mariovaldez.net
http://www.mariovaldez.net/webapps/forums/

Upload password / Contraseña de carga
http://www.mariovaldez.net/webapps/forums/viewtopic.php?f=12&t=169
Page 1 of 1

Author:  maniqui [ 13 Dec 2004, 16:42 ]
Post subject:  Upload password / Contraseña de carga

Hola!

cuando configuré por primera vez el OSCPMWIN, realmente no sabía qué poner en la opción "Upload Password / Contraseña de carga".
Probe algunas claves de FTP y osCommerce, pero como no sabía de qué se trataba la opción, no le di importancia.

Luego, leyendo la documentación sobre cómo configurar el OSCPMWIN encontré lo siguiente:
Quote:
Upload password
Define the password to use when uploading the product images. This password will be set the first time you access the upload script and you can change it only if you already know the old password.


Realmente, no me acuerdo qué fue lo que tipeé la primera vez, pero me gustaría poder cambiar la clave para poder usar el programa para subir imágenes.

¿Cómo hago para resetear la clave?

Gracias

--------
English version:

Hi!

when I configured the OSCMPWIN, for the firs time, I didnt really know what was supposed to be filled into the option "Upload Password".
I tried some passwords (osCommerce and FTP passwords) but, because I didnt know what was that option for, I didnt care about it.

Then, reading the documentation about how to configure OSCPM I found this:
Quote:
Upload password
Define the password to use when uploading the product images. This password will be set the first time you access the upload script and you can change it only if you already know the old password.


I cant remember what have I typed the first time. But I would like to change the password, so I can use OSCPM to upload images.

How I do to reset the password?

Thanks,

Author:  maniqui [ 17 Jan 2005, 14:13 ]
Post subject:  insisto! :)

Hola Sr. Mario,

no es mi intención importunarlo nuevamente, y menos ahora, pues he leído en algún otro thread que Ud. es un flamante padre y sus noches se han acortado. :)

Pero como nadie me ha respondido este post, bueno, me atrevo a consultarlo nuevamente, pues no he logrado configurar este glorioso programa para poder subir las imágenes.

gracias y saludos!

Author:  mvaldez [ 19 Jan 2005, 08:18 ]
Post subject:  Upload password... deprecated.

maniqui:

> when I configured the OSCMPWIN, for the firs time,
> I didnt really know what was supposed to be filled
> into the option "Upload Password". I tried some
> passwords (osCommerce and FTP passwords) but,
> because I didnt know what was that option for, I
> didnt care about it. Then, reading the documentation
> about how to configure OSCPM I found this:
> Upload password Define the password to use when
> uploading the product images. This password will be
> set the first time you access the upload script and
> you can change it only if you already know the
> old password... How I do to reset the password?

Hola. Perdón por la tardanza en responder, creí que ya había respondido a esta pregunta, pero parece que fue en mi imaginación. :oops:

Primero que nada, por favor actualiza a la última versión (0.1.1.90) de OSCPMWin. Al desempacar el archivo .zip o al terminar el instalador, busca el archivo oscpm1_upload.php en el directorio /serverside. Cárgalo a tu servidor de web (en el directorio de OSCommerce, que suele llamarse "catalog") y pruébalo con tu navegador. Debe decir algo como esto:

Code:
ERROR PASSWORD MISMATCH
OSCommerce Product Manager, server-side script 0.1.5.


Entonces entra a la configuración de OSCPMWin y en la opción "Images URL" fíjate que apunte directamente al directorio de imágenes de OSCommerce. En la opción "Upload script URL" fíjate que diga el URL completo de donde probaste el script. En una instalación de OSCommerce normal, los dos URLs serían algo parecido a esto:

http://www.yourserver.com/catalog/images/ y http://www.yourserver.com/catalog/oscpm1_upload.php

Como podrás ver ya no hay opción para la contraseña de carga de imágenes. La realidad es que era una mala idea. Con la nueva versión de OSCPMWin y el script PHP de carga que incluye ahora se utiliza la contraseña de la base de datos para autentificar al usuario. Y ahora, la contraseña nunca es enviada al hacer esa conexión de carga de imágenes, así que es mucho más seguro.

¿Y cómo borrar la contraseña anterior? Pues no hay necesidad porque (en un gran descuido) el código de autentificación no está en el script, así que acepta lo que sea como contraseña. :roll:

Por esa razón, esta versión (0.1.1.90) es una actualización de seguridad.

Así que, si aún tienes problemas para cargar las imágenes, de seguro es por otra causa. Si aún tienes problemas después de actualizar, no dudes en escribir en estos foros. :)

Saludos,

Mario A. Valdez-Ramirez.


Hi. Sorry for being late in answering, I thought I have already answered this question, but it seems I did it only in my imagination. :oops:

First, please upgrade to the latest version (0.1.1.90) of OSCPMWin. After unpacking the .zip file or when finishing the installer, look for the file oscpm1_upload.php in the directory /serverside. Upload it to your webserver (in the directory of OSCommerce, which usually is named "catalog") and test it with yout browser. It should display something like this:

Code:
ERROR PASSWORD MISMATCH
OSCommerce Product Manager, server-side script 0.1.5.


Then enter to the configuration of OSCPMWin and in the option "Images URL" check that it points directly to the images directory od OSCommerce. In the option "Upload script URL" check that it contains the full URL from where you tested the script. In a default OSCommerce setup, both URLs would look something like this:

http://www.yourserver.com/catalog/images/ and http://www.yourserver.com/catalog/oscpm1_upload.php

As can see, there is no longer an option for a image-uploading password. That option was really a bad idea. With the new version of OSCPMwin and the included uploading PHP script, now we use the database password to authenticate the user. And now, the password is never sent when doing the image-uploading connection, so it is a lot safer.

And, how do you delete the old password? Well, there is no need for that because (as a big mistake) the authentication code is not in the script, so it accepts anything as password. :roll:

For this reason, this version (0.1.1.90) is a security update.

So, if you still have problems while uploading the images, surely is for another cause. If you still have problems after upgrading, don't hesitate to post to this forums. :)


Regards,

Mario A. Valdez-Ramirez.

Author:  mvaldez [ 19 Jan 2005, 08:21 ]
Post subject:  No duden en importunarme...

maniqui:

> no es mi intención importunarlo nuevamente, y
> menos ahora, pues he leído en algún otro thread
> que Ud. es un flamante padre y sus noches se
> han acortado... gracias y saludos!

Por favor importúname. No me molesta para nada que me pregunten cosas, al contrario. Además, a veces es la única manera en que me acuerdo de lo que tengo pendiente. :D


Mario A. Valdez-Ramirez.

Author:  jbeezwatercraft [ 27 Jan 2005, 11:02 ]
Post subject:  ERROR PASSWORD MISMATCH

Hello, Been a while sense I've checked up on things, glad to see a new version, with a lot of good fixes.
However after upgrading I can no longer manage images,

I get the following error, as is discussed above.


Code:
ERROR PASSWORD MISMATCH
OSCommerce Product Manager, server-side script 0.1.5.


Reading the above thread, I was not able to gain a understanding on how to fix this other than reverting back to the old version.

I have verified all settings are correct in the product manager, and the file's settings are correct (location of includes/configure.php and the images directory)

but all I see is that error,
and in the product manager it simply says error deleting file or uploading file.

Let me know,
Thanks,
David Heine

Author:  mvaldez [ 28 Jan 2005, 01:08 ]
Post subject:  Problem with new script... how to debug.

David:

> Hello, Been a while sense I've checked up on
> things, glad to see a new version, with a lot of
> good fixes. However after upgrading I can no
> longer manage images, I get the following
> error, as is discussed above.
> ERROR PASSWORD MISMATCH OSCommerce
> Product Manager, server-side script 0.1.5.

Hi again. :)

That message "ERROR PASSWORD MISMATCH" is normal if you load the page directly in a browser (because indeed you have not sent a password to the page).


> Reading the above thread, I was not able to
> gain a understanding on how to fix this other
> than reverting back to the old version.
> I have verified all settings are correct in the
> product manager, and the file's settings are
> correct (location of includes/configure.php
> and the images directory) but all I see is
> that error, and in the product manager it
> simply says error deleting file or uploading file.

Ok. First let's see the easier way to debug. Go to the Configuration Window and select the "Interface" tab, and check the option "Show debug web data". Not try to edit a product and you'll see that there is a small panel in the product editing window, just below the product image.

That panel will show any information received from the remote PHP script. (For downloading it won't show anything, because the PHP script is not used for that).

So, now that we can see the incoming web traffic, try to delete or upload an image. A successful uploading should display something like this:

Code:
OK UPLOAD [frantic.jpg]


A successful deletion should display something like this:

Code:
OK DELETE


If something is wrong, you will see the script sending the complain to OSCPMWin, however, the application cannot parse those errors, so it just fail with an error message saying that it cannot upload/delete/select the image.


There is another way to see what's going on in the server script, and it's using URL parameters with the PHP script and using a simple logging option (that creates a text log file in the server). But that's usually not needed most of the time.


So, please check the "conversation" between the PHP script and OSCPMWin, most certainly we'll find the cause of the problem.

Regards,

Mario A. Valdez-Ramirez.

Author:  jbeezwatercraft [ 28 Jan 2005, 09:22 ]
Post subject:  Re: Problem with new script... how to debug.

Below is logged from the script,

Code:
2005-01-28 10:15:18: Array
(
)

2005-01-28 10:15:18: REALPATH=/var/www/html/store/images/
2005-01-28 10:15:18: PASSWORDHASH=
2005-01-28 10:15:18: OPERATION=
2005-01-28 10:15:18: FILENAME=
2005-01-28 10:15:18: SUBDIR=
2005-01-28 10:15:18: SMARTRENAME=0
2005-01-28 10:15:18: REQVERSION=
2005-01-28 10:15:18: LOGINTIMESTAMP=
2005-01-28 10:15:18: SERVERPASSWORDHASH=98L243B28A0W3C4475C9MP9B2121E5O1
2005-01-28 10:15:18: ERROR the server and client passwords do not match.


mvaldez wrote:
David:

and this is the error msg shown when deleting a image
(inside the program)

Code:
<pre>ERROR PASSWORD MISMATCH<p>OSCommerce Product Manager, server-side script 0.1.5.</p><p>BROWSER DEBUG MODE ENABLED!</p><p>LOGFILE ENABLED!</p>



Still sheds no light on the issue if the password feature is no longer being used.

> Hello, Been a while sense I've checked up on
> things, glad to see a new version, with a lot of
> good fixes. However after upgrading I can no
> longer manage images, I get the following
> error, as is discussed above.
> ERROR PASSWORD MISMATCH OSCommerce
> Product Manager, server-side script 0.1.5.

Hi again. :)

That message "ERROR PASSWORD MISMATCH" is normal if you load the page directly in a browser (because indeed you have not sent a password to the page).


> Reading the above thread, I was not able to
> gain a understanding on how to fix this other
> than reverting back to the old version.
> I have verified all settings are correct in the
> product manager, and the file's settings are
> correct (location of includes/configure.php
> and the images directory) but all I see is
> that error, and in the product manager it
> simply says error deleting file or uploading file.

Ok. First let's see the easier way to debug. Go to the Configuration Window and select the "Interface" tab, and check the option "Show debug web data". Not try to edit a product and you'll see that there is a small panel in the product editing window, just below the product image.

That panel will show any information received from the remote PHP script. (For downloading it won't show anything, because the PHP script is not used for that).

So, now that we can see the incoming web traffic, try to delete or upload an image. A successful uploading should display something like this:

Code:
OK UPLOAD [frantic.jpg]


A successful deletion should display something like this:

Code:
OK DELETE


If something is wrong, you will see the script sending the complain to OSCPMWin, however, the application cannot parse those errors, so it just fail with an error message saying that it cannot upload/delete/select the image.


There is another way to see what's going on in the server script, and it's using URL parameters with the PHP script and using a simple logging option (that creates a text log file in the server). But that's usually not needed most of the time.


So, please check the "conversation" between the PHP script and OSCPMWin, most certainly we'll find the cause of the problem.

Regards,

Mario A. Valdez-Ramirez.

Author:  mvaldez [ 28 Jan 2005, 12:13 ]
Post subject:  You activated the file-logging...

Below is logged from the script,

[code]
2005-01-28 10:15:18: REALPATH=/var/www/html/store/images/
2005-01-28 10:15:18: PASSWORDHASH=
2005-01-28 10:15:18: OPERATION=
2005-01-28 10:15:18: FILENAME=
2005-01-28 10:15:18: SUBDIR=
2005-01-28 10:15:18: SMARTRENAME=0
2005-01-28 10:15:18: REQVERSION=
2005-01-28 10:15:18: LOGINTIMESTAMP=
2005-01-28 10:15:18: SERVERPASSWORDHASH=98L243B28A0W3C4475C9MP9B2121E5O1
2005-01-28 10:15:18: ERROR the server and client passwords do not match.
[code]

Hi again, David. Now that you enabled the file-logging, try to do a real operation from the OSCPMWin application and check that PASSWORDHASH and SERVERPASSWORDHASH match for each operation (the hashes are different each time you call the script, but they should match each other).

