Encrypted Master Password support

lat9,
i want to further state how great i think this add-on is. i'm rolling it out to a couple of customers soon and i'm sure i will get more feedback. i wanted to document a couple of small changes that i made to make this add-on a little easier for someone to use.

as the basis for the admin to login is the email address in YOUR_ADMIN/customers, i added the following line right after one of your comments:

PHP Code:

---

 //-eof-a-EMP login link *** 1 of 1 ***
        $contents[] = array('text' => '<br />Customers Email Address: ' . $cInfo->customers_email_address); 


---

its just easier to have the customers email address right there.

in the same vein, i changed one line to automatically fill in the email address when selecting to place an order (almost makes the previous code irrelevant). the code is in includes/templates/YOUR_TEMPLATE/templates/tpl_login_default:

PHP Code:

---

//original
   <?php echo zen_draw_input_field('email_address', '', 'size="30" id="login-email-address"'); ?>
// new line
   <?php echo zen_draw_input_field('email_address', (($_POST['email_address'] !== null) ? $_POST['email_address']: ''), 'size="30" id="login-email-address"'); ?>

---

finally as i think the admin would like to see who they might be logged in as, i modified my templates header to include this information. where someone might want to put this bit in their template is up to them, but again i think it's just something that makes life easier for the admin entering the order (or whatever they might be doing on the customer account):

PHP Code:

---

<?php if (($_SESSION['customer_id']) && ($_SESSION['emp_admin_login'] == true)) { ?>
    <li><a href="<?php echo zen_href_link(index, '', 'NONSSL'); ?>">Logged in as <? echo $_SESSION['customer_first_name'] . ' ' . $_SESSION['customer_last_name'] ?></a></li>
<?php } else { ?>
    <li><a href="<?php echo zen_href_link(index, '', 'NONSSL'); ?>"><?php echo 'Home'; ?></a></li>
<?php } ?>

---

if these ideas were already documented somewhere, and i missed them, i apologize for being redundant!

best.

@carlwhat, thanks for the suggestions; I'll take the complement on behalf of all the authors!

I've opened a change-request on the EMP GitHub repository (https://github.com/lat9/encrypted_ma...word/issues/12) to track your suggestions.

Note that the second one should be redundant; the built-in Zen Cart handling performed by zen_draw_input_field automatically populates the field value if either a $_POST or $_GET variable with the field's name is present.

Hello,

This module is great but I would like to modify its behavior so that it bypasses the login page, i.e. clicking on Place Order directly gets you on the home page (in a new tab) as the customer with no admin password to type.

Lat9 told me that this was its first behavior and that it has been changed for security reasons. I understand but as I'm planning on doing this on a local machine, the risks are far less to be hacked.

Lat9 suggested me to compare the files with the former version, which I did with the 1.6 but it doesn't work so I'm quite sure it's not the right version to look at. As there's a tenth of versions, if someone is kind enough to direct me to the right one the would very kind.

Last, that is on ZC154 with EMP 2.1

Thanks for your help

Hubert

@hubert, the change requires some code-merging since EMP v1.6.0 uses an older Zen Cart version as its code-base.

First, remove all remnants of EMP v2.1.0 from your store. The changes vary significantly from v1.6.0 to v2.1.0 of this plugin.

Now, using the EMP v1.6.0 zip-file:

1. Merge the single block of code that adds the "Place Order" button into /YOUR_ADMIN/customers.php.
2. Merge the single block of code within /includes/modules/pages/login/header_php.php. This isn't going to be pretty, since the login code changed significantly from Zen Cart v1.5.1 (which is the code-base used by the plugin) to v1.5.4 (which your store is using). You'll need to review the code structure in the two versions of the module to determine where to place the EMP-specific code.
3. Once the merges are complete, the remaining code (all EMP-specific) can simply be copied to your store's file system.

Quote:

---

Originally Posted by lat9

@hubert, the change requires some code-merging since EMP v1.6.0 uses an older Zen Cart version as its code-base.

First, remove all remnants of EMP v2.1.0 from your store. The changes vary significantly from v1.6.0 to v2.1.0 of this plugin.

Now, using the EMP v1.6.0 zip-file:

1. Merge the single block of code that adds the "Place Order" button into /YOUR_ADMIN/customers.php.
2. Merge the single block of code within /includes/modules/pages/login/header_php.php. This isn't going to be pretty, since the login code changed significantly from Zen Cart v1.5.1 (which is the code-base used by the plugin) to v1.5.4 (which your store is using). You'll need to review the code structure in the two versions of the module to determine where to place the EMP-specific code.
3. Once the merges are complete, the remaining code (all EMP-specific) can simply be copied to your store's file system.

---

1 is done
2- In /includes/modules/pages/login/header_php.php there is not only one modification but several, some by you lat9 and some by stagebrace. Even if I downloaded the 1.6 version the comment says

Quote:

---

//-bof-Encrypted Master Password by stagebrace *** 1/1
//- Start modifications by lat9:
//-bof-a-v1.7.0

---

and that is the only the fist one. So I added all of them as it seems to me its the code I'm looking for to get the automatic login.

3- I understood that I had to add the remaining files and modifications from 2.1. What I did.

Now when I click the Place Order button it gets me to a login page saying Whoops your session has expired.

Sorry. I'm stuck. I need a bit more help.

@hubert, for step#3 you should be using the files from the 1.6.0 version, not v2.1.0.

Quote:

---

Originally Posted by lat9

@hubert, for step#3 you should be using the files from the 1.6.0 version, not v2.1.0.

---

OK, OK, I just understood, so it was just "install 1.6 instead of 2.1". LOL

Thanks a lot for your patience.

