Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Password Encryption


kristianjacobi

Recommended Posts

I want to give my users access to a restricted page using authentication from the oscomm customers table (email/pass). I want to remove the password encryption. If that isn't possible. Is there a bit of simple code I could add to my login box that would encrypt my password? I am using basic DWMX php/msql connection to connect to the oscomm database and a straight forward login box. It will be on a page that is not an original oscomm page, just a php page I created in DWMX. If I change my password in the oscomm table, my login works. So I know it's the encryption I'm stuck on.

 

Any help would be greatly appreciated. Thx.

Kris Jacobi

Link to comment
Share on other sites

The easiest way to do this is probably to use the following code, which checks if the user is logged in:

  require('includes/application_top.php');

 if (!tep_session_is_registered('customer_id')) {
   $navigation->set_snapshot();
   tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
 }

Alternately, you can use the following code to check the password against the database:

////
// This funstion validates a plain text password with an
// encrpyted password
 function tep_validate_password($plain, $encrypted) {
   if (($plain != '') && ($encrypted != '')) {
// split apart the hash / salt
     $stack = explode(':', $encrypted);

     if (sizeof($stack) != 2) return false;

     if (md5($stack[1] . $plain) == $stack[0]) {
       return true;
     }
   }

   return false;
 }

Hth,

Matt

Link to comment
Share on other sites

Thanks you SO much for your reply. Sadly, I cannot get your code to work. I am learning php on the fly, and not well I might add. If i understand this code correctly, is it to be added to the page requiring authentication? That's where I added it.

 

If its not too much trouble, could you post or email me a more thorough example? The page I want to add it to most likely won't be a oscomm page but a .php page I create from scratch.

 

If this is too much trouble, I understand. thanks for responding!

 

Kris Jacobi

Link to comment
Share on other sites

Is the page that needs authentication in the osCommerce directory? If not, can you move it there? As written, the first code would need to be in the catalog directory to work.

 

A longer version of the second snippet?

    $check_customer_query = mysql_query("select customers_password from customers where customers_email_address = '" . $email_address . "'");
   if ($check_customer = mysql_fetch_array($check_customer_query)) {
     if (($HTTP_GET_VARS['password'] != '') && ($check_customer['customers_password'] != '')) {
// split apart the hash / salt
      $stack = explode(':', $check_customer['customers_password']);

      if ((sizeof($stack) != 2) || (md5($stack[1] . $HTTP_GET_VARS['password']) != $stack[0])) {
          // do something to make them try to log in again
        }
      }
    }
  } else; // make them try again
// If it gets this far, let them see the page

Hth,

Matt

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...