Jump to content


Photo

plaincart - admin login not working - urgent help!!!!


  • Please log in to reply
8 replies to this topic

#1 dragon42tt

dragon42tt
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 04 August 2006 - 04:56 PM


Hi everybody,

I successfully inserted "plaincart" into my website (i'm new) and everything seems to be working well until i try to login as admin, i get the following message;

"Wrong username or password"  ???

i am definetly using the correct username and password.

I followed a tutorial:
http://www.phpwebcommerce.com/

I found solution which worked for some people, this was;
  :-\
-------------------------------------------------------------
The problem seems to be with one line in this SQL query:

$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND
user_password = PASSWORD('$password')";

The login process works fine if you change the last line to just:

user_password = '$password'";
-----------------------------------------------------------------------

but the above amendment did not work for me, i also tried uploading the files using binary, still no luck.  :-\


If someone can help, it would be greatly appreciated.  ;)

The source code can be downloaded from:
http://www.phpwebcom...d/plaincart.zip

Thanks a lot.




#2 tritrek

tritrek
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 24 August 2006 - 09:10 PM

I would need that help as well! A superb shop but worth nothing when you can't log in!  :'(

#3 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 28 August 2006 - 04:10 AM

user_password = '$password'";


You're saying here that there is no encryption in the password. 

user_password = PASSWORD('$password')";

This method tries to match your password with the encrypted version in the database.  PASSWORD is not a very good encryption method though, so I would change it and all instances to md5.

admin/library/functions.php (line 39-43):
		// check the database and see if the username and password combo do match
		$sql = "SELECT user_id
		        FROM tbl_user 
				WHERE user_name = '$userName' AND user_password = md5('$password')";
		$result = dbQuery($sql);

admin/user/changePass.php (line 14-31):
if (isset($_POST['btnModify'])) {
	$userId      = $_SESSION['userId'];
	$oldPassword = $_POST['txtOldPassword'];
	$newPassword = $_POST['txtNewPassword1'];
	
	$sql = "SELECT userId FROM tbl_user WHERE userId = $userId AND password = md5('$oldPassword')";
	$result = mysql_query($sql) or die(mysql_error());
	if (mysql_num_rows($result) != 1) {
		$errorMessage = 'Old password is incorrect';
	} else {	
		$sql = "UPDATE tbl_user 
				SET password = md5('$newPassword')
				WHERE userId = $userId";
		mysql_query($sql) or die('Modify failed. ' . mysql_error());
		header('Location: index.php');
		exit;			
	}	
}

admin/user/processUser.php (line 50-58):

	if (dbNumRows($result) == 1) {
		header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));	
	} else {			
		$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
		          VALUES ('$userName', md5('$password'), NOW())";
	
		dbQuery($sql);
		header('Location: index.php');	
	}

admin/user/processUser.php (line 64-76):
function modifyUser()
{
	$userId   = (int)$_POST['hidUserId'];	
	$password = $_POST['txtPassword'];
	
	$sql   = "UPDATE tbl_user 
	          SET user_password = md5('$password')
			  WHERE user_id = $userId";

	dbQuery($sql);
	header('Location: index.php');	

}

After you've changed each of these, re-encrypt the password with md5 in your database (phpMyAdmin would be easiest), then try to login.

Hope that helps

#4 imjustakid

imjustakid
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 03 March 2007 - 02:45 PM

Hi! quasiman. Sorry, how to encrypt a password with md5 in phpmyadmin?

#5 gazever

gazever
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationUnited Kingdom

Posted 05 March 2007 - 05:22 PM

create your password, encrypt it here http://www.spywire.n...-encryption.php then enter the md5 exncrytion value into your sql database using phpmyadmin.

#6 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 07 March 2007 - 06:22 PM

Why would you encrypt it there, when phpMyAdmin does md5 encryption on it's own?

  • Login to phpMyAdmin
  • Select the database you're using for plaincart
  • Select the users table
  • Click the Insert tab
  • Type your password into the Value section for the password column
  • Under the Function dropdown, select MD5
  • Whatever else you need to do (add/change/remove information)
  • Press the Go button
  • All done


#7 imjustakid

imjustakid
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 08 March 2007 - 07:21 AM

quasiman still have a problem when i encrypt the password using your steps, here's is what i got

SQL query: Edit

INSERT INTO `tbl_user` ( `user_id` , `user_name` , `user_password` , `user_regdate` , `user_last_login` )
VALUES (
NULL , '', MD5( 'please' ) , '0000-00-00 00:00:00', '0000-00-00 00:00:00'
), (
NULL , '', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00'
)

MySQL said: Documentation
#1062 - Duplicate entry '' for key 2

#8 imjustakid

imjustakid
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 08 March 2007 - 07:39 AM

i used gazever encryption, thanks man! :).. also thanks to quasiman (hands down) you both a great help to me, thanks.

#9 quasiman

quasiman
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationPortland, Oregon

Posted 08 March 2007 - 08:03 AM

#1062 - Duplicate entry '' for key 2

That's saying there's a problem with your primary key field - "user_id".  It should be an auto_increment field, is it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users