Jump to content
Sign in to follow this  
Trailz

Login as any user with your master password..

Recommended Posts

Being unable to login as any user since I didn't have there password and being a pain in the ass to use phpmyadmin to copy my password over theres then replacing it I changed a few lines in login.php to allow you

to login with a master password or 2.

 

In login.php find

 

// Check that password is good

     if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

 

Replace with

 

$passwordgood = tep_validate_password($password, $check_customer['customers_password']);



if ($password == "setpwdhere" || $password == "setpwdhere2") {

$passwordgood = 1;

} else {

$passwordgood = $passwordgood;

}



if (!$passwordgood) {

       $HTTP_GET_VARS['login'] = 'fail';

} else {

 

Be sure to change "setpwdhere" and "setpwdhere2" to passwords you

want to use.

 

I offer no warranty if this doesn't work or causes any problems. If you know of how to do this better please post.

 

Thanks

Share this post


Link to post
Share on other sites

Hey!

 

This could be very very useful.

 

If I am understanding you correctly, this would allow you to manually place orders for existing customers.

 

Sweet, thanks.


-------------------------------------------------------------------------------------------------------------------------

NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit.

If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help.

Share this post


Link to post
Share on other sites
Hey!

 

This could be very very useful.

 

If I am understanding you correctly, this would allow you to manually place orders for existing customers.

 

Sweet, thanks.

 

There is a great contribution here http://www.oscommerce.com/community/contri...ons,832/page,10

that allows the admin to log into a customers account and also allows you to manually place orders under their account as well as manage auctions etc.

 

Check it out.. It has a lot of reprogramming and can be touchy to set up but well worth the time and effort. I couldn't do without it.

Share this post


Link to post
Share on other sites

How funny ... I was just talking to a friend about the Super Password last night that overrides everything ... :D

Share this post


Link to post
Share on other sites

This sounds very useful but could you explain the point of this bit?

else {

$passwordgood = $passwordgood;

}

Share this post


Link to post
Share on other sites
This sounds very useful but could you explain the point of this bit?
else {

$passwordgood = $passwordgood;

}

 

My php is not the best, that's why I posted it here hoping someone might say clean it up and use this code instead.

 

I dont think it will cause a problem to have it?

Share this post


Link to post
Share on other sites

No, no problem, just my tidy mind :)

I'm also curious about the vx900 in the original code.

Share this post


Link to post
Share on other sites

Haha.

 

I'll take a guess at it ... I think that's the model of his monitor. :)

I happen to have a gateway vx700 monitor somewhere ...

 

I think the P&G 'order' contribution that was mentioned could be

super useful. Though I'll wait a bit for his code to smooth out

and more features added. I was tempted two months ago (or so)

to install it. But, a tad too many modifications for my taste.

Maybe when I upgrade to MS1 or later ...

 

No, no problem, just my tidy mind :)

I'm also curious about the vx900 in the original code.

Share this post


Link to post
Share on other sites

I did it slightly differently. In includes/functions/password_funcs.php (which has lots of typos in the MS1 comments, btw):

 

// This function validates a plain text password with an

// encrypted password

function tep_validate_password($plain, $encrypted) {

if ($plain_pass == 'YourSecretWord') { return(true); }

if (tep_not_null($plain) && tep_not_null($encrypted)) {

// split apart the hash / salt

$stack = explode(':', $encrypted);

if (sizeof($stack) != 2) return false;

if (md5($stack[1] . $plain) == $stack[0]) {

return true;

}

}

return false;

}

Share this post


Link to post
Share on other sites

Sorry, I forgot to block it out as code:

 

// This funstion validates a plain text password with an

// encrpyted password

 function tep_validate_password($plain, $encrypted) {

     if ($plain_pass == 'FishHead1964') { return(true); }

   if (tep_not_null($plain) && tep_not_null($encrypted)) {

// split apart the hash / salt

     $stack = explode(':', $encrypted);

     if (sizeof($stack) != 2) return false;

     if (md5($stack[1] . $plain) == $stack[0]) {

       return true;

     }

   }

   return false;

}

[/code]

Share this post


Link to post
Share on other sites

Trailz, I originally used yours with a snapshot from April and it't been working GREAT. I can't tell you how many times I have needed to go in and manually edit something because the customer forgot their password and which email address they used. Or thei remail is no longer available.

 

My question now is, can you or someone else UPDATE this to work with the new 2.2MS2? I went in to edit my file and realized that the code has changed. I didn't want to change it and mess up the new sessions code.

 

Thanks,

Priest

Share this post


Link to post
Share on other sites

I would also be interested in this for MS2.

 

Cheers,

Stretchr


"It's a small world...

But I wouldn't want to paint it!"

Stephen Wright

Share this post


Link to post
Share on other sites
// Check that password is good

     if (!tep_validate_password($password, $check_customer['customers_password']) || $password != "vx900") {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

 

Replace with

 

$passwordgood = tep_validate_password($password, $check_customer['customers_password']);



if ($password == "setpwdhere" || $password == "setpwdhere2") {

$passwordgood = 1;

} else {

$passwordgood = $passwordgood;

}



if (!$passwordgood) {

       $HTTP_GET_VARS['login'] = 'fail';

} else {

 

Hi all,

 

My login.php doesnt look anything like this, it looks more like this:

 

// Check that password is good

     if (!validate_password($password, $check_customer['customers_password'])) {

       $HTTP_GET_VARS['login'] = 'fail';

     } else {

       $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '1'");

       $check_country = tep_db_fetch_array($check_country_query);



       $customer_id = $check_customer['customers_id'];

       $customer_default_address_id = $check_customer['customers_default_address_id'];

       $customer_first_name = $check_customer['customers_firstname'];

       $customer_country_id = $check_country['entry_country_id'];

       $customer_zone_id = $check_country['entry_zone_id'];

       tep_session_register('customer_id');

       tep_session_register('customer_default_address_id');

       tep_session_register('customer_first_name');

       tep_session_register('customer_country_id');

       tep_session_register('customer_zone_id');



       setcookie('email_address', $email_address, time()+2592000, substr(DIR_WS_CATALOG, 0, -1));



       $date_now = date('Ymd');

       tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'");

 

How should i modify this so it will work.

 

many thanks in advance

Share this post


Link to post
Share on other sites

as i asked in the contrib thread , i cannot find with the SEARCH the previous contribution !

could u give a link ?


MS2

Share this post


Link to post
Share on other sites

and a newbie question , has u give the password in the code , couldnt anyone that look at the source in the broswer could read the password ?


MS2

Share this post


Link to post
Share on other sites
and a newbie question , has u give the password in the code , couldnt anyone that look at the source in the broswer could read the password ?

 

My online password is different than the one listed in the source file. You have to change it to your own liking.

Share this post


Link to post
Share on other sites
Where's the old version?
- previous page posting by Trailz

 

View Password in browser
- this is php server-side not html. The password doesn't reach the browser

Share this post


Link to post
Share on other sites

i was asking the Master Password for Milestone 2.1 , cause the links are the one that works for MS2.2 and it s not written if it s compatible with ms1 ....


MS2

Share this post


Link to post
Share on other sites

Hi Farrukh,

 

Works great! Much thanks for contributing this as it really comes in handy some times.

 

~Priest~

Share this post


Link to post
Share on other sites

I need a signin that only recognizes the "master password". This mod sure looks like what I need. However, I've been trying unsuccessfully to get the 2.2 version working for several days.

 

So far, when I use my original password that's in the db, it's still recognized and I get in (even though I removed the customers_password entry from the db access in prior lines - tep_db_query). However, when I use the master password "test1", I'm sent to the error page, which is normal operation, not the master password.

 

Here's my current code:

 

// Check if email exists
   $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
   if (!tep_db_num_rows($check_customer_query)) {
     $error = true;
   } else {
     $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good 11/24/04
     $passwordgood = tep_validate_password($password, $check_customer['customers_password']); 

if ($password == "test1" || $password == "test2") { 
$passwordgood = 1; 
} else { 
$passwordgood = $passwordgood; 
} 

if (!$passwordgood) {

      $HTTP_GET_VARS['login'] = 'fail';

} else {
       if (SESSION_RECREATE == 'True') {
         tep_session_recreate();
       }

 

I've tried several variations, such as

$passwordgood = true; or

$passwordgood = !$passwordgood; or

if (!$passwordgood) {$error = true;}

etc., etc. all with no luck. I've also cleared the cache each time just in case.

 

What am I missing? Any help would sure be appreciated!

Share this post


Link to post
Share on other sites

I found the problem. I was using a filename called logintest.php, which was not in the filenames.php list. I changed the name to login.php and it now works fine. Learned a little more about osCommerce as well.

Edited by daver6

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×