Skip to content

Commit

Permalink
Protect forms with a token ID that is assigned to a customers session.
Browse files Browse the repository at this point in the history
  • Loading branch information
@haraldpdl
haraldpdl committed Dec 12, 2008
1 parent 826437a commit 95b005d
Show file tree
Hide file tree
Showing 16 changed files with 60 additions and 42 deletions.
4 changes: 2 additions & 2 deletions catalog/account_edit.php
View file
Expand Up @@ -20,7 +20,7 @@
// needs to be included earlier to set the success message in the messageStack
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_EDIT);

if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']);
$firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
$lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']);
Expand Down Expand Up @@ -142,7 +142,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('account_edit', tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'), 'post', 'onSubmit="return check_form(account_edit);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('account_edit', tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'), 'post', 'onSubmit="return check_form(account_edit);"', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/account_newsletters.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -23,7 +23,7 @@
$newsletter_query = tep_db_query("select customers_newsletter from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
$newsletter = tep_db_fetch_array($newsletter_query);

if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
if (isset($HTTP_POST_VARS['newsletter_general']) && is_numeric($HTTP_POST_VARS['newsletter_general'])) {
$newsletter_general = tep_db_prepare_input($HTTP_POST_VARS['newsletter_general']);
} else {
Expand Down Expand Up @@ -79,7 +79,7 @@ function checkBox(object) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('account_newsletter', tep_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('account_newsletter', tep_href_link(FILENAME_ACCOUNT_NEWSLETTERS, '', 'SSL'), 'post', '', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/account_notifications.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -23,7 +23,7 @@
$global_query = tep_db_query("select global_product_notifications from " . TABLE_CUSTOMERS_INFO . " where customers_info_id = '" . (int)$customer_id . "'");
$global = tep_db_fetch_array($global_query);

if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
if (isset($HTTP_POST_VARS['product_global']) && is_numeric($HTTP_POST_VARS['product_global'])) {
$product_global = tep_db_prepare_input($HTTP_POST_VARS['product_global']);
} else {
Expand Down Expand Up @@ -105,7 +105,7 @@ function checkBox(object) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('account_notifications', tep_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('account_notifications', tep_href_link(FILENAME_ACCOUNT_NOTIFICATIONS, '', 'SSL'), 'post', '', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/account_password.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -20,7 +20,7 @@
// needs to be included earlier to set the success message in the messageStack
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_PASSWORD);

if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$password_current = tep_db_prepare_input($HTTP_POST_VARS['password_current']);
$password_new = tep_db_prepare_input($HTTP_POST_VARS['password_new']);
$password_confirmation = tep_db_prepare_input($HTTP_POST_VARS['password_confirmation']);
Expand Down Expand Up @@ -87,7 +87,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('account_password', tep_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onSubmit="return check_form(account_password);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('account_password', tep_href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'post', 'onSubmit="return check_form(account_password);"', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
10 changes: 5 additions & 5 deletions catalog/address_book_process.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2007 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -20,7 +20,7 @@
// needs to be included earlier to set the success message in the messageStack
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADDRESS_BOOK_PROCESS);

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') && isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete'])) {
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'deleteconfirm') && isset($HTTP_GET_VARS['delete']) && is_numeric($HTTP_GET_VARS['delete']) && isset($HTTP_GET_VARS['formid']) && ($HTTP_GET_VARS['formid'] == md5($sessiontoken))) {
tep_db_query("delete from " . TABLE_ADDRESS_BOOK . " where address_book_id = '" . (int)$HTTP_GET_VARS['delete'] . "' and customers_id = '" . (int)$customer_id . "'");

$messageStack->add_session('addressbook', SUCCESS_ADDRESS_BOOK_ENTRY_DELETED, 'success');
Expand All @@ -30,7 +30,7 @@

// error checking when updating or adding an entry
$process = false;
if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'update'))) {
if (isset($HTTP_POST_VARS['action']) && (($HTTP_POST_VARS['action'] == 'process') || ($HTTP_POST_VARS['action'] == 'update')) && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$process = true;
$error = false;

Expand Down Expand Up @@ -270,7 +270,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php if (!isset($HTTP_GET_VARS['delete'])) echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($HTTP_GET_VARS['edit']) ? 'edit=' . $HTTP_GET_VARS['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php if (!isset($HTTP_GET_VARS['delete'])) echo tep_draw_form('addressbook', tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, (isset($HTTP_GET_VARS['edit']) ? 'edit=' . $HTTP_GET_VARS['edit'] : ''), 'SSL'), 'post', 'onSubmit="return check_form(addressbook);"', true); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down Expand Up @@ -329,7 +329,7 @@
<tr>
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
<td><?php echo '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BUTTON_BACK) . '</a>'; ?></td>
<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $HTTP_GET_VARS['delete'] . '&action=deleteconfirm', 'SSL') . '">' . tep_image_button('button_delete.gif', IMAGE_BUTTON_DELETE) . '</a>'; ?></td>
<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete=' . $HTTP_GET_VARS['delete'] . '&action=deleteconfirm&formid=' . md5($sessiontoken), 'SSL') . '">' . tep_image_button('button_delete.gif', IMAGE_BUTTON_DELETE) . '</a>'; ?></td>
<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>
</tr>
</table></td>
Expand Down
4 changes: 2 additions & 2 deletions catalog/checkout_payment.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2007 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand Down Expand Up @@ -138,7 +138,7 @@ function rowOutEffect(object) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_payment', tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL'), 'post', 'onsubmit="return check_form();"'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_payment', tep_href_link(FILENAME_CHECKOUT_CONFIRMATION, '', 'SSL'), 'post', 'onsubmit="return check_form();"', true); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/checkout_payment_address.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -28,7 +28,7 @@

