Jack_mcs Posted November 6, 2005 Author Share Posted November 6, 2005 Yep, that is a bug. Locate this code in admin/blacklist.php if ($customer_name === $_POST['blacklist']) and change it to if ($customer_name === $_POST['blacklist'] || tep_db_num_rows($blacklist_query) == 1) I think that will fix it. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 6, 2005 Share Posted November 6, 2005 Thank you, that seems to cure the admin part, however I'm still able to login... I should be banned completely. Rgds, Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 6, 2005 Author Share Posted November 6, 2005 If you have the ban completely option set in admin for your test customer, then that customer should not be able to log in. Looks like the code you added to the login page needs some moving around. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 7, 2005 Share Posted November 7, 2005 I did try few variations for the code as suggested but it's very hard to get it working properly without proper knowledge of php. :( My login.php has been modified by PWA and Master Pasword mainly, I believe that anybody with the same contributions installed could have similar problem. Would it be OK for me to post my login.php here or would you be so kind as to guide me in moving the code around? Thanks a lot, Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 7, 2005 Author Share Posted November 7, 2005 Go ahead and post it and I will see what I can do. What Master Password contribution are you using that changes the login page? the one I use doesn't change this file. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 7, 2005 Share Posted November 7, 2005 I believe that it is this contribution with admin control. Here's my login.php, thanks a lot! require('includes/application_top.php'); // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started) if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN); $error_blacklisted = false; // PWA 0.82 : if($HTTP_GET_VARS['login'] == 'fail') { $fail_reason = (!empty($HTTP_GET_VARS['reason'])) ? urldecode($HTTP_GET_VARS['reason']): TEXT_LOGIN_ERROR; $messageStack->add('login', $fail_reason); } if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good - edited for Master Password $mastpw_query = tep_db_query("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MAST_PW'"); $mastpw = tep_db_fetch_array($mastpw_query); $mastpw_pwd = $mastpw["configuration_value"]; $passwordgood = tep_validate_password($password, $check_customer['customers_password']); if ($password == $mastpw_pwd) { // if ($password == "beconvinced4life" || $password == "beconvincednow4life") { // end admin control alteration $passwordgood = 1; } else { $passwordgood = $passwordgood; } if (!$passwordgood) { $error = true; } else { $blacklist_query = tep_db_query("SELECT c.customers_id, b.customers_id, b.ban_customer, b.description FROM " . TABLE_CUSTOMERS . " c, " . TABLE_BLACKLIST . " b WHERE b.customers_id = '" . $check_customer['customers_id'] ."'"); $blacklisted = tep_db_fetch_array($blacklist_query); if ($blacklisted['ban_customer'] == true) { $error = true; $error_blacklisted = true; tep_db_query("update " . TABLE_BLACKLIST . " set attempted_use = '1' where customers_id = '" . $check_customer['customers_id'] . "'"); $email_body = 'The following blacklisted person tried to login:' . "\n\n\t" . $check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname']; tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); tep_session_unregister('referral_id'); //rmh referral tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); // restore cart contents $cart->restore_contents(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href); } else { tep_redirect(tep_href_link(FILENAME_DEFAULT)); } } } } if ($error == true) { if ($error_blacklisted == true) $messageStack->add('login', 'You have been banned from this site. Please contact the shop owner for further details.'); else $messageStack->add('login', TEXT_LOGIN_ERROR); } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL')); ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <?php // Changed: Header Tag Controller v2.4.9 if ( file_exists(DIR_WS_INCLUDES . 'header_tags.php') ) { require(DIR_WS_INCLUDES . 'header_tags.php'); } else { ?> <title><?php echo TITLE; ?></title> <?php } // Changed: Header Tag Controller v2.4.9 ?> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <script language="javascript"><!-- function session_win() { window.open("<?php echo tep_href_link(FILENAME_INFO_SHOPPING_CART); ?