Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Making it so they don't have to re-login everytime
 
Reply
   X-Cart forums > X-Cart 4 > Changing and adding new features
 
Thread Tools Search this Thread
  #21  
Old 05-23-2003, 01:19 PM
 
machnhed1 machnhed1 is offline
 

eXpert
  
Join Date: Feb 2003
Location: Illinois
Posts: 274
 

Default

Quote:
Originally Posted by Jon
Thanks. I plan on creating a new reality TV show: The making of an automatic login script :P

Definitely a cookies issue here, password will likely need to be written to a cookie and verified as well, however that could create a security issue in that the password can be pulled from the cookie.

If that's true it means you gotta encrypt the password - ugh.
__________________
Following the signature guidelines : xcart pro 3.5.8 - [RedHat]
Reply With Quote
  #22  
Old 05-23-2003, 04:51 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,175
 

Default

Got that worked out.

The crypted password is stored as a variable, so I stored it in a cookie. I then included the login, logintype, and password to query the database. Since the password in the database is crypted, I didn't have to decrypt it. If the query returns null, the person is not logged in.

Changes to previous code:

reset_cookie.php

Code:
<? // Set cookie with login name $savelogin = ""; setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host); $savelogintype = ""; setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host); $saveloginpass = ""; setcookie("LoginPassCookie", $saveloginpass, time()+3600*24*180, "/", $xcart_http_host); ?>

set_cookie.php

Code:
<? // Set cookie with login name $savelogin = $user_data['login']; setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host); $savelogintype = C; setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host); $saveloginpass = $user_data['password']; setcookie("LoginPassCookie", $saveloginpass, time()+3600*24*180, "/", $xcart_http_host); ?>

include/check_useraccount.php


Code:
$LoginCookie = $_COOKIE['LoginCookie']; $LoginTypeCookie = $_COOKIE['LoginTypeCookie']; $LoginPassCookie = $_COOKIE['LoginPassCookie']; $user_data=func_query_first("select * from $sql_tbl[customers] where login='$LoginCookie' and usertype='$LoginTypeCookie' and status='Y' and password='$LoginPassCookie'"); if (!empty($user_data) && $LoginCookie != "" && $LoginTypeCookie == "C") { $login = $LoginCookie; $login_type = $LoginTypeCookie; $logged = $login; }
Reply With Quote
  #23  
Old 07-08-2003, 06:14 AM
 
stryker898 stryker898 is offline
 

Senior Member
  
Join Date: Jan 2003
Posts: 113
 

Default

This is definitely a worthy mod. Can someone bump this to the Custom Templates. Also, have you check to see if this works after implementation? I would like to use this, but don't want to risk hacking my site to screw something else up. Thanks for you hard work and for posting it.

Chris
__________________
Never take life too seriously, cause none of us are getting out of here alive!
Reply With Quote
  #24  
Old 07-08-2003, 09:58 AM
  anoack's Avatar 
anoack anoack is offline
 

Senior Member
  
Join Date: Dec 2002
Location: Austin, TX
Posts: 113
 

Default

I installed this and it seemed to work just great.
Actually it worked perfect!
But, our worst dreams have come true. There is a major security flaw.
If you go on the website and login and then go to /admin you are logged in as admin as a normal user.
From there I was able to access admin functions and look at orders, make product changes... Not good!
ACK!
Reply With Quote
  #25  
Old 07-08-2003, 11:46 AM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,175
 

Default

Sorry, i did find that error in my beta testing but didn't think to post up the fix.

I believe I fixed this by adding current_area to my check_useraccount.php

Code:
<? # # $Id: check_useraccount.php,v 1.12.2.4 2002/12/11 12:29:10 svowl Exp $ # # This script authenticates user (session variables "login" and "login_type" # if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) { header("Location: ../shop/error_message.php?access_denied"); exit(); } if ($_REQUEST["login"]) { header("Location: ../home/error_message.php?access_denied"); exit(); } if ($login_type!=$current_area && !empty($login)) { $logged=$login; $login=""; } elseif ($login_type==$current_area && !empty($logged)) { $login=$logged; $logged=""; } if ($current_area == "C") { $LoginCookie = $_COOKIE['LoginCookie']; $LoginTypeCookie = $_COOKIE['LoginTypeCookie']; $LoginPassCookie = $_COOKIE['LoginPassCookie']; $user_data=func_query_first("select * from $sql_tbl[customers] where login='$LoginCookie' and usertype='$LoginTypeCookie' and status='Y' and password='$LoginPassCookie'"); } if (!empty($user_data) && $LoginCookie != "" && $LoginTypeCookie == "C") { $login = $LoginCookie; $login_type = $LoginTypeCookie; $logged = $login; } session_register("login"); session_register("login_type"); session_register("logged"); if($login) { $user_account=func_query_first("select login, membership from $sql_tbl[customers] where login='$login'"); $name=func_query_first("select firstname,lastname from $sql_tbl[customers] where login='$login'"); if(empty($user_account)) { $login=""; $login_type=""; } } $smarty->assign("login",$login); $smarty->assign("name",$name); $smarty->assign("usertype",$current_area); ?>
Reply With Quote
  #26  
Old 07-08-2003, 11:50 AM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,175
 

Default

^^ The last part of that code I use to change the welcome back message, as I didn't want to greet them by their login name. Instead: Welcome back, firstname lastname!

If you want to use that as well, you can edit your authbox.tpl to use:

Code:
Welcome back, {$name[0]} {$name[1]}!
Reply With Quote
  #27  
Old 07-08-2003, 11:53 AM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,175
 

Default

I believe that takes care of everything. If anybody sees anything else, please let me know asap.
Reply With Quote
  #28  
Old 07-30-2003, 06:00 AM
 
toonarific toonarific is offline
 

Advanced Member
  
Join Date: Jul 2003
Posts: 92
 

Default

I tried this feature, and I followed every step, including the updates for security, and this is what happened

Code:
Warning: Failed opening '../modules/Save_Login/set_cookie.php' for inclusion (include_path='.;c:\php4\pear') in W:\www-toonarific\xcart\include\login.php on line 80 Warning: Cannot add header information - headers already sent by (output started at W:\www-toonarific\xcart\include\login.php:80) in W:\www-toonarific\xcart\modules\Greet_Visitor\set_cookie.php on line 39 Warning: Cannot add header information - headers already sent by (output started at W:\www-toonarific\xcart\include\login.php:80) in W:\www-toonarific\xcart\include\func.php on line 163

I reverted back to the normal state until this error goes away. Any help is greatly appreciated.
Reply With Quote
  #29  
Old 07-30-2003, 06:28 AM
 
toonarific toonarific is offline
 

Advanced Member
  
Join Date: Jul 2003
Posts: 92
 

Default

nevermind. I found my error
Reply With Quote
  #30  
Old 07-30-2003, 07:11 AM
 
toonarific toonarific is offline
 

Advanced Member
  
Join Date: Jul 2003
Posts: 92
 

Default One major bug I found

if a customer doesn't check the box, no matter how many times they try and login, it doesnt recognize them. only after they check the box does the store realize they want to log in
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Changing and adding new features


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 10:29 PM.

   

 
X-Cart forums © 2001-2020