1
Kolibri
Auto login
  • 2003/9/9 7:22

  • Kolibri

  • Just popping in

  • Posts: 17

  • Since: 2003/9/5 1


I saw there are a few auto login hacks available for Xoops.

Is there one in peticular, best and safe suitable for XOOPS 2.0.3 ? There's to much discussion surrounding the information for me to make a good choice.

It has to make use of cookies to store the password, not the database...

Thanks in advance!


2
charpres
Re: Auto login
  • 2003/9/10 0:30

  • charpres

  • Not too shy to talk

  • Posts: 168

  • Since: 2003/9/4 2


I installed the most recent and most complete looking hack to fix the login problem and it didn't do anything (can't remember which one). After reading all the posts and looking at the 3-4 hacks, I still don't know any more than I did before.

So, I'd be interested in any responses to this question as well.

3
GIJOE
Re: Auto login
  • 2003/9/14 8:31

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


This is the best auto login hack, I think.

The older hacks I tried have troubles like "cannot logout", "must use custom block", "send wrong and long cookie in some environment".

This patch is only for XOOPS 2.0.3.
If you use XOOPS older than 2.0.2, you should upgrade to 2.0.3 or change the patch for common.php.

I prepared an archive includes 4 patched files.
download here

Just upload 4 files, and update system module in module manager.
If you use customized template, patch to the template manually.

You don't have to turn 'custom session' on.

You can set the life time of auto-login(=cookie) by "Session expiration" in General Setting of preferences.

If you use IPBM or phpBB, try Olorin's code.

*** user.php.orig    Tue Jun 17 03:20:41 2003
--- user.php    Mon Sep  8 19:06:27 2003
***************
*** 
70,75 ****
--- 
70,81 ----
      
$message '';
      
$HTTP_SESSION_VARS = array();
      
session_destroy();

//autologin code//
+     setcookie'uid' , -time() - 3600 '/' '' ) ;
+     
setcookie'pass' , -time() - 3600 '/' '' ) ;
//end autologin code//

      if (
$xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
          
setcookie($xoopsConfig['session_name'], ''time()- 3600'/',  ''0);
      }



*** include/checklogin.php.orig    Tue Jun 17 03:21:32 2003
--- include/checklogin.php    Mon Sep  8 19:05:05 2003
***************
*** 
66,71 ****
--- 
66,80 ----
      
$HTTP_SESSION_VARS = array();
      
$HTTP_SESSION_VARS['xoopsUserId'] = $user->getVar('uid');
      
$HTTP_SESSION_VARS['xoopsUserGroups'] = $user->getGroups();

//autologin code//
+     if( isset( $_POST['rememberme'] ) && $_POST['rememberme'] == 'On' ) {
+         
$expire time() + $xoopsConfig['session_expire'] * 60 ;
+         
setcookie'uid' $user->uid() , $expire '/' '' ) ;
+         
setcookie'pass' md5$pass ) , $expire '/' '' ) ;
+     }
//end autologin code//

      if (
$xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
          
setcookie($xoopsConfig['session_name'], session_id(), time()+$xoopsConfig['session_expire'], '/',  ''0);
      }



*** common.php.orig    Wed Jun 18 00:21:35 2003
--- common.php    Wed Sep 10 16:48:18 2003
***************
*** 
145,150 ****
--- 
145,174 ----
      }
      
session_set_save_handler(array(&$sess_handler'open'), array(&$sess_handler'close'), array(&$sess_handler'read'), array(&$sess_handler'write'), array(&$sess_handler'destroy'), array(&$sess_handler'gc'));
      
session_start();

//autologin code//
+     if( empty( $HTTP_SESSION_VARS['xoopsUserId'] ) && isset( $_COOKIE['uid'] ) && isset( $_COOKIE['pass'] ) ) {
+         
$passSQL "SELECT COUNT(uid) FROM ".$xoopsDB->prefix("users")." WHERE pass='{$_COOKIE['pass']}' AND uid='{$_COOKIE['uid']}'" ;
+         @
$passRS $xoopsDB->query$passSQL ) ;
+         list( 
$numrows ) = $xoopsDB->fetchRow$passRS ) ;
+         if( 
$numrows == ) {
+             
$HTTP_SESSION_VARS['xoopsUserId'] = $_COOKIE['uid'] ;
+             
$xoopsUser =& $member_handler->getUser($_COOKIE['uid']);
+             
$HTTP_SESSION_VARS['xoopsUserGroups'] = $xoopsUser->getGroups();
+             
// update time at last login
+             $updateSQL "UPDATE ".$xoopsDB->prefix("users")." SET last_login='".time()."' WHERE uid='{$_COOKIE['uid']}'" ;
+             
$xoopsDB->queryF$updateSQL ) ;
+             
// extends autologin Cookies (if you need not, do comment out)
+             $expire time() + $xoopsConfig['session_expire'] * 60 ;
+             
setcookie'uid' $_COOKIE['uid'] , $expire '/' '' ) ;
+             
setcookie'pass' $_COOKIE['pass'] , $expire '/' '' ) ;
+         } else {
+             
setcookie'uid' , -time() - 3600 '/' '' ) ;
+             
setcookie'pass' , -time() - 3600 '/' '' ) ;
+         }
+     }
//end autologin code//

      if (!empty(
$HTTP_SESSION_VARS['xoopsUserId'])) {
          
$xoopsUser =& $member_handler->getUser($HTTP_SESSION_VARS['xoopsUserId']);
          if (!
is_object($xoopsUser)) {