>","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus(); } //--></script> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <table border="0" width="100%" cellspacing="2" cellpadding="2"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- left_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_left.php'); ?> <!-- left_navigation_eof //--> </table></td> <!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td> <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_login.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php if ($messageStack->size('login') > 0) { ?> <tr> <td><?php echo $messageStack->output('login'); ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php } if ($cart->count_contents() > 0) { ?> <tr> <td class="smallText"><?php echo TEXT_VISITORS_CART; ?></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <?php } ?> <tr> <td><table border="0" width="70%" cellspacing="0" cellpadding="2"> <?php if (PWA_ON == 'false') { require(DIR_WS_INCLUDES . FILENAME_PWA_ACC_LOGIN); } else { require(DIR_WS_INCLUDES . FILENAME_PWA_PWA_LOGIN); } ?> </tr> </table></td> </tr> </table></form></td> <!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"> <!-- right_navigation //--> <?php require(DIR_WS_INCLUDES . 'column_right.php'); ?> <!-- right_navigation_eof //--> </table></td> </tr> </table> <!-- body_eof //--> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> <br> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 7, 2005 Author Share Posted November 7, 2005 Try adding } else { before if (SESSION_RECREATE == 'True') { Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 7, 2005 Share Posted November 7, 2005 That produced an error I'm afraid. See my test site. Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 7, 2005 Author Share Posted November 7, 2005 That's because the else statement is either adding an extra } or becuase it is in the wrong place. Unfortunately, all I can do is guess due to the changes in the file so I won't be able to fix that for you I'm afraid. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 14, 2005 Share Posted November 14, 2005 Could you tell me what contribution for master pasword are you using please? If I uninstall mine, I should be able to use blacklist contribution. I guess... ;) Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 14, 2005 Author Share Posted November 14, 2005 I use this one. Version 1.1. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 15, 2005 Share Posted November 15, 2005 Thank you, that worked fine. Blacklist now seems to be working. If I ban a person from the site completely, the message is displayed, however it is not sending me emails informing about attempted login by blacklisted visitor. Any idea what the problem might be? Attempted use is recorded and properly displayed in admin. This is my login.ph with email part: // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { $blacklist_query = tep_db_query("SELECT c.customers_id, b.customers_id, b.ban_customer, b.description FROM " . TABLE_CUSTOMERS . " c, " . TABLE_BLACKLIST . " b WHERE b.customers_id = '" . $check_customer['customers_id'] ."'"); $blacklisted = tep_db_fetch_array($blacklist_query); if ($blacklisted['ban_customer'] == true) { $error = true; $error_blacklisted = true; tep_db_query("update " . TABLE_BLACKLIST . " set attempted_use = '1' where customers_id = '" . $check_customer['customers_id'] . "'"); $email_body = 'The following blacklisted person tried to login:' . "\n\n\t" . $check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname']; tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } Thank you for your help. Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 15, 2005 Author Share Posted November 15, 2005 Hmm, if the attempt is showing up in admin, then the code is being accessed so it would appear to be a problem with the email code. Try changing tep_mail(STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS, 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); to tep_mail('To Name', 'your real email address', 'Attempted login by blacklisted visitor', $email_body, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 16, 2005 Share Posted November 16, 2005 Thank you, that works fine! Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
mr_absinthe Posted November 18, 2005 Share Posted November 18, 2005 Shall I leave it like that or is there a way of changing real email address back to STORE_OWNER_EMAIL_ADDRESS ? Alex Quote Absinthe Original Liquor Store Link to comment Share on other sites More sharing options...