It works, it's great. I just noticed something.
Choose customer X, click Place Order, you get a new tab acting as X.
Don't close your tab, just go back to the customer list tab.
Choose customer Y, click Place Order, you get a new tab acting as X.

If you do not logout X I can't act as Y.
Just curiosity, would it be possible to have a customer by tab, acting as X in a tab and at the same time as Y in another tab ?

Next step...

As I'm planning to give a restricted access to the one who is going to take orders on the phone using EMP... I just noticed that I have no way to give access to the Place Order button in an Admin Profile.

I've setup a "Cashier" admin account, given access to the customers page, but when I log as the Cashier the Place Order button disappears...

How can I add the option in the admin profiles settings ?

Following...

I've dug a bit : admin profiles gives access to admin pages, since EMP has not its own page (its settings are in Configuration->My Store), seems impossible to give access to EMP.
More, even if you/we move the EMP settings to a separate page, that would makes us give access to this settings page which is not what I'm looking for.

There must be a trick, but the problem seems to me to give access to customer side page from a admin profile system which is built only to give access to admin side pages.

The thing I don't understand is how the profile system can sort out a button in a page...

Here is the trick which is not really one, I was looking too far :
in /admin/customers.php

around line 1212

Code:

---

if (!$emp_result->EOF && ($_SESSION['admin_id'] == EMP_LOGIN_ADMIN_ID || $emp_result->fields['admin_profile'] == EMP_LOGIN_ADMIN_PROFILE_ID) ) {  /*v1.7.0c*/

---

should be

Code:

---

if (!$emp_result->EOF && ( $_SESSION['admin_id'] == EMP_LOGIN_ADMIN_ID || in_array ($emp_result->fields['admin_profile'], explode (',', EMP_LOGIN_ADMIN_PROFILE_ID)) )) {

---

And now my cashier has the button and everything is fine.

Quote:

---

Originally Posted by hubert

OK, OK, I just understood, so it was just "install 1.6 instead of 2.1". LOL

Thanks a lot for your patience.

It works, it's great. I just noticed something.
Choose customer X, click Place Order, you get a new tab acting as X.
Don't close your tab, just go back to the customer list tab.
Choose customer Y, click Place Order, you get a new tab acting as X.

If you do not logout X I can't act as Y.
Just curiosity, would it be possible to have a customer by tab, acting as X in a tab and at the same time as Y in another tab ?

---

That's not going to be possible, since the session-cookie is stored once-per-site in the browser. If you have multiple browsers, you could have Customer X in Firefox, Customer Y in Chrome, ...

Quote:

---

Originally Posted by hubert

Next step...

As I'm planning to give a restricted access to the one who is going to take orders on the phone using EMP... I just noticed that I have no way to give access to the Place Order button in an Admin Profile.

I've setup a "Cashier" admin account, given access to the customers page, but when I log as the Cashier the Place Order button disappears...

How can I add the option in the admin profiles settings ?

---

You've discovered that the multiple admin-profiles settings were introduced post EMP v1.6. The change that you posted brings your Customers->Customers handling up to the current EMP version.

I've uploaded v2.2.0 of EMP to the Zen Cart Plugins for review. This version adds support for Zen Cart v1.5.5 and drops support for Zen Cart versions prior to v1.5.3, with the following changes:

- Update to use Zen Cart 1.5.5 release (03-29-2016) for the core-file changes
- Add Dutch language constants
- Use new Customers->Customers notifier
- Remove support for Zen Cart versions prior to 1.5.3
- Restructure the plugin's distribution zip-file
- Remove OSH-updated-by code; it can be installed separately if the functionality is desired.

Note: If you're still using a version of Zen Cart prior to v1.5.3 for your store, please use an earlier version of EMP.

v2.2.0 is now available for download.

Not sure what I did but my attempts to log in as a customer using my store admin password are no longer working:

https://www.exilemachine.net/shop/in...action=process
WARNING: An Error occurred, please refresh the page and try again.

If I put in a nonsense password it gives me the correct red banner password error:
Error: Sorry, there is no match for that email address and/or password.

I'm on ZC 1.5.4 and I can not determine the version of the EMP that I'm using. Is there a file that shows which version EMP is in use?

-Mark

Quote:

---

Originally Posted by Exile Machine

WARNING: An Error occurred, please refresh the page and try again.

---

See: http://www.zen-cart.com/content.php?...-and-try-again

If you'll post the first 25 lines in the file /includes/classes/observers/class.emp_order_observer.php, I might be able to identify the EMP version you're using.

as the link that DrByte posted states, you need to look at the debug log files. if you can track those log files and post them, perhaps someone could give you more help. alternatively, the log files might indicate how you could solve the problem on your own.

good luck!

Quote:

---

Originally Posted by lat9

If you'll post the first 25 lines in the file /includes/classes/observers/class.emp_order_observer.php, I might be able to identify the EMP version you're using.

---

Here you go:

Quote:

---

<?php
// -----
// Part of the Encrypted Master Password plugin, provided by [email protected]
//
// Copyright (C) 2013-2014 Vinos de Frutas Tropicales
//
// @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
//
// -----
// When entered via the "Place Order" button from the admin, the customer's email address is posted but somehow (on PHP 5.4)
// doesn't get recorded in the $GLOBALS array (which is where the default input field values are gathered.
//
if (isset ($_POST['email_address'])) {
$GLOBALS['email_address'] = $_POST['email_address'];

}

class emp_order_observer extends base {

function emp_order_observer() {
$this->attach ($this, array ('NOTIFY_ORDER_DURING_CREATE_ADDED_ORDER_COMMENT', 'NOTIFY_PROCESS_3RD_PARTY_LOGINS'));

}

// -----

---

Referencing DrByte's suggestion above, I did find a logfile with this error in it:
PHP Fatal error: 1364:Field 'logmessage' doesn't have a default value :: INSERT INTO
admin_activity_log (access_date, admin_id, page_accessed,
page_parameters, ip_address, gzpost, flagged, attention) VALUES (now(),
'1', 'login.php', '', 'xx.xxx.xxx.xxx',
'[binary data]', '0', '') ==> (as called by)
/shop/includes/functions/functions_general.php
on line 965 <== in
/shop/includes/classes/db/mysql/query_factory.
php on line 155

:censored: That's a bug; I'll post back in the morning when I've got a solution.

Quote:

---

Originally Posted by lat9

:censored: That's a bug; I'll post back in the morning when I've got a solution.

---

I've uploaded v2.2.1 of EMP to correct this issue; it'll be available for download once reviewed.

There was one file changed (/includes/classes/observers/class.emp_order_observer.php); you can download the updated file from its GitHub repo here for use with your v2.2.0 EMP install.

Quote:

---

Originally Posted by lat9

There was one file changed...

---

Works great! Thanks for the quick turn-around on the bug fix.
-Mark

Quote:

---

Originally Posted by Exile Machine

Works great! Thanks for the quick turn-around on the bug fix.
-Mark

---

Thanks for the report. There is, unfortunately, yet-another bug that's crept in (only that the admin-activity-log won't actually identify the customer's account that was logged in).

The code on line #89 should be changed from

Code:

---

                            'gzpost' => gzdeflate (json_encode (array ( 'action' => 'emp_admin_login', 'customer_email_address' => $p1 )), 7),

---

to

Code:

---

                            'gzpost' => gzdeflate (json_encode (array ( 'action' => 'emp_admin_login', 'customer_email_address' => $p1a )), 7),

---

I'll note the issue on the plugin's GitHub repo and get the update scheduled.

I am using ZC ver 1.54,
Will this work with the latest ver of EMP?

I also have installed other plugins (add customers, minimum order etc). Will this affect them?

v2.2.1 of EMP has been validated with Zen Cart 1.5.3 through 1.5.5a and only affects the built-in Zen Cart Customers->Customers processing (using the ZC 1.5.5a version of those customers.php files).

Quote:

---

Originally Posted by lat9

v2.2.1 of EMP has been validated with Zen Cart 1.5.3 through 1.5.5a and only affects the built-in Zen Cart Customers->Customers processing (using the ZC 1.5.5a version of those customers.php files).

---

I'm not sure what you mean "built in ZC customers"...
So it wont affect the manual entries that I put in?

Since you're running on Zen Cart 1.5.4, EMP will require modification to the module (/YOUR_ADMIN/customers.php) that handles the processing when you click your admin menu's Customers->Customers link.

No changes will be made to the customer information that you have already entered.

Quote:

---

Originally Posted by lat9

I've uploaded v2.2.1 of EMP to correct this issue; it'll be available for download once reviewed..

---

Wow! That was on May and it hasn't been approved? :huh:

Thanks for the fix, I had the same exact issue.

Quote:

---

Originally Posted by ideasgirl

Wow! That was on May and it hasn't been approved? :huh:

---

I think I was waiting for a fix for this issue: https://www.zen-cart.com/showthread....66#post1310266.
It's approved now.

Thanks, @swguy, I've got that change queued up for a v2.2.2 release ... and I'd forgotten about it! I'll get that change packaged up over the next couple of days.

Hello, The latest version available for download v2.2.1 has old core files since 1.5.5d has come out.

According to instruction c: /YOUR_ADMIN/customers.php (This is the Zen Cart v1.5.5 version of the file)

Does it use the file without changes or are changes required? When I view the diff I cannot tell what needs to be changed because I do not know what is new from 1.5.5d.

According to instruction l: /YOUR_ADMIN/includes/languages/english/customers.php (This is the Zen Cart v1.5.5 version of the file)

Does it use the file without changes or are changes required? When I view the diff I really do not see changes except for the header....

Thank you!

You can safely use the customers.php module from the Zen Cart 1.5.5d distribution.

I keep getting the red banner of the error password not on file.
Using EMP 2.2.1 with 1.5.5e and OPC
I have set my Master PW twice now and when I set it to single user no button to click on in customer file. When set to multi, button show up on customer page with email address showing. After entering my password brings up Login page with customer address pre filled in. I enter my password and brings up error page.
What should I check? At one period of new install test site it did work.

How is your store configured? Is your admin running SSL? Is your storefront?

I remember a situation similar to yours where the storefront was running SSL and ENABLE_SSL_CATALOG was not set to 'true' in your admin's /includes/configure.php file.

Yes and both are set to true

Quote:

---

Originally Posted by lat9

How is your store configured? Is your admin running SSL? Is your storefront?

I remember a situation similar to yours where the storefront was running SSL and ENABLE_SSL_CATALOG was not set to 'true' in your admin's /includes/configure.php file.

---

I'm looking into this now; looks like you've found a bug!:oops:

I've just submitted v2.3.0 of Encrypted Master Password to the plugin's for review; once approved, that version can be downloaded from here.

Note: This version drops support for Zen Cart versions prior to 1.5.5. If your store uses an older version of Zen Cart, please use an earlier version of EMP!

This version contains the corrections for the missing 'Place Order' button when the admin-profile feature is disabled and the inclusion of the customer's ID in the admin-activity-log record created if an EMP admin creates an order on a customer's behalf.

Thank for the information. I was just starting to chase rabbits. To the best of my knowledge it worked before I installed OPC and if removing that mod I was going to start removing down the chain until it worked.

Could I test out the fix to see if that is my problem?

Larry

Quote:

---

Originally Posted by lat9

I've just submitted v2.3.0 of Encrypted Master Password to the plugin's for review; once approved, that version can be downloaded from here.

