Encrypted Master Password support

Please use this forum for "Encrypted Master Password" support.

Quote:

---

Originally Posted by stagebrace

Please use this forum for "Encrypted Master Password" support.

---

Hello, I have merged my header_php.php with your header_php.php
and uploaded to my site. When I select login I get a blank page. If I simply upload your header_php.php same thing. In the last forum scrap had the same problem. It seems that around line 65 there is a real change in the code. Here is my header_php.php if you have time to look at it.

MODERATOR -- code removed

The only mods that I know of to this is that I use dual pricing and at line 50 and 90 customers_wholesale is added.
Thanks for your attention to this.
Niko
marinemagik. com.

I wonder if the Encrypted Master Password works (on your server) in an install with no other modules installed. Would you consider making a temporary test store then install the Encrypted Master Password mod? Then if it works, install the wholesale mod and see if the Password mod works.

I will try and support the mod no mater what the results are.

Quote:

---

Originally Posted by stagebrace

I wonder if the Encrypted Master Password works (on your server) in an install with no other modules installed. Would you consider making a temporary test store then install the Encrypted Master Password mod? Then if it works, install the wholesale mod and see if the Password mod works.

I will try and support the mod no mater what the results are.

---

Thanks for the feedback stagebrace, but that is over my head. I really appreciate your efforts.
Niko

Will v1.2 work with ZenCart v1.5?

I just tested this out on a test store, and it works fine.

The fact that it works doesn't necessarily mean it works.:P

It might function as wanted but does it function properly for PCI compliance?

There are specific changes to that file in 1.5.0 and I'm not sure overwriting it with the one in the mod is not breaking something we don't see.

I'll look into this and maybe stagebrace already has something in the works.

For version 1.5.0 of Zen Cart:

1. If you have already uploaded the header_php.php file for the mod, replace it with the header_php.php that came with 1.5.0. This will make sure things work while you're editing the file.
2. Download (or open from an original 1.5.0 on your computer) the current (1.5.0 version of) includes/modules/pages/login/header_php.php and open it a proper editor.

Find around line 61

Quote:

---

if (!zen_validate_password($password, $check_customer->fields['customers_password'])) {

---

and replace it with

Quote:

---

// *** start Encrypted Master Password by stagebrace ***
$get_admin_query = "SELECT admin_id, admin_pass
FROM " . TABLE_ADMIN . "
WHERE admin_id = '1' ";
$check_administrator = $db->Execute($get_admin_query);
$customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
$administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
if ($customer) {
$ProceedToLogin = true;
} else {
if ($administrator) {
$ProceedToLogin = true;
} else {
$ProceedToLogin = false;
}
}
if (!($ProceedToLogin)) {
// *** end Encrypted Master Password by stagebrace ***

---

Save the file and upload it back to your site.
Now you will have all the latest changes PLUS the advantage of Encrypted Master Password.

There weren't a lot of differences and no PCI probs but the newer version did address one security point and PayPal buttons.

I've submitted the change to Free Software Add Ons as EMP version 1.5.

Quote:

---

Originally Posted by dbltoe

I've submitted the change to Free Software Add Ons as EMP version 1.5.

---

Thanks. Can you let us know when it is available?

You don't have to wait.
If you follow the instructions in post #8, you'll be good to go.:bigups:

Quote:

---

Originally Posted by dbltoe

You don't have to wait.
If you follow the instructions in post #8, you'll be good to go.:bigups:

---

It's listed thanks dbltoe winmerge here I come

Hi,

I want to add Encrypted Master Password to my 1.3.9h but I see in the contributions download it jumps from 1.3.8 to 1.5.

Will the 1.3.8 version work on my 1.3.9h?

Thank you.

Quote:

---

Encrypted Master Password allows the stores administrator to login to customers account with their administrator password.
Upgraded for Zen Cart v1.3.8 - This is a core file modification.

.
Author: Dennis Sayer
Version: 1.2
Zen Cart™ Version: v1.3.8Update added on Dec 01 2007
PHP 5.3 Compatible?: Unknown or N/A
Download Now!
File size: 5341 bytes

---

--------------------------------------------------------------------------------

Again, post #8 comes into play.
If you have loaded a clean fresh 1.3.9h, just add the code in post #8 to your /includes/modules/pages/login/header_php.php

Note that the portion in red above was left off the link in post #8.

Thanks to Kim for fixing my error in post #8:hug:

I am trying to use Hidden Wholesale plugin with the Master Password addon. The problem I am running into is when I login with the master password the account type defaults to Retail. So all of the products that are hidden from Retail customers won't show up even though I am logged into a Wholesale account. Is there a code fix or adjustment for this addon to make it see the Wholesale levels of the Dual Pricing addon?

Are you using both the dual pricing AND hidden mods? What version of Zen Cart?
Have you used something like winmerge to compare the header_php.php files in the mods?

This is a feature request.

If you add your admin/user password check to header.php.php in includes/modules/pages/account_password, it allows you to not only log in as the customer, it allows you to change their password. It's really handy because some customers get very confused, and it's much faster to log into their account and change the password than to add a whole module to the admin panel. Would you consider adding this additional page to the module?

I tryed to add admin\user password check on header_php.php in includes/modules/pages/account_password, and it works fine, but with one bug:

If a customer (logged with normal mail and password) or an admin (logged with mail and master password) try to change account password, in old password field there is no longer a check, any word will be passed as "old password".

Quote:

---

Originally Posted by Zola

This is a feature request.

If you add your admin/user password check to header.php.php in includes/modules/pages/account_password, it allows you to not only log in as the customer, it allows you to change their password. It's really handy because some customers get very confused, and it's much faster to log into their account and change the password than to add a whole module to the admin panel. Would you consider adding this additional page to the module?

---

The beauty of open source is that you can "massage" at will.
Personally, when someone forgets their password, I use the built-in forgotten password feature to send them a new one by email. I could see where a user might request something they can remember better than the ZC-generated one but I advise them to use a more secure password.

Quote:

---

Originally Posted by Savvonet

I tryed to add admin\user password check on header_php.php in includes/modules/pages/account_password, and it works fine, but with one bug:

If a customer (logged with normal mail and password) or an admin (logged with mail and master password) try to change account password, in old password field there is no longer a check, any word will be passed as "old password".

---

This may be the main reason the originator did not include master password in this manner.
As stated in my earlier post, I think the forgotten password is the better option. Even if I personally add someone to a site while talking on the phone, my last step is to use the forgotten password function to send them a new password.

Quote:

---

Originally Posted by dbltoe

The beauty of open source is that you can "massage" at will.
Personally, when someone forgets their password, I use the built-in forgotten password feature to send them a new one by email. I could see where a user might request something they can remember better than the ZC-generated one but I advise them to use a more secure password.

---

Where is this forgotten password feature you speak of?

index.php?main_page=password_forgotten

There is a link to this page on the login page (index.php?main_page=login) right under the email/password fields where existing customers log in.

I just took a peek at this plugin and would like to propose a couple of modifications for the most recent version:

1. Allow either a single admin user or all users in an admin group (or both) to have the customer-login access
2. Add a session variable if the current session is an admin-login to allow an admin-login to have potentially different behavior

I'd be happy to implement these changes; I just didn't want to step on anyone's feet.

Quote:

---

Originally Posted by lat9

I just took a peek at this plugin and would like to propose a couple of modifications for the most recent version:

1. Allow either a single admin user or all users in an admin group (or both) to have the customer-login access
2. Add a session variable if the current session is an admin-login to allow an admin-login to have potentially different behavior

I'd be happy to implement these changes; I just didn't want to step on anyone's feet.

---

Yes, and yes. Both would be great features. Right now I had to hack the code to allow for 2 admin users to be able to log in. I would really like to see these changes implemented. Thanks!

Quote:

---

Originally Posted by lankeeyankee

Yes, and yes. Both would be great features. Right now I had to hack the code to allow for 2 admin users to be able to log in. I would really like to see these changes implemented. Thanks!

---

Done; v1.5.1 of the plugin has been submitted to the Plugins area ...

Quote:

---

Originally Posted by lat9

Done; v1.5.1 of the plugin has been submitted to the Plugins area ...

---

... and is available for download.

