If anyone wants to check out how my login works I've set up a temporary user for you to try
username = REMOVED
password = REMOVED
http://www.xtracad.com
Edit 24 Feb: Temporary password now removed - thanks to all who visited
You are not logged in. Please login or register.
PunBB Forums → Posts by JohnS
If anyone wants to check out how my login works I've set up a temporary user for you to try
username = REMOVED
password = REMOVED
http://www.xtracad.com
Edit 24 Feb: Temporary password now removed - thanks to all who visited
You use a script called dbconnect.php. Is there any reason why the code couldn't be modified to include PunBB's own database function file (common_db.php) instead in which case it would cease to be mysql specific.
No reason whatsoever. In the early days, before we installed PunBB, we used this method to keep database connection data secure (dbconnect.php is in the cgi-bin) and as the only database we use is mysql it seemed appropriate.
I'm sure there are several ways we can improve our own site - submitting the code was merely offering a basis for the individual to work on for their own site.
We are going to be looking at ways to improve and streamline things so, if we come up with anything before yourself (or anyone else) we'll post again.
John above is the old code, the new qlogin will recognise either password hash, but will not replace the md5 password. Logging in from the revised punBB forum code will update each users encrypted password to the new algorithm. Also the old code above doesn't log you out of the users online database, This has been fixed in the later version.
OK. Here is the new version
<?php
function un_escape($str){
return (get_magic_quotes_gpc() == 1) ? stripslashes($str) : $str;
}
if (isset($_GET['action'])){
$action = $_GET['action'];
if ($action == "out"){
if(isset($punbb_cookie)){
list($str) = unserialize(un_escape($punbb_cookie));
}
include("../cgi-bin/dbconnect.php");
$link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
if (! $link) {
die ("Failed to link to Database");
}
mysql_select_db($mysqldb) or die ("Failed to connect to Database");
mysql_query("DELETE FROM punbb_online WHERE ident='$str'", $link);
mysql_close($link);
setcookie("punbb_cookie", "", time() -60, "/", "", 0);
echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
//header ("Location: $HTTP_REFERER");
exit();
}
echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
//header ("Location: $HTTP_REFERER");
}
if($submit == "Login") {
include("../cgi-bin/dbconnect.php");
$now = time();
$expire = ($save_pass == '1') ? time() + 31536000 : 0;
$cookie_domain = '';
$cookie_path = '/';
$cookie_secure = 0;
$link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
if (! $link) {
die ("Failed to link to Database");
}
mysql_select_db($mysqldb) or die ("Failed to connect to Database");
$result = mysql_query("SELECT * FROM punbb_users WHERE username='$username'", $link);
if($row = mysql_fetch_array($result)) {
$subpword = sha1($password);
$subpword1 = md5($password);
if($subpword == $row["password"] || $subpword1 == $row["password"]) {
setcookie('punbb_cookie', serialize(array($username, $subpword, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
mysql_close($link);
header ("Location: $HTTP_REFERER");
} else {
mysql_close($link);
header ("Location: forum/register.php");
}
} else {
//forward to registration page
mysql_close($link);
header ("Location: forum/register.php");
}
mysql_close($link);
}
header ("Location: index.php");
?>
At the top of every page I place the following code. By changing the value 0 to 1 the page is restricted to logged-in members or, by changing the value to 2 it is restricted to admin only.
<?php
include("../cgi-bin/auth.php");
if($member < 0){
header ("Location: fail.php");
}
?>
Elsewhere on each page (or just the pages you wish to be able to login from) insert the following code:
<?php
if ($member == 0){
prn_login();
} else {
prn_loggedin($str, $uid);
}
?>
This calls the functions in "auth.php" and, depending on whether or not you are logged in, displays one or other of the following:
On submitting "Login" another file "qlogin.php" is called. This checks forum database for username and password and, if valid, sets punbb_cookie and refreshes page so that "auth.php" will detect member. Otherwise it redirects to the forum registration page.
