Encrypted Master Password support

Re: Encrypted Master Password support

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

// Check that password is good //-bof-Encrypted Master Password by stagebrace *** 1/1 //- Start modifications by lat9: //-bof-a-v1.6.0 } elseif ($emp_login === true &&) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = (int)$_POST['aID']; //-bof-a-v1.7.0 /* $sql_data_array = array( 'access_date' => 'now()', 'admin_id' => $_SESSION['emp_admin_id'], 'page_accessed' => 'login.php', 'page_parameters' => '', 'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45), 'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7), 'flagged' => 0, 'attention' => '', ); zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array); */ //-eof-a-v1.7.0 //-eof-a-v1.6.0 } else { //--- Either specific admin ID or an admin within a specific admin profile can use their password to login. if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1); /*lat9-a/c*/ $get_admin_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID; /*lat9-c*/ $check_administrator = $db->Execute($get_admin_query); $customer = (zen_validate_password($password, $check_customer->fields['customers_password'])); $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass'])); if ($customer) { $ProceedToLogin = true; } elseif ($administrator) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; /*lat9-a*/ $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID; } else { //-bof-lat9-a if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1); /*lat9-a*/ $admin_profile_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID; $admin_profiles = $db->Execute($admin_profile_query); //-eof-lat9-a $ProceedToLogin = false; //-bof-lat9-a while (!$admin_profiles->EOF && !$ProceedToLogin) { $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']); if ($ProceedToLogin) { $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id']; } $admin_profiles->MoveNext(); } //-eof-lat9-a } } if (!($ProceedToLogin)) { //-eof-Encrypted Master Password by stagebrace *** 1/1

Re: Encrypted Master Password support

No, I am still getting the blank login page and no debug logs.

Quote:

Originally Posted by lat9

Danielle, on a hunch, could/would you try commenting out a couple of lines in the /includes/modules/pages/login/header_php.php and let me know if that corrects the issue?

Code:

// Check that password is good //-bof-Encrypted Master Password by stagebrace *** 1/1 //- Start modifications by lat9: //-bof-a-v1.6.0 } elseif ($emp_login === true) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = (int)$_POST['aID']; //-bof-a-v1.7.0 /* $sql_data_array = array( 'access_date' => 'now()', 'admin_id' => $_SESSION['emp_admin_id'], 'page_accessed' => 'login.php', 'page_parameters' => '', 'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45), 'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7), 'flagged' => 0, 'attention' => '', ); zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array); */ //-eof-a-v1.7.0 //-eof-a-v1.6.0 } else { //--- Either specific admin ID or an admin within a specific admin profile can use their password to login. if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1); /*lat9-a/c*/ $get_admin_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID; /*lat9-c*/ $check_administrator = $db->Execute($get_admin_query); $customer = (zen_validate_password($password, $check_customer->fields['customers_password'])); $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass'])); if ($customer) { $ProceedToLogin = true; } elseif ($administrator) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; /*lat9-a*/ $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID; } else { //-bof-lat9-a if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1); /*lat9-a*/ $admin_profile_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID; $admin_profiles = $db->Execute($admin_profile_query); //-eof-lat9-a $ProceedToLogin = false; //-bof-lat9-a while (!$admin_profiles->EOF && !$ProceedToLogin) { $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']); if ($ProceedToLogin) { $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id']; } $admin_profiles->MoveNext(); } //-eof-lat9-a } } if (!($ProceedToLogin)) { //-eof-Encrypted Master Password by stagebrace *** 1/1

Re: Encrypted Master Password support

Quote:

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

// Check that password is good //-bof-Encrypted Master Password by stagebrace *** 1/1 //- Start modifications by lat9: //-bof-a-v1.6.0 } elseif ($emp_login === true &&) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = (int)$_POST['aID']; //-bof-a-v1.7.0 /* $sql_data_array = array( 'access_date' => 'now()', 'admin_id' => $_SESSION['emp_admin_id'], 'page_accessed' => 'login.php', 'page_parameters' => '', 'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45), 'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7), 'flagged' => 0, 'attention' => '', ); zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array); */ //-eof-a-v1.7.0 //-eof-a-v1.6.0 } else { //--- Either specific admin ID or an admin within a specific admin profile can use their password to login. if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1); /*lat9-a/c*/ $get_admin_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID; /*lat9-c*/ $check_administrator = $db->Execute($get_admin_query); $customer = (zen_validate_password($password, $check_customer->fields['customers_password'])); $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass'])); if ($customer) { $ProceedToLogin = true; } elseif ($administrator) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; /*lat9-a*/ $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID; } else { //-bof-lat9-a if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1); /*lat9-a*/ $admin_profile_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID; $admin_profiles = $db->Execute($admin_profile_query); //-eof-lat9-a $ProceedToLogin = false; //-bof-lat9-a while (!$admin_profiles->EOF && !$ProceedToLogin) { $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']); if ($ProceedToLogin) { $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id']; } $admin_profiles->MoveNext(); } //-eof-lat9-a } } if (!($ProceedToLogin)) { //-eof-Encrypted Master Password by stagebrace *** 1/1

How about forcing an error to make sure that logs will be written? Did you try that?

Re: Encrypted Master Password support

No, no log files are generated :( I cannot understand it. I have tried every permissions setting on the log directory. The logs directory in configure.php is set correctly. Not sure how else to troubleshoot this. I have never seen a site where the log files just don't work.

Quote:

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

// Check that password is good //-bof-Encrypted Master Password by stagebrace *** 1/1 //- Start modifications by lat9: //-bof-a-v1.6.0 } elseif ($emp_login === true &&) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = (int)$_POST['aID']; //-bof-a-v1.7.0 /* $sql_data_array = array( 'access_date' => 'now()', 'admin_id' => $_SESSION['emp_admin_id'], 'page_accessed' => 'login.php', 'page_parameters' => '', 'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45), 'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7), 'flagged' => 0, 'attention' => '', ); zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array); */ //-eof-a-v1.7.0 //-eof-a-v1.6.0 } else { //--- Either specific admin ID or an admin within a specific admin profile can use their password to login. if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1); /*lat9-a/c*/ $get_admin_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID; /*lat9-c*/ $check_administrator = $db->Execute($get_admin_query); $customer = (zen_validate_password($password, $check_customer->fields['customers_password'])); $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass'])); if ($customer) { $ProceedToLogin = true; } elseif ($administrator) { $ProceedToLogin = true; $_SESSION['emp_admin_login'] = true; /*lat9-a*/ $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID; } else { //-bof-lat9-a if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1); /*lat9-a*/ $admin_profile_query = "SELECT admin_id, admin_pass FROM " . TABLE_ADMIN . " WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID; $admin_profiles = $db->Execute($admin_profile_query); //-eof-lat9-a $ProceedToLogin = false; //-bof-lat9-a while (!$admin_profiles->EOF && !$ProceedToLogin) { $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']); if ($ProceedToLogin) { $_SESSION['emp_admin_login'] = true; $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id']; } $admin_profiles->MoveNext(); } //-eof-lat9-a } } if (!($ProceedToLogin)) { //-eof-Encrypted Master Password by stagebrace *** 1/1

Re: Encrypted Master Password support

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

Re: Encrypted Master Password support

Sure:

define('DIR_FS_LOGS', '/home/sites/****/public_html/logs');

I just put in the ****, in the actual file it has the correct info there.

Quote:

Originally Posted by lat9

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

Re: Encrypted Master Password support

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

Re: Encrypted Master Password support

Quote:

Originally Posted by lat9

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

Nope still no logs showing up. Permissions are 755. It's so strange!

Re: Encrypted Master Password support

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP

Re: Encrypted Master Password support

If I hide the EMP code the login page works fine. There are no log files.

Quote:

Originally Posted by twitchtoo

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP