XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. XOOPS Core Hacks 
  4.  / another auto-login by GIJOE for newbb & ipbm xoopsers
Register
1
Olorin
another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/13 23:51

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Hello,GIJOE. I copied your codes here so that xoopsers never carry out DOS attack to your site. lol
This auto-login doesn't require you to enable custom session on. Moreover this can be used for ipbm users.
Download GIJOE's autologin pack

IPBM's autologin has some problems. For instance, you will be logged in even if you've unchecked remember me as long as custom session is enabled. And security issue has been reported by xoopsers.

How does this hack work?
1.Stores your id & hashed password with cookie.
2.automatically postphone the expirelation date when a user come back and update "last_login".
(For ipbm users, I changed codes so that last_activity & last_visit also will be updated.)
3.you can configure session expirelation in admin menu.
4.there's no need to enable custom session.

Quote:

*** user.php.origTue Jun 17 03:20:41 2003
--- user.phpMon Sep 8 19:06:27 2003
***************
*** 70,75 ****
--- 70,81 ----

if ($op == 'logout') {
$message = '';
$HTTP_SESSION_VARS = array();
session_destroy();

//autologin code//
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
//end autologin code//

if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], '', time()- 3600, '/', '', 0);
}
$message = _US_LOGGEDOUT.'<br />'._US_THANKYOUFORVISIT;


Quote:

*** include/checklogin.php.origTue Jun 17 03:21:32 2003
--- include/checklogin.phpMon Sep 8 19:05:05 2003
***************
*** 66,71 ****
--- 66,80 ----
$HTTP_SESSION_VARS = array();
$HTTP_SESSION_VARS['xoopsUserId'] = $user->getVar('uid');
$HTTP_SESSION_VARS['xoopsUserGroups'] = $user->getGroups();

//autologin code//
if( isset( $_POST['rememberme'] ) && $_POST['rememberme'] == 'On' ) {
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $user->uid() , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , md5( $pass ) , $expire , '/' , '' , 0 ) ;
}
//end autologin code//

if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
setcookie($xoopsConfig['session_name'], session_id(), time()+$xoopsConfig['session_expire'], '/', '', 0);
}



This common.php is Original one.
Thus this is for newbb users who haven't hacked the core.

Quote:

*** common.php.origWed Jun 18 00:21:35 2003
--- common.phpWed Sep 10 16:48:18 2003
***************
*** 145,150 ****
--- 145,174 ----
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();

//autologin code//
if( empty( $HTTP_SESSION_VARS['xoopsUserId'] ) && isset( $_COOKIE['uid'] ) && isset( $_COOKIE['pass'] ) ) {
$passSQL = "SELECT COUNT(uid) FROM ".$xoopsDB->prefix("users")." WHERE pass='{$_COOKIE['pass']}' AND uid='{$_COOKIE['uid']}'" ;
@$passRS = $xoopsDB->query( $passSQL ) ;
list( $numrows ) = $xoopsDB->fetchRow( $passRS ) ;
if( $numrows == 1 ) {
$HTTP_SESSION_VARS['xoopsUserId'] = $_COOKIE['uid'] ;
$xoopsUser =& $member_handler->getUser($_COOKIE['uid']);
$HTTP_SESSION_VARS['xoopsUserGroups'] = $xoopsUser->getGroups();
// update time at last login
$updateSQL = "UPDATE ".$xoopsDB->prefix("users")." SET last_login='".time()."' WHERE uid='{$_COOKIE['uid']}'" ;
$xoopsDB->queryF( $updateSQL ) ;
// extends autologin Cookies (if you need not, do comment out)
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $_COOKIE['uid'] , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , $_COOKIE['pass'] , $expire , '/' , '' , 0 ) ;
} else {
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
}
}
//end autologin code//

if (!empty($HTTP_SESSION_VARS['xoopsUserId'])) {
$xoopsUser =& $member_handler->getUser($HTTP_SESSION_VARS['xoopsUserId']);
if (!is_object($xoopsUser)) {
$xoopsUser = '';


}
?>



This common.php is NOT original. I changed some codes so that it would work with Invision Power Board Module made by koudanshi. Please bear in mind,if you upload this file you will loose "anonymous login" at VERY LEAST. So I cannot assure you that this code works collectly...

Quote:

*** common.php.origWed Jun 18 00:21:35 2003
--- common.phpWed Sep 10 16:48:18 2003
***************
*** 145,150 ****
--- 145,174 ----
session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
session_start();

//autologin code//
if( empty( $HTTP_SESSION_VARS['xoopsUserId'] ) && isset( $_COOKIE['uid'] ) && isset( $_COOKIE['pass'] ) ) {
$passSQL = "SELECT COUNT(uid) FROM ".$xoopsDB->prefix("users")." WHERE pass='{$_COOKIE['pass']}' AND uid='{$_COOKIE['uid']}'" ;
@$passRS = $xoopsDB->query( $passSQL ) ;
list( $numrows ) = $xoopsDB->fetchRow( $passRS ) ;
if( $numrows == 1 ) {
$HTTP_SESSION_VARS['xoopsUserId'] = $_COOKIE['uid'] ;
$xoopsUser =& $member_handler->getUser($_COOKIE['uid']);
$HTTP_SESSION_VARS['xoopsUserGroups'] = $xoopsUser->getGroups();
// update time at last login
$updateSQL = "UPDATE ".$xoopsDB->prefix("users")." SET last_login='".time()."', last_visit='".time()."', last_activity='".time()."' WHERE uid='{$_COOKIE['uid']}'" ;
$xoopsDB->queryF( $updateSQL ) ;
// extends autologin Cookies (if you need not, do comment out)
$expire = time() + $xoopsConfig['session_expire'] * 60 ;
setcookie( 'uid' , $_COOKIE['uid'] , $expire , '/' , '' , 0 ) ;
setcookie( 'pass' , $_COOKIE['pass'] , $expire , '/' , '' , 0 ) ;
} else {
setcookie( 'uid' , -1 , time() - 3600 , '/' , '' , 0 ) ;
setcookie( 'pass' , -1 , time() - 3600 , '/' , '' , 0 ) ;
}
}
//end autologin code//

if (!empty($HTTP_SESSION_VARS['xoopsUserId'])) {
$xoopsUser =& $member_handler->getUser($HTTP_SESSION_VARS['xoopsUserId']);
if (!is_object($xoopsUser)) {
$xoopsUser = '';

*****line 250*****

if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar( 'hasnotification' ) == 1) {
$xoopsModuleConfig =& $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
}
}
/*-------------------------------*/
// IPBM exists + session_id + uid /
/*-------------------------------*/
$sql = "SELECT mid FROM ".$xoopsDB->prefix('modules')." WHERE dirname='ipboard' AND isactive='1'";
$ismodule = $xoopsDB->fetchArray($xoopsDB->query($sql));
if ($ismodule['mid']){
$isbb = 1;
}else {
$isbb = 0;
}

if ($xoopsUser) {
$uid_bb = $xoopsUser->getVar('uid');
$xoopsDB->query("DELETE FROM ".$xoopsDB->prefix('ipb_validating')." WHERE member_id = $uid_bb AND lost_pass = 1");
}else {
$uid_bb = 0;
}
$meminfo = $xoopsDB->fetchArray($xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix('users')." WHERE uid = $uid_bb"));
$sessinfo = $xoopsDB->fetchArray($xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix('session')." WHERE member_id = $uid_bb"));
$sid_bb = session_id();
/*-------------------------------*/
}
?>



Quote:

*** modules/system/templates/blocks/system_block_login.html.origTue Mar 18 18:31:20 2003

--- modules/system/templates/blocks/system_block_login.htmlMon Sep 8 19:32:28 2003

***************

*** 1,4 ****
<form style="margin-top: 0px;" action="<{$xoops_url}>/user.php" method="post"><{$block.lang_username}><br /><input type="text" name="uname" size="12" value="<{$block.unamevalue}>" /><br /><{$block.lang_password}><br /><input type="password" name="pass" size="12" /><br /><input type="hidden" name="xoops_redirect" value="<{$xoops_requesturi}>" /><input type="hidden" name="op" value="login" /><input type="submit" value="<{$block.lang_login}>" /><br /><input type="checkbox" name="rememberme" value="On" class ="formButton" checked />Auto Login<br /><{$block.sslloginlink}>
</form>
<a href="<{$xoops_url}>/user.php#lost"><{$block.lang_lostpass}></a>
<br /><br />
<a href="<{$xoops_url}>/register.php"><{$block.lang_registernow}></a>


2
Draven
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/14 0:30

  • Draven

  • Module Developer

  • Posts: 337

  • Since: 2003/5/28


Thanks.
3
Draven
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/14 20:47

  • Draven

  • Module Developer

  • Posts: 337

  • Since: 2003/5/28


HMmm, doesn't seem to be working. It autologs in for about an hour but longer than that it makes you login again. It did that before I installed this hack, any ideas?
4
Olorin
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/14 23:12

  • Olorin

  • Just popping in

  • Posts: 50

  • Since: 2003/7/5 1


Well,first of all,did you download GIJOE's package or hack codes manually? I recommend you to download his fully reliable package. If you want to alter codes manually check this post: GIJOE's post.

Anyway,check the following list to confirm if your hack is valid or not.
1.Is your Cookie turned on?
2.Did you check "auto login" when you log in?

3.did you change the duration of session in admin/preferences/general setting? (It says this setting is valid as long as custom session is enabled. Although this hack reffer to this setting. 1 week is "10080")

4.Okay,then,let's check if it works now.
5.Use (Mozzila)Firebird since you can easily check Cookie's expiration date. Of course,any other method will do if you can check cookies.
6.Log in with "autologin"checked.Then check cookie's expiration date.(This hack gives you 2 cookies:ID & Pass.)
7.Close your browser to finish regular session.

8.restart your browser & go to your site.Then check your cookie again.Its expiration date must be postphoned.

OR you can check your last log in date instead of cookies because it also updates it.

Hope this helps
5
Rou4cn
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/16 8:14

  • Rou4cn

  • Just popping in

  • Posts: 16

  • Since: 2003/5/3 1


Quote:

Olorin wrote:

3.did you change the duration of session in admin/preferences/general setting? (It says this setting is valid as long as custom session is enabled. Although this hack reffer to this setting. 1 week is "10080")



make it is 10080, may be any security hole? or not?

thanks.
6
GIJOE
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/16 8:43

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


Of course, it becomes a security hole.
Did you read this article?
https://xoops.org/modules/newbb/viewtopic.php?topic_id=11986&forum=20#48456

I think it is slight problem in community site, as long as admin's cookie is not stolen.

7
Draven
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/9/17 16:30

  • Draven

  • Module Developer

  • Posts: 337

  • Since: 2003/5/28


Well I got everything to work but now there seems to be another problem. All my users are complaining that forum posts are marked as read before they've even looked at them. Now if you don't check the forum within basically a minute of a new post it automatically gets marked as read. Wierd. I had to remove this hack as I have no idea what could be doing it. I assume it's a cookie issue.

UPDATE: Never mind I figured it out. The problem is the latest release of IPBM already has an autologin hack in it. DOH!
8
DobePhat
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/10/15 17:50

  • DobePhat

  • Friend of XOOPS

  • Posts: 656

  • Since: 2003/4/15


IPBM compatable?
Is there an auto-log-in hack for 2.0.3?

Thanks,
9
GIJOE
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/10/15 19:09

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


Probably, this problem is caused by an overflowing of capacity or size of COOKIE.
As auto-login have to use COOKIE, it is likely to have to adjust it on the side of newbb or another factor using COOKIE.
You can check the COOKIEs on your site by "javascript:document.cookie;".

I can't help you, because your site is too heavy to see.

10
GIJOE
Re: another auto-login by GIJOE for newbb & ipbm xoopsers

  • 2003/10/16 0:37

  • GIJOE

  • Quite a regular

  • Posts: 265

  • Since: 2003/8/13


I noticed now.
Are you using IPBM?
If it is so, my Hack cannot be used.
I do not use, and do not recommend the module named IPBM, phpBB, and 4images.

Both my auto-login hack for 2.0.3 and semi-official auto-login hack for 2.0.5 besed on my hack work fine without modules overwriting core files.
(1) 2 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

168 user(s) are online (106 user(s) are browsing Support Forums)

Members: 0

Guests: 168

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits