Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

[Contribution] Secure Admin Login - Logout


dailce

Recommended Posts

  • Replies 99
  • Created
  • Last Reply

Top Posters In This Topic

Not sure why you are getting errors. It is a great contribution. If you download the first one March 23 it will work the only real change in the newer one was made in LoginAction.php. This is the code for that:

 

<?php
// Include application configuration parameters
 require('includes/configure.php');
// include the database functions
 require(DIR_WS_FUNCTIONS . 'database.php');
// make a connection to the database... now
 tep_db_connect() or die('Unable to connect to database server!');
// Check if the information has been filled in
if(($psName == "") || ($psPassword == "")) {
// No login information
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'login.php?refer='.urlencode($psRefer));
} else {
// Authenticate user
$psName = addslashes($psName);
$psPassword = addslashes($psPassword);
$sQuery = "SELECT ID, MD5(UNIX_TIMESTAMP() + ID + RAND(UNIX_TIMESTAMP())), sGUID FROM administrator WHERE (sName = '$psName') AND (sPassword = password('$psPassword'))";
$hResult = mysql_query($sQuery);
if(mysql_affected_rows()) {
$aResult = mysql_fetch_row($hResult);
// Update the user record
$sQuery = "UPDATE administrator SET sGUID = '" . addslashes($aResult[1]) . "' WHERE ID = '" . addslashes($aResult[0]) . "'";
mysql_query($sQuery);
// Set the cookie and redirect
setcookie("session_id", $aResult[1]);
if(!$psRefer) $psRefer = HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'index.php';
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'index.php');
} else {
// Not authenticated
header('Location: ' . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN . 'login.php?refer='.urlencode($psRefer));
}
}
?>

 

Other than that you should not have any problems, make sure you add your password and username to the database.

Link to comment
Share on other sites

Are you using the correct user name and password? Everything is working fine for me. If you can't get the newer one to work, try installing the very first one "March 23" and then post your findings here.

Link to comment
Share on other sites

I had a small problem with this contrib, namely that with Register Globals off, it would just return to loginaction.php. However, simply adding

 

  $psName = $_POST["psName"];
 $psPassword = $_POST["psPassword"];
 $psRefer = $_POST["psRefer"];

 

to the top of loginaction.php seemed to make it work. Hope this helps someone!

Link to comment
Share on other sites

URGENT HELP NEEDED

 

I CAN'T LOGIN

 

WELL I CAN, IT GOES TO THE ADMIN CPANEL BUT AS SOON AS I CLICK ON ANYTHING IT LOGS ME OUT, SO I CAN'T ADD PRODUCTS OR MARK THEM SOLD OUT OR ANYTHING?

 

PLEASE PLEASE HELP ME

Link to comment
Share on other sites

I've use the original code for LoginAction.php according to post #6 however results page as:

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in c:\program files\easyphp1-8\www\catalog\admin\loginaction.php on line 19

 

Warning: Cannot modify header information - headers already sent by (output started at c:\program files\easyphp1-8\www\catalog\admin\loginaction.php:19) in c:\program files\easyphp1-8\www\catalog\admin\loginaction.php on line 24

 

Warning: Cannot modify header information - headers already sent by (output started at c:\program files\easyphp1-8\www\catalog\admin\loginaction.php:19) in c:\program files\easyphp1-8\www\catalog\admin\loginaction.php on line 26

 

 

If try to replace line 19 with the code contritbue by godfrank

then the login will result a page refresh and back to LoginAction.php

 

I have my Register Globals on

Link to comment
Share on other sites

I had a small problem with this contrib, namely that with Register Globals off, it would just return to loginaction.php. However, simply adding

 

  $psName = $_POST["psName"];
 $psPassword = $_POST["psPassword"];
 $psRefer = $_POST["psRefer"];

 

to the top of loginaction.php seemed to make it work. Hope this helps someone!

 

 

IT WORKS NOW YAH!

