Encrypted Master Password support

[Danielle]

I am getting this error as well. The store does not have SSL installed. Can the Place Order button be used without SSL installed?

...because the link was being built without SSL due to admin/includes/configure.php
define('ENABLE_SSL_CATALOG', 'true');
was set to false (incorrectly).

[lat9]

I am getting this error as well. The store does not have SSL installed. Can the Place Order button be used without SSL installed?

I do my local development using xampp without SSL and don't have an issue using the "Place Order" button from one of my test installations. Are you sure that your admin's /includes/configure.php file doesn't indicate that your store-front uses SSL? If you're not using SSL, then your admin's configure.php file should look similar to:

Code:

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'http://www.example.com');
  define('HTTPS_SERVER', 'https://www.example.com');
  define('HTTP_CATALOG_SERVER', 'http://www.example.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'false');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'false');

[Danielle]

No, they are both set to false. I just discovered that the login page on the front end is blank even for regular customers though, it's not actually the place order button that is the issue. The problem is with the code in the login/header_php.php file, but I have been unable to determine the cause. No log files are being generated. The site is on version 1.5.1.

I do my local development using xampp without SSL and don't have an issue using the "Place Order" button from one of my test installations. Are you sure that your admin's /includes/configure.php file doesn't indicate that your store-front uses SSL? If you're not using SSL, then your admin's configure.php file should look similar to:

Code:

/**
 * WE RECOMMEND THAT YOU USE SSL PROTECTION FOR YOUR ENTIRE ADMIN:
 * To do that, make sure you use a "https:" URL for BOTH the HTTP_SERVER and HTTPS_SERVER entries:
 */
  define('HTTP_SERVER', 'http://www.example.com');
  define('HTTPS_SERVER', 'https://www.example.com');
  define('HTTP_CATALOG_SERVER', 'http://www.example.com');
  define('HTTPS_CATALOG_SERVER', 'https://www.example.com');

  // secure webserver for admin?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_ADMIN', 'false');

  // secure webserver for storefront?  Valid choices are 'true' or 'false' (including quotes).
  define('ENABLE_SSL_CATALOG', 'false');

[lat9]

I suggest that you open a new thread about your login page issue; post the contents of your /includes/modules/pages/login/header_php.php file using the 'code' tag (the # symbol in the formatting bar) and check your /logs (or /cache if you're running v1.5.0) folder for any debug-log files.

[Danielle]

OK thanks, I will do that then. I just thought it was supposed to go in this thread since it's the code from this module that is making the page go blank. As soon as I remove these code edits, it works fine. No logs are being generated whatsoever though, it's really strange.

I suggest that you open a new thread about your login page issue; post the contents of your /includes/modules/pages/login/header_php.php file using the 'code' tag (the # symbol in the formatting bar) and check your /logs (or /cache if you're running v1.5.0) folder for any debug-log files.

[lat9]

OK thanks, I will do that then. I just thought it was supposed to go in this thread since it's the code from this module that is making the page go blank. As soon as I remove these code edits, it works fine. No logs are being generated whatsoever though, it's really strange.

OK, that's different; if removing the module's code corrects your overall login problem, then the issue (obviously) lies with the code you've installed for this module!

Specifically, which "code edits" do you remove to cause your login page to work again? What version of Encrypted Master Password are you running? What Zen Cart version?

[Danielle]

Yes, I just reread my post where I first mentioned my blank login and realized I said I didn't know the cause, but I knew it was this mod, just not what in the mod was causing the issue. So I didn't do a very good job of explaining what was going on. Sorry for the confusion!

I am using the most recent version of the mod as it said it was for 1.5.2 but backwards compatible. The site is running Zen-Cart 1.5.1.

This is the block of code that is breaking the login:

PHP Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1 


OK, that's different; if removing the module's code corrects your overall login problem, then the issue (obviously) lies with the code you've installed for this module!

Specifically, which "code edits" do you remove to cause your login page to work again? What version of Encrypted Master Password are you running? What Zen Cart version?

[lat9]

Danielle, I'll have to investigate further tomorrow. Do you have any myDebug*.log files in your /logs folder? Those usually accompany a blank screen.

[Danielle]

No, that is really strange too, there are no debug logs at all. I've tried all kinds of permissions settings, but nothing is showing up.

Danielle, I'll have to investigate further tomorrow. Do you have any myDebug*.log files in your /logs folder? Those usually accompany a blank screen.

[lat9]

Danielle, on a hunch, could/would you try commenting out a couple of lines in the /includes/modules/pages/login/header_php.php and let me know if that corrects the issue?

Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1