spooks Posted January 18, 2010 Share Posted January 18, 2010 (edited) Sam's Anti-hacker Account Page Mods Secure your account pages against code/SQL injection attempts, yet allow strong passwords. There are many instances now of websites being hacked (or cracked to use the correct term) and it is necessary to make your site as secure as possible, one important measure in this is to sanitize all visitor inputs to ensure no code injection etc. attempt can work. However this creates an issue, if your user creates a strong password by using characters that are likely to be 'cleaned' either their password will not work, or the account gets a password that is different to what was input (as it was 'sanitized'). This is especially an issue if adding input sanitizing to an old site where visitors have added passwords that are now 'illegal'. This contribution resolves this issue by safely allowing any character to be used within the password, it does this by processing all password inputs before anything else, passwords are translated to hex values, the inputs validated then deleted as no longer required (only the hex strings are processed further). An option is provided to allow string to be reverse translated at the point of password checking to ensure existing passwords will work. This means the passwords now stored in the dBase are salted hashes of the hex string. Once the initial processing is done, all inputs are sanitized. A new option is added to require the user to input a 'strong' password. Other account fields are also subject to additional checks or the input converted: The date of birth field is now a drop down which automatically formats according to the store country, this ensures the format is correct, slashes (/) can still be sanitized and the visitor cannot transpose days & months. The telephone field is checked its numeric (if entered) and contains only limited allowed chars. The post code field is checked for the correct format, but only for UK & USA sites. If strong password is enabled, password forgotten will generate strong passwords. The State/Province/County: field is pre-filled with the zones for the store country, rather than a blank field that gets populated on submit! The Country drop down is pre-selected to the store country. All input fields are sanitized. Contribution will be found at: http://addons.oscommerce.com/info/7202 Keep your site & user data safe. Edited January 18, 2010 by spooks sky_diver 1 Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sky_diver Posted January 20, 2010 Share Posted January 20, 2010 Excellent addon for security. Much better than any type of false trap. There was one error in includes/functions/account_secure.php: At the end it has an extra ) needs to be replaced with ; For those using Master Password v1.0 with MD5 hash, you will have a couple of querks getting it going. Just replace your includes/functions/password_funcs.php with the following: //// // This funstion validates a plain text password with an // encrpyted password function tep_validate_password($plain, $encrypted) { // anti-hacker account $old_exist = true; // if passwords exist in dbase that have not been hexed set to true // EOF anti-hacker account if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($plain) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $plain) == $stack[0]) { return true; // anti-hacker account } elseif ($old_exist) { for ($i=0; $i < strlen($plain)-1; $i+=2) { $password .= chr(hexdec($plain[$i].$plain[$i+1])); } // START MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($password) == MASTER_PASS) { return true; } // END MARTIN'S MASTER PASSWORD MD5 MODIFICATION if (md5($stack[1] . $password) == $stack[0]) return true; // EOF anti-hacker account } } return false; } //// // This function makes a new password from a plaintext password. function tep_encrypt_password($plain) { $password = ''; for ($i=0; $i<10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; } spooks 1 Quote Link to comment Share on other sites More sharing options...
spooks Posted January 20, 2010 Author Share Posted January 20, 2010 Thanks for that, I`m not sure how that charcter got swapped, must have been a gremlin as I saved the last. Whats suprising is that your the first to spot it, ie the first to use this, implies that most could actually care less about security!! Thanks for the mod for Master Password v1.0, I`ve not seen that add-on b4. Glad you liked it Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
tigergirl Posted January 21, 2010 Share Posted January 21, 2010 (edited) Sam, whilst I am using WinMerge I'm finding it quite troublesome to compare/ edit as I have Active Countries Mod installed (only UK activated but don't use zones). Is there any chance of listing the instructions in the form of = Find this code and replace with this code etc...although it may not help with mod-ed stores. On create_account.php for instance there are a number of conflicts with the Active Countries code and my brain is fried... I hate when people post a whole file so should I break it down into the parts I'm unsure of or just post the file? Thanks to Sky Diver for the heads up on Master Password fix as I have that installed (v1.4 I think). Sorry, forgot to add: I noticed on line 385 of included file catalog/create_account.php it has // anti-hacker account $def_year = 1980; $day = isset($HTTP_POST_VARS['dob_ind']) ? $HTTP_POST_VARS['dob_ind'] : '00'; $month = isset($HTTP_POST_VARS['dob_inm']) ? $HTTP_POST_VARS['dob_inm'] : '00'; ?> Should the $HTTP_POST_VARS be $_POST as I thought the installation page said they had all been changed to $_POST. Edited January 21, 2010 by tigergirl Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