*** modules/system/templates/blocks/system_block_login.html.orig    Tue Mar 18 18:31:20 2003
--- modules/system/templates/blocks/system_block_login.html    Mon Sep  8 19:32:28 2003
***************
*** 
1,****
! <
form style="margin-top: 0px;" action="<{$xoops_url}>/user.php" method="post"><{$block.lang_username}><br /><input type="text" name="uname" size="12" value="<{$block.unamevalue}>" /><br /><{$block.lang_password}><br /><input type="password" name="pass" size="12" /><br /><input type="hidden" name="xoops_redirect" value="<{$xoops_requesturi}>" /><input type="hidden" name="op" value="login" /><input type="submit" value="<{$block.lang_login}>" /><br /><{$block.sslloginlink}>
  form>
  <
a href="<{$xoops_url}>/user.php#lost"><{$block.lang_lostpass}>a>
  <
br /><br />
--- 
1,----
! <
form style="margin-top: 0px;" action="<{$xoops_url}>/user.php" method="post"><{$block.lang_username}><br /><input type="text" name="uname" size="12" value="<{$block.unamevalue}>" /><br /><{$block.lang_password}><br /><input type="password" name="pass" size="12" /><br /><input type="hidden" name="xoops_redirect" value="<{$xoops_requesturi}>" /><input type="hidden" name="op" value="login" /><input type="submit" value="<{$block.lang_login}>" /><br /><input type="checkbox" name="rememberme" value="On" class ="formButton" checked />Auto Login<br /><{$block.sslloginlink}>
  form>
  <
a href="<{$xoops_url}>/user.php#lost"><{$block.lang_lostpass}>a>
  <
br /><br />



4
Rou4cn
Re: Auto login
  • 2003/9/14 14:22

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:
change the patch for common.php.


It is great!
Since I use xoops2.0.2 with many hack, So what do you mean the changes? Do you mean that manully change it?

Thanks a lot.





5
onokazu
Re: Auto login
  • 2003/9/15 12:23

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


The autologin feature has now been added to the core on CVS. Thanks to all who have contributed on this hack. This will be present in 2.0.4 which is to be released very soon.

6
DobePhat
Re: Auto login
  • 2003/9/15 16:14

  • DobePhat

  • Friend of XOOPS

  • Posts: 656

  • Since: 2003/4/15


sounds great onu. , I will however wait awhile...my last upgrade really sort of slowed me down for awhile with all the fixes. So it would probably be better to do a fresh install.

Meanwhile however,
I am very happy this feature has finally been made accessible.

With this one: 'JOE,
how does it affect who's online Block, if at all?

Works with globals off?

Thanks!

7
DobePhat
Re: Auto login
  • 2003/9/15 16:15

  • DobePhat

  • Friend of XOOPS

  • Posts: 656

  • Since: 2003/4/15


-Thanks! oops! Clicked back in browser!

8
mvandam
Re: Auto login
  • 2003/9/16 1:14

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Just a quick question about this hack:

It seems that the 'remember-me cookie' lifetime and the session lifetime have the same value. Would it be better to separate these so that someone can remain 'logged in' for a long time (e.g. 1 year) without tying up resources (HTTP_SESSION_VARS) for that user. Or have I misinterpretted something? (I haven't had a chance to look at all the modifications very carefully yet.)

9
onokazu
Re: Auto login
  • 2003/9/16 2:34

  • onokazu

  • XOOPS Founder

  • Posts: 617

  • Since: 2001/12/13


I hope that doesn't mean that we should keep session data for a year.

I think that we should at least add a config option in the preferences to be able to set how long auto login cookies can be valid. I also think that this should be an optional feature since this could potentially become a security hole.

10
Ace_Armstrong
Re: Auto login

Quote:

onokazu wrote:
The autologin feature has now been added to the core on CVS. Thanks to all who have contributed on this hack. This will be present in 2.0.4 which is to be released very soon.


Hopefully the version in the core will work. I haven't been able to get any of the hacks to work on my system, and I've noticed a couple of other people say the same thing. Makes me wonder if it's related to the state of the registers.

I'm excited to hear 2.0.4 is coming soon! (Any hints on how soon...? )


Login

Who's Online

285 user(s) are online (234 user(s) are browsing Support Forums)


Members: 0


Guests: 285


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits