Post by boiler » Sat Apr 07, 2018 1:07 am

got new debug again
even when trying to running the sql query through phpmyadmin the result is empty

look at this code

Code: Select all

if ($override) {
			$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND status = '1'");
		} else {
			$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape($password) . "') AND status = '1' ");
		}
is generating the sql query below

Code: Select all

SELECT * FROM oc_customer WHERE LOWER(email) = 'nsetiono@gmail.com' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('xdvc09x'))))) OR password = '6fba2c0fe514075bf613239bd6e17e52') AND status = '1'
when trying to look the value of the password it was different from the value that are being used on the sql query

Code: Select all

$2y$10$LCjPkkGhSYMEhORCYxghBePihKXxwlOOOU5Q3zhg8hh82KU8ohi1.
the hash value is different between the query and the value inside the database
any idea how to make it same

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by boiler » Sat Apr 07, 2018 1:43 am

forgot to mention this
the customer register model generate salt from function token(9), where I can find that function ?

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by straightlight » Sat Apr 07, 2018 2:49 am

system/helper folder. Use TextCrawler to find the keywords that you are looking for.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by boiler » Sat Apr 07, 2018 3:24 am

It's worked now, I had change the sql query on register so the salt are added to the database but i got new error messages below now
Notice: Undefined property: Proxy::addLogin in /home/marketplace/public_html/original/catalog/controller/account/login.php on line 43

line 43

Code: Select all

if ($this->customer->isLogged()) {
			$this->response->redirect($this->url->link('account/account', '', true));
		}
Regards
Nicolas

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by straightlight » Sat Apr 07, 2018 3:32 am

Then, it's not because it works. This error message appeared due to modifications prior.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by boiler » Sat Apr 07, 2018 3:38 am

Na, the problem before is because the salt is not added to the database
I had making a modification so when a customer register the salt are added to the database and not empty

When checking under phpmyadmin using the query i had post above its worked and showing me the result, not empty result

Anyway can you please explain to me what is Proxy:AddLogin for ?
In OC1 there is no Proxy:AddLogin if i'm not wrong remembering

Regards
Nicolas

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by straightlight » Sat Apr 07, 2018 3:41 am

So far ... since this reported issue is not frequently reported by other users ... I'd say it looks like a server issue.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by boiler » Sat Apr 07, 2018 3:52 am

The server running latest cpanel, apache 2.4 with MPM Worker, PHP 5.6 as default and PHP 7 as additional PHP also nginx as the reverse proxy for apache
Or it will be worked on php 7 ?

The original code from model/account/customer.php

Code: Select all

$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '" . $this->db->escape($salt=token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()");
I'm changing the code into

Code: Select all

$salt=token(9);

$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '" . $this->db->escape($salt) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()");
With original code the salt is not added to the database, after changing the code the salt now added to the database
No report doesnt mean there is no error, maybe people not trying OC 3 yet as production

When I'm not changing the code the login is redirected to account/account but there is no customer_id found because there is no salt added to the database, thats why it's being redirected back to the login page
I do not make big change to the code only changing the variable so the salt can be added to the database

Also the code I had change is on model/account/customer.php which is i think not related with login function

Anyway what is the proxy feature and how it work ?

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by straightlight » Sat Apr 07, 2018 4:00 am

You do realize this change is only for your server right? No frequent case are being posted on the forum from other users about these inquiries. The sha1 function does work as intended when creating a new customer password. Otherwise, everyone else (including me) would be unable to create a customer account with the current sha1 stored algorithm.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by boiler » Sat Apr 07, 2018 4:17 am

You're right but still i dont know what make it not work
Every time I try to login as a customer when being redirect to account/account, it's being redirected back to account/login

There is no error log at all, just like looking needle on the swamp

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am

Post by straightlight » Sat Apr 07, 2018 9:35 pm

You're right but still i dont know what make it not work
Nonetheless, you are posting in the Bug Reports section of the forum while this is NOT an Opencart bug.

The most generated errors being found on Opencart forum originates from contributed programming.

Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by boiler » Wed Apr 11, 2018 2:24 am

Everything working fine now
It's seem the current version of OC 3 only worked for PHP 7+
After changing the PHP version to 7+ everything working fine

Thank you for helping me @straightlight :)

New member

Posts

Joined
Wed Aug 09, 2017 2:36 am
Who is online

Users browsing this forum: No registered users and 3 guests