You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 174 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Nuke Cookies Setting [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Sun Feb 13, 2005 10:22 pm Reply with quoteBack to top

This is a basic WIP (work-in-progress) to be a proof-of-concept in testing out Nuke cookies. The Goal: to set the cookies to use the settings defined in the Forums Configuration, namely
cookie_name
cookie_path
cookie_domain
cookie_secure

It will require modifying of all setcookie functions throughout phpNuke. This should allowed shared cookies on same domain names and multiple phpNuke on the same domain to function correctly.

As I am using this on phpNuke 6.9 with some mods, I may miss some things. Please tell me if you encounter problems.

Code:


--- [EDIT admin.php] ---

AFTER

<?php

ADD

if (isset($_COOKIE["YOURCOOKIENAME_admin"]))
{
    $admin = $_COOKIE["YOURCOOKIENAME_admin"];
}

--- [EDIT mainfile.php] ---

AFTER
if (!ini_get("register_globals")) {
    import_request_variables('GPC');
}

ADD
if (isset($_COOKIE["YOURCOOKIENAME_user"]))
{
    $user = $_COOKIE["YOURCOOKIENAME_user"];
}
if (isset($_COOKIE["YOURCOOKIENAME_admin"]))
{
    $admin = $_COOKIE["YOURCOOKIENAME_admin"];
}
if (isset($_COOKIE["YOURCOOKIENAME_lang"]))
{
    $lang = $_COOKIE["YOURCOOKIENAME_lang"];
}

AFTER

$tipath = "images/topics/";
$mtime = microtime();
$mtime = explode(" ",$mtime);
$mtime = $mtime[1] + $mtime[0];
$start_time = $mtime;

ADD

   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name=
'cookie_name'"));
   $cookiename = $row['config_value'];
   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_path'"));
   $cookiepath = $row['config_value'];
   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_domain'"));
   $cookiedomain = $row['config_value'];
   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_secure'"));
   $cookiesecure = $row['config_value'];

function setcookie2($cname,$cdata=0,$ctime=0)
{
    global $cookiename,$cookiepath,$cookiedomain,$cookiesecure;

    setcookie($cookiename . "_" . $cname, $cdata,$ctime,$cookiepath,$cookiedomain,$cookiesecure);
}


--- [FOLLOWING FILES] ---
in
mainfile.php
admin.php
auth.php (for phpNuke 7.4 and early, ignore for 7.5+)
includes/asfunc.php (if you have Admin Secure)
includes/usercp_register.php (still uses phpNuke code)
modules/News/article.php
modules/News/index.php
modules/Your_Account/index.php


Ignore (already includes correct forums code)
includes/sessions.php
modules/Forums/index.php
modules/Forums/posting.php
modules/Forums/viewforum.php
modules/Forums/viewtopic.php



FIND ALL INSTANCES OF
setcookie(

INLINE REPLACE WITH
setcookie2(

--- [EDIT includes/asfunc.php] ---
(For Admin Secure 1.7 users only!)

FIND

function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}

REPLACE WITH

function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}global $cookiename;$name=$cookiename."_".$name;if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}



_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding

Last edited by Evaders99 on Mon Feb 21, 2005 5:54 pm; edited 6 times in total
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Sun Feb 13, 2005 10:58 pm Reply with quoteBack to top

I did some minor tweaks.

Unforunately, the $user cookie is read and cleaned before the database itself is loaded. This means you can't access the cookie_name itself from the database. Thus I had to include a YOURCOOKIENAME constant in the first code change to get this to work. Please change that to whatever cookie_name that you set in your Forums config

ie.
If you set "mysite" as the cookie name, the entire quotes should look like "mysite_user"


* Edit: There is still an issue getting the admin cookie to work with Admin Secure using HTTP authentication. I am working on the problem.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Feb 14, 2005 11:34 pm Reply with quoteBack to top

Okay, I implemented a decent fix for those using Admin Secure.
It's not perfect, I get sometimes where the HTTP Authentication brings you to the phpNuke admin login screen. But hey, a second login never hurts.

Some other changes, I added a cookie retrieval code to admin.php.
I added the lang cookie as another to be retreived before hand.
I also changed the position of the mainfile.php code to cover the lang statements below it.

Give me some feedback if it works or doesn't on your site.
Don't use on a production site unless you know what you're doing and have made proper backups.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Mesum
Support Staff
Support Staff


Joined: Mar 11, 2003
Posts: 842

Location: Chicago

PostPosted: Tue Feb 15, 2005 12:48 am Reply with quoteBack to top

I am going to bookmark this page for future. Nice work mate.

_________________
Only FREE Dating site for Desis.
Find all posts by MesumView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN Messenger
Xyberian
Colonel
Colonel


Joined: Mar 14, 2004
Posts: 1939

Location: Behind you

PostPosted: Tue Feb 15, 2005 5:56 am Reply with quoteBack to top

Good job, evader.
I am trying yours in my local server and works great.
Plaud it.

_________________
Home of the Enterprise PHP-NUKE
Find all posts by XyberianView user's profileSend private messageVisit poster's website
Mesum
Support Staff
Support Staff


Joined: Mar 11, 2003
Posts: 842

Location: Chicago

PostPosted: Tue Feb 15, 2005 3:30 pm Reply with quoteBack to top

If you are using 6.9 patched by chatserv, any other version can use this feature as well.
Question: YOURCOOKIENAME, do I have to change them to suit my needs or can leave them as they are?

