Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Serious problem creating customer accounts


philip56

Recommended Posts

Hi all

 

Prior to going live, I have recently made a few changes to my site. I added admin security as frequently shown in this forum. I also changed the name of the admin folder and its reference in config.php. I also secured the admin folder on the server site. An inconvenient, and possibly relavent side effect is that I have to remove this security before I can make any changes to the catalogue.

 

I also installed a contribution to turn the order process on or off, so potential customers could browse while I checked the paypal module etc. This involved a modification to the database.

 

I now find that it is impossible to log in as an existing customer (although I can see they exist through the admin panel) or create a new one. This is pretty serious, and I really help someone out there can help.

 

Thanks in anticipation.

 

Philip

Link to comment
Share on other sites

What happens when you try to log in?

 

 

Hi

 

If I log in as an existing customer I am told no such customer exists. The forgotten password link gives "no such email in our records" (there is!!). If you try to create a new customer, pressing "submit" just takes you back to a blank create new customer page.

 

Philip

Link to comment
Share on other sites

It's either not finding any records, or the password function is returning false. Replace lines 28-34:

 

	$check_customer_query = tep_db_query( $sql = "select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
  $error = true;
} else {
  $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
  if (!tep_validate_password($password, $check_customer['customers_password'])) {

 

with this

 

	$check_customer_query = tep_db_query( $sql = "select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
echo $sql.'<br>';
if (!tep_db_num_rows($check_customer_query)) {
  $error = true;
} else {
  $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
  echo tep_validate_password($password, $check_customer['customers_password']) ? 'true' : 'false';
  if (!tep_validate_password($password, $check_customer['customers_password'])) {

 

It will print out the sql and the results of the comparison. Run the SQL in phpMyAdmin and make sure it returns rows.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

It's either not finding any records, or the password function is returning false. Replace lines 28-34:

 

	$check_customer_query = tep_db_query( $sql = "select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
  $error = true;
} else {
  $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
  if (!tep_validate_password($password, $check_customer['customers_password'])) {

 

with this

 

	$check_customer_query = tep_db_query( $sql = "select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
echo $sql.'<br>';
if (!tep_db_num_rows($check_customer_query)) {
  $error = true;
} else {
  $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
  echo tep_validate_password($password, $check_customer['customers_password']) ? 'true' : 'false';
  if (!tep_validate_password($password, $check_customer['customers_password'])) {

 

It will print out the sql and the results of the comparison. Run the SQL in phpMyAdmin and make sure it returns rows.

 

Many thanks for that. I'm a bit new to all this. Could you please clarify which file I am to edit and explain what

Run the SQL in phpMyAdmin and make sure it returns rows
means

 

Sorry to be a pain.

 

Philip

Link to comment
Share on other sites

Sorry, edit

 

catalog/login.php

 

And your host should have phpMyAdmin available via your control panel. Open it, choose your OSC database, click the SQL tab along the top, and paste the statement into the text box (minus the true/false you'll see at the end). If this is a live site, you'll want to set up a test site to do this.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Sorry, edit

 

catalog/login.php

 

And your host should have phpMyAdmin available via your control panel. Open it, choose your OSC database, click the SQL tab along the top, and paste the statement into the text box (minus the true/false you'll see at the end). If this is a live site, you'll want to set up a test site to do this.

 

 

Right, thanks a million for that. Just one last question before a give it a go. My site is ready to go live, ie people may browse but is not accepting orders yet. Is it safe to run the SQL as you recommend. If not, what do you mean by a test site?

 

Philip

Link to comment
Share on other sites

Right, thanks a million for that. Just one last question before a give it a go. My site is ready to go live, ie people may browse but is not accepting orders yet. Is it safe to run the SQL as you recommend. If not, what do you mean by a test site?

 

Philip

 

I'm still a bit uneasy about trying this until I know if I need to set up a test site. Could anyone please advise?

 

Many thanks

 

Philip

Link to comment
Share on other sites

Phillip, I advised you to set up a test site, because the code I gave you would print out some information to the screen. This would interfere with how OSC looks. It's also a good idea to set up a test site for when you wish to make any changes at all (such as installing a contribution). To set up a test site, you need to copy your website to another folder, then edit includes/configure.php and admin/includes/configure.php to specify the new path. The SQL statement is a SELECT statement, which means it's read-only.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Phillip, I advised you to set up a test site, because the code I gave you would print out some information to the screen. This would interfere with how OSC looks. It's also a good idea to set up a test site for when you wish to make any changes at all (such as installing a contribution). To set up a test site, you need to copy your website to another folder, then edit includes/configure.php and admin/includes/configure.php to specify the new path. The SQL statement is a SELECT statement, which means it's read-only.

 

 

Many thanks for that. I will try it out over the weekend and report back

 

Philip

Link to comment
Share on other sites

I have made the modification to login.php as suggested and get:-

 

select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = ''

 

(no true/false statement) Inputing this into MYSQL just echo this back to me. Where do I go now?

