291946
Hello,GIJOE. I copied your codes here so that xoopsers never carry out DOS attack to your site. lol
This auto-login doesn't require you to enable custom session on. Moreover this can be used for ipbm users.
Download GIJOE's autologin packIPBM's autologin has some problems. For instance, you will be logged in even if you've unchecked remember me as long as custom session is enabled. And security issue has been reported by xoopsers.
How does this hack work?
1.Stores your id & hashed password with cookie.
2.automatically postphone the expirelation date when a user come back and update "last_login".
(For ipbm users, I changed codes so that last_activity & last_visit also will be updated.)
3.you can configure session expirelation in admin menu.
4.there's no need to enable custom session.
Quote:
*** user.php.origTue Jun 17 03:20:41 2003
--- user.phpMon Sep 8 19:06:27 2003
***************
*** 70,75 ****
--- 70,81 ----
if ($op == 'logout') {
$message = '';
$HTTP_SESSION_VARS = array();
session_destroy();
//autologin code//
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
//end autologin code//
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
$message = _US_LOGGEDOUT.'
'._US_THANKYOUFORVISIT;
Quote:
*** include/checklogin.php.origTue Jun 17 03:21:32 2003
--- include/checklogin.phpMon Sep 8 19:05:05 2003
***************
*** 66,71 ****
--- 66,80 ----
$HTTP_SESSION_VARS = array();
$HTTP_SESSION_VARS['xoopsUserId'] = $user->getVar('uid');
$HTTP_SESSION_VARS['xoopsUserGroups'] = $user->getGroups();
//autologin code//
if( isset( $_POST['rememberme'] ) && $_POST['rememberme'] == 'On' ) {
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $user->uid() , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , md5( $pass ) , $expire , '/' , '' , 0 ) ;
}
//end autologin code//
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], session_id(), time()+$xoopsConfig['session_expire'], '/', '', 0);
}
This common.php is Original one.
Thus this is for newbb users who haven't hacked the core.
Quote:
*** common.php.origWed Jun 18 00:21:35 2003
--- common.phpWed Sep 10 16:48:18 2003
***************
*** 145,150 ****
--- 145,174 ----
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();
//autologin code//
if( empty( $HTTP_SESSION_VARS['xoopsUserId'] ) && isset( $_COOKIE['uid'] ) && isset( $_COOKIE['pass'] ) ) {
$passSQL = "SELECT COUNT(uid) FROM ".$xoopsDB->prefix("users")." WHERE pass='{$_COOKIE['pass']}' AND uid='{$_COOKIE['uid']}'" ;
@$passRS = $xoopsDB->query( $passSQL ) ;
list( $numrows ) = $xoopsDB->fetchRow( $passRS ) ;
if( $numrows == 1 ) {
$HTTP_SESSION_VARS['xoopsUserId'] = $_COOKIE['uid'] ;
$xoopsUser =& $member_handler->getUser($_COOKIE['uid']);
$HTTP_SESSION_VARS['xoopsUserGroups'] = $xoopsUser->getGroups();
// update time at last login
$updateSQL = "UPDATE ".$xoopsDB->prefix("users")." SET last_login='".time()."' WHERE uid='{$_COOKIE['uid']}'" ;
$xoopsDB->queryF( $updateSQL ) ;
// extends autologin Cookies (if you need not, do comment out)
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $_COOKIE['uid'] , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , $_COOKIE['pass'] , $expire , '/' , '' , 0 ) ;
} else {
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
}
}
//end autologin code//
if (!empty($HTTP_SESSION_VARS['xoopsUserId'])) {
$xoopsUser =& $member_handler->getUser($HTTP_SESSION_VARS['xoopsUserId']);
if (!is_object($xoopsUser)) {
$xoopsUser = '';
}
?>
This common.php is NOT original. I changed some codes so that it would work with Invision Power Board Module made by koudanshi. Please bear in mind,if you upload this file you will loose "anonymous login" at VERY LEAST. So I cannot assure you that this code works collectly...
Quote:
*** common.php.origWed Jun 18 00:21:35 2003
--- common.phpWed Sep 10 16:48:18 2003
***************
*** 145,150 ****
--- 145,174 ----
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();
//autologin code//
if( empty( $HTTP_SESSION_VARS['xoopsUserId'] ) && isset( $_COOKIE['uid'] ) && isset( $_COOKIE['pass'] ) ) {
$passSQL = "SELECT COUNT(uid) FROM ".$xoopsDB->prefix("users")." WHERE pass='{$_COOKIE['pass']}' AND uid='{$_COOKIE['uid']}'" ;
@$passRS = $xoopsDB->query( $passSQL ) ;
list( $numrows ) = $xoopsDB->fetchRow( $passRS ) ;
if( $numrows == 1 ) {
$HTTP_SESSION_VARS['xoopsUserId'] = $_COOKIE['uid'] ;
$xoopsUser =& $member_handler->getUser($_COOKIE['uid']);
$HTTP_SESSION_VARS['xoopsUserGroups'] = $xoopsUser->getGroups();
// update time at last login
$updateSQL = "UPDATE ".$xoopsDB->prefix("users")." SET last_login='".time()."', last_visit='".time()."', last_activity='".time()."' WHERE uid='{$_COOKIE['uid']}'" ;
$xoopsDB->queryF( $updateSQL ) ;
// extends autologin Cookies (if you need not, do comment out)
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $_COOKIE['uid'] , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , $_COOKIE['pass'] , $expire , '/' , '' , 0 ) ;
} else {
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
}
}
//end autologin code//
if (!empty($HTTP_SESSION_VARS['xoopsUserId'])) {
$xoopsUser =& $member_handler->getUser($HTTP_SESSION_VARS['xoopsUserId']);
if (!is_object($xoopsUser)) {
$xoopsUser = '';
*****line 250*****
if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar( 'hasnotification' ) == 1) {
$xoopsModuleConfig =& $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
}
}
/*-------------------------------*/
// IPBM exists + session_id + uid /
/*-------------------------------*/
$sql = "SELECT mid FROM ".$xoopsDB->prefix('modules')." WHERE dirname='ipboard' AND isactive='1'";
$ismodule = $xoopsDB->fetchArray($xoopsDB->query($sql));
if ($ismodule['mid']){
$isbb = 1;
}else {
$isbb = 0;
}
if ($xoopsUser) {
$uid_bb = $xoopsUser->getVar('uid');
$xoopsDB->query("DELETE FROM ".$xoopsDB->prefix('ipb_validating')." WHERE member_id = $uid_bb AND lost_pass = 1");
}else {
$uid_bb = 0;
}
$meminfo = $xoopsDB->fetchArray($xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix('users')." WHERE uid = $uid_bb"));
$sessinfo = $xoopsDB->fetchArray($xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix('session')." WHERE member_id = $uid_bb"));
$sid_bb = session_id();
/*-------------------------------*/
}
?>
Quote:
