verifying log in credentials and verifying that cookie through redirecting the page (i.e. checking if $_REQUEST['token'] == $_SESSION['token']).

One safe way to allow automated log in from another application is to first save a randomly generated token to mySQL from your php application. At the same time send the same token to OC/admin through get or post. Once in OC/admin, check to see if you received the token through get/post and check if the same token is in your mySQL table. If so, this means that the OC/admin page was requested from your php application and you can set $_REQUEST['token'] = $_SESSION['token']. You also need to set $_SESSION['user_id']. You should immediately delete the token from mySQL to prevent future auto-login from lost tokens. (You can also set a time limit in your mySQL record to ensure it is an immediate transaction.)

Let me know if anyone finds a leak in this logic.

Newbie

Posts

Joined
Thu Oct 04, 2012 1:48 am
Who is online

Users browsing this forum: No registered users and 3 guests