Note: This version drops support for Zen Cart versions prior to 1.5.5. If your store uses an older version of Zen Cart, please use an earlier version of EMP!

This version contains the corrections for the missing 'Place Order' button when the admin-profile feature is disabled and the inclusion of the customer's ID in the admin-activity-log record created if an EMP admin creates an order on a customer's behalf.

---

You can always download the most recent version of a plugin I've authored from my website; here's the link for Encrypted Master Password.

Quote:

---

Originally Posted by lat9

You can always download the most recent version of a plugin I've authored from my website; here's the link for Encrypted Master Password.

---

Hi lat9,

I compared 2.3 with 2.2.1 and found customer.php files not being used in 2.3 so I replaced the customer.php files with orignal in 1.5.5e. I removed all files from 2.2.1 then installed 2.3.
I now have the missing "Place Order" button when single is set to 1.
Ran program using my Master PW and still get the Red Banner no match.

Any idea how/what to check. Have no error in log folder.
I thought I placed this post in the wee am hours today but don/t find.

Thanks,
Larry

Larry, I don't understand what you mean when you say you used your "Master Password". This plugin's name is misleading; it enables you to use your Zen Cart admin password to sign into any customer's account.

Regarding the missing "Place Order" button, I suggest you re-review the plugin's installation; I've got this version installed on a "vanilla" Zen Cart 1.5.5e site and can turn on/off the plugin's two configuration values and receive that button whenever the single admin ID matches my admin ID and/or when my admin profile is in the list of enabled profiles.

admin>My Store/Master Password
I don't know where this came from if it not suppose to be there. I did a complete new install finally imported in old DB.
I will try the admin PW.

Thanks again,

Larry

Quote:

---

Originally Posted by lat9

Larry, I don't understand what you mean when you say you used your "Master Password". This plugin's name is misleading; it enables you to use your Zen Cart admin password to sign into any customer's account.

Regarding the missing "Place Order" button, I suggest you re-review the plugin's installation; I've got this version installed on a "vanilla" Zen Cart 1.5.5e site and can turn on/off the plugin's two configuration values and receive that button whenever the single admin ID matches my admin ID and/or when my admin profile is in the list of enabled profiles.

---

Yes, that configuration setting has nothing to do with Encrypted Master Password.

Quote:

---

Originally Posted by lat9

Yes, that configuration setting has nothing to do with Encrypted Master Password.

---

Yup. When I use the correct PW works great.
I would bet that PW came from Numinix FECA that came in when I imported 150 DB. Guess I need to clean up DB.
Now I got to head over and pick-up OPC 1.4. My god girl you fix'em faster than I can install the fixes.

Thanks so very much,

Larry

Yes, I remember now that the Numinix FEC module did include some form of "Master Password".

Please, though, do not refer to me as girl; I find it demeaning.

Quote:

---

Originally Posted by lat9

I've just submitted v2.3.0 of Encrypted Master Password to the plugin's for review; once approved, that version can be downloaded from here.

Note: This version drops support for Zen Cart versions prior to 1.5.5. If your store uses an older version of Zen Cart, please use an earlier version of EMP!

This version contains the corrections for the missing 'Place Order' button when the admin-profile feature is disabled and the inclusion of the customer's ID in the admin-activity-log record created if an EMP admin creates an order on a customer's behalf.

---

Now available for download from the Zen Cart plugins: https://www.zen-cart.com/downloads.php?do=file&id=94

ZC 1.5.5f

Just loaded EncryptedMasterPassword, newest version, when I click on "Place Order" My Home Screen opens but only the background image and the buttons at the top left "Home" "Log Out" show up nothing else.

Quote:

---

Originally Posted by wsworx

ZC 1.5.5f

Just loaded EncryptedMasterPassword, newest version, when I click on "Place Order" My Home Screen opens but only the background image and the buttons at the top left "Home" "Log Out" show up nothing else.

---

Sounds like there's a partial white-page, implying an error of some sort. Is a myDEBUG*.log file created in the /logs directory when you click that?

I deleted the program, cleaned a couple of issues up and now everything is working good.

Thank You

Here's one I can't figure out and no debug files are generated.

Two separate sites with nearly same modules (one uses OPC, the other doesn't) (one uses multi-ship, other doesn't). Same server of course, same PHP.

Both sites are set to zero (0) for Single Admin ID and one (1) for Admin Profile ID. Both have two admins in profile 1. Both have owner as Admin ID 1 and myself as ID 2.

Neither site will allow Admin ID 1 to login for a customer or place an order for a customer.

Both sites allow Admin ID 2 to login for a customer or place an order for a customer.

Both sites will allow a newly created user with profile 1 to login for a customer or place an order for a customer.

One site was started pre-1.5.0 and upgraded to 1.5.5f

Other was started at 1.5.5e and upgraded to 1.5.5f

Of course, I could just blow away Admin ID 1 and re-insert the owner; but I would like to have a better, lasting solution.

Ideas?

Could you provide a screenshot of one of the site's phpMyAdmin, with the admin table displayed (obfuscating admin-names and emails)?

The code that drives the EMP login is pretty simple for the admin-profile-id processing, gathering all admin IDs that are in the given profile.

