Using ProductCart - How to extract Customers Passwords

Print Page | Close Window

How to extract Customers Passwords

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Using ProductCart
Forum Description: Running your store with ProductCart
URL: https://forum.productcart.com/forum_posts.asp?TID=1329
Printed Date: 10-March-2025 at 1:30pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: How to extract Customers Passwords

Posted By: RobertZ
Subject: How to extract Customers Passwords
Date Posted: 23-January-2008 at 7:52pm

Howdy

Does anybody know how to extract a customers password from their account? We're finding a few situations where we need this info but because its encryted in the DB cannt extract it.

We have a work around, but it would be nice if admin could see this info, if needed.

Rob

Replies:

Posted By: RobertZ
Date Posted: 29-January-2008 at 10:25pm

Anybody??

Posted By: Greg Dinger
Date Posted: 29-January-2008 at 10:52pm

Sounds like custom code time Robert. There is likely a routine in the code which is used by the login scripts to decrypt the stored password and compare it to the entry keyed in the login form. The approach I would take is to identify that, clone whatever part of the logic is needed, and cause the decrypted password to appear on the customer listing. But I've not looked at the specific code, thus I'm speaking in generalities instead of specifics.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: p00pstar
Date Posted: 26-February-2008 at 3:47pm

First of all, include settings.asp, storeconstants.asp and rc4.asp

Response.Charset = "UTF-8"

Set dbConn = Server.CreateObject("ADODB.Connection")
dbConn.Open scDSN

SQLString = "SELECT idcustomer,email,[password] FROM customers ORDER BY idcustomer ASC"

Set rsPasswords = dbConn.Execute(SQLString)

Response.Write "<table>"

Do While Not rsPasswords.Eof
Response.Write "<tr><td>" & rsPasswords("idcustomer") & "</td><td>" & rsPasswords("email") & "</td><td>" & enDeCrypt(rsPasswords("password"), scCrypPass) & "</td></tr>"
rsPasswords.MoveNext
Loop

Response.Write "</table>"

Set rsPasswords = Nothing
dbConn.Close
Set dbConn = Nothing

Posted By: fly_scuba
Date Posted: 15-May-2013 at 6:08pm

I performing the steps in this post I believe that there are significant changes that version 4.7 now uses. With the option explicit option turned on we see 2 variables that are now not being initialized just by the listed include files. I have been able to review the admin login page and determined that the process is still basically the same but the password is not being displayed in normal text after the enDecrypt function.

Just for my own knowledge I posted out my password from the db before the function call and after ward. I also list out my key which is passed to the function as well.

The value that comes back from the function is the same as the parameter sent to the function before it went in.

I could use some updated info on this process. Smile

Posted By: fly_scuba
Date Posted: 15-May-2013 at 6:23pm

I found the answer.

You must include the following response object:

dim AdminPassword , intLength

Response.Charset = "UTF-8"

Hope this helps someone.