Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Administration Access Level Accounts 2.2 & Admin Send New Password V1


aodfan

Recommended Posts

Well, I started off with just Admin Send New Password contribution. After installing Admin Access Level 2.2, Send new password doent work. When I hit "send new password" button,(see below)

newpswd.gif

It takes me to the "forgotten password" portion of Admin Access contribution(see below).

forgottenpswd.gif

Now I have tried just linking the "Send new password" button to a seperate file(named password_forgotten1.php)while Admin Access uses password_forgotten.php(see below)

$contents[] = array('align' => 'center', 'text' => '<a  href="' . tep_href_link('password_forgotten [color="#ff0000"]or 1[/color].php', 'cID=' . $cInfo->customers_id) . '">' . tep_image_button('button_new_pass.gif', 'Send New Password') . '</a>');
	   $contents[] = array('text' => '<hr width="95%" size="1" color="#000000" noshade>');
	   $contents[] = array('text' => '<strong>Customer Notes:</strong><br><br>' . $cInfo->notes);
	   $contents[] = array('text' => '<br>' . TEXT_DATE_ACCOUNT_LAST_MODIFIED . ' ' . tep_date_short($cInfo->date_account_last_modified));
	   $contents[] = array('text' => '<br>' . TEXT_INFO_NUMBER_OF_REVIEWS . ' ' . $cInfo->number_of_reviews);
	  }
	  break;

 

When I do that, I end up with this error when I try to execute the Send new password fuction.:

 

Fatal error: Cannot redeclare tep_encrypt_password() (previously declared in /hsphere/local/home/aodfan/alteredmotorsports.com/admin/password_forgotten1.php:27) in /hsphere/local/home/aodfan/alteredmotorsports.com/admin/includes/functions/password_funcs.php on line 33

 

I go to password_funcs.php(which didnt exist til Admin Access2.2) and this is the code here.

<?php
 /*
$Id: password_funcs.php,v 1.10 2003/02/11 01:31:02 hpdl Exp $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright (c) 2003 osCommerce

Released under the GNU General Public License
 */

 ////
 // This funstion validates a plain text password with an
 // encrpyted password
function tep_validate_password($plain, $encrypted) {
  if (tep_not_null($plain) && tep_not_null($encrypted)) {
 // split apart the hash / salt
	$stack = explode(':', $encrypted);

	if (sizeof($stack) != 2) return false;

	if (md5($stack[1] . $plain) == $stack[0]) {
	  return true;
	}
  }

  return false;
}

 ////
 // This function makes a new password from a plaintext password. 
function tep_encrypt_password($plain) {
  $password = '';

  for ($i=0; $i<10; $i++) {
	$password .= tep_rand();
  }

  $salt = substr(md5($password), 0, 2);

  $password = md5($salt . $plain) . ':' . $salt;

  return $password;
}

 ?>

 

I dont see what these files have in common with each other, even after I try to link it to another file. Below is both the password_forgotten.phps to see if you can find out what is going on here.

PASSWORD_FORGOTTEN.PHP(FOR ADMIN ACCESS2.2)

<?php
 /*
$Id: login.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright (c) 2002 osCommerce

Released under the GNU General Public License
 */

require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
  $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
  $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']);
  $log_times = $HTTP_POST_VARS['log_times']+1;
  if ($log_times >= 4) {
	tep_session_register('password_forgotten');
  }

 // Check if email exists
 $check_admin_query = tep_db_query("select admin_id as check_id, admin_firstname as check_firstname, admin_lastname as check_lastname, admin_email_address as check_email_address from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
  if (!tep_db_num_rows($check_admin_query)) {
	$HTTP_GET_VARS['login'] = 'fail';
  } else {
	$check_admin = tep_db_fetch_array($check_admin_query);
	if ($check_admin['check_firstname'] != $firstname) {
	  $HTTP_GET_VARS['login'] = 'fail';
	} else {
	  $HTTP_GET_VARS['login'] = 'success';

	  function randomize() {
		$salt = "ABCDEFGHIJKLMNOPQRSTUVWXWZabchefghjkmnpqrstuvwxyz0123456789";
		srand((double)microtime()*1000000); 
		$i = 0;

		while ($i <= 7) {
		  $num = rand() % 33;
		  $tmp = substr($salt, $num, 1);
		  $pass = $pass . $tmp;
		  $i++;
	  }
	  return $pass;
	  }
	  $makePassword = randomize();

	 tep_mail($check_admin['check_firstname'] . ' ' . $check_admin['admin_lastname'], $check_admin['check_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $check_admin['check_firstname'], HTTP_SERVER . DIR_WS_ADMIN, $check_admin['check_email_address'], $makePassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);			
	 tep_db_query("update " . TABLE_ADMIN . " set admin_password = '" . tep_encrypt_password($makePassword) . "' where admin_id = '" . $check_admin['check_id'] . "'");
	}
  }
}

 ?>
 <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html <?php echo HTML_PARAMS; ?>>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
 <title><?php echo TITLE; ?></title>
 <style type="text/css"><!--
 a { color:#080381; text-decoration:none; }
 a:hover { color:#aabbdd; text-decoration:underline; }
 a.text:link, a.text:visited { color: #ffffff; text-decoration: none; }
 a:text:hover { color: #000000; text-decoration: underline; }
 a.sub:link, a.sub:visited { color: #dddddd; text-decoration: none; }
 A.sub:hover { color: #dddddd; text-decoration: underline; }
.sub { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-weight: bold; line-height: 1.5; color: #dddddd; }
 .text { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 11px; font-weight: bold; color: #000000; }
 .smallText { font-family: Verdana, Arial, sans-serif; font-size: 10px; }
 .login_heading { font-family: Verdana, Arial, sans-serif; font-size: 12px; color: #ffffff;}
 .login { font-family: Verdana, Arial, sans-serif; font-size: 12px; color: #000000;}
 //--></style>
 </head>
 <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0" bgcolor="#FFFFFF">

 <table border="0" width="600" height="100%" cellspacing="0" cellpadding="0" align="center" valign="middle">
<tr>
 <td><table border="0" width="600" height="440" cellspacing="0" cellpadding="1" align="center" valign="middle">
	<tr bgcolor="#000000">
	 <td><table border="0" width="600" height="440" cellspacing="0" cellpadding="0">
		<tr bgcolor="#ffffff" height="50">
		 <td height="50"><?php echo tep_image(DIR_WS_IMAGES . 'oscommerce.gif', 'osCommerce', '204', '50'); ?></td>
		 <td align="right" class="text" nowrap><?php echo '<a href="' . tep_href_link(FILENAME_DEFAULT) . '">' . HEADER_TITLE_ADMINISTRATION . '</a> | <a href="' . tep_catalog_href_link() . '">' . HEADER_TITLE_ONLINE_CATALOG . '</a> | <a href="http://www.oscommerce.com" target="_blank">' . HEADER_TITLE_SUPPORT_SITE . '</a>'; ?>  </td>
		</tr>
		<tr bgcolor="#080381">
		  <td colspan="2" align="center" valign="middle">
					   <?php echo tep_draw_form('login', FILENAME_PASSWORD_FORGOTTEN, 'action=process'); ?>
						 <table width="280" border="0" cellspacing="0" cellpadding="2">
						   <tr>
							 <td class="login_heading" valign="top"> <b><?php echo HEADING_PASSWORD_FORGOTTEN; ?></b></td>
						   </tr>
						   <tr>
							 <td height="100%" width="100%" valign="top" align="center">
							 <table border="0" height="100%" width="100%" cellspacing="0" cellpadding="1" bgcolor="#666666">
							   <tr><td><table border="0" width="100%" height="100%" cellspacing="3" cellpadding="2" bgcolor="#F0F0FF">

 <?php
if ($HTTP_GET_VARS['login'] == 'success') {
  $success_message = TEXT_FORGOTTEN_SUCCESS;
} elseif ($HTTP_GET_VARS['login'] == 'fail') {
  $info_message = TEXT_FORGOTTEN_ERROR;
}
if (tep_session_is_registered('password_forgotten')) {
 ?>
								 <tr>
								   <td class="smallText"><?php echo TEXT_FORGOTTEN_FAIL; ?></td>
								 </tr>
								 <tr>
								   <td align="center" valign="top"><?php echo '<a href="' . tep_href_link(FILENAME_LOGIN, '' , 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>
								 </tr>
 <?php
} elseif (isset($success_message)) {
 ?>
								 <tr>
								   <td class="smallText"><?php echo $success_message; ?></td>
								 </tr>
								 <tr>
								   <td align="center" valign="top"><?php echo '<a href="' . tep_href_link(FILENAME_LOGIN, '' , 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a>'; ?></td>
								 </tr>
 <?php
} else {
  if (isset($info_message)) {
 ?>
								 <tr>
								   <td colspan="2" class="smallText" align="center"><?php echo $info_message; ?><?php echo tep_draw_hidden_field('log_times', $log_times); ?></td>
								 </tr>
 <?php
  } else {
 ?>
								 <tr>
								   <td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?><?php echo tep_draw_hidden_field('log_times', '0'); ?></td>
								 </tr>
 <?php
  }
?>									
								 <tr>
								   <td class="login"><?php echo ENTRY_FIRSTNAME; ?></td>
								   <td class="login"><?php echo tep_draw_input_field('firstname'); ?></td>
								 </tr>
								 <tr>
								   <td class="login"><?php echo ENTRY_EMAIL_ADDRESS; ?></td>
								   <td class="login"><?php echo tep_draw_input_field('email_address'); ?></td>
								 </tr>
								 <tr>
								   <td colspan="2" align="right" valign="top"><?php echo '<a href="' . tep_href_link(FILENAME_LOGIN, '' , 'SSL') . '">' . tep_image_button('button_back.gif', IMAGE_BACK) . '</a> ' . tep_image_submit('button_confirm.gif', IMAGE_BUTTON_LOGIN); ?> </td>
								 </tr>
 <?php
}
 ?>   
							   </table></td></tr>
							 </table>
							 </td>
						   </tr>
						 </table>
					   </form>

