Hi there,
I was using OC 2.3.0.2 on PHP 7.X with the patch which provides support for that PHP version.
Now my hosting provider upgraded PHP to version 8.X and weird messages started to be displayed and also the general functionality got compromised, so I found that PHP it is not compatible with the OC version I'm running and unfortunatelly I have no plans to upgrade it to 3.X nor 4.X in the near future, so I searched the forum and found and updated version of OC 2.X which provides support of PHP 8.X:
- https://github.com/IP-CAM/Enhanced-Open ... by-Condor2
Then I checked the Error Logs and replaced the files that were listed in those messages and now it is working fine, however just one WEIRD issue remains:
Every time I log into Admin panel then the Admin's password is changed to the following encrypted value:
> $2y$10$.ubmXBhwL7b8moNwJzCU/OA4YyqUWB7BG
So I have to run the SQL query to set back the desired value (which has been modified for security reasons):
sql> UPDATE `oc_user` SET `password` = '90b4c8672a3a5016ad516d28111a5666' WHERE `oc_user`.`user_id` = 1;
And then I have 1 login available, once I log in then the old value returns.
I made a new installation using that OC installer and it does not happen so it might be something related to my installation.
I tried to enable SQL transction logs but it seems my user does not have enough permissions (need to verify this).
I tried to define a trigger but it failed (need to re-check this).
How can I troubleshoot this?
Thanks!
That version has a lot more changes than just PHP 8 compatibility.
One on the changes looks to be that the passwords have been changed to use the latest code from version 4.x. This will convert any old passwords to a more secure system on login. https://github.com/IP-CAM/Enhanced-Open ... ccec542229
One on the changes looks to be that the passwords have been changed to use the latest code from version 4.x. This will convert any old passwords to a more secure system on login. https://github.com/IP-CAM/Enhanced-Open ... ccec542229
Yes, it has a lot of modifications when compared with the official OC 2.3.0.2 release.ADD Creative wrote: ↑Tue Oct 03, 2023 4:20 pmThat version has a lot more changes than just PHP 8 compatibility.
One on the changes looks to be that the passwords have been changed to use the latest code from version 4.x. This will convert any old passwords to a more secure system on login. https://github.com/IP-CAM/Enhanced-Open ... ccec542229
Further tests show that this same behavior also happens in the fresh install, for some reason it changes the password after login and some of the files you are showing me there are the ones I used in my installation.
Yes, that will happen at login, due to one of the changes. Any password stored using the older less secure password system with be re-hash in the newer more secure system and saved back to the database. This is probably what you are seeing. You should still be able to login once that has happened, unless there are bugs in the code changes.
Ok, I got it, thank you, the value will change because of the new hashing algorythm, however I can not login again using same passwordADD Creative wrote: ↑Tue Oct 03, 2023 11:16 pmYes, that will happen at login, due to one of the changes. Any password stored using the older less secure password system with be re-hash in the newer more secure system and saved back to the database. This is probably what you are seeing. You should still be able to login once that has happened, unless there are bugs in the code changes.
that is what happened the first time and after troubleshooting it I found the hash value getting changed, now I understand this is expected, yet I still don't know why I can't login again using same password, i get "Incorrect data" if translation is correct.Did you run the upgrade script? The new password hash may require a longer password column in the database. It should now be varchar(255).
No, I did not, I just replaced some .php files from that repository until all the warning and error messages disappeared, however I used the complete installation files to install a new server from scratch (no upgrade) and the same issue happens, so this seems to be something related to the login procedure used by this new version which seems to be affecting only me since I did not find any other report about this behaviorADD Creative wrote: ↑Wed Oct 04, 2023 12:49 amDid you run the upgrade script? The new password hash may require a longer password column in the database. It should now be varchar(255).
Copied all the files and launched the upgrade process, but it failed:xxvirusxx wrote: ↑Thu Oct 05, 2023 4:16 pmNow should work
https://github.com/condor2/Opencart_230x_PHP_8
Error Code(0): Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'trigger, action, status, date_added) VALUES ('admin_currency_add', 'admin/mod...' at line 1
Error No: 1064
INSERT INTO `oc_event` (code, trigger, action, status, date_added) VALUES ('admin_currency_add', 'admin/model/localisation/currency/addCurrency/after', 'event/currency', 1, '2022-03-24 14:00:00'); in /home/vol14_3/htdocs/system/library/db/mysqli.php on line 49
What should I do?
