Encrypted Master Password support

Quote:

---

Originally Posted by Savvonet

I tryed to add admin\user password check on header_php.php in includes/modules/pages/account_password, and it works fine, but with one bug:

If a customer (logged with normal mail and password) or an admin (logged with mail and master password) try to change account password, in old password field there is no longer a check, any word will be passed as "old password".

---

This may be the main reason the originator did not include master password in this manner.
As stated in my earlier post, I think the forgotten password is the better option. Even if I personally add someone to a site while talking on the phone, my last step is to use the forgotten password function to send them a new password.

Quote:

---

Originally Posted by dbltoe

The beauty of open source is that you can "massage" at will.
Personally, when someone forgets their password, I use the built-in forgotten password feature to send them a new one by email. I could see where a user might request something they can remember better than the ZC-generated one but I advise them to use a more secure password.

---

Where is this forgotten password feature you speak of?

index.php?main_page=password_forgotten

There is a link to this page on the login page (index.php?main_page=login) right under the email/password fields where existing customers log in.

I just took a peek at this plugin and would like to propose a couple of modifications for the most recent version:

1. Allow either a single admin user or all users in an admin group (or both) to have the customer-login access
2. Add a session variable if the current session is an admin-login to allow an admin-login to have potentially different behavior

I'd be happy to implement these changes; I just didn't want to step on anyone's feet.

Quote:

---

Originally Posted by lat9

I just took a peek at this plugin and would like to propose a couple of modifications for the most recent version:

1. Allow either a single admin user or all users in an admin group (or both) to have the customer-login access
2. Add a session variable if the current session is an admin-login to allow an admin-login to have potentially different behavior

I'd be happy to implement these changes; I just didn't want to step on anyone's feet.

---

Yes, and yes. Both would be great features. Right now I had to hack the code to allow for 2 admin users to be able to log in. I would really like to see these changes implemented. Thanks!

Quote:

---

Originally Posted by lankeeyankee

Yes, and yes. Both would be great features. Right now I had to hack the code to allow for 2 admin users to be able to log in. I would really like to see these changes implemented. Thanks!

---

Done; v1.5.1 of the plugin has been submitted to the Plugins area ...

Quote:

---

Originally Posted by lat9

Done; v1.5.1 of the plugin has been submitted to the Plugins area ...

---

... and is available for download.

Hi Lat9

Just installed that version of header_php.php on a fresh install of 1.5.0 and get the blank page issue noted in post 2 or 3 of this forum. When I revert to the basic mod then it works fine. I like the improvments you made but would like to use them on 1.5.0 as PCI is important to me. Is there any fix to that which I could apply to make this work on 1.5.0? Thanks for the great work.


Cheers

paperman, what's in the associate error log (in your /cache folder)?

Arggh! Never mind, paperman. This is what I get for not re-installing the plugin after I've been testing the failure cases.

Line#64 of /includes/modules/pages/login/header_php.php is currently:

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1;  /*lat9-a*/

---

and should be changed to

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a*/

---

I'll get the update updated shortly.