1

Topic: XtraCAD

This is the site I've set up for fellow engineering designers
http://www.xtracad.com

I've put a login form on my pages that ties in with my forum and uses the same cookie (you can login on the forum and logout on the site, or vice-versa). Also, on the forum page I've slightly modified the navigation bar so that "Home" takes you back to the site and "Forum" to the forum home page.

Btw: This really is an incredible programme Rickard. Congrats to you and the guys producing the mods - and the support on your forum is second to none.

I've been down so long it's beginning to look like up..

Re: XtraCAD

I like it. It's colorful and still feels professional :)

"Programming is like sex: one mistake and you have to support it for the rest of your life."

3

Re: XtraCAD

That really is a nice looking site. I normally don't like portal style sites becasuse they are cluttered but somehow you have made a lot of information available and still kept a nice clean look.

Any chance of you publishing your code for getting the login to work since it is something a lot of people have been asking about.

4

Re: XtraCAD

Paul wrote:

Any chance of you publishing your code for getting the login to work since it is something a lot of people have been asking about.

No problem. I'll do it tonight when I get home from work.

I've been down so long it's beginning to look like up..

5 (edited by JohnS 2004-02-02 21:11)

Re: XtraCAD

At the top of every page I place the following code. By changing the value 0 to 1 the page is restricted to logged-in members or, by changing the value to 2 it is restricted to admin only.

<?php
  include("../cgi-bin/auth.php");
  if($member < 0){
    header ("Location: fail.php");
  }
?>

Elsewhere on each page (or just the pages you wish to be able to login from) insert the following code:

<?php
     if ($member == 0){
       prn_login();
       } else {
      prn_loggedin($str, $uid);
     }
?>

This calls the functions in "auth.php" and, depending on whether or not you are logged in, displays one or other of the following:             
http://www.xtracad.com/images/notlogged.jpg

http://www.xtracad.com/images/logged.jpg

On submitting "Login" another file "qlogin.php" is called. This checks forum database for username and password and, if valid, sets punbb_cookie and refreshes page so that "auth.php" will detect member. Otherwise it redirects to the forum registration page.


Code for "qlogin.php" is as follows:

<?php

  if (isset($_GET['action'])){
    $action = $_GET['action'];
    if ($action == "out"){
      setcookie("punbb_cookie", "", time() -60, "/", "", 0);
      echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
      echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
      echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
      echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
      echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
      echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
      //header ("Location: $HTTP_REFERER");
      exit();
    }
    echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
    echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
    echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
    echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
    echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
    echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
    //header ("Location: $HTTP_REFERER");
  }

  if($submit == "Login") {
    include("../cgi-bin/dbconnect.php");
    $now = time();
    $expire = ($save_pass == '1') ? time() + 31536000 : 0;
    $cookie_domain = '';
    $cookie_path = '/';
    $cookie_secure = 0;

    $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
    if (! $link) {
      die ("Failed to link to Database");
    }

    mysql_select_db($mysqldb) or die ("Failed to connect to Database");
    $result = mysql_query("SELECT * FROM punbb_users WHERE username='$username'", $link);
      if($row = mysql_fetch_array($result)) {
        $subpword = md5($password);
        if($subpword == $row["password"]) {
          setcookie('punbb_cookie', serialize(array($username, $subpword, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
          mysql_close($link);
          header ("Location: $HTTP_REFERER");
        } else {
          mysql_close($link);
          header ("Location: forum/register.php");
        }
      } else {
        //forward to registration page
        mysql_close($link);
        header ("Location: forum/register.php");
      }
    mysql_close($link);
  }
  header ("Location: index.php");
?> 


Code for "auth.php" is as follows:

<?php

  function un_escape($str){
    return (get_magic_quotes_gpc() == 1) ? stripslashes($str) : $str;
  }

  if(isset($punbb_cookie)){
    list($str) = unserialize(un_escape($punbb_cookie));
    if ($str == "Guest"){
      $member = 0;
    } else if ($str == "admin"){
      $member = 2;
    } else {
      $member = 1;
      include("../cgi-bin/dbconnect.php");
      $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
      if (! $link) {
        die ("Failed to link to Database");
      }
      mysql_select_db($mysqldb) or die ("Failed to connect to Database");
      $result = mysql_query("SELECT * FROM punbb_users WHERE username='$str'", $link);
      if($row = mysql_fetch_array($result)) {
        $uid = $row["id"];
      }
      mysql_close($link);
    }
  } else {
    $member = 0;
  }

function prn_login() {
    echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Already Registered?</td></tr>';
    echo '<tr><td bgcolor="#DECFE7"><form name="login" action="http://www.xtracad.com/qlogin.php" method="post"><div align="center">';
    echo '<input type="text" name="username" value="username" size="20" maxlength="25" class="formRequiredText"><br>';
    echo '<input type="password" name="password" value="password" size="20" maxlength="25" class="formRequiredText"><br>';
    echo '<input name="submit" type="submit" value="Login"></div></form>';
    echo '<tr><td bgcolor="#FFFFFF"><img src="images/spacer.gif" width="1" height="1"></td></tr><tr><td bgcolor="#DECFE7">';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="forum/register.php" class="small02"> Not registered yet?</a><br>';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="forum/login.php?action=forget" class="small02"> Forgot your password?</a></td></tr>';
  }

function prn_loggedin($str, $uid) {
    echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Member On-line...</td></tr>';
    echo '<tr><td bgcolor="#DECFE7" class="small02">';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo " Welcome.. $str<br>";
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="qlogin.php?action=out" class="small02"> Logout</a><br>';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo "<a href=\"forum/profile.php?action=change_pass&id=$uid\" class=\"small02\"> Change Password</a></td></tr>";
  }

?>

Important note:

Rickard has changed the password algorithm in latest version. If you log in from site pages it still uses md5 method, if you login from forum page it uses new method. Both work fine (perhaps you can tell me how to mod my scripts in line with new method?)

Obviously the above can all be modified to tie in with the styling of your own site.
Could I finally add that my friend Paul Marsland has helped me considerably with my site and was responsible for most of this coding. Paul has now registered with PunBB.

I've been down so long it's beginning to look like up..

6 (edited by Paul Marsland 2004-02-03 20:21)

Re: XtraCAD

John above is the old code, the new qlogin will recognise either password hash, but will not replace the md5 password. Logging in from the revised punBB forum code will update each users encrypted password to the new algorithm. Also the old code above doesn't log you out of the users online database, This has been fixed in the later version.

7

Re: XtraCAD

Ahhh. All the tables and font tags! <faints sound="thud" />

8

Re: XtraCAD

Paul Marsland wrote:

John above is the old code, the new qlogin will recognise either password hash, but will not replace the md5 password. Logging in from the revised punBB forum code will update each users encrypted password to the new algorithm. Also the old code above doesn't log you out of the users online database, This has been fixed in the later version.


OK. Here is the new version

<?php

  function un_escape($str){
    return (get_magic_quotes_gpc() == 1) ? stripslashes($str) : $str;
  }

  if (isset($_GET['action'])){
    $action = $_GET['action'];
    if ($action == "out"){

      if(isset($punbb_cookie)){
        list($str) = unserialize(un_escape($punbb_cookie));
      }

      include("../cgi-bin/dbconnect.php");
      $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
      if (! $link) {
        die ("Failed to link to Database");
      }
      mysql_select_db($mysqldb) or die ("Failed to connect to Database");
      mysql_query("DELETE FROM punbb_online WHERE ident='$str'", $link);
      mysql_close($link);

      setcookie("punbb_cookie", "", time() -60, "/", "", 0);
      echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
      echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
      echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
      echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
      echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
      echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
      //header ("Location: $HTTP_REFERER");
      exit();
    }
    echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
    echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
    echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
    echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
    echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
    echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
    //header ("Location: $HTTP_REFERER");
  }

  if($submit == "Login") {
    include("../cgi-bin/dbconnect.php");
    $now = time();
    $expire = ($save_pass == '1') ? time() + 31536000 : 0;
    $cookie_domain = '';
    $cookie_path = '/';
    $cookie_secure = 0;