$error = false;
$process = false;
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
// process a new billing address
if (tep_not_null($HTTP_POST_VARS['firstname']) && tep_not_null($HTTP_POST_VARS['lastname']) && tep_not_null($HTTP_POST_VARS['street_address'])) {
$process = true;
Expand Down Expand Up @@ -263,7 +263,7 @@ function check_form_optional(form_name) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'), 'post', 'onSubmit="return check_form_optional(checkout_address);"'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_PAYMENT_ADDRESS, '', 'SSL'), 'post', 'onSubmit="return check_form_optional(checkout_address);"', true); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/checkout_shipping.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand Down Expand Up @@ -95,7 +95,7 @@
}

// process the selected shipping method
if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') ) {
if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken) ) {
if (!tep_session_is_registered('comments')) tep_session_register('comments');
if (tep_not_null($HTTP_POST_VARS['comments'])) {
$comments = tep_db_prepare_input($HTTP_POST_VARS['comments']);
Expand Down Expand Up @@ -205,7 +205,7 @@ function rowOutEffect(object) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'), 'post', '', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 3 additions & 3 deletions catalog/checkout_shipping_address.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand Down Expand Up @@ -41,7 +41,7 @@

$error = false;
$process = false;
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'submit') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
// process a new shipping address
if (tep_not_null($HTTP_POST_VARS['firstname']) && tep_not_null($HTTP_POST_VARS['lastname']) && tep_not_null($HTTP_POST_VARS['street_address'])) {
$process = true;
Expand Down Expand Up @@ -275,7 +275,7 @@ function check_form_optional(form_name) {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING_ADDRESS, '', 'SSL'), 'post', 'onSubmit="return check_form_optional(checkout_address);"'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING_ADDRESS, '', 'SSL'), 'post', 'onSubmit="return check_form_optional(checkout_address);"', true); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
7 changes: 5 additions & 2 deletions catalog/create_account.php
View file
Expand Up @@ -16,7 +16,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CREATE_ACCOUNT);

$process = false;
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) {
if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$process = true;

if (ACCOUNT_GENDER == 'true') {
Expand Down Expand Up @@ -226,6 +226,9 @@
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');

// reset session token
$sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());

// restore cart contents
$cart->restore_contents();

Expand Down Expand Up @@ -274,7 +277,7 @@
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onSubmit="return check_form(create_account);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('create_account', tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL'), 'post', 'onSubmit="return check_form(create_account);"', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down
6 changes: 6 additions & 0 deletions catalog/includes/application_top.php
View file
Expand Up @@ -200,6 +200,12 @@
extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);
}

// initialize a session token
if (!tep_session_is_registered('sessiontoken')) {
$sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
tep_session_register('sessiontoken');
}

// set SID once, even if empty
$SID = (defined('SID') ? SID : '');

Expand Down
8 changes: 7 additions & 1 deletion catalog/includes/functions/html_output.php
View file
Expand Up @@ -147,13 +147,19 @@ function tep_draw_separator($image = 'pixel_black.gif', $width = '100%', $height

////
// Output a form
function tep_draw_form($name, $action, $method = 'post', $parameters = '') {
function tep_draw_form($name, $action, $method = 'post', $parameters = '', $tokenize = false) {
global $sessiontoken;

$form = '<form name="' . tep_output_string($name) . '" action="' . tep_output_string($action) . '" method="' . tep_output_string($method) . '"';

if (tep_not_null($parameters)) $form .= ' ' . $parameters;

$form .= '>';

if ( ($tokenize == true) && isset($sessiontoken) ) {
$form .= '<input type="hidden" name="formid" value="' . tep_output_string($sessiontoken) . '">';
}

return $form;
}

Expand Down
9 changes: 6 additions & 3 deletions catalog/login.php
View file
Expand Up @@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
Copyright (c) 2008 osCommerce
Released under the GNU General Public License
*/
Expand All @@ -20,7 +20,7 @@
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

$error = false;
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);

Expand Down Expand Up @@ -54,6 +54,9 @@

tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

// reset session token
$sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());

// restore cart contents
$cart->restore_contents();

Expand Down Expand Up @@ -101,7 +104,7 @@ function session_win() {
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<td width="100%" valign="top"><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL'), 'post', '', true); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td><table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
Expand Down

0 comments on commit 95b005d

Please sign in to comment.