CuteNews login - zapamti me

jasamja · kolovoz 2010 07:41 18

Koristim CuteNews cms koji nema bazu nego je flat txt file.

Želim da dodam opciju zapamti me pri logovanju, ali ne znam nacin kako da to uradim.

Imam ovaj fajl index.php od admin panela

<?php
header('Content-Type: text/html; charset=UTF-8', true);
header('Accept-Charset: UTF-8', true);

/*********************************************
 CuteNews CutePHP.com
 Copyright (C) 2005 Georgi Avramov  ([email protected])
 UTF-8 CN: I18N, Security fixes, bug fixes - korn19.ch (2009)
*********************************************/

error_reporting (E_ALL ^ E_NOTICE);

require_once("./inc/functions.inc.php");
//#################

$PHP_SELF = 'index.php';
$cutepath  = '.';
$config_path_image_upload = './data/upimages';

$config_use_cookies = TRUE;  // Use Cookies When Checking Authorization
$config_use_sessions = FALSE;  // Use Sessions When Checking Authorization
$config_check_referer = TRUE; // Set to TRUE for more seciruty
//#################

$Timer = new microTimer;
$Timer->start();

// Check if CuteNews is not installed
$db_err = false;
if(file_exists('./data/users.db.php')){
    $all_users_db = file('./data/users.db.php');
    $check_users = $all_users_db;
    $check_users[1] = trim($check_users[1]);
    $check_users[2] = trim($check_users[2]);
}
else{
    $db_err = true;
}
if($db_err || ((!$check_users[2] || trim($check_users[2]) == '') && (!$check_users[1] || trim($check_users[1]) == ''))){
        if(!file_exists('./inc/install.mdu')){
        die('<h2>Error!</h2>CuteNews detected that you do not have users in your /data/users.db.php file and wants to run the install module.

However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.');
    }
    require('./inc/install.mdu');
    exit;
}

require_once('./data/config.php');
if(isset($config_skin) and $config_skin != '' and file_exists('./skins/'.$config_skin.'.skin.php')){
    require_once("./skins/${config_skin}.skin.php");
}
else{
    $using_safe_skin = true;
    require_once("./skins/default.skin.php");
}

b64dck();
if($config_use_sessions){
    @session_start();
    @header("Cache-control: private");
}

if($action == 'logout'){
    setcookie('md5_password', '');
    setcookie('username', '');
    setcookie('login_referer', '');

    if($config_use_sessions){
        @session_destroy();
        @session_unset();
        setcookie(session_name(), '');
    }
    msg('info', 'Logout', 'You are now logged out, <a href="'.$PHP_SELF.'">login</a>

');
}

$is_loged_in = FALSE;
$cookie_logged = FALSE;
$session_logged = FALSE;
$temp_arr = explode('?', $HTTP_REFERER);
$HTTP_REFERER = $temp_arr[0];
if(substr($HTTP_REFERER, -1) == '/'){
    $HTTP_REFERER .= 'index.php';
}

// Check if The User is Identified


if($config_use_cookies == TRUE){
/* Login Authorization using COOKIES */

if(isset($username)){
    if(isset($HTTP_COOKIE_VARS['md5_password'])){ $cmd5_password = $HTTP_COOKIE_VARS['md5_password']; }
    elseif(isset($_COOKIE['md5_password'])){ $cmd5_password = $_COOKIE['md5_password']; }
    else{ $cmd5_password = md5($password); }

    // Do we have correct username and password ?
    if(check_login($username, $cmd5_password)){
        if($action == 'dologin'){
            setcookie('lastusername', $username, time()+1012324305);
            if($rememberme == 'yes'){
                setcookie('username', $username, time()+60*60*24*30);
                setcookie('md5_password', $cmd5_password, time()+60*60*24*30);
            }
            else{
                setcookie('username', $username);
                setcookie('md5_password', $cmd5_password);
            }
        }

