Post by reflexweb » Tue Mar 29, 2016 5:59 pm

Hi All

I have done an upgrade from 2.0.3.1 to 2.2.0.0.

Customers are now unable to login and the forgotten password link works and send the reset email to them, they then use the link in the email and they get a success message.

But they still cant login. I have looked at the oc_customer db table and using my own login to test, I can clearly see the password hash does not get changed and the salt is empty.

So by the looks of it the forgotten password does not actually update the database.....

Any ideas?

Kinds Roger

New member

Posts

Joined
Thu Jun 28, 2012 8:06 pm

Post by pprmkr » Tue Mar 29, 2016 8:22 pm

Looks like a bug:

controller/account/reset.php sends parameter customer_id:

Code: Select all

$this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']);
model/account/customer.php -> editPassword expects parameter $email:

Code: Select all

public function editPassword($email, $password) {

User avatar
Active Member

Posts

Joined
Sat Jan 08, 2011 11:05 pm
Location - Netherlands

Post by pprmkr » Tue Mar 29, 2016 8:28 pm

As function getCustomerByCode returns only customer_id and first and last name, you have to change in model/account/customer.php:

Code: Select all

	public function editPassword($email, $password) {
		$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
	}
Into:

Code: Select all

	public function editPassword($customer_id, $password) {
		$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE customer_id = '" . (int)$customer_id . "'");
	}

User avatar
Active Member

Posts

Joined
Sat Jan 08, 2011 11:05 pm
Location - Netherlands

Post by reflexweb » Tue Mar 29, 2016 9:16 pm

Many Thanks, the edit to customer.php as above worked.

Thanks again!

New member

Posts

Joined
Thu Jun 28, 2012 8:06 pm

User avatar
Active Member

Posts

Joined
Fri Mar 27, 2015 11:13 pm
Location - Denver, Colorado, USA

Post by mattpowers » Thu Apr 07, 2016 11:24 pm

I have a similar issue, and tried this fix, but came up with an error regarding the "code" part. Can someone help me with this? This is my code:

Code: Select all

	public function editPassword($customer_id, $password) {
		$this->event->trigger('pre.customer.edit.password');

		$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE customer_id = '" . (int)$customer_id . "'");

		$this->event->trigger('post.customer.edit.password');
	}
When I try it, I get this error:
"Notice: Error: Unknown column 'code' in 'field list'
Error No: 1054
Warning: Cannot modify header information - headers already sent by "

Had to delete part of the specifics, as this site keeps blocking me for pasting PHP output in here.
Any clues? Also, I am on 2.1.0.1, NOT 2.2, so it looks like things are a little different.
Thanks.

Newbie

Posts

Joined
Thu Dec 30, 2010 2:05 am

Post by meeka » Thu Jun 16, 2016 3:22 pm

So.. I followed the change in customer.php - and it worked!!! BUT... as soon as I tried to change the password once logged in - it DID NOT change the password.

When the forgot password didn't work, the change password when logged in worked fine.
Now that the forgot password worked, the change password when logged in doesn't work.

Did that happen to you guys as well?

Newbie

Posts

Joined
Thu Jun 16, 2016 3:18 pm

Post by ytest1205 » Sat Oct 08, 2016 7:45 am

meeka wrote:So.. I followed the change in customer.php - and it worked!!! BUT... as soon as I tried to change the password once logged in - it DID NOT change the password.

When the forgot password didn't work, the change password when logged in worked fine.
Now that the forgot password worked, the change password when logged in doesn't work.

Did that happen to you guys as well?
You followed wrong item. Every guy who follow above code and changed to $customer_id instead of $email will have same problem. Right thing is to pass customer email in parameter.

Newbie

Posts

Joined
Sat Oct 08, 2016 7:40 am

Post by huntbee » Wed Nov 02, 2016 5:34 pm

I have developed an ocmod fix for this issue. You can get it for free.

http://www.huntbee.com/fix-for-password ... rt-2-2-0-0

HuntBee OpenCart Services
https://www.huntbee.com
Image


User avatar
Newbie

Posts

Joined
Sun Nov 01, 2015 4:01 am
Location - India

Post by IP_CAM » Wed Nov 02, 2016 7:03 pm

well, Registration and Download worked, but it displayed an error atop of the checkout Page, just to mention it! ;)
Ernie

Code: Select all

Notice: Undefined index: cart_id in /home/content/69/10176169/html/huntbee.com/vqmod/vqcache/vq2-system_storage_modification_catalog_controller_checkout_success.php on line 9

For Sale: Turnkey URLs with Opencart installed
My present Opencart Testsite: http://www.velomech.ch/shop/
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
690 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by huntbee » Thu Nov 03, 2016 7:12 am

Thank you, Fixed it :)

HuntBee OpenCart Services
https://www.huntbee.com
Image


User avatar
Newbie

Posts

Joined
Sun Nov 01, 2015 4:01 am
Location - India

Post by JNeuhoff » Thu Nov 03, 2016 10:43 pm

Use this VQmod XML to fix this issue:

Code: Select all

<modification>
	<id>Bugfixes for customer account reset</id>
	<version>2.2.x-1.0</version>
	<vqmver>2.5.1</vqmver>
	<author>mhccorp.com</author>

	<file name="catalog/controller/account/reset.php">
		<operation>
			<search position="replace"><![CDATA[$this->model_account_customer->editPassword($customer_info['customer_id'],]]></search>
			<add><![CDATA[$this->model_account_customer->editPassword($customer_info['email'],]]></add>
		</operation>
	</file>
	<file name="catalog/model/account/customer.php">
		<operation>
			<search position="replace"><![CDATA[$query = $this->db->query("SELECT customer_id, firstname, lastname]]></search>
			<add><![CDATA[$query = $this->db->query("SELECT customer_id, firstname, lastname, email]]></add>
		</operation>
	</file>

</modification>
Also make sure to have a field named 'code' (varchar(40) in your 'oc_customer' DB table.

MHC Web Design
Override Engine * Integrated VQMod * Multilingual SEO * Instant Option Price Calculator * TrustPilot Reviews * Google Rich Snippets * Google Tag Manager * Export/Import Tool * Template Switcher PHP/Twig


User avatar
Expert Member

Posts

Joined
Wed Dec 05, 2007 3:38 am

Who is online

Users browsing this forum: No registered users and 27 guests