You should use 2.0RC3 script, which number 2 differs step of installation.
I hope, that at you all will turn out. And if still something will get out - write.
}
}
if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar( 'hasnotification' ) == 1) {
$xoopsModuleConfig =& $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
}
}
//Begin: Autologin hack
if ((empty($HTTP_SESSION_VARS['xoopsUserId'])) &&
(!empty($HTTP_COOKIE_VARS['al_pass'])&&(!empty($HTTP_COOKIE_VARS['al_uname']))))
{
$myts =& MyTextsanitizer::getInstance();
$uname=$HTTP_COOKIE_VARS['al_uname'];
$pass=trim($HTTP_COOKIE_VARS['al_pass']);
$member_handler =& xoops_gethandler('member');
$myts =& MyTextsanitizer::getInstance();
$user =& $member_handler->loginUser(addslashes($myts->stripSlashesGPC($uname)),
addslashes($myts->stripSlashesGPC($pass)),true);
if ($user != false){
setcookie('al_pass', $pass, time()+86400*100,'/','',0);
setcookie('al_uname', addslashes($uname),
time()+86400*100,'/','',0);
$user->setVar('last_login', time());
if (session_id()==''){session_destroy(); session_start();};
$HTTP_SESSION_VARS = array();
$HTTP_SESSION_VARS['xoopsUserId'] = $user->getVar('uid');
$HTTP_SESSION_VARS['xoopsUserGroups'] = $user->getGroups();
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] !=
'') {
setcookie($xoopsConfig['session_name'], session_id(),
time()+$xoopsConfig['session_expire'], '/', '', 0);
$HTTP_COOKIE_VARS[$xoopsConfig['session_name']]=session_id();
}
$user_theme = $user->getVar('theme');
if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
$HTTP_SESSION_VARS['xoopsUserTheme'] = $user_theme;
}
};
};
//End: Autologin Hack
/* function &loginUser($uname, $pwd)
{
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
$criteria->add(new Criteria('pass', $pwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
} */
//Begin: Autologin hack
function &loginUser($uname, $pwd, $al_login = false)
{
$criteria = new CriteriaCompo(new Criteria('uname', $uname));
if (!$al_login){$mypwd=md5($pwd);} else {$mypwd=$pwd;};
$criteria->add(new Criteria('pass', $mypwd));
$user =& $this->_uHandler->getObjects($criteria, false);
if (!$user || count($user) != 1) {
return false;
}
return $user[0];
}
//End: Autologin hack
//
if ($uname == '' || $pass == '') {
redirect_header(XOOPS_URL.'/user.php', 1, _US_INCORRECTLOGIN);
exit();
}
if (false != $user) {
//Begin: Autologin hack
if
(!empty($HTTP_POST_VARS['union_al'])&&($HTTP_POST_VARS['union_al']=='Yes')){
setcookie('al_pass', md5($pass),
time()+86400*100,'/','',0);
setcookie('al_uname', addslashes($uname),
time()+86400*100,'/','',0);
};
//End: Autologin hack
if (0 == $user->getVar('level')) {
redirect_header(XOOPS_URL.'/index.php', 5, _US_NOACTTPADM);
exit();
}
if ($op == 'logout') {
$message = '';
$HTTP_SESSION_VARS = array();
session_destroy();
//Begin: Autologin hack
setcookie('al_pass', '', time()-33600,'/','',0);
setcookie('al_uname', '', time()-33600,'/','',0);
//End: Autologin hack
if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
_masi wrote:
Hmm, I'm sure there is way to use a "secret" cookie style without changing the internal stored format (ie plain login and hashed password). I'll try and think of a method - it'd be on paper cause I'm off to a vacation soon.
And you don't need to change many things to get something configurable. XOOPS provides a quite advanced configuration system. It uses a general table and an OO-API for access. I'll dig up some info for you how to use it.
Epsylon3 wrote:
uhm, oh yea passw is not stored in cookie, only the md5 hash ?
i wonder you solve the problem already ?
_masi wrote:
A good start and a fine feature. But I have a few issues.
I don't think it is a good idea to store the actual password in the cookie nor it is to send out a simple hashed version of it. Have a look at sourceforge, they use even a hashed/encrypted login plus a special session_persist cookie.
And of course this feature has to be configurable
A config to turn it on and off and another one to configure the timeout in days.
Anyway I'd love to see this in the official XOOPS.
PS: BTW, I posted an ugly autologin hack myself. It's about an auto-login after an auto-approved registration. Perhaps you could integrate this as well, while you're at it