Master Password Encrypted mod support

[Woodymon]

Running Zen Cart 1.37 with Andrew's (a_berezin) Encrypted Master Password mod version dated Jan 29, 2006 from
zen-cart.spb.ru/freedownload.php?file=zc-contribution/master_password_encrypt.zip

The mod has previously behaving well on previous ZC 1.27 and 1.3x carts

However I just moved my network connection from one IP block to another. My old IP entry still shows up under "Master Password IP" in Configuration > My Store. (that is the only IP entered).

But when I attempt to log into another users account with master password from my new IP, I am allowed to log in. This should not be?

So possibly the IP filtering function of this mod does not work any longer with this mod? Or something I need to do to repair? I am fairly certain the IP filtering was working previously on my former Zen Cart 1.27 shop. Anyone else discover similar issue?Note the Master Password function still works fine, jut not the IP filter.

Is there a newer version of this Master Password mod available by Andrew (or somewhere else) supporting IP filtering on Zen Cart 1.37. I have not tried the other more recent Encrypted Master Password mod developed by Dennis Sayer, as I understand it does not filter Master Password access by IP.

[a_berezin]

Hi, Woodymon
Very strange. IP filtering function does not depend on the zen-cart version.
Tomorrow I shall test it once again.

[Woodymon]

Very strange. IP filtering function does not depend on the zen-cart version.

Hi Andrew, I went to test a ZC 127 shop, which is still in production (in the upgrade queue) and which I am quite sure I previously installed your mod on. But just discovered it does not have the mod installed. So I will install mod and test.

Woody

[Woodymon]

Hi Andrew, I went to test a ZC 127 shop, ... but just discovered it does not have the mod installed. So I will install mod and test.

Master Password (crypted) v1.0
master_password_encrypt.zip (Jan 29, 2006)

Just installed on a 1.27 shop. Master Password feature works and is encrypted in admin. But the IP filter does not work. I entered my OLD IP in admin but still able to use master password within the catalog to log into anyones account.

Possible issue with /includes/functions/password_funcs.php

Code:

// BOF master_password
      $ip_allow = true;
      if(MASTER_PASSWORD_IP != "") {
        $master_password_ip = explode(",", str_replace(array(";", " ", ",,"), ",", MASTER_PASSWORD_IP));
        $ip_allow = false;
        for($i=0,$n=sizeof($master_password_ip);$i<$n;$i++){
          if(strpos($_SERVER["REMOTE_ADDR"], $master_password_ip[$i]) == 0) {
            $ip_allow = true;
            break;
          }
        }
      }

I'm not pretending the IP filtering is providing a huge dose of extra security. But nevertheless the IP filtering would be a nice feature to have working. Especially when managing and/or troubleshooting the shop from different remote locations all the time.

Woody

[a_berezin]

Woody,
You use proxy?

[Woodymon]

Woody,
You use proxy?

Negative. Nope. Nada.

[a_berezin]

Woody,
Run this script and PM me screenshot.

Code:

<?php
require('includes/application_top.php');
echo '<pre>';var_dump(MASTER_PASSWORD_IP, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_X_FORWARDED_FOR'], $_SERVER['HTTP_CLIENT_IP']);echo '</pre>';
?>

[a_berezin]

v 1.1 14.02.2007 7:57
- Use zen_draw_password_field() function to enter master password in admin;
- Use zen_cfg_password_display() function to display master password in admin (for 1.3.7 compatibility);
- Fix bug testing MASTER_PASSWORD_IP in password_funcs.php;

Special thanks to Woody!

[Woodymon]

Thanks again for the fix Andrew.

The IP filtering provided by your updated Encrypted Master Password mod is a definite plus!!!!

Woody

[Woodymon]

BTW, the name of this mod is "Master Password Crypted". Apologies for the incorrect title of this support thread and for previously referring to mod name incorrectly. ;)

Woody