Figured it might be simpler to just dump the admin tables from both.
First

Code:

---

/*Navicat MySQL Data Transfer


Source Server        : All Pecans
Source Server Version : 50638
Source Host          : allpecans.com:3306
Source Database      : allpecan_155e


Target Server Type    : MYSQL
Target Server Version : 50638
File Encoding        : 65001


Date: 2018-04-18 16:01:58
*/


SET FOREIGN_KEY_CHECKS=0;


-- ----------------------------
-- Table structure for `admin`
-- ----------------------------
DROP TABLE IF EXISTS `admin`;
CREATE TABLE `admin` (
  `admin_id` int(11) NOT NULL AUTO_INCREMENT,
  `admin_name` varchar(32) NOT NULL DEFAULT '',
  `admin_email` varchar(96) NOT NULL DEFAULT '',
  `admin_profile` int(11) NOT NULL DEFAULT '0',
  `admin_pass` varchar(255) NOT NULL DEFAULT '',
  `prev_pass1` varchar(255) NOT NULL DEFAULT '',
  `prev_pass2` varchar(255) NOT NULL DEFAULT '',
  `prev_pass3` varchar(255) NOT NULL DEFAULT '',
  `pwd_last_change_date` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `reset_token` varchar(255) NOT NULL DEFAULT '',
  `last_modified` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_login_date` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_login_ip` varchar(45) NOT NULL DEFAULT '',
  `failed_logins` smallint(4) unsigned NOT NULL DEFAULT '0',
  `lockout_expires` int(11) NOT NULL DEFAULT '0',
  `last_failed_attempt` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_failed_ip` varchar(45) NOT NULL DEFAULT '',
  PRIMARY KEY (`admin_id`),
  KEY `idx_admin_name_zen` (`admin_name`),
  KEY `idx_admin_email_zen` (`admin_email`),
  KEY `idx_admin_profile_zen` (`admin_profile`)
) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Records of admin
-- ----------------------------
INSERT INTO `admin` VALUES ('1', 'abc', 'abc######################', '1', '$2y$10$B8UpQupLOvZmK8BFmC7DuO/0cjNbpdx3dY/9w.NXxo0J5J15KQ0H2', '$2y$10$gI5mdBSiJvxbqDJiGur8p.sZ4aiuxespkDFGx1swDwaiqjefWTxpS', '', '', '2018-04-09 18:07:34', '', '2018-04-09 13:06:24', '2018-04-18 19:20:24', '277.186.116.199', '0', '0', '2018-04-09 18:03:46', '277.186.116.199');
INSERT INTO `admin` VALUES ('2', 'def', 'def1@def', '1', '$2y$10$w9C8y6LEII/HAC04T0YQtOp98A7ZkR9Kq1CrbemzFodkvLZjqH5KG', '', '', '', '2018-04-11 17:37:36', '', '2018-01-10 02:17:12', '2018-04-17 21:29:08', '277.186.116.199', '0', '0', '2018-04-11 17:45:02', '277.186.116.199');
INSERT INTO `admin` VALUES ('5', 'def2', 'def2@def', '1', '$2y$10$TCJyG/C8b2HRZ/v5Rh7BJOOQ.ZJGq2OkratPqNDO8OkfQvGurIA4e', '', '', '', '2018-04-17 21:29:57', '', '2018-04-17 21:29:57', '0001-01-01 00:00:00', '', '0', '0', '0001-01-01 00:00:00', '');

---

Second

Code:

---

/*Navicat MySQL Data Transfer


Source Server        : Hare Do 1.5.5a
Source Server Version : 50638
Source Host          : haredo.com:3306
Source Database      : haremark_zc155a


Target Server Type    : MYSQL
Target Server Version : 50638
File Encoding        : 65001


Date: 2018-04-18 16:02:40
*/


SET FOREIGN_KEY_CHECKS=0;


-- ----------------------------
-- Table structure for `admin`
-- ----------------------------
DROP TABLE IF EXISTS `admin`;
CREATE TABLE `admin` (
  `admin_id` int(11) NOT NULL AUTO_INCREMENT,
  `admin_name` varchar(32) NOT NULL DEFAULT '',
  `admin_email` varchar(96) NOT NULL DEFAULT '',
  `admin_profile` int(11) NOT NULL DEFAULT '0',
  `admin_pass` varchar(255) NOT NULL DEFAULT '',
  `prev_pass1` varchar(255) NOT NULL DEFAULT '',
  `prev_pass2` varchar(255) NOT NULL DEFAULT '',
  `prev_pass3` varchar(255) NOT NULL DEFAULT '',
  `pwd_last_change_date` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `reset_token` varchar(255) NOT NULL DEFAULT '',
  `last_modified` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_login_date` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_login_ip` varchar(45) NOT NULL DEFAULT '',
  `failed_logins` smallint(4) unsigned NOT NULL DEFAULT '0',
  `lockout_expires` int(11) NOT NULL DEFAULT '0',
  `last_failed_attempt` datetime NOT NULL DEFAULT '0001-01-01 00:00:00',
  `last_failed_ip` varchar(45) NOT NULL DEFAULT '',
  PRIMARY KEY (`admin_id`),
  KEY `idx_admin_name_zen` (`admin_name`),
  KEY `idx_admin_email_zen` (`admin_email`),
  KEY `idx_admin_profile_zen` (`admin_profile`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;


-- ----------------------------
-- Records of admin
-- ----------------------------
INSERT INTO `admin` VALUES ('1', 'abc', 'abc######################', '1', '$2y$10$Q4o3IUBb/v529vE293IuH.t80/4VO9z9G0b/0wst7hExBvE6KQXpq', '$2y$10$na.WW.SXuQGRtZ.Tmsr4UuhS24d2Duo6k5jBewzHMbOWujd8kCuIS', '', '', '2018-03-14 11:26:51', '', '2018-03-14 07:21:43', '2018-04-16 21:02:55', '277.186.116.199, '0', '0', '2018-03-14 07:04:51', '277.186.116.199');
INSERT INTO `admin` VALUES ('2', 'def', 'def@def', '1', '$2y$10$GCZDdv8i6GhYBQ0vsXaIc.78S9Y2hN6PcuyEtLQeIFpXEAYEimrju', '$2y$10$5nubU6jQaOzAu9enLsNgZud1W4ArE6IFB9vX/MR4Tw3WiRRztmDyG', '', '', '2018-04-11 12:59:22', '', '2018-04-11 12:59:22', '2018-04-17 21:30:57', '277.186.116.199', '0', '0', '0000-00-00 00:00:00', '');
INSERT INTO `admin` VALUES ('4', 'def2', 'def@def', '1', '$2y$10$qlOEcnQwV5AOtynLaW6SK.cAOxeMt8TQpKlkRBnazRMzFNcT3vMaO', '', '', '', '2018-04-17 21:31:32', '', '2018-04-17 21:31:32', '0001-01-01 00:00:00', '', '0', '0', '0001-01-01 00:00:00', '');

---

@dbltoe, I'm thinking that the issue is due to the "Single Admin ID" being disabled but I need more time to test that theory. For right now, a work-around might be to set both Single Admin ID and Admin Profile ID to 1.