If they don't match then the problem is: the DB password used by OSCommerce is not the same DB password used in the OSCPMWin application.

A consequence of the new script is that the OSCPMWin application must use the same password used by OSCommerce.

Please check that and let me know.


Regards,

Mario A. Valdez-Ramirez.

Author:  jbeezwatercraft [ 28 Jan 2005, 12:53 ]
Post subject:  Re: You activated the file-logging...

Ok, I switched the user information to the same as OSCommerce is using, even thou I don't feel comfortable allowing remote connections on that account, However the logs show the same as the code below,
Its not showing any hash for the remote client.
If you could please send me a message on Yahoo Messenger
to user azazelsatx
and hopefully we can find a solution quickly

Thanks,
David


mvaldez wrote:
Below is logged from the script,

[code]
2005-01-28 10:15:18: REALPATH=/var/www/html/store/images/
2005-01-28 10:15:18: PASSWORDHASH=
2005-01-28 10:15:18: OPERATION=
2005-01-28 10:15:18: FILENAME=
2005-01-28 10:15:18: SUBDIR=
2005-01-28 10:15:18: SMARTRENAME=0
2005-01-28 10:15:18: REQVERSION=
2005-01-28 10:15:18: LOGINTIMESTAMP=
2005-01-28 10:15:18: SERVERPASSWORDHASH=98L243B28A0W3C4475C9MP9B2121E5O1
2005-01-28 10:15:18: ERROR the server and client passwords do not match.
[code]

Hi again, David. Now that you enabled the file-logging, try to do a real operation from the OSCPMWin application and check that PASSWORDHASH and SERVERPASSWORDHASH match for each operation (the hashes are different each time you call the script, but they should match each other).

If they don't match then the problem is: the DB password used by OSCommerce is not the same DB password used in the OSCPMWin application.

A consequence of the new script is that the OSCPMWin application must use the same password used by OSCommerce.

Please check that and let me know.


Regards,

Mario A. Valdez-Ramirez.

Author:  mvaldez [ 12 Mar 2005, 11:45 ]
Post subject:  Browser debug option disables the script...

I'll write this note just for the record, because it may be useful to someone else.

> Ok, I switched the user information to
> the same as OSCommerce is using, even
> thou I don't feel comfortable allowing remote
> connections on that account,

The password of the database is never sent to the PHP script. A hashed and salted string is sent to the PHP script, which then tries to do the same salted hashing to check if the client "knows" the password. So, I think is pretty safe. Actually, it is safer than the MySQL connection if you don't use the SSH tunnel.

The only drawback is that the password is stored in the Windows Registry of your workstation (unless you enable the option "Don't store passwords" in the OSCPMWin configuration).


> However the logs show the same as the
> code below, Its not showing any hash for
> the remote client. If you could please send
> me a message on Yahoo Messenger
> to user azazelsatx and hopefully we can
> find a solution quickly

Indee we solved the problem in minutes. 8)

What happened was that David enabled the opm_browser_debug option in the PHP script. That option is for debugging the script but disables the script's ability to receiving HTTP POST data (which is the way the OSCPMWin application uses). It is named "browse debug" because I use it to pass parameters to the script directly in the URL (using a web browser). However is not intended for general usage but as a developer debugging option.

So, most useful debug options in the PHP script are:
opm_enable_logfile: it will create a log file named "opm_debug.txt" in the OSCommerce root directory. This is the most useful option because it records most important information about all transactions between the PHP script and the OSCPMWin application.
opm_enable_extralog: it will store in the debug file all POST data sent to the script. This option doesn't require opm_enable_logfile to be enabled. It is not intended for general use, as it is useful only to check the data-receiving code in the script.
opm_enable_auth: if disabled, all password data is ignored, allowing you to use the wrong password or no password at all. This should only be used for testing, never for production usage.
opm_password_override: if you want to use an arbitrary password regardless of the used one for the database. This is not only useful to debug password problems but also if you don't want to use the same password used for the DB connection.


Regards,

Mario A. Valdez-Ramirez.

Page 1 of 1 All times are UTC - 7 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/