 

Kind regards

 

Philip

Link to comment
Share on other sites

That query is failing (finding no records in the database that match the email address) because the email address it's trying to match is blank.

 

What contributions have you installed, specifically have you made any changes to login.php? Post the contents of login.php so we can see the code.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Many thanks for your reply.

 

I have looked in the database and the e-mail address is there.

 

I have used quite a few contributions, but only one has been installed recently - Disable checkout 1.0.

 

login.php follows:-

 

<?php

/*

$Id: login.php,v 1.80 2003/06/05 23:28:24 hpdl Exp $

 

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

require('includes/application_top.php');

 

// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started)

if ($session_started == false) {

tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));

}

 

require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);

 

$error = false;

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {

$email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);

$password = tep_db_prepare_input($HTTP_POST_VARS['password']);

 

// Check if email exists

$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");

if (!tep_db_num_rows($check_customer_query)) {

$error = true;

} else {

$check_customer = tep_db_fetch_array($check_customer_query);

// Check that password is good

if (!tep_validate_password($password, $check_customer['customers_password'])) {

$error = true;

} else {

if (SESSION_RECREATE == 'True') {

tep_session_recreate();

}

 

$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");

$check_country = tep_db_fetch_array($check_country_query);

 

$customer_id = $check_customer['customers_id'];

$customer_default_address_id = $check_customer['customers_default_address_id'];

$customer_first_name = $check_customer['customers_firstname'];

$customer_country_id = $check_country['entry_country_id'];

$customer_zone_id = $check_country['entry_zone_id'];

tep_session_register('customer_id');

tep_session_register('customer_default_address_id');

tep_session_register('customer_first_name');

tep_session_register('customer_country_id');

tep_session_register('customer_zone_id');

 

tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'");

 

// restore cart contents

$cart->restore_contents();

 

if (sizeof($navigation->snapshot) > 0) {

$origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']);

$navigation->clear_snapshot();

tep_redirect($origin_href);

} else {

tep_redirect(tep_href_link(FILENAME_DEFAULT));

}

}

}

}

 

if ($error == true) {

$messageStack->add('login', TEXT_LOGIN_ERROR);

}

 

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_LOGIN, '', 'SSL'));

?>

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">

<html <?php echo HTML_PARAMS; ?>>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">

<title><?php echo TITLE; ?></title>

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

<link rel="stylesheet" type="text/css" href="stylesheet.css">

<script language="javascript"><!--

function session_win() {

window.open("<?php echo tep_href_link(FILENAME_INFO_SHOPPING_CART); ?>","info_shopping_cart","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();

}

//--></script>

</head>

<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">

<!-- header //-->

<?php require(DIR_WS_INCLUDES . 'header.php'); ?>

<!-- header_eof //-->

 

<!-- body //-->

<table border="0" width="100%" cellspacing="3" cellpadding="3">

<tr>

<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">

<!-- left_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>

<!-- left_navigation_eof //-->

</table></td>

<!-- body_text //-->

<td width="100%" valign="top"><?php echo tep_draw_form('login', tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL')); ?><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="0">

<tr>

<td class="pageHeading"><?php echo HEADING_TITLE; ?></td>

<td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_login.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td>

</tr>

</table></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

if ($messageStack->size('login') > 0) {

?>

<tr>

<td><?php echo $messageStack->output('login'); ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

 

if ($cart->count_contents() > 0) {

?>

<tr>

<td class="smallText"><?php echo TEXT_VISITORS_CART; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<?php

}

?>

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td class="main" width="50%" valign="top"><b><?php echo HEADING_NEW_CUSTOMER; ?></b></td>

<td class="main" width="50%" valign="top"><b><?php echo HEADING_RETURNING_CUSTOMER; ?></b></td>

</tr>

<tr>

<td width="50%" height="100%" valign="top"><table border="0" width="100%" height="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" height="100%" cellspacing="0" cellpadding="2">

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td class="main" valign="top"><?php echo TEXT_NEW_CUSTOMER . '<br><br>' . TEXT_NEW_CUSTOMER_INTRODUCTION; ?></td>

</tr>

<tr>

<td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo '<a href="' . tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL') . '">' . tep_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE) . '</a>'; ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

</table></td>

<td width="50%" height="100%" valign="top"><table border="0" width="100%" height="100%" cellspacing="1" cellpadding="2" class="infoBox">

<tr class="infoBoxContents">

<td><table border="0" width="100%" height="100%" cellspacing="0" cellpadding="2">

<tr>

<td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td class="main" colspan="2"><?php echo TEXT_RETURNING_CUSTOMER; ?></td>

</tr>

<tr>

<td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td class="main"><b><?php echo ENTRY_EMAIL_ADDRESS; ?></b></td>

<td class="main"><?php echo tep_draw_input_field('email_address'); ?></td>

</tr>

<tr>

<td class="main"><b><?php echo ENTRY_PASSWORD; ?></b></td>

<td class="main"><?php echo tep_draw_password_field('password'); ?></td>

</tr>

<tr>

<td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td class="smallText" colspan="2"><?php echo '<a href="' . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL') . '">' . TEXT_PASSWORD_FORGOTTEN . '</a>'; ?></td>