Tried that and it didn't work on either site. While not affecting the login/order placing of the other admins, it still did not allow the ID 1 to perform either task.

What version of EMP?

Both confirmed to be using 2.3.0 with UltraCompare (store-bought winmerge).

The issue that @dbltoe's clients are/were having is that the admin's entered password (upon registration or change) is sanitized, so that an entered password of vou&1elrHj gets modified to vou&amp;1elrHj prior to generating the password hash. When the admin enters vou&1elrHj on the storefront, the password is disallowed for this reason.

That's why the admin-entered password was not being accepted during an EMP "Place Order" process.

I'll get this issue logged in GitHub, corrected and an updated release of the plugin available.

I'm happy to report that EMP v2.3.1 integrates successfully with zc156 and later! It helps that there are no core-file overwrites. :P

Quote:

---

Originally Posted by lat9

I'm happy to report that EMP v2.3.1 integrates successfully with zc156 and later! It helps that there are no core-file overwrites. :P

---

... and I see (duh) that I never released that version; it's just been submitted to the Zen Cart plugins for review.:blush:

Quote:

---

Originally Posted by lat9

... and I see (duh) that I never released that version; it's just been submitted to the Zen Cart plugins for review.:blush:

---

EMP, v2.3.1, is now available for download: https://www.zen-cart.com/downloads.php?do=file&id=94

This does not appear to be working with v1.5.6a. I have a fresh install with Numinix Google Analytics Bada883 and USU-3.0.0-beta2 (Ultimate SEO). When loaded the admin appears to work fine in the config and customer area. It will let you log in as the customer... takes you to the login screen.... but cannot get there from the regular website. But on the regular site the account functions for the customer do not work... cannot login, logout, unsubscribe, etc. Even after I remove the files and run the uninstall script these are not working. :(

Sorry, this is a problem with either Google Analytics or Ultimate SEO.... this is working okay if I put this in first.

I've just submitted v2.4.0 of Encrypted Master Password to the Zen Cart Plugins for review; I'll post back when it's available for download.

This release contains changes for these GitHub issues:


#12: Add message to storefront 'header' when an EMP admin is logged in, identifying the customer for whom the admin is shopping.
#24: For zc156+, use a styled button for "Place Order" instead of the ugly button-graphic.

Hello, just tried installing this and the admin login page gave a blank page. The error log shows the following message

[21-Mar-2019 18:07:54 UTC] PHP Parse error: syntax error, unexpected ')', expecting :: (T_PAAMAYIM_NEKUDOTAYIM) in /home/myroot/public_html/admin/includes/classes/observers/class.emp_admin_customers_observer.php on line 39

Hmm, which version of EMP? For v2.4.0 (the most recent), line 39 reads:

Code:

---

                if (!empty(EMP_LOGIN_ADMIN_PROFILE_ID)) {

---

Quote:

---

Originally Posted by lat9

I've just submitted v2.4.0 of Encrypted Master Password to the Zen Cart Plugins for review; I'll post back when it's available for download.

This release contains changes for these GitHub issues:


#12: Add message to storefront 'header' when an EMP admin is logged in, identifying the customer for whom the admin is shopping.
#24: For zc156+, use a styled button for "Place Order" instead of the ugly button-graphic.

---

As you might have guessed from my previous post, EMP v2.4.0 is now available for download.

EMP v2.4.1 (https://www.zen-cart.com/downloads.php?do=file&id=94) is now available, correcting an HTML5 validation error.

Will this version work with 1.5.6b? Had the older version and once we upgraded we lost the capability. Design75 had been working on a solution.... not sure where he is at with this....

:) Answered my own question. YES, it works with the newest version and SO THANKFUL for the update. Special Thanks to @Design75 for his consultation with me as well.

I've just submitted v2.4.2 of EMP to the plugin moderators for review and will post back once it's available (https://www.zen-cart.com/downloads.php?do=file&id=94).

This release contains changes associated with the following GitHub issues:


#26: Correct PHP log on invalid EMP password.
#27: Enable the severity of the storefront "Shopping for ..." message to be customized.

Quote:

---

Originally Posted by lat9

I've just submitted v2.4.2 of EMP to the plugin moderators for review and will post back once it's available (https://www.zen-cart.com/downloads.php?do=file&id=94).

This release contains changes associated with the following GitHub issues:


#26: Correct PHP log on invalid EMP password.
#27: Enable the severity of the storefront "Shopping for ..." message to be customized.

---

Now available for download from the Zen Cart Plugins.

Server move without changes to functional zc154. Same version of php on new server as old. 5.6.40

EMP no longer functions. At least using the same password that functioned prior to server move.
Redirect to blank page with typical "WARNING: An Error occurred, please refresh the page and try again."

No logfiles generated.

Got any suggestions where to look. I see other users have been able to login & checkout without hiccups
I'm sure a logfile would have been beneficial.