_________________
Only FREE Dating site for Desis.
Find all posts by MesumView user's profileSend private messageVisit poster's websiteAIM AddressYahoo MessengerMSN Messenger
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Tue Feb 15, 2005 5:54 pm Reply with quoteBack to top

I am assuming this works for all versions, since there's been no real change in how phpNuke sets cookies.

Until I can figure out a better way, you will have to change YOURCOOKIENAME to match the "Cookie name" in your Forums configuration

I am going to be setting up a subdomain so I can test this through multiple sites, see if the cookie actually does transfer from site to site.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Xyberian
Colonel
Colonel


Joined: Mar 14, 2004
Posts: 1939

Location: Behind you

PostPosted: Tue Feb 15, 2005 6:14 pm Reply with quoteBack to top

I tested your work under phpnuke 7.4/7.5/7.6 with/without security patch.
No trouble at all.
Very excellently works.

_________________
Home of the Enterprise PHP-NUKE
Find all posts by XyberianView user's profileSend private messageVisit poster's website
NoFantasy
Nuke Cadet
Nuke Cadet


Joined: Feb 21, 2005
Posts: 2

Location: root_path

PostPosted: Mon Feb 21, 2005 2:17 am Reply with quoteBack to top

This looks great, and might be something i've been looking for. I just got a few questions before I begin to alter my phpnuke7.5-files.

Will this work on http://www.domain.com vs http://sub.domain.com? Or is it intended to work only on http://www.domain.com vs http://www.domain.com/sub/?

I have several sub.domain.com i want to use the same database as www.domain.com. I've managed to achive my goal so far, they share common userbase and forumbase aswell as a few other tables. Only thing now is to get the cookie-thing working so that users freely can travel from www.domain.com to sub.domain.com without struggeling.
Find all posts by NoFantasyView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Feb 21, 2005 1:55 pm Reply with quoteBack to top

Supposedly this will work across all parts of your site if you set cookie_domain = "mysite.com", everything from www.mysite.com to sub.mysite.com

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
NoFantasy
Nuke Cadet
Nuke Cadet


Joined: Feb 21, 2005
Posts: 2

Location: root_path

PostPosted: Mon Feb 21, 2005 3:56 pm Reply with quoteBack to top

Next 'problem'
This is from Changes.txt included in 7.5-package:
Quote:
September 2004: Version 7.5
===========================
- Removed auth.php and all its functions added to admin.php (Thanks to Chatserv from http://www.nukeresources.com)
You can safely delete auth.php after update to this version.
Shocked
Since I have a fresh install of 7.5, auth.php is not present.

Anyway, I have made changes to the rest of the files as described above, uploaded and tried to log in. Both user-login and admin-login failed (white page). Also tried to use the auth.php from 7.4, with same result. Rolling Eyes

Edit: Sorry, just had to delete old cookies first. Working fine now, trying to cross nuke-sites tomorrow. Still, those with clean 7.5-installation might be confused over the missing auth.php, as I did Very Happy
Find all posts by NoFantasyView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Mon Feb 21, 2005 5:53 pm Reply with quoteBack to top

Ah right. I hadn't tested it on 7.5. I'll make a note of that.
Hope things work for you

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
djechelon
Nuke Soldier
Nuke Soldier


Joined: Nov 11, 2004
Posts: 10


PostPosted: Sat May 21, 2005 3:06 am Reply with quoteBack to top

Thanks for reporting me about this topic.

Why don't you "simply" replace all setcookie() functions with a custom cookie_set() function?
http://nukecops.com/modules.php?name=Forums&file=viewtopic&p=183906#183906
It will be easy to access RSA encryption for both "user" and "admin" cookies.
On that phpMyBitTorrent I talked you about I use a custom function for user login, the only event for RSA encryption. Try to look at my source code (file functions.php and table torrent_config)...

_________________
DJ Echelon
Master of Bit Torrent

WEBMASTER OF http://www.p2pmania.it
CHIEF ENGINEER OF http://phpmybittorrent.com Open Source Bit Torrent Portal
Find all posts by djechelonView user's profileSend private messageVisit poster's website
Who
Nuke Soldier
Nuke Soldier


Joined: Nov 13, 2004
Posts: 19


PostPosted: Wed Nov 23, 2005 9:46 pm Reply with quoteBack to top

Thanks So much for this topic its godly!

just one thing to note is in mainfile.php I had to change the following, around line 240
Code:
// This block of code makes sure $admin and $user are COOKIES

if((isset($admin) && $admin != $_COOKIE['YOURCOOKIENAME_admin']) OR (isset($user) && $user != $_COOKIE['YOURCOOKIENAME_user'])) {


Also whilest on the topic of cookies, I have one site, and two domain names, cooldomain.tld and hotdomain.tld is there any way possible to make a login at cooldomain.tld valid at hotdomain.tld?
Find all posts by WhoView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed Nov 23, 2005 9:51 pm Reply with quoteBack to top

I really haven't tried so much, but it seems to work in all versions.
Yes, that change is for the Patched files, haven't updated this guide in a while.

No, unfortunately not. The cookies are stored by domain, there's not a way that I know of to read a different cookie.

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.048 Seconds - 185 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::