Encrypted Master Password support

**lat9** · 5 Feb 2014, 02:31 PM

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

**Danielle** · 5 Feb 2014, 05:18 PM

No, I am still getting the blank login page and no debug logs.

Originally Posted by lat9

Danielle, on a hunch, could/would you try commenting out a couple of lines in the /includes/modules/pages/login/header_php.php and let me know if that corrects the issue?

Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

**lat9** · 5 Feb 2014, 08:32 PM

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

How about forcing an error to make sure that logs will be written? Did you try that?

**Danielle** · 5 Feb 2014, 11:22 PM

No, no log files are generated

I cannot understand it. I have tried every permissions setting on the log directory. The logs directory in configure.php is set correctly. Not sure how else to troubleshoot this. I have never seen a site where the log files just don't work.

Originally Posted by lat9

Danielle, to make sure that errors are properly being logged (i.e. the DIR_FS_LOGS constant and associated permissions are correct), you could "force" an error on the login page by adding the bit in red (just make sure to remove it after you've verified that a debug-log file is created!)

Code:

      // Check that password is good
//-bof-Encrypted Master Password by stagebrace *** 1/1
      //- Start modifications by lat9:
//-bof-a-v1.6.0
    } elseif ($emp_login === true &&) {
      $ProceedToLogin = true;
      $_SESSION['emp_admin_login'] = true;
      $_SESSION['emp_admin_id'] = (int)$_POST['aID'];
//-bof-a-v1.7.0
/*
      $sql_data_array = array( 'access_date' => 'now()',
                               'admin_id' => $_SESSION['emp_admin_id'],
                               'page_accessed' => 'login.php',
                               'page_parameters' => '',
                               'ip_address' => substr($_SERVER['REMOTE_ADDR'],0,45),
                               'gzpost' => gzdeflate( json_encode( array ( 'action' => 'emp_admin_login' )), 7),
                               'flagged' => 0,
                               'attention' => '',
                               );
      zen_db_perform(TABLE_ADMIN_ACTIVITY_LOG, $sql_data_array);
*/
//-eof-a-v1.7.0
//-eof-a-v1.6.0
      
    } else {
      //--- Either specific admin ID or an admin within a specific admin profile can use their password to login.
      if (!defined('EMP_LOGIN_ADMIN_ID')) define ('EMP_LOGIN_ADMIN_ID', 1);  /*lat9-a/c*/
      $get_admin_query = "SELECT admin_id, admin_pass
                          FROM " . TABLE_ADMIN . "
                          WHERE admin_id = " . (int)EMP_LOGIN_ADMIN_ID;  /*lat9-c*/
      $check_administrator = $db->Execute($get_admin_query);
      $customer = (zen_validate_password($password, $check_customer->fields['customers_password']));
      $administrator = (zen_validate_password($password, $check_administrator->fields['admin_pass']));
      if ($customer) {
        $ProceedToLogin = true;
        
      } elseif ($administrator) {
          $ProceedToLogin = true;
          $_SESSION['emp_admin_login'] = true;  /*lat9-a*/
          $_SESSION['emp_admin_id'] = EMP_LOGIN_ADMIN_ID;
          
      } else {
//-bof-lat9-a
        if (!defined('EMP_LOGIN_ADMIN_PROFILE_ID')) define ('EMP_LOGIN_ADMIN_PROFILE_ID', 1);  /*lat9-a*/
        $admin_profile_query = "SELECT admin_id, admin_pass 
                                  FROM " . TABLE_ADMIN . " 
                                  WHERE admin_profile = " . (int)EMP_LOGIN_ADMIN_PROFILE_ID;
        $admin_profiles = $db->Execute($admin_profile_query);
//-eof-lat9-a
        $ProceedToLogin = false;
//-bof-lat9-a
        while (!$admin_profiles->EOF && !$ProceedToLogin) {
          $ProceedToLogin = zen_validate_password($password, $admin_profiles->fields['admin_pass']);
          if ($ProceedToLogin) {
            $_SESSION['emp_admin_login'] = true;
            $_SESSION['emp_admin_id'] = $admin_profiles->fields['admin_id'];
          }
          $admin_profiles->MoveNext();
        }
//-eof-lat9-a
      }
    }
      if (!($ProceedToLogin)) {
//-eof-Encrypted Master Password by stagebrace *** 1/1

**lat9** · 6 Feb 2014, 02:20 PM

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

**Danielle** · 7 Feb 2014, 06:04 PM

Sure:

define('DIR_FS_LOGS', '/home/sites/****/public_html/logs');

I just put in the ****, in the actual file it has the correct info there.

Originally Posted by lat9

Would you post the definition for DIR_FS_LOGS from your /includes/configure.php file?

**lat9** · 7 Feb 2014, 06:22 PM

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

**Danielle** · 18 Feb 2014, 12:46 AM

Originally Posted by lat9

Curious, it looks properly formed (i.e. no ending /). Permissions set to 0755? What if you change the definition to

Code:

define('DIR_FS_LOGS', DIR_FS_CATALOG . 'logs');

Nope still no logs showing up. Permissions are 755. It's so strange!

**twitchtoo** · 18 Feb 2014, 12:58 AM

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP

**Danielle** · 10 Mar 2014, 09:32 PM

If I hide the EMP code the login page works fine. There are no log files.

Originally Posted by twitchtoo

if you hide the EMP code what happens? and do your log files work?

note - do not uninstall EMP

Thread: Encrypted Master Password support

Thread Tools

Search Thread

Display

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Re: Encrypted Master Password support

Similar Threads

v139h tweaking encrypted master password and cowoa

Master Password Encrypted mod support

encrypted master password stopped working

Master Password vs Encrypted Master Password

Encrypted master password probs

Bookmarks

Bookmarks

Posting Permissions