Posted on: 2005/3/28 21:08
Autologin Hack for 2.0.10-beta2
Orig Ref: http://xoops.biz/x7/modules/myhacks/index.php?id=2
Hack: Remember Me + Login using Email + Register with Real Name (for xoops-126.96.36.199 & xoops-2.0.10.b2)
This is my first XOOPS hack released to public. This hack is highly influenced by GIJOE auto-login hack. This does exactly same thing but my approach is little refined (I think so, feel free to disagree).
1. Similar to gMail's "don't ask for my password for 2 weeks", your members will get an option for activating "auto-login". This which will keep them logged on a browser for next one week even after the browser was closed. If member browses the site within a week, the duration will get extended
(tell me if it is good or bad)?
2. Members get option of using any of loginid or email to login.
3. New members will be asked for 'Real Name' at the time of registration. I found many people too lazy to update their profile, so now their profile will have their name for sure. Also an invalid or garbage name strongly indicates the ill-intention of newly registered user, who can be banned immediately to prevent any possible misuse. Why core team has this great feature commented
Followings are major difference from GIJOE hack:
1. In place of making a localized code change, I also changed "kernel/member.php" and added two new methods loginUserAuto (auto-login someone using saved cookies) and loginUserEmail (login someone using email as username).
2. I am using value stored in actkey column for auto-login feature. I too am totally against of storing the MD5 of real password in user cookies (like the author of original auto-login and several other people). So here is perhaps the safer work-around. MD5 of actkey is sent to user's browser as cookies and the same is matched for auto-login. I found this column useless after user activation - so why don't we use it. With recent patch - actkey is getting new random value every time user changes the password - so saved cookies will become invalid. SAFER NOW
1. I had to change "kernel/user.php" also as it was not persisting actkey column for any existing user. This column useless after user activation
2. _MB_SYSTEM_REMEMBERME is not used. Rather global variable _REMEMBERME is used to render 'system_userform.html' and 'system_block_login.html' both. It is not duplicated and more consistent like other constants _USERNAME and _PASSWORD.
3. Using cookie name 'autologin_key' in place of 'autologin_pass'
4. Using xoops's standard function checkEmail() to test if email was passed as userId.
Looking forward to get feedback from people
Q. How to install hack?
A. You should know what you are doing.
Get files from http://xoops.biz/x7/modules/mydownloads/
* This patch is tested to work on version 2.0.9.x only and just overwrite original files with the supplied ones. (For older versions, search for the word "SRAJ" in hacked files and merge the changes manually).
Updated: There is a patch available for 2.0.10.b2. Please report me any bug or problems. This will help me releasing well tested code for 2.0.10
* After overwriting files, don't forget to update system module.
Check GIJOE documentation for more options.