Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Making it so they don't have to re-login everytime
 
Reply
   X-Cart forums > X-Cart 4 > Changing and adding new features
 
Thread Tools Search this Thread
  #11  
Old 05-22-2003, 12:17 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

My assumption is that you need to set a seperate cookie, and then read from that cookie to start a new session when they return.
Reply With Quote
  #12  
Old 05-22-2003, 01:05 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Ok. So we set a cookie:

Create a sub-folder in the Modules folder called: Save_Login

Create a file in the sub-folder called: set_cookie.php and put this code in it:

Code:
// Set cookie with login name $savelogin = $user_data['login']; setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host); $savelogintype = C; setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host);

Then open /include/login.php and find this code:

Code:
db_query("update $sql_tbl[customers] set last_login='".time()."' where login='$login'"); db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$username',now(),'$usertype','login','success','$REMOTE_ADDR')");

AFTER that put:

Code:
# # Set Remember Login Cookie # if ($login_type == "C") { include "../modules/Save_Login/set_cookie.php"; }

If the person is a customer, they now have a LoginCookie set under the domain name containing "username" and "logintype" where C is the userlevel, set to expire in 6 months.

Now we need to read from that cookie. (I'm documenting the process but don't believe this code to be correct until the process is finished).
Reply With Quote
  #13  
Old 05-22-2003, 01:11 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Looks like there's some protection in check_useraccount.php against faking cookies or session variables:

Code:
if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) { header("Location: ../customer/error_message.php?access_denied"); exit(); }

Please be encourage to make this monologue a dialogue
Reply With Quote
  #14  
Old 05-22-2003, 06:48 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Got it to work, will post full modification for feedback, criticism and security checks shortly.
Reply With Quote
  #15  
Old 05-23-2003, 12:35 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Here's what's needed. I'm using I beleive 3.2.2, not positive on that.

Create a sub-folder in the Modules folder called: Save_Login

Create a file in the sub-folder called: set_cookie.php and put this code in it:

Code:
<? // Set cookie with login name $savelogin = $user_data['login']; setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host); $savelogintype = C; setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host); ?>

Create another file in that subfolder called: reset_cookie.php with this code in it:

Code:
<? // Set cookie with login name $savelogin = ""; setcookie("LoginCookie", $savelogin, time()+3600*24*180, "/", $xcart_http_host); $savelogintype = ""; setcookie("LoginTypeCookie", $savelogintype, time()+3600*24*180, "/", $xcart_http_host); ?>

Open include/check_useraccount.php and change to look like this:

Code:
<? # # $Id: check_useraccount.php,v 1.12.2.4 2002/12/11 12:29:10 svowl Exp $ # # This script authenticates user (session variables "login" and "login_type" # if ($HTTP_POST_VARS["login"] || $HTTP_GET_VARS["login"] || $HTTP_COOKIE_VARS["login"] || $HTTP_POST_VARS["login_type"] || $HTTP_GET_VARS["login_type"] || $HTTP_COOKIE_VARS["login_type"]) { header("Location: ../customer/error_message.php?access_denied"); exit(); } if ($login_type!=$current_area && !empty($login)) { $logged=$login; $login=""; } elseif ($login_type==$current_area && !empty($logged)) { $login=$logged; $logged=""; } $LoginCookie = $_COOKIE['LoginCookie']; $LoginTypeCookie = $_COOKIE['LoginTypeCookie']; if ($LoginCookie != "" && $LoginTypeCookie == "C") { $login = $LoginCookie; $login_type = $LoginTypeCookie; $logged = $login; } session_register("login"); session_register("login_type"); session_register("logged"); if($login) { $user_account=func_query_first("select login, membership from $sql_tbl[customers] where login='$login'"); if(empty($user_account)) { $login=""; $login_type=""; } } $smarty->assign("login",$login); $smarty->assign("usertype",$current_area); ?>

Open up /include/login.php and find where it says this:

Code:
# 1) generate $last_login by current timestamp and update database # 2) insert entry into login history # db_query("update $sql_tbl[customers] set last_login='".time()."' where login='$login'"); db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$username',now(),'$usertype','login','success','$REMOTE_ADDR')");

AFTER that, add this:

Code:
# # Set Remember Login # if ($login_type == "C" && $remember == "Y") { include "../modules/Save_Login/set_cookie.php"; }

Also in include/login.php find this:

Code:
if($mode=="logout") { # # Insert entry into login_history # db_query("insert into $sql_tbl[login_history] (login, date_time, usertype, action, status, ip) values ('$login',now(),'$login_type','logout','success','$REMOTE_ADDR')");

AFTER that add:

Code:
include "../modules/Save_Login/reset_cookie.php";

Open up skin1/auth.tpl (Note: I believe I've made some slight changes to this file, maybe just adding the "navlink" class). File should look similar to this:

Code:
{* $Id: auth.tpl,v 1.19 2002/09/10 12:36:33 zorg Exp $ *} {literal} <script LANGUAGE="JavaScript"> <!-- function confirmSubmit() { if (document.authform.remember.checked == true) { alert("By choosing to remain logged in all the time, others on your computer can access your account. Though we will never store credit card information, you will be held responsible for any orders placed on your account. In the future you can log out by clicking: Logoff"); document.authform.submit(); } } // --> </script> {/literal} <TABLE border=0 cellPadding=5 cellSpacing=0 width=100%> <FORM action=../include/login.php method=post name=authform> <tr><td class="TableRight" colspan=2> {if $usertype eq "C" or ($usertype eq "B" and $config.Modules.partner_register eq "Y")}<font face="verdana" size="1">Register Free|{/if}Lost Pass</font> </td></tr> <tr><td class="TableRight" colspan=2> <font class="TableRight">{$lng.lbl_username}</font> <input type=text name=username size=16 class="box"> <font class="TableRight">{$lng.lbl_password}</font> <input type=password name=password size=16 class="box"> <input type=hidden name=mode value=login> {if $active_modules.Simple_Mode ne "" and $usertype ne "C" and $usertype ne "B"} <input type=hidden name=usertype value="P"> {else} <input type=hidden name=usertype value="{$usertype}"> {/if} <input type=hidden name=redirect value="{$redirect}"> <input type="checkbox" name="remember" value="Y"> <font size="1">Remember Me</font> </td></tr> <tr> <td height=20 valign="bottom" colspan="2" class="TableRight"> <a class="navlink" onclick="confirmSubmit()">{include file="buttons/login_menu.tpl"}</a> </td> </tr> </form> </table>
Reply With Quote
  #16  
Old 05-23-2003, 12:56 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

I'm by no means a programming expert, anybody see any security flaws.

There might be an issue with being able to fake cookies.
Reply With Quote
  #17  
Old 05-23-2003, 12:59 PM
 
machnhed1 machnhed1 is offline
 

eXpert
  
Join Date: Feb 2003
Location: Illinois
Posts: 274
 

Default

Been watching your posts for a while now. I haven't dissected the code yet, but regardless of the outcome - kudos on the work.
__________________
Following the signature guidelines : xcart pro 3.5.8 - [RedHat]
Reply With Quote
  #18  
Old 05-23-2003, 01:11 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Thanks. I plan on creating a new reality TV show: The making of an automatic login script :P

Definitely a cookies issue here, password will likely need to be written to a cookie and verified as well, however that could create a security issue in that the password can be pulled from the cookie.
Reply With Quote
  #19  
Old 05-23-2003, 01:17 PM
  anoack's Avatar 
anoack anoack is offline
 

Senior Member
  
Join Date: Dec 2002
Location: Austin, TX
Posts: 113
 

Default

Quote:
Originally Posted by Jon
Thanks. I plan on creating a new reality TV show: The making of an automatic login script

Oh yeah? I heard FOX was going to produce it
Reply With Quote
  #20  
Old 05-23-2003, 01:19 PM
  Jon's Avatar 
Jon Jon is offline
 

X-Guru
  
Join Date: Oct 2002
Location: Vancouver, Canada
Posts: 4,174
 

Default

Naturally.
Reply With Quote
Reply
   X-Cart forums > X-Cart 4 > Changing and adding new features


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 11:05 AM.

   

 
X-Cart forums © 2001-2018