Replacing Password Functions/Process In oscommerce, With phpFox's

Hello,

I am trying to replace the password and verification functions/process of open source oscommerce ms2.2 with what's used in open source phpFox 2.05.

Overall objective is to be able to eventually import (more readily) oscommerce customers, into phpFox.

-------------------------------------------

The oscommerce code uses one table field for both password and salt: customers_password
The phpfox code uses two fields: password & password_salt

In all of the oscommerce files, I have replaced all instances of "customers_password" with "password", and added "password_salt" to the oscommerce databases's "customers" TABLE (below).

The databases's "customers" TABLE (originally):
drop table if exists customers;
create table customers (
  customers_id int(11) not null auto_increment,
  customers_gender char(1) not null ,
  customers_firstname varchar(32) not null ,
  customers_lastname varchar(32) not null ,
  customers_dob datetime default '0000-00-00 00:00:00' not null ,
  customers_email_address varchar(96) not null ,
  customers_default_address_id int(11) ,
  customers_telephone varchar(32) not null ,
  customers_fax varchar(32) ,
  customers_password varchar(40) not null ,
  customers_newsletter char(1) ,
  PRIMARY KEY (customers_id)
);

Open in new window


The databases's "customers" TABLE now (modified):
drop table if exists customers;
create table customers (
  customers_id int(11) not null auto_increment,
  customers_gender char(1) not null ,
  customers_firstname varchar(32) not null ,
  customers_lastname varchar(32) not null ,
  customers_dob datetime default '0000-00-00 00:00:00' not null ,
  customers_email_address varchar(96) not null ,
  customers_default_address_id int(11) ,
  customers_telephone varchar(32) not null ,
  customers_fax varchar(32) ,
  password char(32) not null ,
  password_salt char(3) not null ,
  customers_newsletter char(1) ,
  PRIMARY KEY (customers_id)
);

Open in new window


Using this information (below) on how to import users into phpFox, which I got from http://wiki.phpfox.com/guide/V2/Importing_Users, I have been unsuccessful so far, and am looking for advise on what I might be doing incorrectly.
 
Information on importing users into phpFox:
-------------------------------------------
 
The field: password
holds a 32 character salted MD5 hashed version of user's password.
 
In order to get this value the following PHP code is used:
md5(md5($PASSWORD) . md5($SALT))

Open in new window


The variable: $PASSWORD
holds the users password.
 
The variable: $SALT
holds a random set of characters.
 
The PHP function used is:
function getSalt($iTotal = 3)
{
 $sSalt = '';
 for ($i = 0; $i < $iTotal; $i++)
 {
  $sSalt .= chr(rand(33, 91));
 }
 return $sSalt;
}

Open in new window


For the field: password_salt
input the value for the salt created earlier and used in the MD5 hash.
 
-------------------------------------------

Using the above information, I replaced the original oscommerce function "tep_encrypt_password" code (found in: includes/functions/password_funcs.php)

ORIGINAL CODE:
  function tep_encrypt_password($plain) {
    $password = '';

    for ($i=0; $i<10; $i++) {
      $password .= tep_rand();
    }

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $plain) . ':' . $salt;

    return $password;
  }

Open in new window


REPLACED WITH:
  function tep_get_salt($iTotal = 3) {
	$salt = '';
	for ($i = 0; $i < $iTotal; $i++) {
	  $salt .= chr(rand(33, 91));
	}
	return $salt;
  }

  function tep_encrypt_password() {
    $password = '';

    for ($i=0; $i<9; $i++) {
      $password .= tep_rand();
    }

    $salt = tep_get_salt();

    $password = md5(md5($password) . md5($salt));

    return $password;
  }

Open in new window


-------------------------------------------

In the oscommerce file "create_account.php" I modified the "$sql_data_array", which is used to insert the newly created customer information:
ORIGINAL CODE:
      $sql_data_array = array('customers_firstname' => $firstname,
                              'customers_lastname' => $lastname,
                              'email' => $email_address,
                              'customers_telephone' => $telephone,
                              'customers_fax' => $fax,
                              'customers_newsletter' => $newsletter,
                              'password' => tep_encrypt_password($password));

Open in new window

MODIFED TO:
      $sql_data_array = array('customers_firstname' => $firstname,
                              'customers_lastname' => $lastname,
                              'email' => $email_address,
                              'customers_telephone' => $telephone,
                              'customers_fax' => $fax,
                              'customers_newsletter' => $newsletter,
                              'password' => tep_encrypt_password($password),
                              'password_salt' => tep_get_salt($password_salt));

Open in new window


-------------------------------------------

Focusing for now on just creating the customer "password" & "password_salt" (not focusing on the verification function/process part):

When creating a new customer the "password_salt" field of the databases's "customers" TABLE does not get populated. I have no idea even, if the password tep_encrypt_password function is using the tep_get_salt function correctly.

I don't even know if I am doing any part of this whole thing correctly?!

Can I get some help... please   =)
 create-account.php password-funcs.php
CTruAsked:
Who is Participating?
 
CTruAuthor Commented:
Well... to put a lid on this...

I have been able to figure out my questions clearly, concerning this post, and as well, answer them.

I didn't understand to begin with how to use the "Information on importing users into phpFox". There were several questions around this.

As I began to figure out how to make use of the info, there became more questions around implementing.

Basically by staring at it and googling some of it; I was able to begin modifying by trial and error until the changes worked.

The part of my project is finished, now making it a bit more than a wanna-be project, and I, a way tiny bit more than a wanna-be developer!

Some of what I know now that I didn't:
- var_dump() function
- md5() itself is a function
- to get the functions return value, call the function

Now I have to get figured out how to start a session, and set a cookie or two for each application, from the other... more fun!

I realize that nothing found here will be of any use to anyone else, so my putting a lid on (so to speak) this post, is just me being me.

You get the points by default Ray, and because I do appreciate that you took the moments to have a look, and at least tried to respond some.

I am off to the cookies and sessions zones, if there even are such animals!

=)
0
 
Ray PaseurCommented:
What's the question here?  Have you considered hiring a developer - it looks like a rather large project.

One thing that  might be helpful -- use var_dump() to visualize the data.  For example, var_dump($sql_data_array) might tell you something interesting.  If you echo "<pre>"; beforehand, it makes the var_dump() output easier to read.
0
 
CTruAuthor Commented:
I wanna be a developer Ray, not hire one! My janitor job suks!

Thanks for the var_dump() info. I'll try it, and see what it tells!
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
CTruAuthor Commented:

Hello Again,

var_dump() was great to be introduced to, however, it pretty much gave me the same information that I was getting by looking at the insert through phMyAdmin Browse.

Your first sentence (question), was helpful too as it made me wonder even more than I had (What is... the question here?)   =) So, another thanks to you Ray!

I guess, to begin with, I was looking for help in understanding what to do with the information I got (about importing users into phpFox).

My wanna-be project has several parts to it, some which I am having trouble with clearly defining, never mind describing.

So I will focus on one part, and come up with a question!

Regards,

CT
0
 
CTruAuthor Commented:
I went to give you the points Ray, and the accept button appears to have disappeared!
0
 
Ray PaseurCommented:
You can ask a moderator to reopen the question if you need to, but the close request is OK with me.  If you want to change that, use the "request attention" link near the top of the page.

Here is a good book that I think you would enjoy:
http://www.sitepoint.com/books/phpmysql4/

That book will answer many of your questions about PHP.

Here is everything you need to know about sessions (for starters)

Use session_start() at the top of every page.
http://us2.php.net/manual/en/function.session-start.php

Then you can use the $_SESSION array to store data that will persist from page to page of your web site.  Easy!

0
 
CTruAuthor Commented:
Well Hey Again Ray!

I am pretty sure that when closing the question I WAS able to give you the points.

I way appreciate the links and will, of course, have a look.

I posted another question already, concerning the sessions and cookies. I am hoping I was clearer with it!

When you have some moments, perhaps we can continue conversing some, there - or rather here: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26501309.html?cid=543

Thanks again for your moments already.

Carlos
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.