Nuke Cookies Setting

Site Admin Joined: Aug 17, 2003 Posts: 12397

This is a basic WIP (work-in-progress) to be a proof-of-concept in testing out Nuke cookies. The Goal: to set the cookies to use the settings defined in the Forums Configuration, namely
cookie_name
cookie_path
cookie_domain
cookie_secure

It will require modifying of all setcookie functions throughout phpNuke. This should allowed shared cookies on same domain names and multiple phpNuke on the same domain to function correctly.

As I am using this on phpNuke 6.9 with some mods, I may miss some things. Please tell me if you encounter problems.

Code:

--- [EDIT admin.php] ---

AFTER

<?php

ADD

if (isset($_COOKIE["YOURCOOKIENAME_admin"]))
{
$admin = $_COOKIE["YOURCOOKIENAME_admin"];
}

--- [EDIT mainfile.php] ---

AFTER
if (!ini_get("register_globals")) {
import_request_variables('GPC');
}

ADD
if (isset($_COOKIE["YOURCOOKIENAME_user"]))
{
$user = $_COOKIE["YOURCOOKIENAME_user"];
}
if (isset($_COOKIE["YOURCOOKIENAME_admin"]))
{
$admin = $_COOKIE["YOURCOOKIENAME_admin"];
}
if (isset($_COOKIE["YOURCOOKIENAME_lang"]))
{
$lang = $_COOKIE["YOURCOOKIENAME_lang"];
}

AFTER

$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

ADD

$row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name=
'cookie_name'"));
$cookiename = $row['config_value'];
$row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_path'"));
$cookiepath = $row['config_value'];
$row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_domain'"));
$cookiedomain = $row['config_value'];
$row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_secure'"));
$cookiesecure = $row['config_value'];

function setcookie2($cname,$cdata=0,$ctime=0)
{
global $cookiename,$cookiepath,$cookiedomain,$cookiesecure;

setcookie($cookiename . "_" . $cname, $cdata,$ctime,$cookiepath,$cookiedomain,$cookiesecure);
}

--- [FOLLOWING FILES] ---
in
mainfile.php
admin.php
auth.php (for phpNuke 7.4 and early, ignore for 7.5+)
includes/asfunc.php (if you have Admin Secure)
includes/usercp_register.php (still uses phpNuke code)
modules/News/article.php
modules/News/index.php
modules/Your_Account/index.php

Ignore (already includes correct forums code)
includes/sessions.php
modules/Forums/index.php
modules/Forums/posting.php
modules/Forums/viewforum.php
modules/Forums/viewtopic.php

FIND ALL INSTANCES OF
setcookie(

INLINE REPLACE WITH
setcookie2(

--- [EDIT includes/asfunc.php] ---
(For Admin Secure 1.7 users only!)

FIND

function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}

REPLACE WITH

function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}global $cookiename;$name=$cookiename."_".$name;if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}

Site Admin Joined: Aug 17, 2003 Posts: 12397

I did some minor tweaks.

Unforunately, the $user cookie is read and cleaned before the database itself is loaded. This means you can't access the cookie_name itself from the database. Thus I had to include a YOURCOOKIENAME constant in the first code change to get this to work. Please change that to whatever cookie_name that you set in your Forums config

ie.
If you set "mysite" as the cookie name, the entire quotes should look like "mysite_user"

* Edit: There is still an issue getting the admin cookie to work with Admin Secure using HTTP authentication. I am working on the problem.

Site Admin Joined: Aug 17, 2003 Posts: 12397

Okay, I implemented a decent fix for those using Admin Secure.
It's not perfect, I get sometimes where the HTTP Authentication brings you to the phpNuke admin login screen. But hey, a second login never hurts.

Some other changes, I added a cookie retrieval code to admin.php.
I added the lang cookie as another to be retreived before hand.
I also changed the position of the mainfile.php code to cover the lang statements below it.

Give me some feedback if it works or doesn't on your site.
Don't use on a production site unless you know what you're doing and have made proper backups.

Posted: Tue Feb 15, 2005 12:48 am

I am going to bookmark this page for future. Nice work mate.

Posted: Tue Feb 15, 2005 5:56 am

Good job, evader.
I am trying yours in my local server and works great.
Plaud it.

Posted: Tue Feb 15, 2005 3:30 pm

If you are using 6.9 patched by chatserv, any other version can use this feature as well.
Question: YOURCOOKIENAME, do I have to change them to suit my needs or can leave them as they are?

Site Admin Joined: Aug 17, 2003 Posts: 12397

I am assuming this works for all versions, since there's been no real change in how phpNuke sets cookies.

Until I can figure out a better way, you will have to change YOURCOOKIENAME to match the "Cookie name" in your Forums configuration

I am going to be setting up a subdomain so I can test this through multiple sites, see if the cookie actually does transfer from site to site.

Posted: Tue Feb 15, 2005 6:14 pm

I tested your work under phpnuke 7.4/7.5/7.6 with/without security patch.
No trouble at all.
Very excellently works.

Posted: Mon Feb 21, 2005 2:17 am

This looks great, and might be something i've been looking for. I just got a few questions before I begin to alter my phpnuke7.5-files.

Will this work on http://www.domain.com vs http://sub.domain.com? Or is it intended to work only on http://www.domain.com vs http://www.domain.com/sub/?

I have several sub.domain.com i want to use the same database as www.domain.com. I've managed to achive my goal so far, they share common userbase and forumbase aswell as a few other tables. Only thing now is to get the cookie-thing working so that users freely can travel from www.domain.com to sub.domain.com without struggeling.

Site Admin Joined: Aug 17, 2003 Posts: 12397

Supposedly this will work across all parts of your site if you set cookie_domain = "mysite.com", everything from www.mysite.com to sub.mysite.com

Posted: Mon Feb 21, 2005 3:56 pm

Next 'problem'
This is from Changes.txt included in 7.5-package:

Quote:

September 2004: Version 7.5
===========================
- Removed auth.php and all its functions added to admin.php (Thanks to Chatserv from http://www.nukeresources.com)
You can safely delete auth.php after update to this version.

Since I have a fresh install of 7.5, auth.php is not present.

Anyway, I have made changes to the rest of the files as described above, uploaded and tried to log in. Both user-login and admin-login failed (white page). Also tried to use the auth.php from 7.4, with same result. Rolling Eyes

Edit: Sorry, just had to delete old cookies first. Working fine now, trying to cross nuke-sites tomorrow. Still, those with clean 7.5-installation might be confused over the missing auth.php, as I did Very Happy

Site Admin Joined: Aug 17, 2003 Posts: 12397

Ah right. I hadn't tested it on 7.5. I'll make a note of that.
Hope things work for you

Nuke Soldier Joined: Nov 11, 2004 Posts: 10

Thanks for reporting me about this topic.

Why don't you "simply" replace all setcookie() functions with a custom cookie_set() function?
http://nukecops.com/modules.php?name=Forums&file=viewtopic&p=183906#183906
It will be easy to access RSA encryption for both "user" and "admin" cookies.
On that phpMyBitTorrent I talked you about I use a custom function for user login, the only event for RSA encryption. Try to look at my source code (file functions.php and table torrent_config)...

Nuke Soldier Joined: Nov 13, 2004 Posts: 19

Thanks So much for this topic its godly!

just one thing to note is in mainfile.php I had to change the following, around line 240

Code:

// This block of code makes sure $admin and $user are COOKIES

if((isset($admin) && $admin != $_COOKIE['YOURCOOKIENAME_admin']) OR (isset($user) && $user != $_COOKIE['YOURCOOKIENAME_user'])) {

Also whilest on the topic of cookies, I have one site, and two domain names, cooldomain.tld and hotdomain.tld is there any way possible to make a login at cooldomain.tld valid at hotdomain.tld?

Site Admin Joined: Aug 17, 2003 Posts: 12397

I really haven't tried so much, but it seems to work in all versions.
Yes, that change is for the Patched files, haven't updated this guide in a while.

No, unfortunately not. The cookies are stored by domain, there's not a way that I know of to read a different cookie.