Jump to content

Recommended Posts

[color=black]
Hi everybody,

I successfully inserted "plaincart" into my website (i'm new) and everything seems to be working well until i try to login as admin, i get the following message;

"Wrong username or password"  ???

i am definetly using the correct username and password.

I followed a tutorial:
http://www.phpwebcommerce.com/

I found solution which worked for some people, this was;
  :-\
-------------------------------------------------------------
The problem seems to be with one line in this SQL query:

$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND
user_password = PASSWORD('$password')";

The login process works fine if you change the last line to just:

user_password = '$password'";
-----------------------------------------------------------------------

but the above amendment did not work for me, i also tried uploading the files using binary, still no luck.  :-\


If someone can help, it would be greatly appreciated.  ;)

The source code can be downloaded from:
http://www.phpwebcommerce.com/download/plaincart.zip

Thanks a lot.


[/color]
  • 3 weeks later...
[quote]user_password = '$password'";[/quote]

You're saying here that there is no encryption in the password. 

[quote]user_password = PASSWORD('$password')";[/quote]
This method tries to match your password with the encrypted version in the database.  PASSWORD is not a very good encryption method though, so I would change it and all instances to md5.

admin/library/functions.php (line 39-43):
[code=php:0]
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
        FROM tbl_user
WHERE user_name = '$userName' AND user_password = md5('$password')";
$result = dbQuery($sql);
[/code]

admin/user/changePass.php (line 14-31):
[code=php:0]
if (isset($_POST['btnModify'])) {
$userId      = $_SESSION['userId'];
$oldPassword = $_POST['txtOldPassword'];
$newPassword = $_POST['txtNewPassword1'];

$sql = "SELECT userId FROM tbl_user WHERE userId = $userId AND password = md5('$oldPassword')";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) != 1) {
$errorMessage = 'Old password is incorrect';
} else {
$sql = "UPDATE tbl_user
SET password = md5('$newPassword')
WHERE userId = $userId";
mysql_query($sql) or die('Modify failed. ' . mysql_error());
header('Location: index.php');
exit;
}
}
[/code]

admin/user/processUser.php (line 50-58):

[code=php:0]
if (dbNumRows($result) == 1) {
header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));
} else {
$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
          VALUES ('$userName', md5('$password'), NOW())";

dbQuery($sql);
header('Location: index.php');
}
[/code]

admin/user/processUser.php (line 64-76):
[code=php:0]
function modifyUser()
{
$userId   = (int)$_POST['hidUserId'];
$password = $_POST['txtPassword'];

$sql   = "UPDATE tbl_user
          SET user_password = md5('$password')
  WHERE user_id = $userId";

dbQuery($sql);
header('Location: index.php');

}
[/code]

After you've changed each of these, re-encrypt the password with md5 in your database (phpMyAdmin would be easiest), then try to login.

Hope that helps
  • 6 months later...
Why would you encrypt it there, when phpMyAdmin does md5 encryption on it's own?

[list]
[*]Login to phpMyAdmin
[*]Select the database you're using for plaincart
[*]Select the users table
[*]Click the Insert tab
[*]Type your password into the Value section for the password column
[*]Under the Function dropdown, select MD5
[*]Whatever else you need to do (add/change/remove information)
[*]Press the Go button
[*]All done
[/list]
quasiman still have a problem when i encrypt the password using your steps, here's is what i got

SQL query: Edit

INSERT INTO `tbl_user` ( `user_id` , `user_name` , `user_password` , `user_regdate` , `user_last_login` )
VALUES (
NULL , '', MD5( 'please' ) , '0000-00-00 00:00:00', '0000-00-00 00:00:00'
), (
NULL , '', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00'
)

MySQL said: Documentation
#1062 - Duplicate entry '' for key 2
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.