Jack_mcs Posted November 19, 2005 Author Share Posted November 19, 2005 You should change it back in case your admin email address changes.Just copy/paste the first version shown above. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Spaceboy Posted January 29, 2006 Share Posted January 29, 2006 I've changed the customer query so that all customers on the left are displayed that are NOT blacklisted for the moment. To do so, change line 73 of admin/blacklist.php from $customers_query = tep_db_query("SELECT customers_id, customers_lastname FROM " . TABLE_CUSTOMERS . " ORDER by " . $sort_order . " ASC"); to $customers_query = tep_db_query("SELECT c.customers_id, c.customers_lastname FROM " . TABLE_CUSTOMERS . " c left join " . TABLE_BLACKLIST . " b on c.customers_id = b.customers_id where b.customers_id IS NULL ORDER by " . $sort_order . " ASC"); Also, a primary key is missing on table "blacklist". Perform ALTER TABLE `blacklist` ADD PRIMARY KEY ( `customers_id` , `entry_street_address` , `entry_suburb` , `entry_postcode` , `entry_city` , `entry_state` ) I decided to add a "distinct" to the blacklisted customers as the name in the listbox appears for each address. To change add "distinct" like this query in admin/blacklist.php : $blacklist_query = tep_db_query("SELECT distinct c.customers_id, b.customers_id, b.ban_customer, b.attempted_use, b.description FROM " . TABLE_CUSTOMERS . " c, " . TABLE_BLACKLIST . " b WHERE c.customers_id = b.customers_id ORDER by " . $sort_order . " ASC"); Else it's not compliant to MS2 standards (hardcoded images URL, no use of tep_input_field, ...) but it does the job and that's what count ! Didier. Quote Published modified Contributions Link to comment Share on other sites More sharing options...
Jack_mcs Posted January 29, 2006 Author Share Posted January 29, 2006 By removing the blacklist customers from the list on the left, you make it more difficult to update. If a customer is already on the blacklist and you want to change the comment for him, with your method, he has to be deleted and then re-added. That is why all are listed on the left side. There probably should be an edit function for the right but this works close enough not to need it I think. The MS2 standard is a suggestion and causes extra work in some situations. As in this case with creating the form. Feel free to alter your code to use it though. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Spaceboy Posted January 29, 2006 Share Posted January 29, 2006 Yip, an "update" possibility would be useful for the right column so you can ban blacklisted customers with 1 update. Good contribution by the way. Better than the "BlockCustomerAccount" one ! Didier. Quote Published modified Contributions Link to comment Share on other sites More sharing options...
aodfan Posted June 15, 2006 Share Posted June 15, 2006 I am reinstalling on a fresh OSC, and after I installed when I try to go to blacklist.php this error pops up: 1146 - Table 'aodfan_altered.TABLE_BLACKLIST' doesn't exist SELECT c.customers_id, b.customers_id, b.ban_customer, b.attempted_use, b.description FROM customers c, TABLE_BLACKLIST b WHERE c.customers_id = b.customers_id ORDER by customers_lastname ASC [TEP STOP] Any help please :) Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 15, 2006 Author Share Posted June 15, 2006 It means you didn't add the database table definition to the database_tables.php file. Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
aodfan Posted June 15, 2006 Share Posted June 15, 2006 It means you didn't add the database table definition to the database_tables.php file. Jack Yea, I realized that last night after I went through the install again, just overlooked it. Thanks though. Quote Link to comment Share on other sites More sharing options...
Guest Posted June 15, 2006 Share Posted June 15, 2006 Great Contrib! Thanks! The only problem I've noticed is when the customer have a long name. If this is the case then it's not possible to add them from left to right. :( Any idea how to solve this? Thanks again! /MagWiz Quote Link to comment Share on other sites More sharing options...
Jack_mcs Posted June 16, 2006 Author Share Posted June 16, 2006 I don't understand what you mean by "add them from left to right." Jack Quote Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons Link to comment Share on other sites More sharing options...
Guest Posted June 16, 2006 Share Posted June 16, 2006 Sorry for not being clear enough! Basically I mean "putting them on the blacklist", i.e. I select a customer with a long name and push the button to add but nothing happens. (If I select a customer with a shorter name it works fine. ) I don't know exactly what the limit is but it's somewhere around 30 characters. A name longer than this can't be put on the blacklist. :huh: /MagWiz Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.