administrators_v1.4.4

[Madinson]

Hi all::

 

I'm using administrators_v1.4.4, (with the vers_22_ms1 of oscom) everything is online... in the wright folders. I followed the instructions "readme, Login and Logoff for osCommerce Administrators".

 

After all there is no need of login/logoff. Those files I put in the admin-folder....

 

..did anyone had this problem...too?? :shock:

 

thanks anyway

[Madinson]

Now i did everything right (think so...).

Every file in the right folder

 

I get the loginfields. Then I type in: admin/admin..but: I cannot Login.

Maybe the mistake is here...because I could not fill in the '0' in the default field:

 

CREATE TABLE administrators (

administrator_id int(11) DEFAULT '0' NOT NULL auto_increment,

 

 

please could someone help me now:::??

[♥radders]

I'm not sure that default '0' makes any sense for an auto increment field. Are you sure that is right?

[Madinson]

HM:::

I would say: I don't know much about the table structure...thats why i ask....maybe you or someone could help me.

Here is the part for table creation:

 

1. You'll need to add the following table to your osCommerce database.

You'll also need to manually add at least one admin (that's why there's an insert statement after the create table).

This Administrator has full access permissions. The UserName is admin and the password is admin.

 

 

DROP TABLE IF EXISTS administrators;

CREATE TABLE administrators (

administrator_id int(11) DEFAULT '0' NOT NULL auto_increment,

username varchar(20) NOT NULL,

password varchar(20) NOT NULL,

allowed_pages varchar(255) DEFAULT '*' NOT NULL,

PRIMARY KEY (administrator_id)

);

 

INSERT INTO administrators VALUES ( '1', 'admin', PASSWORD('admin'), '*');

[M@rcel]

Did you check with phpmyadmin if the row is inserted?

[Madinson]

Yes I did:

I inserted an admin named admin with all rights '*'.

 

Watch out the screenshot:

 

 

[♥radders]

I can't see the insert on that view.

Did you do it like this:

INSERT INTO administrators VALUES ( '1', 'admin', 'admin', '*');

[Madinson]

yes ...i did....tried several admins:

 

 

I realy wonder whats wrong.....

[M@rcel]

You do not have, by any chance, your cAPSlOCK on? No, I didn't think so!

[M@rcel]

I took a look at the password() function. This returns an encrypted string. I think this should have been in the table. But the password in the table is plain text. Perhaps that's the problem :idea:

[♥radders]

Once you have set up the table then from your admin you change the password. It will then be encrypted

[M@rcel]

So, delete all your rows and insert this one:

 

INSERT INTO administrators VALUES ( '1', 'admin', password('admin'), '*');

[Madinson]

hm...i don't really know.

 

I set the type of the password row to "UNIQUE"...the orthers are fulltext.

I took the files again...and put them into the right folders ....no effect.

hm...

hmm....maybe i should ask matthias directly....

[M@rcel]

In the display of your password rows I see plaintext passwords. The sql-statement in your posts indicate the use of the password() function. The use of this function would show an encrypted password if you look at the table, not a plaintext one.

 

You can try to execute the line in my previous post against your database.

 

Perhaps it's safer to contact the author.

[apodigm]

I am noticing something similar. Basically when you try to log in the fields clear and you end up right back at the login page.

 

Here is the weird part about it. I can log in fine if I use IE 5.5 or higher or NS7. But if I use IE 5 or an older version of NS (4.7) it doesn't work.

 

I was thinking that I messed up something when I went to MS1 recently, too. (perhaps the GZip or something like that?)

 

I have looked through it and it looks fine. the password functions were changed, but I reverted back to the earlier version and corrected the 'administrator_id' to 'admin_id' that was changed for some reason in the newer admin contrib.

 

Any thoughts?

[Madinson]

Hi M@rcel...

 

...weeks later I begin to understand.

Thanks I'll work on it!!!

[apodigm]

It is even stranger than I thought. My end customer is using IE6.0 (just like me). I don't understand why I can log in and he can't.

 

I'm thinking it is either in the functions/administrators.php

or misc_functions....

 

JG

[Madinson]

...Hi guys:

 

I have choosen "encryted" for the password. It still doesen't work.

I tried IE 6.0 and NS 7.0.

 

I would like to hear..that its running stable??! :oops: :oops:

[apodigm]

well... here is something I found....

       {

           if ( !tep_session_is_registered( 'login_id' ) )  

           {

It appears that this function is stored in the functions/sessions.php file. But since I did not have

   if ( STORE_SESSIONS == 'mysql' )

that function file was not being loaded.

 

I just commented the if part and let the file load.

 

Let's hope that fixes it. :?

[apodigm]

Here was my resulting code in the functions/administrators.php file:

 

    // include mysql session storage handler

//    if ( STORE_SESSIONS == 'mysql' ) 

//    {

       include_once( DIR_WS_FUNCTIONS . 'sessions.php' );

//    }

   

   function RequireLoginValidForPage( $aRetPage )

   {

   global $PHP_SELF, $in_login, $login_id, $aADMPages;

    

       $aThisPage = basename( $PHP_SELF );

       //print( "$login_id<br>" );

       $aRetPage  = str_replace( $aThisPage, 'index.php', $aRetPage );

$aRetPage = 'index.php';       

       if ( empty( $in_login ) )

       {

           if ( !tep_session_is_registered( 'login_id' ) ) 

           {

           tep_redirect(tep_href_link('login.php','in_login=yes&retpage=' . urlencode($aRetPage)));

           }

           else

           {

 

I can't really validate it unfortunately, because I was always able to log in. It will be a day before my end customer can test it on his work computer. (ironically he logs in fine on his home computer) I can't imagine that this would be the problem but I have tried most everything else.

 

I am also using the encrypted passwords that were from version ?1.2 and somehow got removed in the transition to 1.4.

[apodigm]

OK... I realize after posting that snip that I have actually modified a lot of code and I don't know if it will work for you.

 

I will have the end customer test again tomorrow and see if it works and then I will send all the necessary code if it fixes the problem.

 

I'm convinced that this may be the solution. In my code I use the 'tep_redirect' function instead of the "header:" code that was originally supplied. In order to accomplish that I needed to move my call to

RequireLoginValidForPage( $REQUEST_URI );

a few lines lower in application_top so that it is below the general.php functions. the way you can test to see if this is the problem is to try to log in (which will register your session). Then type in the URL box to replace the login.php call to index.php and see if it allows you. If it does then it means you successfully authenticated, but you were sent back to the login page because of the RequireLoginValidForPage call.

 

Since I can't test it I am only speculating. I'd like to know if htat works for someone that is still having problems. I also have no clue why it work work for only some computers and not others. This leaves some doubt in my mind whether this is actually the solution.

[howgo]

Hello,

 

what modifications are made in 1.4.5fix compared with 1.4.5 ?

Only around files or in db too ?

 

http://www.oscommerce.com/community/contributions,1

 

 

Thank you

 

Andreas

[apodigm]

Well... I have been unsuccessful in getting around this admin login problem. I'm convinced it has something to do with the session code or with the admin stuff. Basically, the admin tries to log in, but even if the correct username/password is supplied, they get redirected back to the admin login page. It also appears from my other testing that the admin session does not get registered.

 

I'm going to dump out all the admin stuff from DB and files and true up with MS1 again. Then I am going to install the new contrib "Admin accounts with access levels"

http://www.oscommerce.com/forums/viewtopic.php...1447&highlight=

 

I'm hoping this solves the problem! Does anyone have any other ideas or fixed this same problem yet?

[Obewanz]

You might want to try using the following code, and leaving the password field blank on the first login. Then change the password from within the admin pages. That should put the proper encrypted password back into the database.

 

INSERT INTO administrators VALUES ( '1', 'admin', '', '*');

 

If the above line doesn't work for you, try replacing the '' with the word NULL. I can't remember if that was required on MySQL or MSSQL.

 

Hopefully this will help 8)

[Madinson]

Thanks to all:::

 

I took oscommerce 2.2 MS1 and the new administrators_v1.4.5fix

http://www.oscommerce.com/community/contributions,1

 

Then I left the password-field ( in the MySQL-Database) blank....and it works (at the login just take return for the password)!!!!

Now you can log in and create new admins.

 

So I would say it would be cool to change the readme-File...for this contribution??

Thanks for this really got work and your all help (es. obewanz!!)!!!!! :P :P

 

ooops:: Don't forget to create a password for the admin...after all.