Forums / All Other Contributions/Addons / tweaking encrypted master password and cowoa

tweaking encrypted master password and cowoa

Results 1 to 3 of 3
29 Jan 2012, 01:10
#1
lankeeyankee avatar

lankeeyankee

Totally Zenned

Join Date:
Jan 2007
Posts:
1,514
Plugin Contributions:
1

tweaking encrypted master password and cowoa

Been banging my head on this one for a while, I hope someone can show me how to get this to work.

Here's the scenario: We use COWOA and Encrypted Master Password(EMP). It works great but there is one instance that I am trying to change. That is when we take a phone order for an existing customer that has checked out in the past using COWOA (or we have done a phone order with them before, whenever we take a phone order for a new customer we always run it through COWOA to avoid them getting the welcome email and then us having to email them the password when they are really just trying to make a purchase and don't want to deal with the website for whatever reason). It is much faster to simply log in to their "account" using EMP than to enter all of their details again through COWOA.

I think that this could be useful for many people that take phone orders, it's such a time saver. I want to get this figured out so I can update one or the other modules and upload to the free downloads section or at least put a tutorial in their support threads for how to do this.

Here's the code from includes/modules/pages/login/header.php that I have been working with:
[php]// Check if email exists
$check_customer_query = "SELECT customers_id, customers_firstname, customers_password,
customers_email_address, customers_default_address_id,
customers_authorization, customers_referral
FROM " . TABLE_CUSTOMERS . "
WHERE customers_email_address = :email
AND COWOA_account != 1";

$check_customer_query =$db->bindVars($check_customer_query, ':email', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);

if (!$check_customer->RecordCount()) {
$error = true;
} else {
// *** start Encrypted Master Password by stagebrace ***
$get_admin_query = "SELECT admin_id, admin_pass
FROM " . TABLE_ADMIN . "
WHERE admin_id = '2' ";
$check_administrator = $db->Execute($get_admin_query);
$customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
$administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
if ($customer) {
$ProceedToLogin = true;
} else {
if ($administrator) {
$ProceedToLogin = true;
} else {
$ProceedToLogin = false;
}
}
if (!($ProceedToLogin)) {
// *** end Encrypted Master Password by stagebrace ***
$error = true;
} else {
if (SESSION_RECREATE == 'True') {[/php]Since in the sql query it has a WHERE clause to check if COWOA_account !=1 then in this instance [php]if (!$check_customer->RecordCount()) {
$error = true;
}[/php]will always be true and I can never "log in" to their account. If I remove the AND COWOA_account !=1 from the sql statement it works like I want. But then people who have gone through COWOA and then decide to create an account later can't log into their account since the COWOA record comes first.

I have tried all sorts of ways around this but can't get it to work. Of course, I am a mediocre code hacker and not a true coder so I figure I am missing something that is probably pretty obvious.

I'd really appreciate some help!:hug:
29 Jan 2012, 16:22
#2
lankeeyankee avatar

lankeeyankee

Totally Zenned

Join Date:
Jan 2007
Posts:
1,514
Plugin Contributions:
1

Re: tweaking encrypted master password and cowoa

OK, I got this to work. Amazing what a good night's sleep and a bit of perspective will do!:D

For anyone else wanting to do this, in includes/modules/pages/login/header.php change the code from:[php]// Check if email exists
$check_customer_query = "SELECT customers_id, customers_firstname, customers_password,
customers_email_address, customers_default_address_id,
customers_authorization, customers_referral
FROM " . TABLE_CUSTOMERS . "
WHERE customers_email_address = :email
AND COWOA_account != 1";

$check_customer_query =$db->bindVars($check_customer_query, ':email', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);

if (!$check_customer->RecordCount()) {
$error = true;
} else { [/php]to:[php] $get_admin_query = "SELECT admin_id, admin_pass
FROM " . TABLE_ADMIN . "
WHERE admin_id = '2' ";
$check_administrator = $db->Execute($get_admin_query);
$administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
if ($administrator) {
$check_customer_query = "SELECT customers_id, customers_firstname, customers_password,
customers_email_address, customers_default_address_id,
customers_authorization, customers_referral
FROM " . TABLE_CUSTOMERS . "
WHERE customers_email_address = :email";

$check_customer_query =$db->bindVars($check_customer_query, ':email', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);

} else {

// Check if email exists
$check_customer_query = "SELECT customers_id, customers_firstname, customers_password,
customers_email_address, customers_default_address_id,
customers_authorization, customers_referral
FROM " . TABLE_CUSTOMERS . "
WHERE customers_email_address = :email
AND COWOA_account != 1";

$check_customer_query =$db->bindVars($check_customer_query, ':email', $email_address, 'string');
$check_customer = $db->Execute($check_customer_query);
}

if (!$check_customer->RecordCount()) {
$error = true;
} else { [/php]By putting in the conditional to check if it's the admin's password we can specify whether to include COWOA accounts or not when checking if customer's email exists. If it's not the admin's password then it goes to the else part of the conditional and the sql statement for checking the customer's email address will include the filter to exclude COWOA accounts by adding AND COWOA_account !=1.

NOTE: I am using admin ID 2, since that is the admin that has this clearance on my site. You might use admin ID 1 if you only have one admin. Use whatever the admin ID is in the regular Encrypted Master Password section further down the page.
28 Feb 2012, 19:50
#3
alin avatar

alin

New Zenner

Join Date:
Sep 2011
Posts:
18
Plugin Contributions:
0

Re: tweaking encrypted master password and cowoa

I know this thread's not exactly new, but I'm bumping it for a fix well done. Dropped in your code where it belonged and it worked on the first time, even on a more heavily modified file. Thanks for going through the frustration for me. :)