Hi mate, I downloaded all the files again from that repository, performed the upgrade (this time the SQL error was not triggered), everything was perfectly upgraded but the initial issue still persists, once you close the Admin session you can not login again, I have to change the Admin's password via phpMySQL (hashing it with MD5 algorithm), after this I can login but then this Admin's password hashed value gets changed (SHA-1 + salt) and if I close the session then then password is not recognized, so I have to hash it again with MD5 and replace the value vai SQL to be able to login.
Thanks for any hint.
Not happen to me, on my demo.
Send me Cpanel acces on PM and I will check.
Send me Cpanel acces on PM and I will check.
Last edited by xxvirusxx on Wed Oct 18, 2023 2:45 pm, edited 1 time in total.
Upgrade Service | OC 2.3.0.2 PHP 8 | My Custom OC 3.0.3.8 | Buy me a beer
Thank you for spending time on my problem, I have been checking this so I made a fresh install and found that this problem happens *after* I restore my data.xxvirusxx wrote: ↑Wed Oct 18, 2023 2:08 amNot happen to me, on my demo.
https://oc23.free-time-info.ro/admin
user: demo
pass: !@#$demo
Send me Cpanel acces on PM and I will check.
I did not realize this before because I did not have to restore the data in my production server, the data was already there and the issue started to happen after replacing the files, but in the new installation it worked fine until I restored the data from the production server.
I'm sending you the credentials just in case you can take a look at it.
Thanks!.
My database had the 'salt' field in the 'OC_user' table and the one that gets created with this new OC release does not, so I restored my data and ran:
DROP TABLE IF EXISTS `oc_user`;
CREATE TABLE IF NOT EXISTS `oc_user` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`user_group_id` int(11) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(255) NOT NULL,
`firstname` varchar(32) NOT NULL,
`lastname` varchar(32) NOT NULL,
`email` varchar(96) NOT NULL,
`image` varchar(255) NOT NULL,
`code` varchar(40) NOT NULL,
`ip` varchar(40) NOT NULL,
`status` tinyint(1) NOT NULL,
`date_added` datetime NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
INSERT INTO `oc_user` (`user_id`, `user_group_id`, `username`, `password`, `firstname`, `lastname`, `email`, `image`, `code`, `ip`, `status`, `date_added`) VALUES
(1, 1, 'admin', '$2y$10$aCHYLSzdxuzNjnHtNu0xleUEQuIBFFUx', 'Name', 'Lastname', 'email@domain', '', '', '20.21.142.4', 1, '2023-10-17 17:53:56');
After this the problem no longer occurred.
xxvirusxx also suggested me to remove 'salt' field from oc_affiliate, oc_customer tables as well.
DROP TABLE IF EXISTS `oc_user`;
CREATE TABLE IF NOT EXISTS `oc_user` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`user_group_id` int(11) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(255) NOT NULL,
`firstname` varchar(32) NOT NULL,
`lastname` varchar(32) NOT NULL,
`email` varchar(96) NOT NULL,
`image` varchar(255) NOT NULL,
`code` varchar(40) NOT NULL,
`ip` varchar(40) NOT NULL,
`status` tinyint(1) NOT NULL,
`date_added` datetime NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
INSERT INTO `oc_user` (`user_id`, `user_group_id`, `username`, `password`, `firstname`, `lastname`, `email`, `image`, `code`, `ip`, `status`, `date_added`) VALUES
(1, 1, 'admin', '$2y$10$aCHYLSzdxuzNjnHtNu0xleUEQuIBFFUx', 'Name', 'Lastname', 'email@domain', '', '', '20.21.142.4', 1, '2023-10-17 17:53:56');
After this the problem no longer occurred.
xxvirusxx also suggested me to remove 'salt' field from oc_affiliate, oc_customer tables as well.
Who is online
Users browsing this forum: No registered users and 8 guests
