[Duplicate] Windows Install (IIS) customer forgot password password_func warnings

**mc12345678** · 20 Apr 2014, 07:43 PM

Really sorry if this has been reported. I am trying to code something, while working ran across a warning that I corrected per the following.

Setup is this:
I have an includes/configure.php file in a sub-directory off of my localhost, so localhost/sub-directory/includes/configure.php file does exist. I have also a includes/local/configure.php file that I am using to override the default configure.php file.

Customer trying to login, but forgot password. selected forgot password, provided email address.
During the attempt to send the new password received 15 iterations of the following message: path slightly obscured

Code:

PHP Warning:   sha1_file(/includes/configure.php): failed to open stream: No such file  or directory in PATH_TO_SUBDIRECTORY\includes\functions\password_funcs.php on line  118

line 118 of password_funcs.php contained:

Code:

    $entropy = sha1_file('/includes/configure.php');

Complete code for this section:

Code:

  if (strlen($entropy) < 16)
  {
    $entropy = sha1_file('/includes/configure.php');
    $entropy .= microtime() . mt_rand() . $seed;
    //echo "USING FALLBACK" . "<br>";
  }
  return sha1($entropy);

When the line was changed to:

Code:

    $entropy = sha1_file('includes/configure.php'); // mc12345678

No warnings were observed when the customer requested a new/forgotten password.

This problem has not been seen using the same code on an apache server. Just before this section there is some work done if the server is on a windows platform. Perhaps the code that follows into the windows area and if not a windows server to use the default above version, or to provide some sort of warning check as part of the above to mitigate this response/behavior.

Okay I'm off to returning to my coding.

**lat9** · 21 Apr 2014, 12:56 PM

Known, previously-reported, issue: http://www.zen-cart.com/showthread.p...20#post1153920

**mc12345678** · 21 Apr 2014, 01:08 PM

Thanks lat9, I do agree that the fix suggested there is more "sound" the fix I posted will work, but leaves things open a little. The suggested fix in the link above keeps control of the file location ensuring that thereis no redirect. Glad you pointed out the problem back then. I again apologize for the "quick shot" and lack of further review. I wanted to report my findingin case it was "unique", but also wanted to get back to what I was trying to resolve which meant closing that window and carrying on.

Admins, please mark this thread as a duplicate. It looks like ZC 1.6.0 is expected to resolve this issue.