The Foxy forums are on the move!

We're in the process of moving our forums over to a new system, and so these forums are now read-only.
If you have a question about your store in the meantime, please don't hesitate to reach out to us via email.

Unable to login with api accounts

swensorswensor Member
in Bugs & Feature Requests edited May 2009
Hey All,

So I have run into this problem before, but am again unable to resolve it. I have created or edited a number of accounts for the store cgcw.foxycart.com using the api. None of them work. Before it was that I had been posting company to their profile twice, so their customer_company value (,) ruined the login sequence. Now I am having the same problem, but cant see where my data is flawed. Also, does it make sense that foxycart logins can be created incorrectly with the api? Just a thought. Here are a few logins I have tried, with no luck:

kamikaziri@gmail.com
rk@mit.edu
hausman@bu.edu
Samtravel@aol.com

I even tried to repair these manually posting to the api with a form I made. The posts to the api were successful, customer is found, password is reset, etc. etc. but for ANY account I have tested so far, it says "That email address looks correct, but the password is not. Please change your password or click the link below to have your password emailed to you."

So obviously I am doing something wrong. The accounts ARE getting made but they are invalid or something... does it have to do with the blank or empty fields? I don't populate address2 or a couple others... Just an idea, what do you all think? Any ideas on why I am breaking this with such great ease? Thanks!!

swensor
Comments
  • lukeluke FoxyCart Team
    Hey swensor. Sorry for the frustration and thanks for posting. If our API is broken, we definitely want to fix it. Can you post the code you're using to create/update your users?
  • swensorswensor Member
    edited May 2009
    Hey luke,

    Using this PostTo Method, found on a thread:

    Function PostTo(byval url as string,byval Items as System.Collections.Specialized.NameValueCollection)
    Dim client As New WebClient()

    ' Add a user agent header in case the
    ' requested URI contains a query.
    client.Headers.Add("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705;)")

    Dim data = Encoding.GetEncoding(0).GetString(client.UploadValues(url,Items))
    return data

    End Function

    I then call this block of code to post to the api:

    Dim inputs as new System.Collections.Specialized.NameValueCollection
    inputs.Add("api_token","centralpt31512345")
    inputs.Add("api_action","customer_save")
    inputs.Add("customer_email",email)
    inputs.Add("customer_password",password)
    inputs.Add("customer_company",company)
    inputs.Add("customer_first_name",fn)
    inputs.Add("customer_last_name",ln)
    inputs.Add("customer_address1",add)
    inputs.Add("customer_city",city)
    inputs.Add("customer_state",state)
    inputs.Add("customer_postal_code",zip)
    inputs.Add("customer_country",country)
    inputs.Add("customer_phone",phone)
    inputs.Add("filla","filla")
    'Response.Write(lcpMatrix(19) & "-" & lcpMatrix(20) & "<br/>")
    Response.Write(PostTo("https://cgcw.foxycart.com/api",inputs) & "<br/><br/>")

    The method works great, I get SUCCESS and CUSTOMER UPDATED messages in the XML response, which my script outputs on a web page. I can check the customers and update them manually, with an html form that I made on my desktop. Before, I was able to repair these users manually, as outlined in this thread: http://forum.foxycart.com/comments.php?DiscussionID=1254&page=1 But now I am unable to repair the users by hand, mainly because I don't see anything that looks too funky. Do you?

    Another interesting tidbit, on that previous thread a javascript error would get thrown when I tried to login. Now, there is no error, just the message saying invalid credentials. I am on store version 0.51 right now, was on version 0.50 at the time of the previous posting. Thanks!!

    Swensor
  • swensorswensor Member
    Okay so EVEN using a manual post from a page I wrote on my desktop, I am able to post to the api, get "SUCCESS CUSTOMER CREATED" but when I try to use these customers, the login fails. Is this a deal with my store? I could not imagine everyone is having this same problem. Here's my HTML form code I ran from my desktop:

    <form action="https://cgcw.foxycart.com/api"; method="post">
    api action:<input type="text" name="api_action" value="customer_save"/><br/>
    api token: <input type="text" name="api_token" value="centralpt31512345"/><br/>
    customer:  <input type="text" name="customer_email" value=""/><br/>
    pwd:  <input type="text" name="customer_password" value=""/><br/>
    phone:  <input type="text" name="customer_phone" value=""/><br/>

    company:  <input type="text" name="customer_company" value=""/><br/>
    <input type="submit"/>

    </form>

    I just fill out those fields, post it, and I get the xml of the new customer. But the login does not work. I dont see any error messages or indications about not posting properly, it just does not work. Any help would be greatly appreciated.
  • brettbrett FoxyCart Team
    Hi Swensor.
    Taking a look in our database and it definitely looks like the data is there. The only thing that I can think of is that the hash is somehow being messed up on our end. ...

    Ok, confirmed something is strange. Your store settings are SHA1, but for some reason we're storing the md5 hash for the customer, so the login is failing. We'll take a look and let you know once this is resolved. Sorry for the issue, and thanks for bringing it to our attention.

    Just to confirm, you're not passing in a customer_password_hash anywhere (and using md5), are you?
  • lukeluke FoxyCart Team
    AARRRGGGGG!!!!

    Sorry. Had to vent.

    As I was reading through this thread I remember specifically fixing this bug. Sure enough, the svn history shows revision 1014 at 4/7/09 10:15pm with a simple fix. For version 050.

    Revision 1014 never made it into version 051.

    I really hate it when I do something stupid like that. So sorry swensor. Thanks for being patient with us and for giving us the information we needed to track down the problem.

    I've committed the fix to 051 (and 060 which is under development). As Brett mentioned, the passwords were hashed with md5 so you will have to go through all of them and rehash them as sha1 now that the api is fixed.
  • swensorswensor Member
    edited May 2009
    hey guys,

    thanks for fixing that. so if i just run my import script again and post "customer_password" then your system will hash it correctly ? is that right? thats how it ran before, i make no posts to customer_password_hash. i'll run it this afternoon if so. thanks!!

    swensor
  • swensorswensor Member
    Hey

    Just an update I have tested both types of password hashing with my import and they seem to work fine, I'll update you if I run into any more errors in testing. Thanks for your response, as a programmer I understand its hard to be 100% bug-free and I appreciate that you worked to correct the problem so quickly. Thanks again, Peace out.

    swensor
  • lukeluke FoxyCart Team
    Thanks swensor. There are no perfect programmers, but we still try. It's frustrating to see a bug previously fixed sneak back into our code. Glad it's working for you.
Sign In or Register to comment.