You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 148 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Login remember me function [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

Login remember me function
 
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
Author Message
Apocca
Nuke Cadet
Nuke Cadet


Joined: Mar 21, 2004
Posts: 2
PostPosted: Sun Jun 13, 2004 8:13 am Reply with quoteBack to top
Didn't know where to exactly post this. Move it please if it's in the wrong forum.

I've added a piece of code to the Your_Account module.
A simply checkbox 'user_remember' to let the users set this if they want to be logged in after they close their browser, or logged off when do close it.

I changed the docookie function to this:

Code:
function docookie($setuid, $setusername, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme, $setcommentmax) {
    global $user_remember;
    $info = base64_encode("$setuid:$setusername:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme:$setcommentmax");
    if($user_remember == "1") {
        setcookie("user","$info",time()+2592000);   //60*60*24*30 = 30 days
    }
    else {
        setcookie("user","$info"); // don't remember
    }
}


Is this correct and mostly secure?
Find all posts by ApoccaView user's profileSend private message
madman
Support Mod
Support Mod


Joined: Feb 15, 2004
Posts: 806
PostPosted: Sun Jun 13, 2004 2:12 pm Reply with quoteBack to top
Yes, the code is correct.
Alternatively, you can use this:

Code:
if ( !isset($user_remember) || (intval($user_remember) != 1) )
{
  setcookie("user","$info");
}
 else
{
  setcookie("user","$info",time()+2592000);   //60*60*24*30 = 30 days
}


If you concern with security, you can evaluate all arguments passed to this function. For example:

Code:
if ( ($setusername == '') || !preg_match('/^[a-zA-Z0-9_-]+$/', $setusername) ) die('some illegal username warning here');
if ( ($setpass == '') || !preg_match('/^[a-fA-F0-9]{32}$/', $setpass) ) die('some illegal password warning here');

_________________
I'm Image
Find all posts by madmanView user's profileSend private messageVisit poster's websiteYahoo MessengerMSN Messenger
edenite
Nuke Cadet
Nuke Cadet


Joined: Oct 08, 2003
Posts: 6
PostPosted: Tue Jun 15, 2004 6:31 pm Reply with quoteBack to top
Where can I find the rest of this code. I wish to apply this remember_me function. I searched lik crazy but I cant find it. Smile
Find all posts by edeniteView user's profileSend private message
zhenghe
Nuke Cadet
Nuke Cadet


Joined: Oct 11, 2005
Posts: 6
PostPosted: Tue Nov 08, 2005 12:21 am Reply with quoteBack to top
Well, sorry for bumping this, but i've been trying to find something like this for a while, to no avail...
i tried to build this myself, with the new function. Well, I add the checkbox and change the docookie function, but what else? I don't know how to pass the value of the checkbox to a global var to be used in do cookie Crying or Very sad

Any help?
Find all posts by zhengheView user's profileSend private message
zhenghe
Nuke Cadet
Nuke Cadet


Joined: Oct 11, 2005
Posts: 6
PostPosted: Tue Nov 08, 2005 9:55 am Reply with quoteBack to top
BTW, does it have to be with register_globals from my host? I mean, I cannot find, for example, where the login function in your_account gets its parameters passed... it may be i'm not killing edge with php Embarassed but i cannot find it anyway.
any hint? i think i can work it all out by myself if i get to pass that variable, or better, if i get to make it global somehow...

thanks
Find all posts by zhengheView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482
PostPosted: Tue Nov 08, 2005 2:26 pm Reply with quoteBack to top
The variables are registered in phpNuke whether or not register_globals is enabled.