Hi Lat9

Just installed that version of header_php.php on a fresh install of 1.5.0 and get the blank page issue noted in post 2 or 3 of this forum. When I revert to the basic mod then it works fine. I like the improvments you made but would like to use them on 1.5.0 as PCI is important to me. Is there any fix to that which I could apply to make this work on 1.5.0? Thanks for the great work.


Cheers

paperman, what's in the associate error log (in your /cache folder)?

Arggh! Never mind, paperman. This is what I get for not re-installing the plugin after I've been testing the failure cases.

Line#64 of /includes/modules/pages/login/header_php.php is currently:

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1;  /*lat9-a*/

---

and should be changed to

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a*/

---

I'll get the update updated shortly.

Quote:

---

Originally Posted by lat9

Arggh! Never mind, paperman. This is what I get for not re-installing the plugin after I've been testing the failure cases.

Line#64 of /includes/modules/pages/login/header_php.php is currently:

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1;  /*lat9-a*/

---

and should be changed to

Code:

---

      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a*/

---

I'll get the update updated shortly.

---

v1.5.2 is now available in the Plugins area ...

I have a sign above my desk that says...

Pobody's Nerfect!

:P

I've submitted v1.6.0 to the plugins area:

• Added SQL statements to move the two configuration values for the plugin into the database.
• Added "Place Order" button in your admin's Customers->Customers to allow an enabled EMP admin to more easily log into a customer's account.

Quote:

---

Originally Posted by lat9

I've submitted v1.6.0 to the plugins area:

• Added SQL statements to move the two configuration values for the plugin into the database.
• Added "Place Order" button in your admin's Customers->Customers to allow an enabled EMP admin to more easily log into a customer's account.

---

v1.6.0 is now available in the Plugins area ...

v1.7.0 has been submitted to the plugins:

1. An entry is now made to the admin_activity_log when an EMP admin logs into a customer's account.
2. This version includes the common orders-status update processing and introduces the updated_by field to the orders_status_history table (if it's not already there).
3. If an EMP admin places an order on a customer's behalf, the updated_by field is set to contain the admin's ID and login name.

v1.7.0 is now available in the Plugins area.

Just updated from 1.2 to 1.7 and the only issue I have is regarding the customers Place Order function.
Locally (xampp 1.82-2, admin no SSL) it works.
Real site (admin uses SSL) the shop front gives a session timeout warning, it does not auto login.

Quote:

---

Real site (admin uses SSL) the shop front gives a session timeout warning, it does not auto login.

---

...because the link was being built without SSL due to admin/includes/configure.php
define('ENABLE_SSL_CATALOG', 'true');
was set to false (incorrectly).

Quote:

---

Originally Posted by torvista

...because the link was being built without SSL due to admin/includes/configure.php
define('ENABLE_SSL_CATALOG', 'true');
was set to false (incorrectly).

---

Ah, that would do it! I was puzzling over your report.

I just submitted v1.8.0 to the Plugins; nothing earth-shattering, just pulling in some downwardly-compatible changes introduced by Zen Cart v1.5.2.

I am getting this error as well. The store does not have SSL installed. Can the Place Order button be used without SSL installed?

Quote:

---

Originally Posted by torvista

...because the link was being built without SSL due to admin/includes/configure.php
define('ENABLE_SSL_CATALOG', 'true');
was set to false (incorrectly).

---

Quote:

---

Originally Posted by Danielle

I am getting this error as well. The store does not have SSL installed. Can the Place Order button be used without SSL installed?

---

I do my local development using xampp without SSL and don't have an issue using the "Place Order" button from one of my test installations. Are you sure that your admin's /includes/configure.php file doesn't indicate that your store-front uses SSL? If you're not using SSL, then your admin's configure.php file should look similar to:

Code:

---

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'http://www.example.com');
  define('HTTPS_SERVER', 'https://www.example.com');
  define('HTTP_CATALOG_SERVER', 'http://www.example.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'false');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'false');

---

No, they are both set to false. I just discovered that the login page on the front end is blank even for regular customers though, it's not actually the place order button that is the issue. The problem is with the code in the login/header_php.php file, but I have been unable to determine the cause. No log files are being generated. The site is on version 1.5.1.

Quote:

---

Originally Posted by lat9

I do my local development using xampp without SSL and don't have an issue using the "Place Order" button from one of my test installations. Are you sure that your admin's /includes/configure.php file doesn't indicate that your store-front uses SSL? If you're not using SSL, then your admin's configure.php file should look similar to:

Code:

---

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'http://www.example.com');
  define('HTTPS_SERVER', 'https://www.example.com');
  define('HTTP_CATALOG_SERVER', 'http://www.example.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'false');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'false');

---

---

I suggest that you open a new thread about your login page issue; post the contents of your /includes/modules/pages/login/header_php.php file using the 'code' tag (the # symbol in the formatting bar) and check your /logs (or /cache if you're running v1.5.0) folder for any debug-log files.

OK thanks, I will do that then. I just thought it was supposed to go in this thread since it's the code from this module that is making the page go blank. As soon as I remove these code edits, it works fine. No logs are being generated whatsoever though, it's really strange.

Quote:

---

Originally Posted by lat9

I suggest that you open a new thread about your login page issue; post the contents of your /includes/modules/pages/login/header_php.php file using the 'code' tag (the # symbol in the formatting bar) and check your /logs (or /cache if you're running v1.5.0) folder for any debug-log files.

---

Quote:

---

Originally Posted by Danielle

OK thanks, I will do that then. I just thought it was supposed to go in this thread since it's the code from this module that is making the page go blank. As soon as I remove these code edits, it works fine. No logs are being generated whatsoever though, it's really strange.

---

OK, that's different; if removing the module's code corrects your overall login problem, then the issue (obviously) lies with the code you've installed for this module!

Specifically, which "code edits" do you remove to cause your login page to work again? What version of Encrypted Master Password are you running? What Zen Cart version?

Yes, I just reread my post where I first mentioned my blank login and realized I said I didn't know the cause, but I knew it was this mod, just not what in the mod was causing the issue. So I didn't do a very good job of explaining what was going on. Sorry for the confusion!

I am using the most recent version of the mod as it said it was for 1.5.2 but backwards compatible. The site is running Zen-Cart 1.5.1.

This is the block of code that is breaking the login:

PHP Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1 


---

Quote:

---

Originally Posted by lat9

OK, that's different; if removing the module's code corrects your overall login problem, then the issue (obviously) lies with the code you've installed for this module!

Specifically, which "code edits" do you remove to cause your login page to work again? What version of Encrypted Master Password are you running? What Zen Cart version?

---

Danielle, I'll have to investigate further tomorrow. Do you have any myDebug*.log files in your /logs folder? Those usually accompany a blank screen.

No, that is really strange too, there are no debug logs at all. I've tried all kinds of permissions settings, but nothing is showing up.

Quote:

---

Originally Posted by lat9

Danielle, I'll have to investigate further tomorrow. Do you have any myDebug*.log files in your /logs folder? Those usually accompany a blank screen.

---

Danielle, on a hunch, could/would you try commenting out a couple of lines in the /includes/modules/pages/login/header_php.php and let me know if that corrects the issue?

Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                              'admin_id' => $_SESSION['emp_admin_id'],
                              'page_accessed' => 'login.php',
                              'page_parameters' => '',
                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                              'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                              'flagged' => 0,
                              'attention' => '',
                              );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
     
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
       
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
         
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass
                                  FROM " . TABLE_ADMIN . "
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

---

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                              'admin_id' => $_SESSION['emp_admin_id'],
                              'page_accessed' => 'login.php',
                              'page_parameters' => '',
                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                              'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                              'flagged' => 0,
                              'attention' => '',
                              );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
     
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
       
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
         
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass
                                  FROM " . TABLE_ADMIN . "
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

---

No, I am still getting the blank login page and no debug logs.

Quote:

---

Originally Posted by lat9

Danielle, on a hunch, could/would you try commenting out a couple of lines in the /includes/modules/pages/login/header_php.php and let me know if that corrects the issue?

Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                              'admin_id' => $_SESSION['emp_admin_id'],
                              'page_accessed' => 'login.php',
                              'page_parameters' => '',
                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                              'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                              'flagged' => 0,
                              'attention' => '',
                              );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
     
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
       
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
         
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass
                                  FROM " . TABLE_ADMIN . "
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

---

---

Quote:

---

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                              'admin_id' => $_SESSION['emp_admin_id'],
                              'page_accessed' => 'login.php',
                              'page_parameters' => '',
                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                              'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                              'flagged' => 0,
                              'attention' => '',
                              );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
     
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
       
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
         
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass
                                  FROM " . TABLE_ADMIN . "
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

---

---

How about forcing an error to make sure that logs will be written? Did you try that?

No, no log files are generated :( I cannot understand it. I have tried every permissions setting on the log directory. The logs directory in configure.php is set correctly. Not sure how else to troubleshoot this. I have never seen a site where the log files just don't work.

Quote:

---

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

---

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                              'admin_id' => $_SESSION['emp_admin_id'],
                              'page_accessed' => 'login.php',
                              'page_parameters' => '',
                              'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                              'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                              'flagged' => 0,
                              'attention' => '',
                              );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
     
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
       
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
         
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass
                                  FROM " . TABLE_ADMIN . "
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

---

---

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

Sure:

define('DIR_FS_LOGS', '/home/sites/****/public_html/logs');

I just put in the ****, in the actual file it has the correct info there.

Quote:

---

Originally Posted by lat9

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

---

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

---

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

---

Quote:

---

Originally Posted by lat9

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

---

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

---

---

Nope still no logs showing up. Permissions are 755. It's so strange!

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP

If I hide the EMP code the login page works fine. There are no log files.

Quote:

---

Originally Posted by twitchtoo

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP

---

That would tell me the code is being put in the wrong location in the file or there's pieces missing, assuming it's a stock login/split login.

Have you tried with the EMP code in and toggling between split and regular login?

I've submitted v1.9.0 to the Plugins; this version enables your store to support multiple EMP-enabled admin profiles.

Quote:

---

Originally Posted by lat9

I've submitted v1.9.0 to the Plugins; this version enables your store to support multiple EMP-enabled admin profiles.

---

Now available ...

This add-on is absolutely great thanks.

Would it be possible to have the 'place order' button appear on the orders.php page too?

This would be really useful as when I'm helping an existing customer on the phone I often have to look at their old orders first and this would save a click or two.

All the best,

Craig

Craig, I've identified your request as a future enhancement to EMP.

Brilliant, thanks.

If you want me to test anything please let me know.

Will this plugin work with Super Orders? I'm thinking that the orders.php file required for Super Orders is overwritten which would most likely cause issues. Has anyone run into this before?

I've looked at the merge required for integration with Super Orders in the past and it's quite a chore:blink:, primarily in the addition of the Orders Status History changes. Without that merge, you lose the display of any "Updated By" status processing (like which admin placed an EMP order), but that's the only feature that you'd lose.

Craig, I've re-looked at this and believe that the functionality (quick way to look at customer's past orders) is already part of Zen Cart.

If you're on your admin's Customers->Orders screen, you'll see a (kind of washed-out) icon to the left of each customer's name. When you hover on the icon, the title-text reads "Preview Customers"; when you click the icon, you're taken to the Customers->Customers page with the associated customer's record highlighted. Clicking the "Orders" button in the right-hand pane then presents you with a list of the customer's previous orders.

I've just uploaded v2.0.0 to the Plugins area; it will be available for download once approved. This version is compatible with Zen Cart v1.5.0 through v1.5.3 and makes a change to the handling of the "Place Order" button. The button's click now takes the admin to the store-side login page, with the customer's email address pre-filled, but the admin must enter his/her password to continue.

Quote:

---

Originally Posted by lat9

Craig, I've re-looked at this and believe that the functionality (quick way to look at customer's past orders) is already part of Zen Cart.

If you're on your admin's Customers->Orders screen, you'll see a (kind of washed-out) icon to the left of each customer's name. When you hover on the icon, the title-text reads "Preview Customers"; when you click the icon, you're taken to the Customers->Customers page with the associated customer's record highlighted. Clicking the "Orders" button in the right-hand pane then presents you with a list of the customer's previous orders.

---

Thanks lat9.

