dragon42tt Posted August 4, 2006 Share Posted August 4, 2006 [color=black]Hi everybody,I successfully inserted "plaincart" into my website (i'm new) and everything seems to be working well until i try to login as admin, i get the following message; "Wrong username or password" ???i am definetly using the correct username and password.I followed a tutorial:http://www.phpwebcommerce.com/I found solution which worked for some people, this was; :-\-------------------------------------------------------------The problem seems to be with one line in this SQL query:$sql = "SELECT user_idFROM tbl_userWHERE user_name = '$userName' ANDuser_password = PASSWORD('$password')";The login process works fine if you change the last line to just:user_password = '$password'";-----------------------------------------------------------------------but the above amendment did not work for me, i also tried uploading the files using binary, still no luck. :-\If someone can help, it would be greatly appreciated. ;)The source code can be downloaded from:http://www.phpwebcommerce.com/download/plaincart.zipThanks a lot.[/color] Quote Link to comment Share on other sites More sharing options...
tritrek Posted August 24, 2006 Share Posted August 24, 2006 I would need that help as well! A superb shop but worth nothing when you can't log in! :'( Quote Link to comment Share on other sites More sharing options...
quasiman Posted August 28, 2006 Share Posted August 28, 2006 [quote]user_password = '$password'";[/quote]You're saying here that there is no encryption in the password. [quote]user_password = PASSWORD('$password')";[/quote]This method tries to match your password with the encrypted version in the database. PASSWORD is not a very good encryption method though, so I would change it and all instances to md5.admin/library/functions.php (line 39-43):[code=php:0] // check the database and see if the username and password combo do match $sql = "SELECT user_id FROM tbl_user WHERE user_name = '$userName' AND user_password = md5('$password')"; $result = dbQuery($sql);[/code]admin/user/changePass.php (line 14-31):[code=php:0]if (isset($_POST['btnModify'])) { $userId = $_SESSION['userId']; $oldPassword = $_POST['txtOldPassword']; $newPassword = $_POST['txtNewPassword1']; $sql = "SELECT userId FROM tbl_user WHERE userId = $userId AND password = md5('$oldPassword')"; $result = mysql_query($sql) or die(mysql_error()); if (mysql_num_rows($result) != 1) { $errorMessage = 'Old password is incorrect'; } else { $sql = "UPDATE tbl_user SET password = md5('$newPassword') WHERE userId = $userId"; mysql_query($sql) or die('Modify failed. ' . mysql_error()); header('Location: index.php'); exit; } }[/code]admin/user/processUser.php (line 50-58):[code=php:0] if (dbNumRows($result) == 1) { header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one')); } else { $sql = "INSERT INTO tbl_user (user_name, user_password, user_regdate) VALUES ('$userName', md5('$password'), NOW())"; dbQuery($sql); header('Location: index.php'); }[/code]admin/user/processUser.php (line 64-76):[code=php:0]function modifyUser(){ $userId = (int)$_POST['hidUserId']; $password = $_POST['txtPassword']; $sql = "UPDATE tbl_user SET user_password = md5('$password') WHERE user_id = $userId"; dbQuery($sql); header('Location: index.php'); }[/code]After you've changed each of these, re-encrypt the password with md5 in your database (phpMyAdmin would be easiest), then try to login.Hope that helps Quote Link to comment Share on other sites More sharing options...
imjustakid Posted March 3, 2007 Share Posted March 3, 2007 Hi! quasiman. Sorry, how to encrypt a password with md5 in phpmyadmin? Quote Link to comment Share on other sites More sharing options...
gazever Posted March 5, 2007 Share Posted March 5, 2007 create your password, encrypt it here [url=http://www.spywire.net/password-encryption.php]http://www.spywire.net/password-encryption.php[/url] then enter the md5 exncrytion value into your sql database using phpmyadmin. Quote Link to comment Share on other sites More sharing options...
quasiman Posted March 7, 2007 Share Posted March 7, 2007 Why would you encrypt it there, when phpMyAdmin does md5 encryption on it's own?[list][*]Login to phpMyAdmin[*]Select the database you're using for plaincart[*]Select the users table[*]Click the Insert tab[*]Type your password into the Value section for the password column[*]Under the Function dropdown, select MD5[*]Whatever else you need to do (add/change/remove information)[*]Press the Go button[*]All done[/list] Quote Link to comment Share on other sites More sharing options...
imjustakid Posted March 8, 2007 Share Posted March 8, 2007 quasiman still have a problem when i encrypt the password using your steps, here's is what i got SQL query: EditINSERT INTO `tbl_user` ( `user_id` , `user_name` , `user_password` , `user_regdate` , `user_last_login` )VALUES (NULL , '', MD5( 'please' ) , '0000-00-00 00:00:00', '0000-00-00 00:00:00'), (NULL , '', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00')MySQL said: Documentation#1062 - Duplicate entry '' for key 2 Quote Link to comment Share on other sites More sharing options...
imjustakid Posted March 8, 2007 Share Posted March 8, 2007 i used gazever encryption, thanks man! :).. also thanks to quasiman (hands down) you both a great help to me, thanks. Quote Link to comment Share on other sites More sharing options...
quasiman Posted March 8, 2007 Share Posted March 8, 2007 #1062 - Duplicate entry '' for key 2That's saying there's a problem with your primary key field - "user_id". It should be an auto_increment field, is it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.