[HACK] Customers copy/pasting passwords

For Articles relating to more than one ISC version
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

[HACK] Customers copy/pasting passwords

Post by Martin »

As per this topic

You can sometimes get a very confused technically challenged user who copy pastes a password from an email client/web-mail browser that selects the trailing or pre-pending space without them cottoning on.

Obviously a space causes the password to fail because it should be there so the fix is to edit as follows:

Open: includes/classes/class.customer.php

Find:

Code: Select all

$pass = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_pass']); 
Replace with:

Code: Select all

$pass = $GLOBALS['ISC_CLASS_DB']->Quote(trim($_POST['login_pass']));  
All this does is trims any excess spaces from the beginning and/or end of the password input (it won't touch any in the middle - if they exist) and helps usher the poor customer in.
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

Re: [HACK] Customers copy/pasting passwords

Post by Martin »

There's an additional code fix required to get this to work...

Same file includes/classes/class.customer.php

Find:

Code: Select all

else if ($row['custpassword'] != md5($_POST['login_pass'])) {
Replace with:

Code: Select all

else if ($row['custpassword'] != md5($pass)) {
Frankly I'm at a complete loss as to why the coder defined $pass earlier in the code and then continues to use $_POST['login_pass'] like a first grade numpty... It's inefficient and makes for errors if someone isn't paying attention.
CharlieFoxtrot
Confirmed
Confirmed
Posts: 413
Joined: Sun Aug 09, 2009 1:23 pm

Re: [HACK] Customers copy/pasting passwords

Post by CharlieFoxtrot »

I love things like this!! ~ Thank you!!

Simple... effective... neat... easy! :D
ISC 4.0.7

"... and let's be honest that whole "by design" thing is getting old too."
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

Re: [HACK] Customers copy/pasting passwords

Post by Martin »

Seems that 6.x got an update for this that requires this change instead.

So, for 6.x

Open: /includes/classes/class.customer.php

Find:

Code: Select all

$plain = $password;
Before, Add:

Code: Select all

$password = trim($password);
EDIT: Applied to my store, tested and confirmed as working :)
myshop
Posts: 51
Joined: Tue Jun 23, 2009 5:48 am
Location: NSW Australia
Contact:

Re: [HACK] Customers copy/pasting passwords

Post by myshop »

thank you.. works in 6.1.1.
zmc
Posts: 2
Joined: Wed Sep 14, 2011 5:44 am

Re: [HACK] Customers copy/pasting passwords

Post by zmc »

I just had to say thank you. I have been having problems with people logging in since forever and even to the point where they would be sent around in loops with the system trying to reset their password and they were never able to log in. In the end I had to remove all the rest password functions and ask people to email me so I could manually reset their password. I hate to imagine how many just didn't bother.

I am really hoping this fix does the trick. Thank you.
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

Re: [HACK] Customers copy/pasting passwords

Post by Martin »

It should, so no problem... Surprised that such a simple fix was note incorporated into the code but then this is Interspire...
zmc
Posts: 2
Joined: Wed Sep 14, 2011 5:44 am

Re: [HACK] Customers copy/pasting passwords

Post by zmc »

Sadly, this fix hasn't seemed to fix the problem.

Has anyone worked on the reset password functions to make it easier to reset?
dave_finlayson
Posts: 2
Joined: Thu Jul 16, 2009 11:55 am

Re: [HACK] Customers copy/pasting passwords

Post by dave_finlayson »

Anyone confirm if the above works in 6.1.8? Have made the changes in this post https://www.interspire.com/forum/showpo ... stcount=15 which hasn't worked and can't find any reference to the $plain = $password in the class.customer.php file in 6.1.8!
Martin
Site Admin
Site Admin
Posts: 1854
Joined: Wed Jun 17, 2009 6:30 pm
Location: South Yorkshire UK
Contact:

Re: [HACK] Customers copy/pasting passwords

Post by Martin »

So Interspire haven't fixed the problem... Still?!

Good grief... Muppets!!

I'll see if I can locate the change if I get 10 minutes...
Post Reply