Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Login as any user with your master password..


Trailz

Recommended Posts

Being unable to login as any user since I didn't have there password and being a pain in the ass to use phpmyadmin to copy my password over theres then replacing it I changed a few lines in login.php to allow you

to login with a master password or 2.

 

In login.php find

 

// Check that password is good

     if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

 

Replace with

 

$passwordgood = tep_validate_password($password, $check_customer['customers_password']);



if ($password == "setpwdhere" || $password == "setpwdhere2") {

$passwordgood = 1;

} else {

$passwordgood = $passwordgood;

}



if (!$passwordgood) {

       $HTTP_GET_VARS['login'] = 'fail';

} else {

 

Be sure to change "setpwdhere" and "setpwdhere2" to passwords you

want to use.

 

I offer no warranty if this doesn't work or causes any problems. If you know of how to do this better please post.

 

Thanks

Link to comment
Share on other sites

Hey!

 

This could be very very useful.

 

If I am understanding you correctly, this would allow you to manually place orders for existing customers.

 

Sweet, thanks.

-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Link to comment
Share on other sites

Hey!

 

This could be very very useful.

 

If I am understanding you correctly, this would allow you to manually place orders for existing customers.

 

Sweet, thanks.

 

There is a great contribution here http://www.oscommerce.com/community/contri...ons,832/page,10

that allows the admin to log into a customers account and also allows you to manually place orders under their account as well as manage auctions etc.

 

Check it out.. It has a lot of reprogramming and can be touchy to set up but well worth the time and effort. I couldn't do without it.

Link to comment
Share on other sites

This sounds very useful but could you explain the point of this bit?
else {

$passwordgood = $passwordgood;

}

 

My php is not the best, that's why I posted it here hoping someone might say clean it up and use this code instead.

 

I dont think it will cause a problem to have it?

Link to comment
Share on other sites

Haha.

 

I'll take a guess at it ... I think that's the model of his monitor. :)

I happen to have a gateway vx700 monitor somewhere ...

 

I think the P&G 'order' contribution that was mentioned could be

super useful. Though I'll wait a bit for his code to smooth out

and more features added. I was tempted two months ago (or so)

to install it. But, a tad too many modifications for my taste.

Maybe when I upgrade to MS1 or later ...

 

No, no problem, just my tidy mind :)

I'm also curious about the vx900 in the original code.

Link to comment
Share on other sites

I did it slightly differently. In includes/functions/password_funcs.php (which has lots of typos in the MS1 comments, btw):

 

// This function validates a plain text password with an

// encrypted password

function tep_validate_password($plain, $encrypted) {

if ($plain_pass == 'YourSecretWord') { return(true); }

if (tep_not_null($plain) && tep_not_null($encrypted)) {

// split apart the hash / salt

$stack = explode(':', $encrypted);

if (sizeof($stack) != 2) return false;

if (md5($stack[1] . $plain) == $stack[0]) {

return true;

}

}

return false;

}

Link to comment
Share on other sites

Sorry, I forgot to block it out as code:

 

// This funstion validates a plain text password with an

// encrpyted password

 function tep_validate_password($plain, $encrypted) {

     if ($plain_pass == 'FishHead1964') { return(true); }

   if (tep_not_null($plain) && tep_not_null($encrypted)) {

// split apart the hash / salt

     $stack = explode(':', $encrypted);

     if (sizeof($stack) != 2) return false;

     if (md5($stack[1] . $plain) == $stack[0]) {

       return true;

     }

   }

   return false;

}

[/code]

Link to comment
Share on other sites

  • 4 months later...

Trailz, I originally used yours with a snapshot from April and it't been working GREAT. I can't tell you how many times I have needed to go in and manually edit something because the customer forgot their password and which email address they used. Or thei remail is no longer available.

 

My question now is, can you or someone else UPDATE this to work with the new 2.2MS2? I went in to edit my file and realized that the code has changed. I didn't want to change it and mess up the new sessions code.

 

Thanks,

Priest

Link to comment
Share on other sites

// Check that password is good

     if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

 

Replace with

 

$passwordgood = tep_validate_password($password, $check_customer['customers_password']);



if ($password == "setpwdhere" || $password == "setpwdhere2") {

$passwordgood = 1;

} else {

$passwordgood = $passwordgood;

}



if (!$passwordgood) {

       $HTTP_GET_VARS['login'] = 'fail';

} else {

 

Hi all,

 

My login.php doesnt look anything like this, it looks more like this:

 

// Check that password is good

     if (!validate_password($password, $check_customer['customers_password'])) {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

       $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '1'");

       $check_country = tep_db_fetch_array($check_country_query);



       $customer_id = $check_customer['customers_id'];

       $customer_default_address_id = $check_customer['customers_default_address_id'];

       $customer_first_name = $check_customer['customers_firstname'];

       $customer_country_id = $check_country['entry_country_id'];

       $customer_zone_id = $check_country['entry_zone_id'];

       tep_session_register('customer_id');

       tep_session_register('customer_default_address_id');

       tep_session_register('customer_first_name');

       tep_session_register('customer_country_id');

       tep_session_register('customer_zone_id');



       setcookie('email_address', $email_address, time()+2592000, substr(DIR_WS_CATALOG, 0, -1));



       $date_now = date('Ymd');

       tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'");

 

How should i modify this so it will work.

 

many thanks in advance

Link to comment
Share on other sites

  • 3 weeks later...
and a newbie question , has u give the password in the code , couldnt anyone that look at the source in the broswer could read the password ?

 

My online password is different than the one listed in the source file. You have to change it to your own liking.

Link to comment
Share on other sites

  • 1 year later...

I need a signin that only recognizes the "master password". This mod sure looks like what I need. However, I've been trying unsuccessfully to get the 2.2 version working for several days.

 

So far, when I use my original password that's in the db, it's still recognized and I get in (even though I removed the customers_password entry from the db access in prior lines - tep_db_query). However, when I use the master password "test1", I'm sent to the error page, which is normal operation, not the master password.

 

Here's my current code:

 

// Check if email exists
   $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (!tep_db_num_rows($check_customer_query)) {
     $error = true;
   } else {
     $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good 11/24/04
     $passwordgood = tep_validate_password($password, $check_customer['customers_password']); 

if ($password == "test1" || $password == "test2") { 
$passwordgood = 1; 
} else { 
$passwordgood = $passwordgood; 
} 

if (!$passwordgood) {

      $HTTP_GET_VARS['login'] = 'fail';

} else {
       if (SESSION_RECREATE == 'True') {
         tep_session_recreate();
       }

 

I've tried several variations, such as

$passwordgood = true; or

$passwordgood = !$passwordgood; or

if (!$passwordgood) {$error = true;}

etc., etc. all with no luck. I've also cleared the cache each time just in case.

 

What am I missing? Any help would sure be appreciated!

Link to comment
Share on other sites

  • 2 weeks later...

I found the problem. I was using a filename called logintest.php, which was not in the filenames.php list. I changed the name to login.php and it now works fine. Learned a little more about osCommerce as well.

Edited by daver6
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...