XtraCAD (Page 1 of 2)

That really is a nice looking site. I normally don't like portal style sites becasuse they are cluttered but somehow you have made a lot of information available and still kept a nice clean look.

Any chance of you publishing your code for getting the login to work since it is something a lot of people have been asking about.

At the top of every page I place the following code. By changing the value 0 to 1 the page is restricted to logged-in members or, by changing the value to 2 it is restricted to admin only.

<?php
  include("../cgi-bin/auth.php");
  if($member < 0){
    header ("Location: fail.php");
  }
?>

Elsewhere on each page (or just the pages you wish to be able to login from) insert the following code:

<?php
     if ($member == 0){
       prn_login();
       } else {
      prn_loggedin($str, $uid);
     }
?>

This calls the functions in "auth.php" and, depending on whether or not you are logged in, displays one or other of the following:             

On submitting "Login" another file "qlogin.php" is called. This checks forum database for username and password and, if valid, sets punbb_cookie and refreshes page so that "auth.php" will detect member. Otherwise it redirects to the forum registration page.

Code for "qlogin.php" is as follows:

<?php

  if (isset($_GET['action'])){
    $action = $_GET['action'];
    if ($action == "out"){
      setcookie("punbb_cookie", "", time() -60, "/", "", 0);
      echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
      echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
      echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
      echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
      echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
      echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
      //header ("Location: $HTTP_REFERER");
      exit();
    }
    echo "<html><head><title> Logging out, Please wait</title><meta http-equiv=\"refresh\" content=\"0;URL=$HTTP_REFERER\"></head><body background=\"images/tile1.gif\">";
    echo '<br><br><br><table width="300" border="1" align="center" bordercolor="#5A1084"><tr><td height="40" bgcolor="#5A1084"><div align="center">';
    echo '<font color="#aa86c1" size="5" face="Arial, Helvetica, sans-serif"><strong>XtraCAD.com</strong></font></div></td>';
    echo '</tr><tr><td height="100" bgcolor="#FFFFFF"><div align="center">';
    echo '<font color="#5A1084" face="Arial, Helvetica, sans-serif"><strong>Logging out of Xtracad...<br>Please Wait<br><br>';
    echo "<font size=\"1\"><a href=$HTTP_REFERER>Please Click here if you are not automatically redirected</a></font></strong></font></div></td></tr></table></body></html>";
    //header ("Location: $HTTP_REFERER");
  }

  if($submit == "Login") {
    include("../cgi-bin/dbconnect.php");
    $now = time();
    $expire = ($save_pass == '1') ? time() + 31536000 : 0;
    $cookie_domain = '';
    $cookie_path = '/';
    $cookie_secure = 0;

    $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
    if (! $link) {
      die ("Failed to link to Database");
    }

    mysql_select_db($mysqldb) or die ("Failed to connect to Database");
    $result = mysql_query("SELECT * FROM punbb_users WHERE username='$username'", $link);
      if($row = mysql_fetch_array($result)) {
        $subpword = md5($password);
        if($subpword == $row["password"]) {
          setcookie('punbb_cookie', serialize(array($username, $subpword, $now, $now)), $expire, $cookie_path, $cookie_domain, $cookie_secure);
          mysql_close($link);
          header ("Location: $HTTP_REFERER");
        } else {
          mysql_close($link);
          header ("Location: forum/register.php");
        }
      } else {
        //forward to registration page
        mysql_close($link);
        header ("Location: forum/register.php");
      }
    mysql_close($link);
  }
  header ("Location: index.php");
?> 

Code for "auth.php" is as follows:

<?php

  function un_escape($str){
    return (get_magic_quotes_gpc() == 1) ? stripslashes($str) : $str;
  }

  if(isset($punbb_cookie)){
    list($str) = unserialize(un_escape($punbb_cookie));
    if ($str == "Guest"){
      $member = 0;
    } else if ($str == "admin"){
      $member = 2;
    } else {
      $member = 1;
      include("../cgi-bin/dbconnect.php");
      $link = mysql_connect($mysqlhost, $mysqluser, $mysqlpw);
      if (! $link) {
        die ("Failed to link to Database");
      }
      mysql_select_db($mysqldb) or die ("Failed to connect to Database");
      $result = mysql_query("SELECT * FROM punbb_users WHERE username='$str'", $link);
      if($row = mysql_fetch_array($result)) {
        $uid = $row["id"];
      }
      mysql_close($link);
    }
  } else {
    $member = 0;
  }

function prn_login() {
    echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Already Registered?</td></tr>';
    echo '<tr><td bgcolor="#DECFE7"><form name="login" action="http://www.xtracad.com/qlogin.php" method="post"><div align="center">';
    echo '<input type="text" name="username" value="username" size="20" maxlength="25" class="formRequiredText"><br>';
    echo '<input type="password" name="password" value="password" size="20" maxlength="25" class="formRequiredText"><br>';
    echo '<input name="submit" type="submit" value="Login"></div></form>';
    echo '<tr><td bgcolor="#FFFFFF"><img src="images/spacer.gif" width="1" height="1"></td></tr><tr><td bgcolor="#DECFE7">';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="forum/register.php" class="small02"> Not registered yet?</a><br>';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="forum/login.php?action=forget" class="small02"> Forgot your password?</a></td></tr>';
  }

function prn_loggedin($str, $uid) {
    echo '<tr><td bgcolor="#aa86c1" class="rhheader"><img src="images/spacer.gif" width="3" height="1">Member On-line...</td></tr>';
    echo '<tr><td bgcolor="#DECFE7" class="small02">';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo " Welcome.. $str<br>";
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo '<a href="qlogin.php?action=out" class="small02"> Logout</a><br>';
    echo '<img src="images/comment.gif" width="18" height="13" align="absmiddle">';
    echo "<a href=\"forum/profile.php?action=change_pass&id=$uid\" class=\"small02\"> Change Password</a></td></tr>";
  }

?>

Important note:

Rickard has changed the password algorithm in latest version. If you log in from site pages it still uses md5 method, if you login from forum page it uses new method. Both work fine (perhaps you can tell me how to mod my scripts in line with new method?)

Obviously the above can all be modified to tie in with the styling of your own site.
Could I finally add that my friend Paul Marsland has helped me considerably with my site and was responsible for most of this coding. Paul has now registered with PunBB.

Ahhh. All the tables and font tags! <faints sound="thud" />

The code as published is a quick fix at the moment, We will be separating the php from the html in due course, this code was published on request. We will post a slicker version in the near future.

PM

No, I meant you should use Web Standards. Also, see this thread.

It's not too big a deal though ;)

Complete and utter geekism.

<3

If anyone wants to check out how my login works I've set up a temporary user for you to try
username = REMOVED
password = REMOVED
http://www.xtracad.com

Edit 24 Feb: Temporary password now removed - thanks to all who visited

Hey Rickard
I like the feature on PunBB site which shows recent discussions. I'd like to place something like that on my site's main index page.
How do you do it?

Elaborate please, Paul.
How would you call extern.php to get the display shown on PunBB?

Thanx. Did not realise there was an explanation within the file!

Slight problem though...
The right hand column on my site is an include (xtc_right_bar.php). Within this I've placed another include calling forum/extern.php

I get a list of topics displayed but with the following error message above them...

Warning: main(): stream does not support seeking in /includes/xtc_right_bar.php on line 44

Should I be calling the full url of extern.php or just its relative path or is the problem with having an include within an include?

I've tried the full url but still get same error