		  </td>
		</tr>
	  </table></td>
	</tr>
	<tr>
	  <td><?php require(DIR_WS_INCLUDES . 'footer.php'); ?></td>
	</tr>
  </table></td>
</tr>
 </table>

 </body>

 </html>

 

PASSWORD_FORGOTTEN1.PHP(FOR SEND NEW PASSWORD)

<?php
/*
$Id: password_forgotten.php, v1.0 2003/04/14 14:14:14 waza04_ Exp $

osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com

Copyright (c) 2003 osCommerce / Warren Ashcroft

Support:
[email protected]
[email protected] (MSN Messenger)

Paypal Donations:
[email protected]

Web:
http://www.ukcomputersystems.com/

Released under the GNU General Public License
 */

require('includes/application_top.php');

////
 // This function makes a new password from a plaintext password.
function tep_encrypt_password($plain) {
  $password = '';

  for ($i=0; $i<10; $i++) {
	$password .= tep_rand();
  }

  $salt = substr(md5($password), 0, 2);

  $password = md5($salt . $plain) . ':' . $salt;

  return $password;
}


 function tep_create_random_value($length, $type = 'mixed') {
  if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) return false;

  $rand_value = '';
  while (strlen($rand_value)<$length) {
	if ($type == 'digits') {
	  $char = tep_rand(0,9);
	} else {
	  $char = chr(tep_rand(0,255));
	}
	if ($type == 'mixed') {
	  if (eregi('^[a-z0-9]$', $char)) $rand_value .= $char;
	} elseif ($type == 'chars') {
	  if (eregi('^[a-z]$', $char)) $rand_value .= $char;
	} elseif ($type == 'digits') {
	  if (ereg('^[0-9]$', $char)) $rand_value .= $char;
	}
  }

  return $rand_value;
}


 define('EMAIL_PASSWORD_REMINDER_SUBJECT', STORE_NAME . ' - New Password');
define('EMAIL_PASSWORD_REMINDER_BODY', 'A new password was requested for your account at ' . STORE_NAME . '.' . "\n\n" . 'Your new password to \'' . STORE_NAME . '\' is:' . "\n\n" . '   %s' . "\n\n");
 define('TEXT_PASSWORD_SENT_TO_CUST', 'New Password Sent To The Customers E-Mail Address');

$check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . $HTTP_GET_VARS['cID'] . "'");
 $check_customer = tep_db_fetch_array($check_customer_query);
	// Crypted password mods - create a new password, update the database and mail it to them
	$newpass = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH);
	$crypted_password = tep_encrypt_password($newpass);
   tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . $crypted_password . "' where customers_id = '" . $check_customer['customers_id'] . "'");

   tep_mail($check_customer['customers_firstname'] . " " . $check_customer['customers_lastname'], $check_customer['customers_email_address'], EMAIL_PASSWORD_REMINDER_SUBJECT, nl2br(sprintf(EMAIL_PASSWORD_REMINDER_BODY, $newpass)), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
   tep_redirect(tep_href_link(FILENAME_CUSTOMERS, 'info_message=' . urlencode(TEXT_PASSWORD_SENT_TO_CUST)));

require(DIR_WS_INCLUDES . 'application_bottom.php');
 ?>

 

Below are links to both of the contributions:

Admin Send New Password

 

Admin Access Level 2.2

 

 

I love both of these contributions, and would hate to have to part with either, so Im asking for some help.

Thanks in advance

Link to comment
Share on other sites

It looks to me like their is a function from password_funcs.php which is duplicated in password_forgotten1.php. Just comment out these lines in password_forgotten1.php:

////
// This function makes a new password from a plaintext password.
function tep_encrypt_password($plain) {
$password = '';

for ($i=0; $i<10; $i++) {
$password .= tep_rand();
}

$salt = substr(md5($password), 0, 2);

$password = md5($salt . $plain) . ':' . $salt;

return $password;
}

so it looks like this:

/*
////
// This function makes a new password from a plaintext password.
function tep_encrypt_password($plain) {
$password = '';

for ($i=0; $i<10; $i++) {
$password .= tep_rand();
}

$salt = substr(md5($password), 0, 2);

$password = md5($salt . $plain) . ':' . $salt;

return $password;
}
*/

(note the /* and */ at the beginning and end)

 

- Rinon

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...