I did know of the little icon you can click on. It would just have been a little more convenient for me to have the 'place order' button on orders.php too as when I'm taking a phone order I usually stop on the orders page in the admin so I can see what the customer has ordered in the past and what options and addresses they used.

I'll see if I can test the latest release in a bit. Is there any particular reason to have to enter the admin password? Security/DSS I presume?

All the best.

Craig

Quote:

---

Originally Posted by CES

Thanks lat9.

I did know of the little icon you can click on. It would just have been a little more convenient for me to have the 'place order' button on orders.php too as when I'm taking a phone order I usually stop on the orders page in the admin so I can see what the customer has ordered in the past and what options and addresses they used.

I'll see if I can test the latest release in a bit. Is there any particular reason to have to enter the admin password? Security/DSS I presume?

All the best.

Craig

---

Craig, my reluctance to make modifications to the orders.php file is that it seems like every admin-level plugin makes some small modification to that file. The admin password requirement for the "Place Order" button was due, in part, to security/DSS but also to make use of the improved password-handling changes (and login-page notifier structure) that are built into Zen Cart v1.5.3.

No worries.

All the best.

Craig

Quote:

---

Originally Posted by lat9

I've just uploaded v2.0.0 to the Plugins area; it will be available for download once approved. This version is compatible with Zen Cart v1.5.0 through v1.5.3 and makes a change to the handling of the "Place Order" button. The button's click now takes the admin to the store-side login page, with the customer's email address pre-filled, but the admin must enter his/her password to continue.

---

EMP v2.0.0 is now available for download in the Plugins area: http://www.zen-cart.com/downloads.php?do=file&id=94

In v2.0.0 readme, it says "/includes/init_includes/init_emp_login_link.php. Removed in v2.0.0 of this plugin." The file is in the build and will end up on the site unless the user manually deletes the file. I assume you do NOT want the file on the server?

Quote:

---

Originally Posted by mikestewart

In v2.0.0 readme, it says "/includes/init_includes/init_emp_login_link.php. Removed in v2.0.0 of this plugin." The file is in the build and will end up on the site unless the user manually deletes the file. I assume you do NOT want the file on the server?

---

Right, the file is present in the distribution simply to overwrite any pre-existing file of the same name; it can be safely deleted.

Using your updated version, how is TY Tracker supposed to work as a large section of code for the Tracker module is in the section you comment out starting on line 119 of admin/orders.php

Quote:

---

Originally Posted by strelitzia

Using your updated version, how is TY Tracker supposed to work as a large section of code for the Tracker module is in the section you comment out starting on line 119 of admin/orders.php

---

The changes to the orders.php file are simply the "pull-in" from the "Orders-Status-Updated By" plugin; they're not necessary for EMP functionality so you could just use your TyPT version of orders.php (you just won't see the "Updated By" field, so you won't know if an order was placed by an EMP admin on a customer's behalf).

just installed this on 1.5.3 and everything works great, apart from order status history is blank when a admin makes an order for a customer.

did everything to the instructions, have you had this before?

thanks

Quote:

---

Originally Posted by garabaldi

just installed this on 1.5.3 and everything works great, apart from order status history is blank when a admin makes an order for a customer.

did everything to the instructions, have you had this before?

thanks

---

Did you merge the plugin's version of /YOUR_ADMIN/orders.php with existing changes or did you do a straight copy of the plugin's version? Please post the contents of the myDEBUG log file that identifies the source of the issue, xxx-ing out the name of your admin folder.

yes i did merge the files and have checked them but will do so again now..

thats the funny thing there is no log for it, the last log i have is from the 8th nof this month which was just a connection problem that i fixed.

as i said i will recheck everything because when updating the order there is no updated by its blank.

thanks

update
i have rechecked orders.php and the only differences are where i have minacct code, the rest is identical.

tested updating the order again with a comment and the comment shows but still no updated by.

will keep looking thanks

ok its working now i re did the orders.php edits and hey presto its showing so db was being populated but just not showing.

sorry to have bothered you with what was a mistake of my own.

thanks

Quote:

---

Originally Posted by garabaldi

ok its working now i re did the orders.php edits and hey presto its showing so db was being populated but just not showing.

sorry to have bothered you with what was a mistake of my own.

thanks

---

I didn't understand from your initial posting that it was the "updated_by" field that was missing (I thought that the whole orders-update page was whitescreened). Thanks for posting back the issue and your solution!