Quote:

---

Originally Posted by RixStix

Server move without changes to functional zc154. Same version of php on new server as old. 5.6.40

EMP no longer functions. At least using the same password that functioned prior to server move.
Redirect to blank page with typical "WARNING: An Error occurred, please refresh the page and try again."

No logfiles generated.

Got any suggestions where to look. I see other users have been able to login & checkout without hiccups
I'm sure a logfile would have been beneficial.

---

rick,
ZC no doubt tried to create a log file. are you sure you have write permissions to the log directory? have you seen any other ZC log files on the new server?

you can ask your host where the log files for your site reside and get access to them. because i am sure the answer lies there.

once you have access to the logs, you can then troubleshoot why the ZC log overrides are not working and then troubleshoot the EMP problem. which is no doubt another server configuration setting, if what you say is true.

best.

Quote:

---

Originally Posted by carlwhat

rick,
ZC no doubt tried to create a log file. are you sure you have write permissions to the log directory? have you seen any other ZC log files on the new server?

---

Yes, both PayPal and Auth.net are set to send logfiles for each transaction and they are present post server change

Quote:

---

Originally Posted by carlwhat

you can ask your host where the log files for your site reside and get access to them. because i am sure the answer lies there.

---

Holy crap. There's errors at the server level log folder instead of zencart level log folder. I did see an emp.something in on of the several thousand lines.

[/QUOTE]

TNX for pointing me in a direction other than my standing still looking lost.

@RixStix, check your admin's Tools->Server/Version Information; my guess is that the server was converted to PHP-FPM.

If that's the case, you can use the zc156c version of both /admin/includes/extra_configures/enable_error_logging.php and /includes/extra_configures/enable_error_logging.php to resurrect your logs' recording in the /logs sub-directory. Otherwise, check the /includes/configure.php to make sure that the definition of DIR_FS_LOGS is still valid.

Quote:

---

Originally Posted by lat9

@RixStix, check your admin's Tools->Server/Version Information; my guess is that the server was converted to PHP-FPM.

---

didn't find any reference to PHP-FPM in system info but could have missed something in that long screen

Quote:

---

Originally Posted by lat9

If that's the case, you can use the zc156c version of both /admin/includes/extra_configures/enable_error_logging.php and /includes/extra_configures/enable_error_logging.php to resurrect your logs' recording in the /logs sub-directory. Otherwise, check the /includes/configure.php to make sure that the definition of DIR_FS_LOGS is still valid.

---

both configure.php files
define('DIR_FS_LOGS', '/home/CPANELid/public_html/logs');

At least we didn't coordinate a upgrade CentOS and zencart upgrade at the same time.

That makes sense (the DIR_FS_LOGS setting), since you'd indicated that PayPal logs were being created.

Try using those updated enable_error_logging.php files.

TNX Cindy,

Will do... after coffee and I can get to a desktop instead of this "TV watching" laptop.
Trying not to make too many changes while host is chasing things.

After coffee. PHP-FPM seems to be the default in the latest version of CentOS. Host changed it to CGI/FastCGI

At least the error files are being saved in the proper folder instead of being appended to a single file in a different folder.

Here's the error. My expectation was that everything zencart "should" work as before the server update, so I have not made the file changes you suggested yet. php version stayed the same. mysql/maria should be the same.


[29-Aug-2019 09:59:14 America/Los_Angeles] Request URI: /index.php?main_page=login&action=process, IP address: 98.146.164.107
#1 trigger_error() called at [/home/CpanelID/public_html/includes/classes/db/mysql/query_factory.php:155]
#2 queryFactory->show_error() called at [/home/CpanelID/public_html/includes/classes/db/mysql/query_factory.php:132]
#3 queryFactory->set_error() called at [/home/CpanelID/public_html/includes/classes/db/mysql/query_factory.php:262]
#4 queryFactory->Execute() called at [/home/CpanelID/public_html/includes/functions/functions_general.php:965]
#5 zen_db_perform() called at [/home/CpanelID/public_html/includes/classes/observers/class.emp_order_observer.php:94]
#6 emp_order_observer->update() called at [/home/CpanelID/public_html/includes/classes/class.base.php:103]
#7 base->notify() called at [/home/CpanelID/public_html/includes/modules/pages/login/header_php.php:71]
#8 require(/home/CpanelID/public_html/includes/modules/pages/login/header_php.php) called at [/home/CpanelID/public_html/index.php:36]

[29-Aug-2019 09:59:14 America/Los_Angeles] PHP Fatal error: 1364:Field 'logmessage' doesn't have a default value :: INSERT INTO admin_activity_log (access_date, admin_id, page_accessed, page_parameters, ip_address, gzpost, flagged, attention) VALUES (now(), '6', 'login.php', '', '98.146.164.107', '«VJL.ÉÌÏS²RJÍ-ˆOLÉÍÌ‹ÏÉOÏÌSª\0', '0', '') ==> (as called by) /home/CpanelID/public_html/includes/functions/functions_general.php on line 965 <== in /home/CpanelID/public_html/includes/classes/db/mysql/query_factory.php on line 155

darn forum duplicates. deleted

Hmm, what version of EMP is installed? I'll note that the latest release (v2.4.2) does include that "required" logmessage value.

Uhm, it's an older version but was working with my antique zc 1.5.4 without error before the server move/update. We're still chasing a few other hiccups tossed into the fray by the server move/update.

Argggg. 2.0.0 ducks for cover

Quote:

---

Originally Posted by lat9

That makes sense (the DIR_FS_LOGS setting), since you'd indicated that PayPal logs were being created.

Try using those updated enable_error_logging.php files.

---

Copied the 156c error_logging files. Still no functionality. Same white page. Same error.

I'm assuming it is a checkbox in the new server settings (that might jump out at you as being obvious) since the only change made is moving to a CentOS 7 server from whatever CentOS server that was EOL.

