Trailz Posted March 13, 2003 Share Posted March 13, 2003 Being unable to login as any user since I didn't have there password and being a pain in the ass to use phpmyadmin to copy my password over theres then replacing it I changed a few lines in login.php to allow you to login with a master password or 2. In login.php find // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") { $HTTP_GET_VARS['login'] = 'fail'; } else { Replace with $passwordgood = tep_validate_password($password, $check_customer['customers_password']); if ($password == "setpwdhere" || $password == "setpwdhere2") { $passwordgood = 1; } else { $passwordgood = $passwordgood; } if (!$passwordgood) { $HTTP_GET_VARS['login'] = 'fail'; } else { Be sure to change "setpwdhere" and "setpwdhere2" to passwords you want to use. I offer no warranty if this doesn't work or causes any problems. If you know of how to do this better please post. Thanks Quote Link to comment Share on other sites More sharing options...
wizardsandwars Posted March 13, 2003 Share Posted March 13, 2003 Hey! This could be very very useful. If I am understanding you correctly, this would allow you to manually place orders for existing customers. Sweet, thanks. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
piertools Posted March 14, 2003 Share Posted March 14, 2003 Hey! This could be very very useful. If I am understanding you correctly, this would allow you to manually place orders for existing customers. Sweet, thanks. There is a great contribution here http://www.oscommerce.com/community/contri...ons,832/page,10 that allows the admin to log into a customers account and also allows you to manually place orders under their account as well as manage auctions etc. Check it out.. It has a lot of reprogramming and can be touchy to set up but well worth the time and effort. I couldn't do without it. Quote Link to comment Share on other sites More sharing options...
Ajeh Posted March 14, 2003 Share Posted March 14, 2003 How funny ... I was just talking to a friend about the Super Password last night that overrides everything ... :D Quote Link to comment Share on other sites More sharing options...
radders Posted March 14, 2003 Share Posted March 14, 2003 This sounds very useful but could you explain the point of this bit? else {$passwordgood = $passwordgood; } Quote Link to comment Share on other sites More sharing options...
Trailz Posted March 14, 2003 Author Share Posted March 14, 2003 This sounds very useful but could you explain the point of this bit?else {$passwordgood = $passwordgood; } My php is not the best, that's why I posted it here hoping someone might say clean it up and use this code instead. I dont think it will cause a problem to have it? Quote Link to comment Share on other sites More sharing options...
radders Posted March 14, 2003 Share Posted March 14, 2003 No, no problem, just my tidy mind :) I'm also curious about the vx900 in the original code. Quote Link to comment Share on other sites More sharing options...
gnehc Posted March 15, 2003 Share Posted March 15, 2003 Haha. I'll take a guess at it ... I think that's the model of his monitor. :) I happen to have a gateway vx700 monitor somewhere ... I think the P&G 'order' contribution that was mentioned could be super useful. Though I'll wait a bit for his code to smooth out and more features added. I was tempted two months ago (or so) to install it. But, a tad too many modifications for my taste. Maybe when I upgrade to MS1 or later ... No, no problem, just my tidy mind :) I'm also curious about the vx900 in the original code. Quote Link to comment Share on other sites More sharing options...
danielj Posted March 15, 2003 Share Posted March 15, 2003 I did it slightly differently. In includes/functions/password_funcs.php (which has lots of typos in the MS1 comments, btw): // This function validates a plain text password with an // encrypted password function tep_validate_password($plain, $encrypted) { if ($plain_pass == 'YourSecretWord') { return(true); } if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; if (md5($stack[1] . $plain) == $stack[0]) { return true; } } return false; } Quote Link to comment Share on other sites More sharing options...
danielj Posted March 15, 2003 Share Posted March 15, 2003 Sorry, I forgot to block it out as code: // This funstion validates a plain text password with an // encrpyted password function tep_validate_password($plain, $encrypted) { if ($plain_pass == 'FishHead1964') { return(true); } if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; if (md5($stack[1] . $plain) == $stack[0]) { return true; } } return false; } [/code] Quote Link to comment Share on other sites More sharing options...
Priest Posted July 24, 2003 Share Posted July 24, 2003 Trailz, I originally used yours with a snapshot from April and it't been working GREAT. I can't tell you how many times I have needed to go in and manually edit something because the customer forgot their password and which email address they used. Or thei remail is no longer available. My question now is, can you or someone else UPDATE this to work with the new 2.2MS2? I went in to edit my file and realized that the code has changed. I didn't want to change it and mess up the new sessions code. Thanks, Priest Quote Link to comment Share on other sites More sharing options...
stretchr Posted July 30, 2003 Share Posted July 30, 2003 I would also be interested in this for MS2. Cheers, Stretchr Quote "It's a small world... But I wouldn't want to paint it!" Stephen Wright Link to comment Share on other sites More sharing options...