</tr>

<tr>

<td colspan="2"><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td>

</tr>

<tr>

<td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2">

<tr>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

<td align="right"><?php echo tep_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN); ?></td>

<td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

</table></td>

</tr>

</table></form></td>

<!-- body_text_eof //-->

<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2">

<!-- right_navigation //-->

<?php require(DIR_WS_INCLUDES . 'column_right.php'); ?>

<!-- right_navigation_eof //-->

</table></td>

</tr>

</table>

<!-- body_eof //-->

 

<!-- footer //-->

<?php require(DIR_WS_INCLUDES . 'footer.php'); ?>

<!-- footer_eof //-->

<br>

</body>

</html>

<?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

 

Once again, many, many thanks for your help.

 

Philip

Link to comment
Share on other sites

It's not that the email address doesn't exist, it's that it is not being passed to the database in the SELECT statement. Your login.php has not been visibly modified, so the culprit is possibly that you're using PHP version 5.

 

Please log into your admin section. Go to Tools > Server Info, and report what your PHP version is. If it is version 5+, search for the keyword 'register_long_arrays' and report its value.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

It's not that the email address doesn't exist, it's that it is not being passed to the database in the SELECT statement. Your login.php has not been visibly modified, so the culprit is possibly that you're using PHP version 5.

 

Please log into your admin section. Go to Tools > Server Info, and report what your PHP version is. If it is version 5+, search for the keyword 'register_long_arrays' and report its value.

 

 

Version 4.3.2. Can't find any reference to 'register_long_arrays' in the Server Info.

 

I have discovered that I could access existing customers up to the date that I made the changes I described in my first post. I assume that is significant

 

Philip

Link to comment
Share on other sites

Version 4.3.2. Can't find any reference to 'register_long_arrays' in the Server Info.

 

I have discovered that I could access existing customers up to the date that I made the changes I described in my first post. I assume that is significant

 

Philip

 

 

What exact contribution did you install?

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

I really cannot see how this contribution could be the culprit. It does not affect the customers table, nor does it affect login.php. Are you sure you did not make any other changes?

 

Also, you said that you can log in as customers who joined BEFORE you made this change, but not as customers who joined AFTER. Am I correct?

 

If so, can you give me the results from the changes I gave when you log in as a 'working' customer?

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

I really cannot see how this contribution could be the culprit. It does not affect the customers table, nor does it affect login.php. Are you sure you did not make any other changes?

 

Also, you said that you can log in as customers who joined BEFORE you made this change, but not as customers who joined AFTER. Am I correct?

 

If so, can you give me the results from the changes I gave when you log in as a 'working' customer?

 

Hi

 

The only other changes I made on that day were the security changes I described in the original post.

 

Also, I meant to say that to just before I made these changes, I could log in as an existing customer. Now, I can't. Also, I can no longer create new customers, After pressing continue, I am presented with a blank, create new account page again.

 

Sorry I wasn't clear about that.

 

Kind regards

 

Philip

Link to comment
Share on other sites

Also add this to login.php in the same place I had you add it before:

 

print_r( $HTTP_POST_VARS );

 

and try to log in. Post the results.

 

 

Hi.

 

Many thanks for your reply.

 

Do I add that as well as the first addition and, if so, exactly where?

 

Kind regards

 

Philip

Link to comment
Share on other sites

You can actually put it just about anywhere in the file. Put it before the echo $sql and it should work fine.

 

Hi again.

 

Thanks for your advice. The results are:-

 

Array ( ) select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = ''

 

Kind regards

 

Philip

Link to comment
Share on other sites

Switch the print_r line with this:

 

echo "<pre>_POST:\n".print_r( $_POST, true )."\n\nGET_VARS:\n".print_r( $HTTP_GET_VARS, true )."\n</pre>";

 

Apparently you're getting the HTTP_GET_VARS but not the HTTP_POST_VARS. This might be becasue your form action is not getting set as POST. Do you have a link to your site?

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Switch the print_r line with this:

 

echo "<pre>_POST:\n".print_r( $_POST, true )."\n\nGET_VARS:\n".print_r( $HTTP_GET_VARS, true )."\n</pre>";

 

Apparently you're getting the HTTP_GET_VARS but not the HTTP_POST_VARS. This might be becasue your form action is not getting set as POST. Do you have a link to your site?

 

Hi.

 

The result was:-

 

_POST:

Array

(

)

 

 

GET_VARS:

Array

(

[action] => process

[osCsid] => 5ac7be7e6294c035b8a19298c1e9156a

)

 

 

select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = ''

 

My site is http://pjleisurewear.co.uk

 

You will rember that on the day this problem first reared it's ugly head I had also installed security on the site. (See first post). Could I have messed up a config.php file? I still find it a little weird that I have to remove all security before I can, for instance amend stock levels.

 

Kind regards

 

Philip

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...