@RixStix, the issue that you're experiencing was corrected in EMP 2.2.1 (released May 5, 2016).

Quote:

---

Originally Posted by lat9

@RixStix, the issue that you're experiencing was corrected in EMP 2.2.1 (released May 5, 2016).

---

TNX Cindy

1.5.7 users: remember you will want to remove the EMP files as part of your upgrade, or you'll be surprised to see two Place Order buttons in your customers sidebar!

# deleted: includes/auto_loaders/config.emp_customers_button.php
# deleted: includes/classes/observers/class.emp_admin_customers_observer.php
# deleted: includes/functions/extra_functions/init_emp_configuration.php

Quote:

---

Originally Posted by swguy

1.5.7 users: remember you will want to remove the EMP files as part of your upgrade, or you'll be surprised to see two Place Order buttons in your customers sidebar!

# deleted: includes/auto_loaders/config.emp_customers_button.php
# deleted: includes/classes/observers/class.emp_admin_customers_observer.php
# deleted: includes/functions/extra_functions/init_emp_configuration.php

---

don't forget all of these files are in YOUR_ADMIN.

Hello,

We have this installed on ZC 1.5.6c with EMP version2.4.2. Following the instructions, we have set the Admin profile in the config setting. We don't see a button for placing orders as indicated in the instructions. I am not able to login using a customer email address and my password. Do I need the Admin Login as customer plugin as well or is this one stand alone?

Thanks!

Quote:

---

Originally Posted by SblantonMMP

Hello,

We have this installed on ZC 1.5.6c with EMP version2.4.2. Following the instructions, we have set the Admin profile in the config setting. We don't see a button for placing orders as indicated in the instructions. I am not able to login using a customer email address and my password. Do I need the Admin Login as customer plugin as well or is this one stand alone?

Thanks!

---

This plugin is stand-alone. Check to see that your admin's customers.php includes the NOTIFY_ADMIN_CUSTOMERS_MENU_BUTTONS notification (that's what EMP 'binds to' to add the Place Order button).

You can also go to the storefront login page, enter a customer's email address and your admin login password to place an order for the customer.

Quote:

---

Originally Posted by lat9

This plugin is stand-alone. Check to see that your admin's customers.php includes the NOTIFY_ADMIN_CUSTOMERS_MENU_BUTTONS notification (that's what EMP 'binds to' to add the Place Order button).

You can also go to the storefront login page, enter a customer's email address and your admin login password to place an order for the customer.

---

Thanks! I will check for the NOTIFY. I did try to use a customer's email address with my admin password and it did not work. I got the standard username/password error.

Can login as admin for this mode be restricted to a set of ip address only? So for example if trying to login using the master password from an IP address not listed in a setting config then it will simply not work?

With it's inclusion in the core, you have to dial down a little in the docs to find the page with the settings.

HTH

https://docs.zen-cart.com/user/runni...n_as_customer/

Quote:

---

Originally Posted by dbltoe

With it's inclusion in the core, you have to dial down a little in the docs to find the page with the settings.

HTH

https://docs.zen-cart.com/user/runni...n_as_customer/

---

It's not an option from what I see but would be a nice feature. It would give an extra layer of security to restrict master password use to certain ips only. As it is now if someone were to find out an a master password they can login to any account from anywhere.

Quote:

---

Originally Posted by marcopolo

It's not an option from what I see but would be a nice feature. It would give an extra layer of security to restrict master password use to certain ips only. As it is now if someone were to find out an a master password they can login to any account from anywhere.

---

You would have to make sure all admins had static IP addresses, never had to login from their mobile phone, and never used wifi while on the road.

Your best bet is to activate two-factor authentication. Discussion and directions can be found starting on page 43 of the Implementation Guide found in the docs folder's PDF file.

Great security without the "what's my IP now" problem.

Quote:

---

Originally Posted by dbltoe

You would have to make sure all admins had static IP addresses, never had to login from their mobile phone, and never used wifi while on the road.

Your best bet is to activate two-factor authentication. Discussion and directions can be found starting on page 43 of the Implementation Guide found in the docs folder's PDF file.

Great security without the "what's my IP now" problem.

---

In my particular case we do not access user accounts or admin control panel outside a set of ips so the ip restriction would be great for us. I will look at the two-factor authentication however would that work for signing into a users account using the admin password, not sure it would. That seems to only block admin control panel access which we already do. I'm just trying to restrict access to someone that would have found out a admins passwords and uses it to gain access to all accounts. Like I said just a feature not everyone would use it but I would guess many would.

how do i turn off or stop it from dislaying ( Currently shopping for ) on every page i click it shows up?

That's a safety feature to remind you that you are technically logged in as a user.

If you are finished, log out and the notice will go away.

every page i go to it is there and i have to click it off on every page

Quote:

---

Originally Posted by jimmie

every page i go to it is there and i have to click it off on every page

---

I don't understand your statement; the message (unless modifications have been made) displays on the top of each page and there's nothing to click to "dismiss" the message.

there is a litte X to close it out

Quote:

---

Originally Posted by jimmie

there is a litte X to close it out

---

there are a couple of ways to handle it. conceivably you can add some javascript to automatically remove it out on pages that you do not want to see it.

there does not seem to be any notifiers in the message_stack class despite that class extending base.

barring that, you can change the following file:

includes/templates/YOUR_TEMPLATE/templates/tpl_message_stack_default.php

to something like:

PHP Code:

---

<?php
    for ($i = 0, $n = sizeof($output); $i < $n; $i++) {
        if (!str_contains($output[$i]['text'], 'Currently shopping for')) {
            ?>
            <div <?= $output[$i]['params']; ?>><?= $output[$i]['text']; ?></div>
            <?php
        }
    }

---

hope that helps.

best.