This mod states that it supports up to ZC 1.5.3...has anyone used it successfully with 1.5.4? If it's not compatible, any news on when the mod might be updated? Thanks!

It is *not* compatible with 1.5.4. Hopefully some nice person will update it soon!

Oopsie! I updated it, but forgot to upload it to the plugins ...:blush: it's on its way

lat9 is the greatest of all time. OF ALL TIME!

Quote:

---

Originally Posted by lat9

Oopsie! I updated it, but forgot to upload it to the plugins ...:blush: it's on its way

---

v2.0.1 is now available for download from the plugins -- thanks, swguy!

In the interests of being annoying:
admin/orders.php
I note @992 it still has hard coded text:

PHP Code:

---

$contents[] = array('text' => 'Products Ordered: ' . sizeof($order->products) ); 


---

instead of

PHP Code:

---

 $contents[] = array('text' => TABLE_HEADING_PRODUCTS . ': ' . sizeof($order->products) ); 


---

:censored: I thought that I had those merges completed.

I'll get that picked up in a future release; I'm thinking that the plugin should record an admin-activity-log when an admin logs into a customer's account. Anyone have objections?

Thanks so much, lat9! This looks like a super-handy module and it'll be great to use it with 1.5.4.

Quote:

---

Originally Posted by lat9

:censored: I thought that I had those merges completed.

I'll get that picked up in a future release; I'm thinking that the plugin should record an admin-activity-log when an admin logs into a customer's account. Anyone have objections?

---

I must have been thinking the same thing a year and a half ago :blink:; the admin-activity-log record has been created since v1.7.0 of the plugin (released in September 2013)!

I just uploaded v2.0.2 to the Plugins; it corrects the handling of CR/LF sequences in the status-update messages; incorporates osh_updated_by v1.2.1. Thanks to barco57 for reporting the problem on EMP's GitHub site.

I am at the moment being forced to change my admin password at the 90 day point. Couple of problems; I only changed to two days ago however I am still being forced in to the change.

When I login put in my username & current password it then sends me to Admin Login - Password Expired put in the old password then the new one. After a bit of messing around it sends me back to the login screen. I put in my username and the new password, however instead of letting me in to the admin pages it sends me back to the Admin Login - Password Expired screen. I have to, at this point put in my new password as the old one and choose another new password. Again after a bit of messing around I go back to the admin login screen. At this point the cycle starts all over again. I have done this 6/7 times before I have put this down. So atm I cannot do any admin work.

I have removed all pages that this plugin installed but as yet not the merged code. Should I remove that as well? I cannot run the uninstall script as I cannot get in to my admin. So could someone let me know what is required to be removed from the database.

Just remembered; this has happened in the past and I thought it could have been the way I had installed some of the plugin's so I have removed that build and started again. Also is this in the right place for this question? Thanks in advance. I have installed the plugin dated 28th May 2015

EMP has nothing to do with logging into your admin; its purpose is to allow your store's admins to use their admin-level passwords to log into customers' accounts.

You can run the uninstall for the plugin via your web-host's phpMyAdmin tool, just make sure to add any non-blank DB_PREFIX value to the name of the configuration table if you do.

Quote:

---

Originally Posted by lat9

EMP has nothing to do with logging into your admin; its purpose is to allow your store's admins to use their admin-level passwords to log into customers' accounts.

You can run the uninstall for the plugin via your web-host's phpMyAdmin tool, just make sure to add any non-blank DB_PREFIX value to the name of the configuration table if you do.

---

Thanks lat9. I will go back to my thread to put this info on there.

I've just uploaded v2.1.0 to the Plugins area for review, with the following changes:

1. Logged-in EMP admins can now change the customer's password.
2. PHP 7 compliance: Class constructor names are now __construct.

lat9,
as someone who is never happy whenever i dig into the code with super_orders (or whatever the latest install of creating/editing orders on the admin side), i can very hopeful about this module. installed very easily, created my first order... looks like the perfect thing.

thanks.

@carlwhat, thanks for the update!