Solved

Replacing Password Functions/Process In oscommerce, With phpFox's

Posted on 2010-09-23
7
1,250 Views
Last Modified: 2013-11-13
Hello,

I am trying to replace the password and verification functions/process of open source oscommerce ms2.2 with what's used in open source phpFox 2.05.

Overall objective is to be able to eventually import (more readily) oscommerce customers, into phpFox.

-------------------------------------------

The oscommerce code uses one table field for both password and salt: customers_password
The phpfox code uses two fields: password & password_salt

In all of the oscommerce files, I have replaced all instances of "customers_password" with "password", and added "password_salt" to the oscommerce databases's "customers" TABLE (below).

The databases's "customers" TABLE (originally):
drop table if exists customers;
create table customers (
  customers_id int(11) not null auto_increment,
  customers_gender char(1) not null ,
  customers_firstname varchar(32) not null ,
  customers_lastname varchar(32) not null ,
  customers_dob datetime default '0000-00-00 00:00:00' not null ,
  customers_email_address varchar(96) not null ,
  customers_default_address_id int(11) ,
  customers_telephone varchar(32) not null ,
  customers_fax varchar(32) ,
  customers_password varchar(40) not null ,
  customers_newsletter char(1) ,
  PRIMARY KEY (customers_id)
);

Open in new window


The databases's "customers" TABLE now (modified):
drop table if exists customers;
create table customers (
  customers_id int(11) not null auto_increment,
  customers_gender char(1) not null ,
  customers_firstname varchar(32) not null ,
  customers_lastname varchar(32) not null ,
  customers_dob datetime default '0000-00-00 00:00:00' not null ,
  customers_email_address varchar(96) not null ,
  customers_default_address_id int(11) ,
  customers_telephone varchar(32) not null ,
  customers_fax varchar(32) ,
  password char(32) not null ,
  password_salt char(3) not null ,
  customers_newsletter char(1) ,
  PRIMARY KEY (customers_id)
);

Open in new window


Using this information (below) on how to import users into phpFox, which I got from http://wiki.phpfox.com/guide/V2/Importing_Users, I have been unsuccessful so far, and am looking for advise on what I might be doing incorrectly.
 
Information on importing users into phpFox:
-------------------------------------------
 
The field: password
holds a 32 character salted MD5 hashed version of user's password.
 
In order to get this value the following PHP code is used:
md5(md5($PASSWORD) . md5($SALT))

Open in new window


The variable: $PASSWORD
holds the users password.
 
The variable: $SALT
holds a random set of characters.
 
The PHP function used is:
function getSalt($iTotal = 3)
{
 $sSalt = '';
 for ($i = 0; $i < $iTotal; $i++)
 {
  $sSalt .= chr(rand(33, 91));
 }
 return $sSalt;
}

Open in new window


For the field: password_salt
input the value for the salt created earlier and used in the MD5 hash.
 
-------------------------------------------

Using the above information, I replaced the original oscommerce function "tep_encrypt_password" code (found in: includes/functions/password_funcs.php)

ORIGINAL CODE:
  function tep_encrypt_password($plain) {
    $password = '';

    for ($i=0; $i<10; $i++) {
      $password .= tep_rand();
    }

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $plain) . ':' . $salt;

    return $password;
  }

Open in new window


REPLACED WITH:
  function tep_get_salt($iTotal = 3) {
	$salt = '';
	for ($i = 0; $i < $iTotal; $i++) {
	  $salt .= chr(rand(33, 91));
	}
	return $salt;
  }

  function tep_encrypt_password() {
    $password = '';

    for ($i=0; $i<9; $i++) {
      $password .= tep_rand();
    }

    $salt = tep_get_salt();

    $password = md5(md5($password) . md5($salt));

    return $password;
  }

Open in new window


-------------------------------------------

In the oscommerce file "create_account.php" I modified the "$sql_data_array", which is used to insert the newly created customer information:
ORIGINAL CODE:
      $sql_data_array = array('customers_firstname' => $firstname,
                              'customers_lastname' => $lastname,
                              'email' => $email_address,
                              'customers_telephone' => $telephone,
                              'customers_fax' => $fax,
                              'customers_newsletter' => $newsletter,
                              'password' => tep_encrypt_password($password));

