| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
Making it so they don't have to re-login everytime | ||||
|
|
Thread Tools | Search this Thread |
#31
|
|||||||
|
|||||||
and is there a way to only have the 'remember me' check box appear on the customer's home page, and not the admin page?
|
|||||||
#32
|
|||||||||
|
|||||||||
Re: One major bug I found
Quote:
I haven't had this problem. |
|||||||||
#33
|
|||||||||
|
|||||||||
Quote:
I have my admin section on a secure url, so I have seperate auth.tpl's. You could probably just edit your auth.tpl with something like this: Code:
|
|||||||||
#34
|
|||||||
|
|||||||
I just tried that. It does make the checkbox go away, but then when I try to login I get a cgi error. Also, I noticed that after I login with the checkbox, the only way it recoginzes when I logout is when I completely close the browser and reopen it.
|
|||||||
#35
|
|||||||||
|
|||||||||
I'm sure you've made errors in your coding.
I don't know how you get a cgi error when your working with php ?!? |
|||||||||
#36
|
|||||||
|
|||||||
Nice work, Jon.
I haven't looked at your code thoroughly, but right off the bat I'll give you some advice. The proper, secure way to store logins is to use sessions. The only thing you store on the user's machine is a cookie with the SESSIONID. When that cookie expires, the user is logged out. You then store the username/password in the session that matches the SESSIONID in the cookie. This way you don't need to work about encryption or any reverse engineering on the crypt method by a session hijacker. Ideally, Xcart should leave the user logged in forever, but then authenticate if the user goes into sensitive areas like Checkout, Modify Profile, Modify Credit Card, etc. This is how most large sites do it (e.g. Amazon). |
|||||||
#37
|
|||||||||
|
|||||||||
X-Cart does use sessions to store auth info. Sessions generally expire. That's the point of all this cookie talk. Nobody wants to store inactive sessions in their database for months on end.
__________________
www.brettbrewer.com Getting back into x-cart dev after a long hiatus. Modded lots of x-carts from version 3.1.x to 4.1.x. Developer of ImageScaler mod, Pre-login per user coupon mod, Wordpress feed mod, DigitalSubscriptions mod, Phonetic bulk download keys addon for DownloadExpander mod, Serial Number Generator for ESD products, Custom CMS/LMS integrations, external products mod, and more. |
|||||||||
#38
|
|||||||
|
|||||||
Hmm, I had this working on 3.4.14 but can't get it to work on 3.5.x, anyone else have any luck using this for 3.5.x? If you did, can you please paste your code for login.php, check_useraccount.php and auth.tpl?
Thanks |
|||||||
#39
|
|||||||
|
|||||||
Jon: I am anxious to try this mod, but I have 2 things I want to discuss first.
1: Does it work woth 4.0.X? 2: Can you please repost in a single post, all the codes needed to be changed? I tried to follow along, but there are fixes for fixes posted later in the thread. An all-in-one reply would be great, so we can just follow along in a single post rather than jumping all around. And hey, thanks for the awesome job. People like you keep this place alive.
__________________
4.1.7 X-Cart Gold Product Configurator Module Advanced Order Management Module RMA Module Feature Compare Module Blue Dream theme by 7Dana.com |
|||||||
#40
|
|||||||||
|
|||||||||
I don't know what versions it will work on, likely it would need adaptation for the 3.5.x and 4.0.x versions. I don't have time to work on this.
Jon |
|||||||||
|
|||
X-Cart forums © 2001-2020
|