X-Cart: shopping cart software
Page 2 of 7 < 1 2 34 > Last »
Show 40 posts from this thread on one page

X-Cart forums (https://forum.x-cart.com/index.php)
-   Dev Questions (https://forum.x-cart.com/forumdisplay.php?f=20)
-   -   Making it so they don't have to re-login everytime (https://forum.x-cart.com/showthread.php?t=2752)

Jon 05-22-2003 12:17 PM
My assumption is that you need to set a seperate cookie, and then read from that cookie to start a new session when they return.

Jon 05-22-2003 01:05 PM
Ok. So we set a cookie:

Create a sub-folder in the Modules folder called: Save_Login

Create a file in the sub-folder called: set_cookie.php and put this code in it:

Code:
// Set cookie with login name
$savelogin = $user_data['login'];
setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host);
$savelogintype = C;
setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);

Then open /include/login.php and find this code:

Code:
db_query("update $sql_tbl[customers] set last_login='".time()."' where login='$login'");
db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$username',now(),'$usertype','login','success','$REMOTE_ADDR')");

AFTER that put:

Code:
#
# Set Remember Login Cookie
#

if ($login_type == "C") { include "../modules/Save_Login/set_cookie.php"; }

If the person is a customer, they now have a LoginCookie set under the domain name containing "username" and "logintype" where C is the userlevel, set to expire in 6 months.

Now we need to read from that cookie. (I'm documenting the process but don't believe this code to be correct until the process is finished).

Jon 05-22-2003 01:11 PM
Looks like there's some protection in check_useraccount.php against faking cookies or session variables:

Code:
if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) {
    header("Location: ../customer/error_message.php?access_denied");
    exit();

Please be encourage to make this monologue a dialogue ;)

Jon 05-22-2003 06:48 PM
Got it to work, will post full modification for feedback, criticism and security checks shortly.

Jon 05-23-2003 12:35 PM
Here's what's needed. I'm using I beleive 3.2.2, not positive on that.

Create a sub-folder in the Modules folder called: Save_Login

Create a file in the sub-folder called: set_cookie.php and put this code in it:

Code:
<?

// Set cookie with login name
$savelogin = $user_data['login'];
setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host);
$savelogintype = C;
setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);

?>

Create another file in that subfolder called: reset_cookie.php with this code in it:

Code:
<?

// Set cookie with login name
$savelogin = "";
setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host);
$savelogintype = "";
setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);

?>

Open include/check_useraccount.php and change to look like this:

Code:
<?
#
# $Id: check_useraccount.php,v 1.12.2.4 2002/12/11 12:29:10 svowl Exp $
#
# This script authenticates user (session variables "login" and "login_type"
#
if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) {
    header("Location: ../customer/error_message.php?access_denied");
    exit();
}

if ($login_type!=$current_area && !empty($login)) {
    $logged=$login;
    $login="";
}
elseif ($login_type==$current_area && !empty($logged)) {
        $login=$logged;
        $logged="";
}

$LoginCookie = $_COOKIE['LoginCookie'];
$LoginTypeCookie = $_COOKIE['LoginTypeCookie'];
if ($LoginCookie != "" && $LoginTypeCookie == "C") {
$login = $LoginCookie;
$login_type = $LoginTypeCookie;
$logged = $login;
}

session_register("login");
session_register("login_type");
session_register("logged");

if($login) {
        $user_account=func_query_first("select login, membership from $sql_tbl[customers] where login='$login'");
        if(empty($user_account)) {
                $login="";
                $login_type="";
        }
}

$smarty->assign("login",$login);
$smarty->assign("usertype",$current_area);

?>

Open up /include/login.php and find where it says this:

Code:
# 1) generate $last_login by current timestamp and update database
# 2) insert entry into login history

                db_query("update $sql_tbl[customers] set last_login='".time()."' where login='$login'");
                db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$username',now(),'$usertype','login','success','$REMOTE_ADDR')");

AFTER that, add this:

Code:
#
# Set Remember Login
#
if ($login_type == "C" && $remember == "Y") { include "../modules/Save_Login/set_cookie.php"; }

Also in include/login.php find this:

Code:
if($mode=="logout") {
#
# Insert entry into login_history
#
        db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$login',now(),'$login_type','logout','success','$REMOTE_ADDR')");

AFTER that add:

Code:
include "../modules/Save_Login/reset_cookie.php";

Open up skin1/auth.tpl (Note: I believe I've made some slight changes to this file, maybe just adding the "navlink" class). File should look similar to this:

Code:
{* $Id: auth.tpl,v 1.19 2002/09/10 12:36:33 zorg Exp $ *}

{literal}
<script LANGUAGE="JavaScript">
<!--
function confirmSubmit() {
if (document.authform.remember.checked == true) {
alert("By choosing to remain logged in all the time, others on your computer can access your account. Though we will never store credit card information, you will be held responsible for any orders placed on your account. In the future you can log out by clicking: Logoff");
document.authform.submit();
}
}
// -->
</script>
{/literal}
<TABLE border=0 cellPadding=5 cellSpacing=0 width=100%>
<FORM action=../include/login.php method=post name=authform>

<tr><td class="TableRight" colspan=2>
{if $usertype eq "C" or ($usertype eq "B" and $config.Modules.partner_register eq "Y")}<font face="verdana" size="1">Register Free|{/if}Lost Pass</font>
</td></tr>
<tr><td class="TableRight" colspan=2>
<font class="TableRight">{$lng.lbl_username}</font>

<input type=text name=username size=16 class="box">

<font class="TableRight">{$lng.lbl_password}</font>

<input type=password name=password size=16 class="box">

<input type=hidden name=mode value=login>
{if $active_modules.Simple_Mode ne "" and $usertype ne "C" and $usertype ne "B"}
<input type=hidden name=usertype value="P">
{else}
<input type=hidden name=usertype value="{$usertype}">
{/if}
<input type=hidden name=redirect value="{$redirect}">


<input type="checkbox" name="remember" value="Y"> <font size="1">Remember Me</font>

</td></tr>
<tr>
<td height=20 valign="bottom" colspan="2" class="TableRight">
<a class="navlink" onclick="confirmSubmit()">{include file="buttons/login_menu.tpl"}</a>

</td>
</tr>
</form>
</table>

Jon 05-23-2003 12:56 PM
I'm by no means a programming expert, anybody see any security flaws.

There might be an issue with being able to fake cookies.

machnhed1 05-23-2003 12:59 PM
Been watching your posts for a while now. I haven't dissected the code yet, but regardless of the outcome - kudos on the work.

Jon 05-23-2003 01:11 PM
Thanks. I plan on creating a new reality TV show: The making of an automatic login script :P

Definitely a cookies issue here, password will likely need to be written to a cookie and verified as well, however that could create a security issue in that the password can be pulled from the cookie.

anoack 05-23-2003 01:17 PM
Quote:
Originally Posted by Jon
Thanks. I plan on creating a new reality TV show: The making of an automatic login script

Oh yeah? I heard FOX was going to produce it

Jon 05-23-2003 01:19 PM
Naturally.


All times are GMT -8. The time now is 05:44 AM.
Page 2 of 7 < 1 2 34 > Last »
Show 40 posts from this thread on one page

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.