spooks Posted January 22, 2010 Author Share Posted January 22, 2010 Yes they should be post, sorry, that got missed. I don't have time to make a manual install, its a lot of effort to do them & rarely appreaciated, wouldn't you still have issues though, as iinstructions would still be with un-modded files, so still would'nt mathch your mods. All changes are commented. They are many changes/additions to input validations. There are few content changes. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
tigergirl Posted January 22, 2010 Share Posted January 22, 2010 I don't have time to make a manual install I have written this minus 2 files (which are heavily moded so don't know original code) You are welcome to add my input to your contribution if you wish. Let me know if you want the file although I can't see a way to attach it on the forum! Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
tigergirl Posted January 22, 2010 Share Posted January 22, 2010 Ok, fresh day, fresh brain! I'm still struggling with 2 changes in create_account.php due to Active Countries Mod - please can you take a look? I have: //-MS- Added Active Countries if ($process == true) { if ($entry_state_has_zones == true) { $zones_array = array(); $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT)); $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' and zone_country_id = '" . (int)$country . "' order by zone_name"); while ($zones_values = tep_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']); } echo tep_draw_pull_down_menu('state', $zones_array); } else { $zones_array = array(); $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT)); $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' order by zone_name"); while ($zones_values = tep_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']); } echo tep_draw_pull_down_menu('state', $zones_array); } } else { $zones_array = array(); $zones_array = array(array('id' => '', 'text' => PULL_DOWN_DEFAULT)); $zones_query = tep_db_query("select zone_id, zone_name from " . TABLE_ZONES . " where zone_status='1' and zone_country_id = '" . (int)$country . "' order by zone_name"); while ($zones_values = tep_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_id'], 'text' => $zones_values['zone_name']); } echo tep_draw_pull_down_menu('state', $zones_array); } //-MS- Added Active Countries EOM if (tep_not_null(ENTRY_STATE_TEXT)) echo ' <span class="inputRequirement">' . ENTRY_STATE_TEXT; and your file has this: if ($process == true) { if ($entry_state_has_zones == true) { $zones_array = array(); $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)$country . "' order by zone_name"); while ($zones_values = tep_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']); } echo tep_draw_pull_down_menu('state', $zones_array); } else { echo tep_draw_input_field('state'); } } else { // anti-hacker account // echo tep_draw_input_field('state'); // FORM NOT PROCESSED YET $zone_id = 0; $check_query = tep_db_query("select count(*) as total from " . TABLE_ZONES . " where zone_country_id = '" . (int)STORE_COUNTRY . "'"); $check = tep_db_fetch_array($check_query); $entry_state_has_zones = ($check['total'] > 0); if ($entry_state_has_zones == true) { $zones_array = array(); $zones_array[] = array('id' => PULL_DOWN_DEFAULT, 'text' => PULL_DOWN_DEFAULT); $zones_query = tep_db_query("select zone_name from " . TABLE_ZONES . " where zone_country_id = '" . (int)STORE_COUNTRY . "' order by zone_name"); while ($zones_values = tep_db_fetch_array($zones_query)) { $zones_array[] = array('id' => $zones_values['zone_name'], 'text' => $zones_values['zone_name']); } echo tep_draw_pull_down_menu('state', $zones_array); } else { echo tep_draw_input_field('state'); } // EOF anti-hacker account } if (tep_not_null(ENTRY_STATE_TEXT)) echo ' <span class="inputRequirement">' . ENTRY_STATE_TEXT. '</span>'; AND I have this: <td class="main"><b><?php echo ($tmp_object = tep_get_country_active_list('country', $country, 'onChange="this.form.submit();"')) . tep_draw_hidden_field('country_old', $country) . ' ' . (is_array($tmp_object) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': ''); ?></b></td> your file says: <!-- anti-hacker account --> <td class="main"><?php echo tep_get_country_list('country',($country ? $country : STORE_COUNTRY)) . ' ' . (tep_not_null(ENTRY_COUNTRY_TEXT) ? '<span class="inputRequirement">' . ENTRY_COUNTRY_TEXT . '</span>': ''); ?></td> <!-- EOF anti-hacker account --> So I'm unsure what's required here, afriad I break the page! Have done all the other changes that state //anti-hacker account but not tested yet. Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
spooks Posted January 22, 2010 Author Share Posted January 22, 2010 I have written this minus 2 files (which are heavily moded so don't know original code) You are welcome to add my input to your contribution if you wish. Let me know if you want the file although I can't see a way to attach it on the forum! Well done You could simply add that to the contrib download section as a update/mod to this, I`ve not locked the contrib. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