Code for "qlogin.php" is as follows:
<?php
if (isset($_GET['action'])){
$action = $_GET['action'];
if ($action == "out"){
setcookie("punbb_cookie", "", time() -60, "/", "", 0);
echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
//header ("Location: $HTTP_REFERER");
exit();
}
echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
//header ("Location: $HTTP_REFERER");
}
if($submit == "Login") {
include("../cgi-bin/dbconnect.php");
$now = time();
$expire = ($save_pass == '1') ? time() + 31536000 : 0;
$cookie_domain = '';
$cookie_path = '/';
$cookie_secure = 0;
$link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
if (! $link) {
die ("Failed to link to Database");
}
mysql_select_db($mysqldb) or die ("Failed to connect to Database");
$result = mysql_query("SELECT * FROM punbb_users WHERE username='$username'", $link);
if($row = mysql_fetch_array($result)) {
$subpword = md5($password);
if($subpword == $row["password"]) {
setcookie('punbb_cookie', serialize(array($username, $subpword, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
mysql_close($link);
header ("Location: $HTTP_REFERER");
} else {
mysql_close($link);
header ("Location: forum/register.php");
}
} else {
//forward to registration page
mysql_close($link);
header ("Location: forum/register.php");
}
mysql_close($link);
}
header ("Location: index.php");
?>
Code for "auth.php" is as follows:
<?php
function un_escape($str){
return (get_magic_quotes_gpc() == 1) ? stripslashes($str) : $str;
}
if(isset($punbb_cookie)){
list($str) = unserialize(un_escape($punbb_cookie));
if ($str == "Guest"){
$member = 0;
} else if ($str == "admin"){
$member = 2;
} else {
$member = 1;
include("../cgi-bin/dbconnect.php");
$link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
if (! $link) {
die ("Failed to link to Database");
}
mysql_select_db($mysqldb) or die ("Failed to connect to Database");
$result = mysql_query("SELECT * FROM punbb_users WHERE username='$str'", $link);
if($row = mysql_fetch_array($result)) {
$uid = $row["id"];
}
mysql_close($link);
}
} else {
$member = 0;
}
function prn_login() {
echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Already Registered?</td></tr>';
echo '<tr><td bgcolor="#DECFE7"><form name="login" action="http://www.xtracad.com/qlogin.php" method="post"><div align="center">';
echo '<input type="text" name="username" value="username" size="20" maxlength="25" class="formRequiredText"><br>';
echo '<input type="password" name="password" value="password" size="20" maxlength="25" class="formRequiredText"><br>';
echo '<input name="submit" type="submit" value="Login"></div></form>';
echo '<tr><td bgcolor="#FFFFFF"><img src="images/spacer.gif" width="1" height="1"></td></tr><tr><td bgcolor="#DECFE7">';
echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
echo '<a href="forum/register.php" class="small02"> Not registered yet?</a><br>';
echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
echo '<a href="forum/login.php?action=forget" class="small02"> Forgot your password?</a></td></tr>';
}
function prn_loggedin($str, $uid) {
echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Member On-line...</td></tr>';
echo '<tr><td bgcolor="#DECFE7" class="small02">';
echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
echo " Welcome.. $str<br>";
echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
echo '<a href="qlogin.php?action=out" class="small02"> Logout</a><br>';
echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
echo "<a href=\"forum/profile.php?action=change_pass&id=$uid\" class=\"small02\"> Change Password</a></td></tr>";
}
?>
Important note:
Rickard has changed the password algorithm in latest version. If you log in from site pages it still uses md5 method, if you login from forum page it uses new method. Both work fine (perhaps you can tell me how to mod my scripts in line with new method?)
Obviously the above can all be modified to tie in with the styling of your own site.
Could I finally add that my friend Paul Marsland has helped me considerably with my site and was responsible for most of this coding. Paul has now registered with PunBB.
Any chance of you publishing your code for getting the login to work since it is something a lot of people have been asking about.
No problem. I'll do it tonight when I get home from work.
This is the site I've set up for fellow engineering designers
http://www.xtracad.com
I've put a login form on my pages that ties in with my forum and uses the same cookie (you can login on the forum and logout on the site, or vice-versa). Also, on the forum page I've slightly modified the navigation bar so that "Home" takes you back to the site and "Forum" to the forum home page.
Btw: This really is an incredible programme Rickard. Congrats to you and the guys producing the mods - and the support on your forum is second to none.
XtraCAD (my own)
Ties in with my site http://www.xtracad.com
Comments?
