Quote:
I wish you successful rest!

I here have thought. It is possible to add the third parameter - the control sum. Which sense will be in hashing the line basing on the password of the user + a confidential word. I thought that such word cannot be thought up, since a code of script is open. And has then thought up, that this word should become the password of the administrator (i.e. the user with ID = 1). Thus we receive binding to the password of the administrator as a confidential key. Quite reasonable way of protection. Basically, to break it is possible, but not so it is easy. And it is more probable only individual login, by peeping traffic of the client. The given way will protect system first of all from bruteforce of hashes from the widespread passwords.

Well as? Secure enough?

mmm. Administrator can replace the password! It is necessary to search for other binding. But what?

Quote:
For this purpose I was necessary to make changes in SQL. I mean it strong structural changes. Such changes can make impossible successful updating of a XOOPS in future. On this they should be brought extremely by development of the new version (I mean in CVS).

Quote:
Yes, so. Now I have made changes to the first message where has specified the given feature separately.

And still I have changed a way of storage of a name of the user in an open kind, for user ID.

uhm, oh yea passw is not stored in cookie, only the md5 hash ?

Hmm, I'm sure there is way to use a "secret" cookie style without changing the internal stored format (ie plain login and hashed password). I'll try and think of a method - it'd be on paper cause I'm off to a vacation soon.

And you don't need to change many things to get something configurable. XOOPS provides a quite advanced configuration system. It uses a general table and an OO-API for access. I'll dig up some info for you how to use it.

Hi, Knight!
You said to me?
Quote:
I did not solve..
I applied only session.php, so I will try to change the template.

Quote:
The password stored as md5 hash. Actually the password stored as hash in XOOPS database. There only one security issue - login stored as is. Basically it is possible to add procedure, for additional converting a name in user-id. And perhaps I shall engage in it in the near future.

For paranoiacs it is possible to add additional hashed parameter as IP + secret word. But in that case it can not work for people with dynamic IP's.

As to sessions is it is possible to realize only the profound programming of a core. Such a format of the given forum - it will be simply impossible to describe. I am afraid, that it can be made only in format of official CVS.

Quote:
It will cause change too many parts of XOOPS too.

Quote:
I work just in this direction. Also I hope, that I shall find mutual understanding with developers of Xoops.
In this direction I have laid out the full list of my works here: Some useful hacks.

Quote:
My hack is not dependent from your hack. I personally used yours hack and have received a heap of pleasure. Thank for good idea! And a good and compact code.

A good start and a fine feature. But I have a few issues.

I don't think it is a good idea to store the actual password in the cookie nor it is to send out a simple hashed version of it. Have a look at sourceforge, they use even a hashed/encrypted login plus a special session_persist cookie.

And of course this feature has to be configurable
A config to turn it on and off and another one to configure the timeout in days.

Anyway I'd love to see this in the official XOOPS.

PS: BTW, I posted an ugly autologin hack myself. It's about an auto-login after an auto-approved registration. Perhaps you could integrate this as well, while you're at it

When a "anonymous" user browses my forums & then uses the login block to login, the user is sucessully logged in however the following message appears:


Error: Forum not selected


Then the user is taken to the forum home page i.e. /modules/newbb/. I do not have this issue with any other mod.

Happens with ver 2.02 & 2.03. I can reproduce this problem on Windosws systems running IIS 4, 5, 5.1 & 6. I have tried it both with registe_globals on & off with no change in bahavior.
PHP Version : 4.3.2 Any ideas?

i wonder you solve the problem already ?
facing same problem, i just remove the
width="<{$image.width}>" height="<{$image.height}>" from the template and the pic is showing now...

anyway thanx for this patch

I've made some hacks of newbb module. I hope, it may be useful in development of a new version of XOOPS.
Here it is:
X2 NewBB: Delete message without replies
X2 NewBB: QuickReply Form
X2 NewBB: Auto-open page with only message id
X2 NewBB: Last message link in a forum page and in a last messages block
X2 NewBB: View mode (thread or flat) get from user details
X2 NewBB: Sort mode get from User detail
X2 NewBB: Hide private forums in forum Index
X2 NewBB: &sort=0 after edit or post message FIX

Autologin for XOOPS 2.0.x

X2 Core: [ code] tag's output correction

Thanks for the reply...no idea how I was getting that into theme.html, as usual I was just trying to do something and overlooking something really obvious (but not for me

I will try it in a block instead now that I know it works there