tigergirl Posted January 22, 2010 Share Posted January 22, 2010 You could simply add that to the contrib download section as a update/mod to this, I`ve not locked the contrib. That would be my first - arrgghhh! Will do but there are a few things I noticed in testing (mostly because I am fussy, sorry :blush: ): 1) in catalog/account_edit.php a) phone no min set to 11 but I can enter 0123456789B (11 chars), B is cleaned off leaving 10 chars which doesn't meet my 11 chars min. b ) I assume my Anti-Robot Registration field is fine as it will only accept the given validation code? c) fax cleaned to "working" but not restricted to numbers only (not a problem) 2) in catalog/account_edit.php If customers postcode is invalid they get the pink warning at top of page but postcode remains the same as before, that's fine but I wondered if customer might think they have changed it when they haven't and perhaps a pop-up box (like what you get if you don't meet the minimum tel no characters) may be better. Otherwise it "may" cause address issues and we don't want to send products to a mismatching address! 3) in catalog/contact_us.php email address field still said [w](o)%3Cr%3Ek|i*n^g even though there was the email address invalid error message. Shouldn't it be cleaned to "working"? 4) can't test catalog/create_account.php due to previous post re Active Countries. Mod seems pretty wicked though. ThanQ Sam :thumbsup: Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
spooks Posted January 23, 2010 Author Share Posted January 23, 2010 That would be my first - arrgghhh! Will do but there are a few things I noticed in testing (mostly because I am fussy, sorry ): 1) in catalog/account_edit.php a) phone no min set to 11 but I can enter 0123456789B (11 chars), B is cleaned off leaving 10 chars which doesn't meet my 11 chars min. b ) I assume my Anti-Robot Registration field is fine as it will only accept the given validation code? c) fax cleaned to "working" but not restricted to numbers only (not a problem) 2) in catalog/account_edit.php If customers postcode is invalid they get the pink warning at top of page but postcode remains the same as before, that's fine but I wondered if customer might think they have changed it when they haven't and perhaps a pop-up box (like what you get if you don't meet the minimum tel no characters) may be better. Otherwise it "may" cause address issues and we don't want to send products to a mismatching address! 3) in catalog/contact_us.php email address field still said [w](o)%3Cr%3Ek|i*n^g even though there was the email address invalid error message. Shouldn't it be cleaned to "working"? 4) can't test catalog/create_account.php due to previous post re Active Countries. Mod seems pretty wicked though. ThanQ Sam 1a simply due to order of checks, easily changed. 1b yes 1c fax not checked for numeric on this version (it is the initial release) 2 post code only checks for valid format, if you want a more extensive check requires a subscription service, popup wuold need javascript version. 3 Would imply an error in your instal, does not happen in my tests. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sky_diver Posted January 23, 2010 Share Posted January 23, 2010 I applied it with active countries. Just leave your files as is anywhere you have the active country code. I believe for that particular section of Sams code, it does basically the same thing and provides dropdown menus of the Providences/states. And I do use Master Password 1.4 as well. So those changes will work for you. Quote Link to comment Share on other sites More sharing options...
sky_diver Posted January 23, 2010 Share Posted January 23, 2010 3 Would imply an error in your instal, does not happen in my tests. Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit. I just replaced my contact_us.php with what you provided. Quote Link to comment Share on other sites More sharing options...
spooks Posted January 23, 2010 Author Share Posted January 23, 2010 Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit. I just replaced my contact_us.php with what you provided. Ok, I'll take a closer look as soon as I have a moment. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
tigergirl Posted January 23, 2010 Share Posted January 23, 2010 (edited) Mine did the same thing, when I input [w](o)%3Cr%3Ek|i*n^g, the email field does not strip it out, and the warning message shows up, but it cannot be edited because it is now replaced by the text, [w](o)%3Cr%3Ek|i*n^g, with no text field to edit. Although I had [w](o)%3Cr%3Ek|i*n^g I still had the text field so was able to amend the email address and sucessfully send the contact_us form. If it helps I didn't make all the changes in Sam's contact_us file as there were the "unrelated extra's" mentioned in the instructions that I wasn't sure about - wasn't sure if they were version related so I left them out for now. So it could be my mistake in the install. Edited January 23, 2010 by tigergirl Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
tigergirl Posted January 23, 2010 Share Posted January 23, 2010 (edited) OOPS, I don't know why that resent my post when I was trying to edit!! The mods you posted for Master Password worked for me on V1.4 - thankQ 2 post code only checks for valid format, if you want a more extensive check requires a subscription service, popup wuold need javascript version. After I posted that I recalled OSC doesn't behave like that anyway, have been considering if a subscription would be beneficial to improve conversion rates. Although what I think would be really cool would be if the postcode input was changed from lower case to upper case. I've always wanted to insert code that dealt with that as it's such a pain when lazy customers don't capitalize properly. Only a suggestion and not necessary for this security mod. Edited January 23, 2010 by tigergirl Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
spooks Posted January 23, 2010 Author Share Posted January 23, 2010 It does reformat post code for UK sites, ie df543we will become DF54 3WE what is your store country set to? Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