Thanx for telling me! (35 downloads and you're the first to tell me... )
Perhaps the other 34 had PunBB 1.1 installed?
Error message is when you run Install_mod
It says this is the wrong version
Do you have a version that will load on punbb 1.1.1?
Rickard wrote:As you can see in the changelog, a few bugs have popped up in 1.1.1, but they aren't all that serious. Do you think I should release 1.1.2 or should I wait a while?
Would it do any harm to publish the code for some of the easier fixes so the technically minded could do their own fixing? After all, I am sure some of the bugfixes are a lot simpler to do than, for example, installing a large mod.
I agree. That way it may mean our mods stay intact
JohnS wrote:When u do next upgrade would some of the files overwrite stuff that the mod changed?
Yes, they do. That's the problem with too much updates...
But surely some of these mods are a definite plus to punbb. Why aren't they incorporated into the next version?
Not sure, but one thing does bug me..
I've just upgraded from 1.0.1 to 1.1, then immediately 1.1 to 1.1.1
Then I installed Frank's Attachment.mod
When u do next upgrade would some of the files overwrite stuff that the mod changed?
I know mods are installed at your own risk, etc. etc. but just wondered
regards
JohnS
OK you win!
I'd modified main.tpl in a previous version to include graphics and had installed this version - hence no <pun_announcement> included.
Works fine now - good job you guys know what you're doing!
Thanks
JohnS
Edit: btw I was pointing out that your redirect.tpl was different format to rest of site, not suggesting this was anything to do with Announcements not working.
If I enable Announcements in Options it doesn't show when I return to forum pages. Is this a known problem?
I've installed latest FrankH Attachment mod ( just let u know in case this matters)
PS
I've modified redirect.tpl in my installation so that redirect page looks same as all other pages (i.e. full width)
regards
JohnS
Hi
I've installed 1.1.1
When I view topics and send an email then after I submit the email form I am redirected to the profile page of the recipient.
Is this correct?
Shouldn't I be redirected back to the topics page - why would I need to see recipient's profile?
regards
JohnS
Hi
I've installed this version and everything works fine but you may wish to know the following.
I had previous version installed and mod installer failed because database tables are alredy created. I had to go into MySQL and delete tables before I could complete installation. Would be good if existing tables were recognised and left alone so as not to lose any info.
regards
JohnS
Thanks Chacmool
It works fine now
Hi
I've just installed 1.1.1
I modified lang/en_common.php as follows
'Home' => 'Forum',
and then added this line
'Xtc_Home' => 'Home',
Then I modified include/functions.php line 180 as follows
$links[] = '<a href="../index.php">'.$lang_common['Xtc_Home'].'</a> | '<a href="index.php">'.$lang_common['Home'].'</a> | <a href="userlist.php">'.$lang_common['User list'].'</a>';
now I get the following error
Parse error: parse error in ../forum/include/functions.php on line 180
Fatal error: Call to undefined function: get_remote_address() in ../forum/include/functions.php on line 112
This mod worked fine in 1.0.1
Can you help?
I've been running 1.0.1 succesfully - great product.
What's the best way to upgrade to 1.1 without losing any data, customisation, etc.
Hi
I've installed this - very impressive.
Only thing is when I go into Forum Attachment Rules I get the following error at the top of the page
Warning: implode(): Bad arguments. in ../forum/admin_attach.php on line 91
Any ideas?
Is there a reliable way to detect if an image file is present on the local hard disk using javascript?
p.s. I do not want to use activeX because in order to allow the code to run the browser security settings have to be compromised.
Thanks for that. It works a treat.
I want to place config.php in a safe directory (preferably my cgi-bin)
Will I have to modify all files that call for config.php and enter the new path?
From a menu within my site I redirect to my forum pages as blank targets. I also redirect to /forum/register.php so that new members to my site can register.
Problem:
I have a log-in box on my main site and I want members to be able to log in from there without having to go to forum/login.php and then when they do go to the forum pages alredy be logged in. I've set the form actions the same as are shown in /forum/login.php but when I submit it just redirects me to /forum/login.php
Also I want to include the status message as shown in forum header (Not logged in, etc) to be visible on my main site.
Any ideas (ps I'm a novice so don't blind me with science!)
PunBB Forums → Posts by JohnS
Powered by PunBB, supported by Informer Technologies, Inc.