Open in new window

MODIFED TO:
      $sql_data_array = array('customers_firstname' => $firstname,
                              'customers_lastname' => $lastname,
                              'email' => $email_address,
                              'customers_telephone' => $telephone,
                              'customers_fax' => $fax,
                              'customers_newsletter' => $newsletter,
                              'password' => tep_encrypt_password($password),
                              'password_salt' => tep_get_salt($password_salt));

Open in new window


-------------------------------------------

Focusing for now on just creating the customer "password" & "password_salt" (not focusing on the verification function/process part):

When creating a new customer the "password_salt" field of the databases's "customers" TABLE does not get populated. I have no idea even, if the password tep_encrypt_password function is using the tep_get_salt function correctly.

I don't even know if I am doing any part of this whole thing correctly?!

Can I get some help... please   =)
 create-account.php password-funcs.php
0
Comment
Question by:CTru
  • 5
  • 2
7 Comments
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 33752934
What's the question here?  Have you considered hiring a developer - it looks like a rather large project.

One thing that  might be helpful -- use var_dump() to visualize the data.  For example, var_dump($sql_data_array) might tell you something interesting.  If you echo "<pre>"; beforehand, it makes the var_dump() output easier to read.
0
 

Author Comment

by:CTru
ID: 33755516
I wanna be a developer Ray, not hire one! My janitor job suks!

Thanks for the var_dump() info. I'll try it, and see what it tells!
0
 

Author Comment

by:CTru
ID: 33759502

Hello Again,

var_dump() was great to be introduced to, however, it pretty much gave me the same information that I was getting by looking at the insert through phMyAdmin Browse.

Your first sentence (question), was helpful too as it made me wonder even more than I had (What is... the question here?)   =) So, another thanks to you Ray!

I guess, to begin with, I was looking for help in understanding what to do with the information I got (about importing users into phpFox).

My wanna-be project has several parts to it, some which I am having trouble with clearly defining, never mind describing.

So I will focus on one part, and come up with a question!

Regards,

CT
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Accepted Solution

by:
CTru earned 0 total points
ID: 33765305
Well... to put a lid on this...

I have been able to figure out my questions clearly, concerning this post, and as well, answer them.

I didn't understand to begin with how to use the "Information on importing users into phpFox". There were several questions around this.

As I began to figure out how to make use of the info, there became more questions around implementing.

Basically by staring at it and googling some of it; I was able to begin modifying by trial and error until the changes worked.

The part of my project is finished, now making it a bit more than a wanna-be project, and I, a way tiny bit more than a wanna-be developer!

Some of what I know now that I didn't:
- var_dump() function
- md5() itself is a function
- to get the functions return value, call the function

Now I have to get figured out how to start a session, and set a cookie or two for each application, from the other... more fun!

I realize that nothing found here will be of any use to anyone else, so my putting a lid on (so to speak) this post, is just me being me.

You get the points by default Ray, and because I do appreciate that you took the moments to have a look, and at least tried to respond some.

I am off to the cookies and sessions zones, if there even are such animals!

=)
0
 

Author Comment

by:CTru
ID: 33765327
I went to give you the points Ray, and the accept button appears to have disappeared!
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 33771686
You can ask a moderator to reopen the question if you need to, but the close request is OK with me.  If you want to change that, use the "request attention" link near the top of the page.

Here is a good book that I think you would enjoy:
http://www.sitepoint.com/books/phpmysql4/

That book will answer many of your questions about PHP.

Here is everything you need to know about sessions (for starters)

Use session_start() at the top of every page.
http://us2.php.net/manual/en/function.session-start.php

Then you can use the $_SESSION array to store data that will persist from page to page of your web site.  Easy!

0
 

Author Comment

by:CTru
ID: 33771887
Well Hey Again Ray!

I am pretty sure that when closing the question I WAS able to give you the points.

I way appreciate the links and will, of course, have a look.

I posted another question already, concerning the sessions and cookies. I am hoping I was clearer with it!

When you have some moments, perhaps we can continue conversing some, there - or rather here: http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26501309.html?cid=543

Thanks again for your moments already.

Carlos
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question