Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Urgent help needed please with login.php errors


Mrs Minx

Recommended Posts

Hi,

I had someone working on my website, not sure what contribution was put on (there were several) but now when a customer goes to buy something and then clicks 'proceed to checkout' it takes you to login.php - then the error comes up. Line 39 is highlighted in red!

 

error: Parse error: parse error, unexpected T_ELSE in /homepages/19/d168749853/htdocs/login.php on line 39

 

well code is this:

 

// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
  $error = true;
} else {
  $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
$passwordgood = tep_validate_password($_POST['password'], $Qcheck->value('customers_password'));	 

if ($password == "xxxx" || $password == "xxxxx") {								   
$passwordgood = 1;																			   
} else {																						 
$passwordgood = $passwordgood;																  } else {
}																									   if (SESSION_RECREATE == 'True') {
																									   tep_session_recreate();
if (!$passwordgood) {																				   }
$error = true;																				   
} else {																								$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
																									 $check_country = tep_db_fetch_array($check_country_query);

 

I am not quite sure why they have hard coded my password for a start (I have replaced this with xxx).

Also, this is preventing me selling stuff! Can anyone help me please?

 

Line 39 =

$passwordgood = $passwordgood; } else

 

Thanks

----------------------------------------

Minxy :)

 

"Keep plodding on to achieve your dreams"

Link to comment
Share on other sites

On the first glance it looks like you need to change

$passwordgood = $passwordgood;																  } else {

to

$passwordgood = $passwordgood;

Do, or do not. There is no try.

 

Order Editor 5.0.6 "Ultra Violet" is now available!

For support or to post comments, suggestions, etc, please visit the Order Editor support thread.

Link to comment
Share on other sites

Hi, Nope, still no luck :(
Making that change still gives you the exact same error on the exact same line? Are you sure you uploaded the changed file to the server?

Do, or do not. There is no try.

 

Order Editor 5.0.6 "Ultra Violet" is now available!

For support or to post comments, suggestions, etc, please visit the Order Editor support thread.

Link to comment
Share on other sites

*sigh* - went to finish off the transaction to see if customers can purchase and yet another error.

This time on line 34 of login.php (when validating password).

 

error= Fatal error: Call to a member function on a non-object in /homepages/19/d168749853/htdocs/login.php on line 34

 

line 34 = $passwordgood = tep_validate_password($_POST['password'], $Qcheck->value('customers_password'));

 

CRY :( please help ... again if you would be so good.

----------------------------------------

Minxy :)

 

"Keep plodding on to achieve your dreams"

Link to comment
Share on other sites

Well, I don't have access to any code to compare it to right now so I'm moving around in the dark somewhat, but what is

$Qcheck->value('customers_password')

Do, or do not. There is no try.

 

Order Editor 5.0.6 "Ultra Violet" is now available!

For support or to post comments, suggestions, etc, please visit the Order Editor support thread.

Link to comment
Share on other sites

Hi, I used Compare it - compared the files and commented out code. Uploaded and sure enough there was problem after problem. Worked through them and its fine now. Thank you :)

 

Why would someone hard code the password into the login.php? (It's where I have put xxx). I don't understand what the code means you see.

 

Thanks again

----------------------------------------

Minxy :)

 

"Keep plodding on to achieve your dreams"

Link to comment
Share on other sites

I wasn't going to comment on the hardcoded password issue as that isn't my forte but the idea of it makes me want to run away screaming. It seems like this would make it ridiculously easy to hack into any customer's account, because as I'm reading it, whatever xxxx is can be used as a master password for any account. I suppose this could be useful for something like a store-side manual order entry system, but there has got to be a more secure way of doing it, ie by giving an account master status but encrypting the password to that account in the database just like any other password. Separate Pricing Per Customer has a setup like this, whereby if you login successfully with the email address of xxxx you are then given the choice of which customer group you want to login under. This way it's the email address that's hardcoded, not the password.

Do, or do not. There is no try.

 

Order Editor 5.0.6 "Ultra Violet" is now available!

For support or to post comments, suggestions, etc, please visit the Order Editor support thread.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...