Guest Posted July 30, 2003 Share Posted July 30, 2003 // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") { $HTTP_GET_VARS['login'] = 'fail'; } else { Replace with $passwordgood = tep_validate_password($password, $check_customer['customers_password']); if ($password == "setpwdhere" || $password == "setpwdhere2") { $passwordgood = 1; } else { $passwordgood = $passwordgood; } if (!$passwordgood) { $HTTP_GET_VARS['login'] = 'fail'; } else { Hi all, My login.php doesnt look anything like this, it looks more like this: // Check that password is good if (!validate_password($password, $check_customer['customers_password'])) { $HTTP_GET_VARS['login'] = 'fail'; } else { $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '1'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); setcookie('email_address', $email_address, time()+2592000, substr(DIR_WS_CATALOG, 0, -1)); $date_now = date('Ymd'); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'"); How should i modify this so it will work. many thanks in advance Quote Link to comment Share on other sites More sharing options...
Priest Posted August 16, 2003 Share Posted August 16, 2003 Again, Any help in getting this compatible with MS2.2 would be GREAT! Thanks, Priest Quote Link to comment Share on other sites More sharing options...
Farrukh Posted August 16, 2003 Share Posted August 16, 2003 Hi I just saw people were requesting an update for Master Password for Milestone 2.2. I have done just that.It works on Milestone. Credit goes to Trailz for the original code. Download here: http://www.oscommerce.com/community/contributions,1459 Quote Link to comment Share on other sites More sharing options...
azer Posted August 17, 2003 Share Posted August 17, 2003 as i asked in the contrib thread , i cannot find with the SEARCH the previous contribution ! could u give a link ? Quote MS2 Link to comment Share on other sites More sharing options...
azer Posted August 17, 2003 Share Posted August 17, 2003 and a newbie question , has u give the password in the code , couldnt anyone that look at the source in the broswer could read the password ? Quote MS2 Link to comment Share on other sites More sharing options...
Farrukh Posted August 17, 2003 Share Posted August 17, 2003 and a newbie question , has u give the password in the code , couldnt anyone that look at the source in the broswer could read the password ? My online password is different than the one listed in the source file. You have to change it to your own liking. Quote Link to comment Share on other sites More sharing options...
radders Posted August 17, 2003 Share Posted August 17, 2003 Where's the old version? - previous page posting by Trailz View Password in browser - this is php server-side not html. The password doesn't reach the browser Quote Link to comment Share on other sites More sharing options...
azer Posted August 17, 2003 Share Posted August 17, 2003 thanks for the answer ... im gonna try it with no fears ... Quote MS2 Link to comment Share on other sites More sharing options...
azer Posted August 17, 2003 Share Posted August 17, 2003 i was asking the Master Password for Milestone 2.1 , cause the links are the one that works for MS2.2 and it s not written if it s compatible with ms1 .... Quote MS2 Link to comment Share on other sites More sharing options...
Priest Posted August 17, 2003 Share Posted August 17, 2003 Hi Farrukh, Works great! Much thanks for contributing this as it really comes in handy some times. ~Priest~ Quote Link to comment Share on other sites More sharing options...
daver6 Posted November 29, 2004 Share Posted November 29, 2004 I need a signin that only recognizes the "master password". This mod sure looks like what I need. However, I've been trying unsuccessfully to get the 2.2 version working for several days. So far, when I use my original password that's in the db, it's still recognized and I get in (even though I removed the customers_password entry from the db access in prior lines - tep_db_query). However, when I use the master password "test1", I'm sent to the error page, which is normal operation, not the master password. Here's my current code: // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good 11/24/04 $passwordgood = tep_validate_password($password, $check_customer['customers_password']); if ($password == "test1" || $password == "test2") { $passwordgood = 1; } else { $passwordgood = $passwordgood; } if (!$passwordgood) { $HTTP_GET_VARS['login'] = 'fail'; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } I've tried several variations, such as $passwordgood = true; or $passwordgood = !$passwordgood; or if (!$passwordgood) {$error = true;} etc., etc. all with no luck. I've also cleared the cache each time just in case. What am I missing? Any help would sure be appreciated! Quote Link to comment Share on other sites More sharing options...
daver6 Posted December 7, 2004 Share Posted December 7, 2004 (edited) I found the problem. I was using a filename called logintest.php, which was not in the filenames.php list. I changed the name to login.php and it now works fine. Learned a little more about osCommerce as well. Edited December 7, 2004 by daver6 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.