candycanes Posted April 14, 2011 Share Posted April 14, 2011 Hi There, When a user goes to login.php and logs in, it redirects to account.php. But if a user clicks the forgotten_password link, and submits their email address, they get redirected to login.php. From here, if they put their new password from the email in, it just reloads login.php with the messageStack mesasge of 'a new password has been emailed to you' and the text 'the contents of your visitor basket will be added to your member basket once you have logged in' instead of redirecting to account.php. Obviously this makes people think the new password is broken, as they don't notice they have actually been logged in successfully. I can't find a way to fix this, I've read lots of posts here but not yet found a solution. Can anybody help me? In app_top.php I have: if ( (basename($PHP_SELF) != FILENAME_LOGIN) && (basename($PHP_SELF) != FILENAME_LOGOFF) && (!strstr($PHP_SELF,'create')) && (!strstr($PHP_SELF,'popup'))) { $navigation->set_snapshot(); } in login.php I have: / redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started) if ($session_started == false) { tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); } require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN); $error = false; if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); // Check if email exists $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (!tep_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = tep_db_fetch_array($check_customer_query); // Check that password is good if (!tep_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); // restore cart contents $cart->restore_contents(); if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href); } else { tep_redirect(tep_href_link(FILENAME_DEFAULT)); } } } } if ($error == true) { $messageStack->add('login', TEXT_LOGIN_ERROR); } And in password_forgotten.php I have: if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) { $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']); $check_customer_query = tep_db_query("select customers_firstname, customers_lastname, customers_password, customers_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (tep_db_num_rows($check_customer_query)) { $check_customer = tep_db_fetch_array($check_customer_query); $new_password = tep_create_random_value(ENTRY_PASSWORD_MIN_LENGTH); $crypted_password = tep_encrypt_password($new_password); tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'"); $email_text = EMAIL_TEMPLATE_START; $email_text .= sprintf(EMAIL_PASSWORD_REMINDER_BODY, $new_password); $email_text .= EMAIL_TEMPLATE_END; tep_mail($check_customer['customers_firstname'] . ' ' . $check_customer['customers_lastname'], $email_address, EMAIL_PASSWORD_REMINDER_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); $messageStack->add_session('login', SUCCESS_PASSWORD_SENT, 'success'); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } else { $messageStack->add('password_forgotten', TEXT_NO_EMAIL_ADDRESS_FOUND); } } Any variations from the standard install were not made by me :) Thanks for your help! Link to comment Share on other sites More sharing options...
germ Posted April 14, 2011 Share Posted April 14, 2011 I solved the problem like this. In login.php I changed this code: if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); tep_redirect($origin_href); To this: if (sizeof($navigation->snapshot) > 0) { $origin_href = tep_href_link($navigation->snapshot['page'], tep_array_to_string($navigation->snapshot['get'], array(tep_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); if ( strpos($origin_href, 'forgot') !== false ) tep_redirect(tep_href_link(FILENAME_DEFAULT)); else tep_redirect($origin_href); Not a perfect solution but it works. If they came from the "password forgotten" page after login they are sent to the index page. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
candycanes Posted April 15, 2011 Author Share Posted April 15, 2011 Ah yes I see your logic, thanks for that. I'm not very advanced at php so some things just totally baffle me, and the snapshot functionality is one of those things! I was so focussed on trying to decode it I didn't think of the simple work around option. Thanks very much! Susan Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.