Page 1 of 1
Customer Forgoten Password Not Working
Posted: Tue Mar 29, 2016 5:59 pm
by reflexweb
Hi All
I have done an upgrade from 2.0.3.1 to 2.2.0.0.
Customers are now unable to login and the forgotten password link works and send the reset email to them, they then use the link in the email and they get a success message.
But they still cant login. I have looked at the oc_customer db table and using my own login to test, I can clearly see the password hash does not get changed and the salt is empty.
So by the looks of it the forgotten password does not actually update the database.....
Any ideas?
Kinds Roger
Re: Customer Forgoten Password Not Working
Posted: Tue Mar 29, 2016 8:22 pm
by pprmkr
Looks like a bug:
controller/account/reset.php sends parameter customer_id:
Code: Select all
$this->model_account_customer->editPassword($customer_info['customer_id'], $this->request->post['password']);
model/account/customer.php -> editPassword expects parameter $email:
Code: Select all
public function editPassword($email, $password) {
Re: Customer Forgoten Password Not Working
Posted: Tue Mar 29, 2016 8:28 pm
by pprmkr
As function getCustomerByCode returns only customer_id and first and last name, you have to change in model/account/customer.php:
Code: Select all
public function editPassword($email, $password) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
}
Into:
Code: Select all
public function editPassword($customer_id, $password) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE customer_id = '" . (int)$customer_id . "'");
}
Re: Customer Forgoten Password Not Working
Posted: Tue Mar 29, 2016 9:16 pm
by reflexweb
Many Thanks, the edit to customer.php as above worked.
Thanks again!
Re: Customer Forgoten Password Not Working
Posted: Tue Mar 29, 2016 10:22 pm
by EvolveWebHosting
I've experienced the same. Thank you for the information.
Re: Customer Forgoten Password Not Working
Posted: Thu Apr 07, 2016 11:24 pm
by mattpowers
I have a similar issue, and tried this fix, but came up with an error regarding the "code" part. Can someone help me with this? This is my code:
Code: Select all
public function editPassword($customer_id, $password) {
$this->event->trigger('pre.customer.edit.password');
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE customer_id = '" . (int)$customer_id . "'");
$this->event->trigger('post.customer.edit.password');
}
When I try it, I get this error:
"Notice: Error: Unknown column 'code' in 'field list'
Error No: 1054
Warning: Cannot modify header information - headers already sent by "
Had to delete part of the specifics, as this site keeps blocking me for pasting PHP output in here.
Any clues?
Also, I am on 2.1.0.1, NOT 2.2, so it looks like things are a little different.
Thanks.
Re: Customer Forgoten Password Not Working
Posted: Thu Jun 16, 2016 3:22 pm
by meeka
So.. I followed the change in customer.php - and it worked!!! BUT... as soon as I tried to change the password once logged in - it DID NOT change the password.
When the forgot password didn't work, the change password when logged in worked fine.
Now that the forgot password worked, the change password when logged in doesn't work.
Did that happen to you guys as well?
Re: Customer Forgoten Password Not Working
Posted: Sat Oct 08, 2016 7:45 am
by ytest1205
meeka wrote:So.. I followed the change in customer.php - and it worked!!! BUT... as soon as I tried to change the password once logged in - it DID NOT change the password.
When the forgot password didn't work, the change password when logged in worked fine.
Now that the forgot password worked, the change password when logged in doesn't work.
Did that happen to you guys as well?
You followed wrong item. Every guy who follow above code and changed to $customer_id instead of $email will have same problem. Right thing is to pass customer email in parameter.
Re: Customer Forgoten Password Not Working
Posted: Wed Nov 02, 2016 5:34 pm
by huntbee
I have developed an ocmod fix for this issue. You can get it for free.
http://www.huntbee.com/fix-for-password ... rt-2-2-0-0
Re: Customer Forgoten Password Not Working
Posted: Wed Nov 02, 2016 7:03 pm
by IP_CAM
well, Registration and Download worked, but it displayed an error atop of the checkout Page, just to mention it!
Ernie
Code: Select all
Notice: Undefined index: cart_id in /home/content/69/10176169/html/huntbee.com/vqmod/vqcache/vq2-system_storage_modification_catalog_controller_checkout_success.php on line 9
Re: Customer Forgoten Password Not Working
Posted: Thu Nov 03, 2016 7:12 am
by huntbee
Thank you, Fixed it
Re: Customer Forgoten Password Not Working
Posted: Thu Nov 03, 2016 10:43 pm
by JNeuhoff
Use this VQmod XML to fix this issue:
Code: Select all
<modification>
<id>Bugfixes for customer account reset</id>
<version>2.2.x-1.0</version>
<vqmver>2.5.1</vqmver>
<author>mhccorp.com</author>
<file name="catalog/controller/account/reset.php">
<operation>
<search position="replace"><![CDATA[$this->model_account_customer->editPassword($customer_info['customer_id'],]]></search>
<add><![CDATA[$this->model_account_customer->editPassword($customer_info['email'],]]></add>
</operation>
</file>
<file name="catalog/model/account/customer.php">
<operation>
<search position="replace"><![CDATA[$query = $this->db->query("SELECT customer_id, firstname, lastname]]></search>
<add><![CDATA[$query = $this->db->query("SELECT customer_id, firstname, lastname, email]]></add>
</operation>
</file>
</modification>
Also make sure to have a field named 'code' (varchar(40) in your 'oc_customer' DB table.