tigergirl Posted January 23, 2010 Share Posted January 23, 2010 It does reformat post code for UK sites, ie df543we will become DF54 3WE what is your store country set to? My apologies, you are of course right, I hadn't noticed that. It was a long day yesterday and I was dreaming code last night... Mod gets more awesome by the minute :thumbsup: I will check out what sky-diver says about the county drop down in Active Countries when I get the chance. I'm sure there's nout on telly anyway. Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
tigergirl Posted January 23, 2010 Share Posted January 23, 2010 TIP Anyone wishing to use the STRONG passwords option may wish to amend the following: in catalog/includes/languages/english.php Find these two lines: define('ENTRY_PASSWORD_TEXT', '*'); define('ENTRY_PASSWORD_NEW_TEXT', '*'); Change to: define('ENTRY_PASSWORD_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)'); define('ENTRY_PASSWORD_NEW_TEXT', '* (Password must contain at least one lower case letter, one upper case letter & one number.)'); This will alert your customer to the password requirements (on create_account & account_password pages) before they get the error message (well that is the plan anyway). Quote I'm feeling lucky today......maybe someone will answer my post! I do try and answer a simple post when I can just to give something back. ------------------------------------------------ PM me? - I'm not for hire Link to comment Share on other sites More sharing options...
spooks Posted January 24, 2010 Author Share Posted January 24, 2010 Uploaded new Version 1.1 Modified cleaning code to allow any 'latin' characters, other continants will need to modify the character class. Locked $HTTP_POST_VARS to $_POST for sanitise function. Fixed typo bug in account_secure.php. Created phone validation function in account_secure.php. Modified phone validation to use new function. Added fax input validation (only applied if input made). Added compatibility with Master Password, thanks to sky_diver for code. Added manual install, created by Tigergirl, thanks for the effort. Modified order of some input validations. Fixed year bug in dob input. Changed post code validation to depend on provided country instead of store country. Changed files: account_secure.php, account_edit.php, address_book_process.php, create_account.php, contact_us.php, english.php. UPGRADING If your upgading from any previous version, replace all the changed files listed in the Version History or modify your existing by comparing with the new versions. Keep your site safe Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
spooks Posted January 25, 2010 Author Share Posted January 25, 2010 email not cleaned Ok, I'll take a closer look as soon as I have a moment. I suspect this issue is related to your server settings, I have modified the sanitising function to allow, please can you confirm the issue is gone with the latest version. Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
sky_diver Posted January 25, 2010 Share Posted January 25, 2010 please can you confirm the issue is gone with the latest version Issue is now gone and all works correctly. Thank you! :thumbsup: With the checks in place as they are, there should be no need for an annoying CAPTCHA system, which will make things easier on the customer. Quote Link to comment Share on other sites More sharing options...
Munchies Posted January 25, 2010 Share Posted January 25, 2010 Uploaded new Version 1.1 I've downloaded the latest but I need the following function added to check if email exists: Thanks for any suggestions on how or where I add in inside your mod. /** Validate an email address. Provide email address (raw input) Returns true if the email address has the email address format and the domain exists. */ function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/',str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(checkdnsrr($domain,"MX"))) { // domain has no mail server $isValid = false; } } return $isValid; } Quote Link to comment Share on other sites More sharing options...
spooks Posted January 25, 2010 Author Share Posted January 25, 2010 That seems to be doing a very similar function to the current tep_validate_email, perhaps you just need to enable the domain check of the existing by enabling Verify E-Mail Addresses Through DNS ? Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Roaddoctor Posted January 26, 2010 Share Posted January 26, 2010 Spooks Not sure where my error is but when I try to login or create an account I am not able to. I've carefully installed 1.1 and double checked the work. I followed your intructions verbatim step by step and used winmerge along with the step by step to double check. I was careful. During login I place the username and password, submit, and the page loops back with the error "Error: No match for E-Mail Address and/or Password." and the email address used to login with is morphed to "p@l." During create account, when I click submit it loops back to create account with just "@l." remaining in the email field, the address is truncated to the number and the two street initials only... and most of the other lines are blanked. strong passwords at false old exist set to true I do have start martin master password installed 2.2rc2a on php/mysql5 Any ideas appreciated. I'll be triple checking in the meantime message me if you wish or care to look at the site directly Quote -Dave Link to comment Share on other sites More sharing options...
spooks Posted January 26, 2010 Author Share Posted January 26, 2010 It appears you have characters in the email that are being sanitised, what are the ones u have that are removed? Quote Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.