Post by docroesner » Thu Mar 31, 2016 7:29 am

I installed 2.2.0.0 and migrated from my old 1.5 installation.
No problem so far. All logins continue to work.
There are just people who forgot their passwords and here I see an issue:

The password forgotten/reset function does not work.
No error message is displayed but here is what happens:

After clicking the Email link for resetting the password you type in a new password and confirm it.
No problem. The software shows the success message.
But logging in with the new password does not work.

I checked the steps.
After submitting the formular containing the new password at
http://[www.yourshopurl.com]/index.php?route=account/reset&code=

Code: Select all

nothing is updated in the customer-table. There is the same password-code and salt-code as before and even the code field remains unaltered.
So, testing this, I still succeed logging in with my supposedly forgotten old password and the new one which I intended to set, does not work.
BTW, changing the password after being logged in works without problem.

Looking up the error_log: nothing.
Looking up the access_log: shows that I retrieved the reset formular page correctly. Then it shows the post of the formular and the redirect to the index.php?route=account/login - all as intended.
The only problem is that the new password doesn't get stored in the database table 'oc_customer'.

Anyone with a similar problem?
I downloaded and installed the 2.2.0.0-compiled.zip
Any help?

Best regards
Wolfgang

User avatar
Newbie

Posts

Joined
Sat Jan 21, 2012 11:17 pm


Post by kirkhall » Thu Mar 31, 2016 7:45 am

I have seen a similar issue but the solution won't apply to you unless the answer to the following is yes.
Did your previous 1.5 installation of opencart use a database that was migrated from another e-commerce platform, like for example oscommerce?

Newbie

Posts

Joined
Thu May 22, 2014 11:31 am
Location - Missouri, USA

Post by docroesner » Thu Mar 31, 2016 8:02 am

no but thanks for caring anyway.
I looked up the code and come to this consideration:

The scripts that apply for resetting the password are:
catalog/controller/account/reset.php
catalog/model/account/customer.php

in customer.php there is called the function
getCustomerByCode($code)
and then obviously
editPassword($email, $password)

getCustomerByCode($code) says:
"SELECT customer_id, firstname, lastname FROM `" . DB_PREFIX . "customer` WHERE code = '" . $this->db->escape($code) . "' AND code != ''"

That is fine but editPassword($email, $password) needs the email in order to update the password to the new value!

I'll go ahead and alter the script into
"SELECT customer_id, firstname, lastname, email FROM `" . DB_PREFIX . "customer` WHERE code = '" . $this->db->escape($code) . "' AND code != ''"
I'll report whether this gets the script working.

User avatar
Newbie

Posts

Joined
Sat Jan 21, 2012 11:17 pm


Post by docroesner » Thu Mar 31, 2016 8:29 am

It works as soon as I also modified catalog/controller/account/reset.php where it says
$this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']);

That cant work since editPassword needs the customer email.
Modify into:
$this->model_account_customer->editPassword($customer_info['email'], $this->request->post['password']);

Together with the adaption in catalog/model/account/customer.php it works as intended.

I wonder why nobody else came across this script error yet!

User avatar
Newbie

Posts

Joined
Sat Jan 21, 2012 11:17 pm


Post by EvolveWebHosting » Thu Mar 31, 2016 9:07 am

I think this topic is the same that you're referring to:

http://forum.opencart.com/viewtopic.php?f=190&t=160186

Image
https://www.evolvewebhost.com
Unhappy with your current host? We can migrate your account today (usually for no fee)! Visit our website and signup and we'll take care of the rest!
24/7/365 support
Image


User avatar

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by docroesner » Thu Mar 31, 2016 10:00 am

yes, kind of.
I prefer using my solution since the password is email associated not necessarily customer_id associated.
When soliciting the password reset, people provide their email address, not their customer_id.
Some customers have more than one customer_id but with the same email address, as I notice.
I do not know what happens when they change the password of one id, the other id remains with the forgotten password?
WR

User avatar
Newbie

Posts

Joined
Sat Jan 21, 2012 11:17 pm


Post by shaftoe » Thu Oct 06, 2016 8:34 pm

Excellent solution! Thanks a lot.

Newbie

Posts

Joined
Fri May 20, 2016 4:38 pm

Post by huntbee » Wed Nov 02, 2016 5:33 pm

I have developed an ocmod fix to this issue. You can download it for free.

http://www.huntbee.com/fix-for-password ... rt-2-2-0-0

HuntBee OpenCart Services
http://www.huntbee.com
Image


User avatar
Newbie

Posts

Joined
Sun Nov 01, 2015 4:01 am
Location - India

Post by hrm143 » Sat Dec 03, 2016 2:30 am

huntbee wrote:I have developed an ocmod fix to this issue. You can download it for free.

http://www.huntbee.com/fix-for-password ... rt-2-2-0-0
thanks...works beautifully

Newbie

Posts

Joined
Sun Jun 01, 2014 3:16 am

Post by shadowman06 » Sat Mar 11, 2017 3:55 am

docroesner - Have you found or know of the fix for both customer login and password reset.? Neither of mine work. Also is there an issue with HTTPS in the same manner?
Thanks
Stephen

reliantapparel.com

Newbie

Posts

Joined
Mon Jul 08, 2013 10:15 am

Post by bogogrowth@gmail.com » Wed May 10, 2017 3:33 pm

huntbee wrote:
Wed Nov 02, 2016 5:33 pm
I have developed an ocmod fix to this issue. You can download it for free.

http://www.huntbee.com/fix-for-password ... rt-2-2-0-0
Hi Huntbee,
I have already used your services , Happy to see you again. I need to know does this extension works with OC 2.3.0.2 . Please let me know. i am also facing the same issue.


Posts

Joined
Mon Oct 10, 2016 10:07 pm

Post by Oksana2017 » Wed May 10, 2017 6:54 pm

Cool! It works. Thanks for the help.

amazingcart.us easy app for Opencart


Newbie

Posts

Joined
Wed May 10, 2017 6:16 pm
Who is online

Users browsing this forum: No registered users and 14 guests