Page 1 of 2
[HACK] Customers copy/pasting passwords
Posted: Thu Jul 30, 2009 11:48 am
by Martin
As per
this topic
You can sometimes get a very confused technically challenged user who copy pastes a password from an email client/web-mail browser that selects the trailing or pre-pending space without them cottoning on.
Obviously a space causes the password to fail because it should be there so the fix is to edit as follows:
Open:
includes/classes/class.customer.php
Find:
Code: Select all
$pass = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_pass']);
Code: Select all
$pass = $GLOBALS['ISC_CLASS_DB']->Quote(trim($_POST['login_pass']));
All this does is trims any excess spaces from the beginning and/or end of the password input (it won't touch any in the middle - if they exist) and helps usher the poor customer in.
Re: [HACK] Customers copy/pasting passwords
Posted: Fri Feb 19, 2010 3:19 pm
by Martin
There's an additional code fix required to get this to work...
Same file
includes/classes/class.customer.php
Find:
Code: Select all
else if ($row['custpassword'] != md5($_POST['login_pass'])) {
Code: Select all
else if ($row['custpassword'] != md5($pass)) {
Frankly I'm at a complete loss as to why the coder defined $pass earlier in the code and then continues to use $_POST['login_pass'] like a first grade numpty... It's inefficient and makes for errors if someone isn't paying attention.
Re: [HACK] Customers copy/pasting passwords
Posted: Fri Feb 19, 2010 7:16 pm
by CharlieFoxtrot
I love things like this!! ~ Thank you!!
Simple... effective... neat... easy!
Re: [HACK] Customers copy/pasting passwords
Posted: Thu May 05, 2011 1:20 am
by Martin
Seems that 6.x got an update for this that requires this change instead.
So,
for 6.x
Open:
/includes/classes/class.customer.php
Find:
Before, Add:
EDIT: Applied to my store, tested and confirmed as working
Re: [HACK] Customers copy/pasting passwords
Posted: Thu May 05, 2011 2:42 am
by myshop
thank you.. works in 6.1.1.
Re: [HACK] Customers copy/pasting passwords
Posted: Wed Sep 14, 2011 5:47 am
by zmc
I just had to say thank you. I have been having problems with people logging in since forever and even to the point where they would be sent around in loops with the system trying to reset their password and they were never able to log in. In the end I had to remove all the rest password functions and ask people to email me so I could manually reset their password. I hate to imagine how many just didn't bother.
I am really hoping this fix does the trick. Thank you.
Re: [HACK] Customers copy/pasting passwords
Posted: Fri Sep 23, 2011 10:25 am
by Martin
It should, so no problem... Surprised that such a simple fix was note incorporated into the code but then this is Interspire...
Re: [HACK] Customers copy/pasting passwords
Posted: Sat Oct 29, 2011 5:23 am
by zmc
Sadly, this fix hasn't seemed to fix the problem.
Has anyone worked on the reset password functions to make it easier to reset?
Re: [HACK] Customers copy/pasting passwords
Posted: Fri Mar 23, 2012 12:40 pm
by dave_finlayson
Anyone confirm if the above works in 6.1.8? Have made the changes in this post
https://www.interspire.com/forum/showpo ... stcount=15 which hasn't worked and can't find any reference to the $plain = $password in the class.customer.php file in 6.1.8!
Re: [HACK] Customers copy/pasting passwords
Posted: Fri Mar 23, 2012 5:56 pm
by Martin
So Interspire haven't fixed the problem... Still?!
Good grief... Muppets!!
I'll see if I can locate the change if I get 10 minutes...