 

thanks for the fix

Link to comment
Share on other sites

I had a small problem with this contrib, namely that with Register Globals off, it would just return to loginaction.php. However, simply adding

 

  $psName = $_POST["psName"];
 $psPassword = $_POST["psPassword"];
 $psRefer = $_POST["psRefer"];

 

to the top of loginaction.php seemed to make it work. Hope this helps someone!

 

Now, it works fine.

 

A simple variable declaration in the top of the loginaction.php page after the <?php tag.

 

Thanks Brindley

Link to comment
Share on other sites

Hi,

 

I have installed the contrib as per instructions.

I have my shop in /catalog/ dir, when I goto www.mysite.com/catalog/admin/ it says page can not be displayed, it re-directs me to 'http://www.mysite.com/admin/login.php'.

 

which should be 'http://www.mysite.com/catalog/admin/login.php' - if i type that manually it works, but then when i submit my username and password it forwards me to

' www.mysite.com/admin/LoginAction.php ' which should be ' www.mysite.com/catalog/admin/LoginAction.php '

 

any ideas on how to make sure it adds the /catalog/

 

Look forward to hearing from someone :)

 

Hope the above makes sense

Link to comment
Share on other sites

First class contribution.

 

I am making progress however I now get this error when I try to logon:

 

Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /files/home2/frankknighton/catalog/admin/includes/functions/database.php on line 19

Unable to connect to database server!

 

Any ideas?

 

 

Thanks

Link to comment
Share on other sites

Hello,

 

I have tried installing this contrib several times. I get the login page, login, get the administration page, click on anything, and get the login page again, again, again, again..............................

 

Any ideas?

 

TIA

Link to comment
Share on other sites

Get following errors when try to login to admin after making changes outlined in installation instructions (login screen does show):

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in .../OSCommerce/catalog/admin/LoginAction.php on line 19

 

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 24

 

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 26

 

Any ideas how to proceed appreciated. (Yep, I'm not a programmer. :D ) My LoginAction.php is line for line the same as the one previously posted.

 

FYI: Here is original and replaced header info from lnstallation instruction #5. Can any of this be problem?

 

Original code:

 

<td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td>

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td>

 

Replaced above with below code from installation instructions (did try replacing 'NONSSL' with 'SSL' in first line but got same errors either way):

 

<td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td>

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '" class="headerLink">' . HEADER_LOGOFF . '</a>'; ?> </td>

Link to comment
Share on other sites

Get following errors when try to login to admin after making changes outlined in installation instructions (login screen does show):

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in .../OSCommerce/catalog/admin/LoginAction.php on line 19

 

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 24

 

Warning: Cannot modify header information - headers already sent by (output started at .../OSCommerce/catalog/admin/LoginAction.php:19) in .../OSCommerce/catalog/admin/LoginAction.php on line 26

 

Any ideas how to proceed appreciated. (Yep, I'm not a programmer. :D ) My LoginAction.php is line for line the same as the one previously posted.

 

FYI: Here is original and replaced header info from lnstallation instruction #5. Can any of this be problem?

 

Original code:

 

<td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td>

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_ADMINISTRATION . '</a>'; ?> </td>

 

Replaced above with below code from installation instructions (did try replacing 'NONSSL' with 'SSL' in first line but got same errors either way):

 

<td class="headerBarContent"> <?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT, '', 'NONSSL') . '" class="headerLink">' . HEADER_TITLE_TOP . '</a>'; ?></td>

<td class="headerBarContent" align="right"><?php echo '<a href="http://www.oscommerce.com" class="headerLink">' . HEADER_TITLE_SUPPORT_SITE . '</a> | <a href="' . tep_catalog_href_link() . '" class="headerLink">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '" class="headerLink">' . HEADER_LOGOFF . '</a>'; ?> </td>

 

Bumping. Please, can anyone help or even point to another thread that might help me resolve this problem. Any help greatly appreciated!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...