Jump to content

Archived

This topic is now archived and is closed to further replies.

dragon42tt

plaincart - admin login not working - urgent help!!!!

Recommended Posts

[color=black]
Hi everybody,

I successfully inserted "plaincart" into my website (i'm new) and everything seems to be working well until i try to login as admin, i get the following message;

"Wrong username or password"  ???

i am definetly using the correct username and password.

I followed a tutorial:
http://www.phpwebcommerce.com/

I found solution which worked for some people, this was;
  :-\
-------------------------------------------------------------
The problem seems to be with one line in this SQL query:

$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND
user_password = PASSWORD('$password')";

The login process works fine if you change the last line to just:

user_password = '$password'";
-----------------------------------------------------------------------

but the above amendment did not work for me, i also tried uploading the files using binary, still no luck.  :-\


If someone can help, it would be greatly appreciated.  ;)

The source code can be downloaded from:
http://www.phpwebcommerce.com/download/plaincart.zip

Thanks a lot.


[/color]

Share this post


Link to post
Share on other sites
I would need that help as well! A superb shop but worth nothing when you can't log in!  :'(

Share this post


Link to post
Share on other sites
[quote]user_password = '$password'";[/quote]

You're saying here that there is no encryption in the password. 

[quote]user_password = PASSWORD('$password')";[/quote]
This method tries to match your password with the encrypted version in the database.  PASSWORD is not a very good encryption method though, so I would change it and all instances to md5.

admin/library/functions.php (line 39-43):
[code=php:0]
// check the database and see if the username and password combo do match
$sql = "SELECT user_id
        FROM tbl_user
WHERE user_name = '$userName' AND user_password = md5('$password')";
$result = dbQuery($sql);
[/code]

admin/user/changePass.php (line 14-31):
[code=php:0]
if (isset($_POST['btnModify'])) {
$userId      = $_SESSION['userId'];
$oldPassword = $_POST['txtOldPassword'];
$newPassword = $_POST['txtNewPassword1'];

$sql = "SELECT userId FROM tbl_user WHERE userId = $userId AND password = md5('$oldPassword')";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) != 1) {
$errorMessage = 'Old password is incorrect';
} else {
$sql = "UPDATE tbl_user
SET password = md5('$newPassword')
WHERE userId = $userId";
mysql_query($sql) or die('Modify failed. ' . mysql_error());
header('Location: index.php');
exit;
}
}
[/code]

admin/user/processUser.php (line 50-58):

[code=php:0]
if (dbNumRows($result) == 1) {
header('Location: index.php?view=add&error=' . urlencode('Username already taken. Choose another one'));
} else {
$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
          VALUES ('$userName', md5('$password'), NOW())";

dbQuery($sql);
header('Location: index.php');
}
[/code]

admin/user/processUser.php (line 64-76):
[code=php:0]
function modifyUser()
{
$userId   = (int)$_POST['hidUserId'];
$password = $_POST['txtPassword'];

$sql   = "UPDATE tbl_user
          SET user_password = md5('$password')
  WHERE user_id = $userId";

dbQuery($sql);
header('Location: index.php');

}
[/code]

After you've changed each of these, re-encrypt the password with md5 in your database (phpMyAdmin would be easiest), then try to login.

Hope that helps

Share this post


Link to post
Share on other sites
create your password, encrypt it here [url=http://www.spywire.net/password-encryption.php]http://www.spywire.net/password-encryption.php[/url] then enter the md5 exncrytion value into your sql database using phpmyadmin.

Share this post


Link to post
Share on other sites
Why would you encrypt it there, when phpMyAdmin does md5 encryption on it's own?

[list]
[*]Login to phpMyAdmin
[*]Select the database you're using for plaincart
[*]Select the users table
[*]Click the Insert tab
[*]Type your password into the Value section for the password column
[*]Under the Function dropdown, select MD5
[*]Whatever else you need to do (add/change/remove information)
[*]Press the Go button
[*]All done
[/list]

Share this post


Link to post
Share on other sites
quasiman still have a problem when i encrypt the password using your steps, here's is what i got

SQL query: Edit

INSERT INTO `tbl_user` ( `user_id` , `user_name` , `user_password` , `user_regdate` , `user_last_login` )
VALUES (
NULL , '', MD5( 'please' ) , '0000-00-00 00:00:00', '0000-00-00 00:00:00'
), (
NULL , '', '', '0000-00-00 00:00:00', '0000-00-00 00:00:00'
)

MySQL said: Documentation
#1062 - Duplicate entry '' for key 2

Share this post


Link to post
Share on other sites
i used gazever encryption, thanks man! :).. also thanks to quasiman (hands down) you both a great help to me, thanks.

Share this post


Link to post
Share on other sites
#1062 - Duplicate entry '' for key 2

That's saying there's a problem with your primary key field - "user_id".  It should be an auto_increment field, is it?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.