If register_globals is enabled, then it is fine.
If not, phpNuke uses import_request_variables to do the same thing

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
zhenghe
Nuke Cadet
Nuke Cadet


Joined: Oct 11, 2005
Posts: 6
PostPosted: Tue Nov 08, 2005 11:20 pm Reply with quoteBack to top
So i only need some like this in main and docookie

Code:
function main($user) {
    global $stop, $module_name, $redirect, $mode, $t, $f;
   global $user_remember;
    if(!is_user($user)) {
   include("header.php");
   echo "<img border=\"0\" src=\"themes/Nuke_Octopus/images/barralogin.jpg\">";
/*    if ($stop) {
       OpenTable();
       echo "<center><font class=\"title\"><b>"._LOGININCOR."</b></font></center>\n";
       CloseTable();
       echo "<br>\n";
   } else {
       OpenTable();
       echo "<center><font class=\"title\"><b>"._USERREGLOGIN."</b></font></center>\n";
       CloseTable();
       echo "<br>\n";
   } */
   if (!is_user($user)) {
       OpenTable();
       mt_srand ((double)microtime()*1000000);
       $maxran = 1000000;
       $random_num = mt_rand(0, $maxran);
       echo "<br><form action=\"modules.php?name=$module_name\" method=\"post\">\n"
      ."<b>"._USERLOGIN."</b><br><br>\n"
      ."<table border=\"0\"><tr><td>\n"
      .""._NICKNAME.":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n"
      ."<tr><td>"._PASSWORD.":</td><td><input type=\"password\" name=\"user_password\" size=\"15\" maxlength=\"20\"></td></tr>\n";
       if (extension_loaded("gd")) {
      echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='modules.php?name=$module_name&op=gfx&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>\n"
          ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>\n"
          ."<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
       }
      echo "<tr><td>¿Recordarte en este equipo?:</td><td><input type=\"checkbox\" name=\"user_remember\" value =\"0\"></td></tr>\n";
      echo "<tr><td colspan=\"2\">(No lo selecciones si est&aacute;s en un terminal p&uacute;blico)</td></tr>\n";

       echo "</table><input type=\"hidden\" name=\"redirect\" value=$redirect>\n"
      ."<input type=\"hidden\" name=\"mode\" value=$mode>\n"
      ."<input type=\"hidden\" name=\"f\" value=$f>\n"
      ."<input type=\"hidden\" name=\"t\" value=$t>\n"
      ."<input type=\"hidden\" name=\"op\" value=\"login\">\n"
      ."<input type=\"submit\" value=\""._LOGIN."\"></form><br>\n\n"
      ."<center><font class=\"content\">[ <a href=\"modules.php?name=$module_name&amp;op=pass_lost\">"._PASSWORDLOST."</a> | <a href=\"modules.php?name=$module_name&amp;op=new_user\">"._REGNEWUSER."</a> ]</font></center><br>\n";
       CloseTable();
   }
   include("footer.php");
    } elseif (is_user($user)) {
        global $cookie;
        cookiedecode($user);
        userinfo($cookie[1]);
    }
}


Code:
function docookie($setuid, $setusername, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme, $setcommentmax) {
    global $user_remember;

   if ( ($setusername == '') || !preg_match('/^[a-zA-Z0-9_-]+$/', $setusername) ) die('Mensaje de la sala: nombre de usuario ilegal');
   if ( ($setpass == '') || !preg_match('/^[a-fA-F0-9]{32}$/', $setpass) ) die('Mensaje de la sala: password ilegal');
 
    $info = base64_encode("$setuid:$setusername:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme:$setcommentmax");
   if ( !isset($user_remember) || (intval($user_remember) != 1) )
   {
     setcookie("user","$info");
   }
    else
   {
     setcookie("user","$info",time()+2592000);   //60*60*24*30 = 30 days
   }
//    setcookie("user","$info",time()+2592000);
}


and that's it? or do i have something to do in the login function?

thx

-edit-

well, i did it that way and didn't work... i tried it echoing the $user_remember var in user_info, that gets called after a successful login, and it was always 0, as in init. Crying or Very sad

what am i doing wrong?

thanks again
Find all posts by zhengheView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view Nuke Cops Forum Index » Nuke Security
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.608 Seconds - 318 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::