    $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
    if (! $link) {
      die ("Failed to link to Database");
    }

    mysql_select_db($mysqldb) or die ("Failed to connect to Database");
    $result = mysql_query("SELECT * FROM punbb_users WHERE username='$username'", $link);
      if($row = mysql_fetch_array($result)) {
        $subpword = sha1($password);
        $subpword1 = md5($password);
        if($subpword == $row["password"] || $subpword1 == $row["password"]) {
          setcookie('punbb_cookie', serialize(array($username, $subpword, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
          mysql_close($link);
          header ("Location: $HTTP_REFERER");
        } else {
          mysql_close($link);
          header ("Location: forum/register.php");
        }
      } else {
        //forward to registration page
        mysql_close($link);
        header ("Location: forum/register.php");
      }
    mysql_close($link);
  }
  header ("Location: index.php");
?>

I've been down so long it's beginning to look like up..

Re: XtraCAD

Louis wrote:

Ahhh. All the tables and font tags! <faints sound="thud" />


The code as published is a quick fix at the moment, We will be separating the php from the html in due course, this code was published on request. We will post a slicker version in the near future.

PM

10

Re: XtraCAD

Thanks for the code guys. I had a go at doing this myself but was having trouble. John, I received you email but when I tried to reply it bounced.

11

Re: XtraCAD

Paul Marsland wrote:
Louis wrote:

Ahhh. All the tables and font tags! <faints sound="thud" />

...We will be separating the php from the html in due course ...

No, I meant you should use Web Standards. Also, see this thread.

It's not too big a deal though ;)

12 (edited by Paul 2004-02-04 23:42)

Re: XtraCAD

I wouldn't worry to much about the markup. The reason I asked to see the code was because the system at XtraCAD seemed to work so efficiently, certainly more efficiently than anything I could come up with. Its the php I was really interested in. The markup will vary from site to site anyway. I had it in mind that maybe it could be knocked into a disbributable form with a set of instructions which would allow non-coders to implement a site wide login system. It might also be of particular interest if anybody has a go at designing a PunBB portal (which they inevitably will) or wants to integrate with a news posting or blog system.

One question. You use a script called dbconnect.php. Is there any reason why the code couldn't be modified to include PunBB's own database function file (common_db.php) instead in which case it would cease to be mysql specific. I apologise in advance if thats an idiot newbie question.

13

Re: XtraCAD

Louis wrote:

Ahhh. All the tables and font tags! <faints sound="thud" />

Complete and utter geekism.

<3

Through the awful grace of God

"Dude, CSS and XHTML are like two boys who are deeply in love.  They're perfect for each other, but no one can acccept it."

14

Re: XtraCAD

Paul wrote:

You use a script called dbconnect.php. Is there any reason why the code couldn't be modified to include PunBB's own database function file (common_db.php) instead in which case it would cease to be mysql specific.

No reason whatsoever. In the early days, before we installed PunBB, we used this method to keep database connection data secure (dbconnect.php is in the cgi-bin) and as the only database we use is mysql it seemed appropriate.
I'm sure there are several ways we can improve our own site - submitting the code was merely offering a basis for the individual to work on for their own site.
We are going to be looking at ways to improve and streamline things so, if we come up with anything before yourself (or anyone else) we'll post again.

I've been down so long it's beginning to look like up..

15 (edited by JohnS 2004-02-24 20:50)

Re: XtraCAD

If anyone wants to check out how my login works I've set up a temporary user for you to try
username = REMOVED
password = REMOVED
http://www.xtracad.com

Edit 24 Feb: Temporary password now removed - thanks to all who visited

I've been down so long it's beginning to look like up..

Re: XtraCAD

Looked nice smile

(and fun to see that the attachment mod is used, kind of a reward that since one put down 'a few' hours creating it wink)

17

Re: XtraCAD

Hey Rickard
I like the feature on PunBB site which shows recent discussions. I'd like to place something like that on my site's main index page.
How do you do it?

I've been down so long it's beginning to look like up..

18

Re: XtraCAD

JohnS wrote:

Hey Rickard
I like the feature on PunBB site which shows recent discussions. I'd like to place something like that on my site's main index page.
How do you do it?

Not Rickard; but for the answer take a look at extern.php. Basically you call extern.php from outside PunBB and it provides the relevant data depending on the paramenter that was used to call it.

19

Re: XtraCAD

Paul wrote:

it provides the relevant data depending on the paramenter that was used to call it.

Elaborate please, Paul.
How would you call extern.php to get the display shown on PunBB?

I've been down so long it's beginning to look like up..

20 (edited by Louis 2004-02-09 00:49)

Re: XtraCAD

Bradyn wrote:

Complete and utter geekism.

Thanks, I consider myself a Geek with Style ;)

As for including the forum information, JohnS, read the following, specifically after the bold line.

From inside extern.php:

  INSTRUCTIONS

  This script is used to include information about your board from
  pages outside the forums and to syndicate news about recent
  discussions via RSS. The script can display a list of recent
  discussions (sorted by post time or last post time), a list of
  active users or a collection of general board statistics. The
  script can be called directly via an URL (for RSS), from a PHP
  include command or through the use of Server Side Includes (SSI).

  The scripts behaviour is controlled via variables supplied in the
  URL to the script. The different variables are: action (what to
  output), show (how many topics to display), forum (the ID of the
  forum to poll for topics) and type (output as HTML or RSS). The
  only mandatory variable is action. Possible/default values are:

    action: active (show most recently active topics) (HTML or RSS)
            new (show newest topics) (HTML or RSS)
            online (show users online) (HTML)
            stats (show board statistics) (HTML)

    show:   Any integer value between 1 and 50. This variables is
            ignored for RSS output. The default is 15.

    fid:    A forum ID. If ignored, topics from all guest-readable
            forums will be polled.

    type:   RSS. Anything else means HTML output.

  Here are some examples using PHP include().

    Show the 15 most recently active topics from all forums:
    include('http://host.com/forums/extern.php?action=active');

    Show the 10 newest topics from forum with ID=5:
    include('http://host.com/forums/extern.php?action=new&show=10&fid=5');

    Show users online:
    include('http://host.com/forums/extern.php?action=online');

    Show board statistics:
    include('http://host.com/forums/extern.php?action=stats');

  Here are some examples using SSI.

    Show the 5 newest topics from forum with ID=11:
    <!--#include virtual="forums/extern.php?action=new&show=5&fid=11" -->

    Show board statistics:
    <!--#include virtual="forums/extern.php?action=stats" -->

  And finally some examples using extern.php to output an RSS 0.91
  feed.

    Output the 15 most recently active topics:
    http://host.com/extern.php?action=active&type=RSS

    Output the 15 newest topics from forum with ID=2:
    http://host.com/extern.php?action=activ … &fid=2

  Below you will find some variables you can edit to tailor the
  scripts behaviour to your needs.

21

Re: XtraCAD

Thanx. Did not realise there was an explanation within the file!

Slight problem though...
The right hand column on my site is an include (xtc_right_bar.php). Within this I've placed another include calling forum/extern.php

I get a list of topics displayed but with the following error message above them...

Warning: main(): stream does not support seeking in /includes/xtc_right_bar.php on line 44

Should I be calling the full url of extern.php or just its relative path or is the problem with having an include within an include?

I've been down so long it's beginning to look like up..

22

Re: XtraCAD

I have have also had difficulties getting a relative path to work so I always use the full url which invariably puts things right.

23

Re: XtraCAD

Paul wrote:

I always use the full url which invariably puts things right.

I've tried the full url but still get same error  sad

I've been down so long it's beginning to look like up..

24 (edited by Paul 2004-02-09 21:10)

Re: XtraCAD

JohnS wrote:
Paul wrote:

I always use the full url which invariably puts things right.

I've tried the full url but still get same error  sad

I think I will start a new topic "Need help with extern.php" because I am interested in getting some answers as well.

EDIT

New topic started Extern Problems in Troubleshooting Forum

25

Re: XtraCAD

Paul wrote:

I think I will start a new topic "Need help with extern.php" because I am interested in getting some answers as well.

Good idea - this topic is getting rather long now and deviating from its original!

BTW: I've tried full url, absolute path and relative path but all with errors.

Come on Rickard - it works on your site - give us a clue  wink

I've been down so long it's beginning to look like up..