        $cookie_logged = TRUE;
    }
    else{
        setcookie('username', FALSE);
        setcookie('md5_password', FALSE);
        $result = '<span style="color: #f00">Wrong username or password</span>';
        $cookie_logged = FALSE;
    }
}
/* END Login Authorization using COOKIES */
}

if($config_use_sessions == TRUE){
/* Login Authorization using SESSIONS */
    if(isset($HTTP_X_FORWARDED_FOR)){ $ip = $HTTP_X_FORWARDED_FOR; }
    elseif(isset($HTTP_CLIENT_IP)){ $ip = $HTTP_CLIENT_IP; }
    if($ip == ''){ $ip = $REMOTE_ADDR; }
    if($ip == ''){ $ip = "not detected";}

if($action == 'dologin'){
    $md5_password = md5($password);
    if(check_login($username, $md5_password)){
        $session_logged = TRUE;

        @session_register('username');
        @session_register('md5_password');
        @session_register('ip');
        @session_register('login_referer');

        $_SESSION['username'] = $username;
        $_SESSION['md5_password'] = $md5_password;
        $_SESSION['ip'] = $ip;
        $_SESSION['login_referer'] = $HTTP_REFERER;
    }
    else{
        $result = '<font color=red>Wrong username and/or password</font>';
        $session_logged = FALSE;
    }
}
elseif(isset($_SESSION['username'])){ // Check the if member is using valid username/password
    if(check_login($_SESSION['username'], $_SESSION['md5_password'])){
        if($_SESSION['ip'] != $ip){
            $session_logged = FALSE; $result = "The IP in the session doesn not match with your IP";
        }
        else{
            $session_logged = TRUE;
        }
    }
    else{
        $result = '<font color=red>Wrong username and/or password !!!</font>';
        $session_logged = FALSE;
    }
}

if(!$username){ $username = $_SESSION['username']; }
/* END Login Authorization using SESSIONS */
}

###########################

if($session_logged == TRUE or $cookie_logged == TRUE){
    if($action == 'dologin'){
    //-------------------------------------------
    // Modify the Last Login Date of the user
    //-------------------------------------------
        $old_users_db = $all_users_db;
        $modified_users = fopen('./data/users.db.php', 'w');
        foreach($old_users_db as $old_users_db_line){
            $old_users_db_arr = explode('|', $old_users_db_line);
            if($member_db[0] != $old_users_db_arr[0]){
                fwrite($modified_users, $old_users_db_line);
            }
            else{
                fwrite($modified_users, "$old_users_db_arr[0]|$old_users_db_arr[1]|$old_users_db_arr[2]|$old_users_db_arr[3]|$old_users_db_arr[4]|$old_users_db_arr[5]|$old_users_db_arr[6]|$old_users_db_arr[7]|$old_users_db_arr[8]|".time()."||\n");
            }
        }
        fclose($modified_users);
    }
    $is_loged_in = TRUE;
}

###########################

// If User is Not Logged In, Display The Login Page
if($is_loged_in == FALSE){
    if($config_use_sessions){
        @session_destroy();
        @session_unset();
    }

    echoheader("user","Please Login");

    if($config_allow_registration == "yes"){ $allow_reg_status = "<a href='register.php'>(register)</a> "; }else{ $allow_reg_status = ""; }

    echo "
  <table width=\"100%\" border=0 cellpadding=1 cellspacing=0>
     <form  name=login action='$PHP_SELF' method=post>
     <tr>

       <td width=80>Username: </td>
       <td width='160'><input tabindex=1 type=text name=username value='$lastusername' style='width:150;'></td>
       <td>&nbsp;$allow_reg_status</a></td>
      </tr>
      <tr>
       <td>Password: </td>
       <td><input type=password name=password style='width:150'></td>
       <td>&nbsp;<a href='register.php?action=lostpass'>(lost password)</a> </td>
      </tr>
      <tr>

       <td></td>
       <td style='text-align:left'>
          <input accesskey='s' type=submit style=\"width:150; background-color: #F3F3F3;\" value='      Login...      '>

       </td>
       <td style='text-align:left'><label for=rememberme title='Remmber me for 30 days, Do not use on Public-Terminals!'>
         <input id=rememberme type=checkbox value=yes style=\"border:0px;\" name=rememberme>
Remember Me</label> </td>
      </tr>

      <tr>
       <td align=center colspan=4 style='text-align:left;'>$result</td>
      </tr>
     <input type=hidden name=action value=dologin>
     </form>
    </table>";
                   
   echofooter();
}
elseif($is_loged_in == TRUE){

//----------------------------------
// Check Referer
//----------------------------------
if($config_check_referer == TRUE){
    $self = $_SERVER['SCRIPT_NAME'];
    if($self == ''){ $self = $_SERVER['REDIRECT_URL']; }
    if($self == ''){ $self = $PHP_SELF; }

    if(!eregi($self, $HTTP_REFERER) and $HTTP_REFERER != ''){
        die("<h2>Sorry but your access to this page was denied !</h2>
try to <a href=\"?action=logout\">logout</a> and then login again
To turn off this security check, change \$config_check_referer in ".$PHP_SELF." to FALSE");
    }
}
// ********************
// Include System Module
// ********************
    //name of mod   //access

    if($mod == ''){
        require('./inc/main.mdu');
    }
    elseif(isset($system_modules[$mod])){
        if($member_db[1] == 4 and $mod != 'options' and $mod != 'main'){
            msg('error', 'Error!', 'Access Denied for your user-level (commenter)');
        }
        elseif($system_modules[$mod] == 'user'){
            require('./inc/'. $mod . '.mdu');
        }
        elseif($system_modules[$mod] == 'admin' and $member_db[1] == 1){
            require('./inc/'. $mod . '.mdu');
        }
        elseif($system_modules[$mod] == 'admin' and $member_db[1] != 1){
            msg('error', 'Access denied', 'Only admin can access this module');
            exit;
        }
          elseif($system_modules[$mod] == "any") {require("./inc/{$mod}.mdu");}
        else{
            die('Module access must be set to <b>user</b> or <b>admin</b>');
        }
    }
    else{
        die(htmlentities($mod).' is NOT a valid module');
    }
}

echo '<!-- execution time: '.$Timer->stop().' -->';
?>

a u ovom fajlu loginbox.php želim da dodam box zapamti me

<?php
if (!defined('CN_INIT_LOGINBOX')) {
    // Define variables and constants and include files
    define('CN_INIT_LOGINBOX', true);
    $cutepath = dirname(__FILE__);
    chdir($cutepath);
    if (isset($_GET['action'])) {
        $action = $_GET['action'];
    } elseif (isset($_POST['action'])) {
        $action = $_POST['action'];
    } else {
        $action = '';
    }

    require_once($cutepath.'/inc/functions.inc.php');

    // Start Session
    session_start();

    // Log user out if requested
    if ($action == 'logout') {
        session_destroy();
        session_unset();
        setcookie(session_name(), '');
        unset($_SESSION);
        $message = '';
    }

    // Detect IP
    $ip = '';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    if ($ip == '') {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    if ($ip == '') {
        $ip = 'not detected';
    }

    $all_users = file($cutepath.'/data/users.db.php');
    $is_logged_in = false;
    if ($action == 'login') {
        $md5_password = md5($password);
        if (check_login($username, $md5_password)) {
            $_SESSION['username'] = $username;
            $_SESSION['md5_password'] = $md5_password;
            $_SESSION['ip'] = $ip;
            $_SESSION['login_referer'] = $HTTP_REFERER;

            $is_logged_in = true;
            $name = $_POST['name'] = $member_db[4];
            $mail = $_POST['mail'] = $member_db[5];

            $old_users_db = file($cutepath.'/data/users.db.php');
            $modified_users = fopen($cutepath.'/data/users.db.php', 'w');
            foreach ($old_users_db as $old_users_db_line) {
                $old_users_db_arr = explode('|', $old_users_db_line);
                if ($member_db[0] != $old_users_db_arr[0]) {
                    fwrite($modified_users, $old_users_db_line);
                } else {
                    fwrite($modified_users, $old_users_db_arr[0].'|'.$old_users_db_arr[1].'|'.$old_users_db_arr[2].'|'.$old_users_db_arr[3].'|'.$old_users_db_arr[4].'|'.$old_users_db_arr[5].'|'.$old_users_db_arr[6].'|'.$old_users_db_arr[7].'|'.$old_users_db_arr[8].'|'.time().'||'.chr(10));
                }
            }
            fclose($modified_users);
        } else {
            $message = '<div style="color: red;" align="right"><font face="Arial" style="font-size: 8pt">Neuspjesna prijava</font></div>';
        }
    } elseif (isset($_SESSION['username'])) {
        if (check_login($_SESSION['username'], $_SESSION['md5_password'])) {
            if ($_SESSION['ip'] != $ip) {
                $message = '<div style="color: red;" align="right"><font face="Arial" style="font-size: 8pt">Session IP doesn\'t match.</font></div>';
            } else {
                $is_logged_in = true;
                $name = $_POST['name'] = $member_db[4];
                $mail = $_POST['mail'] = $member_db[5];
            }
        } else {
            $message = '<div style="color: red;" align="right"><font face="Arial" style="font-size: 8pt">Neuspjesna prijava</font></div>';
        }
    }
    chdir(dirname($_SERVER['SCRIPT_FILENAME']));
} else {
    if ($is_logged_in) {
?>
<p align="right">
    <font color="#FFFFFF" face="Arial" style="font-size: 9pt" >Benvenuto Bianconero <b><?=htmlentities($_SESSION['username'])?></b>, <a href="<?=$PHP_SELF?>?action=logout"></font><font color="#FFAE00" face="Arial" style="font-size: 9pt">odjavi se</font></a>
</p>
<?php
    } else {
?>
<form name="login" action="<?=htmlentities($PHP_SELF)?>" method="post">

  <input type="hidden" name="action" value="login" />
  
  <table border="0" cellpadding="0" cellspacing="0" bordercolor="#111111" width="100%">
  <tr>
    <td width="66%">
    <p align="right"></td>
    <td width="134%"> <fieldset class="search">
    <table border="0" cellpadding="2" cellspacing="0" bordercolor="#111111" width="100%" height="29">
      <tr>
        <td width="50%" height="13">
        <font face="Arial" style="font-size: 9pt">Korisnicko ime</font></td>
        <td width="50%" height="13">
        <font face="Arial" style="font-size: 9pt">Lozinka</font></td>
        <td width="50%" height="13"></td>
      </tr>
      <tr>
        <td width="50%" height="25">
  <input type="text" class="box" name="username" id="username" value="<?=htmlentities($_SESSION['lastusername'])?>" size="20" /></td>
        <td width="50%" height="25">
  <input class="box" type="password" name="password" id="password" size="20" /></td>
        <td width="50%" height="25">
        <button class="btn" title="Login" type="submit">Login</button>
  </td>
      </tr>
      <tr>
        </fieldset>
        <td width="50%" height="1">
  </td>
      </tr>
    </table>
    </td>
  </tr>
  <tr>
    <td width="66%"></td>
    <td width="134%">
    </td>
  </tr>
</table>
 </form>
<?php
    }
}
?>

U onom fajlu index.php ima opcija zapamti me/remember me, i sada zelim to da ugradim i u ovaj drugi fajl loginbox.php.

Jedan lik mi je rekao da oba fajla koriste isti session i da bi trebao da budem ulogovan na loginbox.php ako se ulogujem na index.php, ali to ne radi. Svaki je poseban. Ako ne moze da se podesi da koriste isti session, moze li se dodati zapamti me box u ovaj loginbox.php file jer posjetioci moraju svaki put da se uloguju kada dodju na sajt ?

jasamja · kolovoz 2010 07:57 19

Ima li rjesenje za ovaj moj problem?

dmitrecic · kolovoz 2010 11:16 19

Ima. I to dva. U loginboxu umjesto sessiona koristi cookiese ili postavi cookiese prilikom logiranja (ukoliko je označeno “zapamti me”), pa pročitaj cookie i dodaj njegovu vrijednost u seesion.

jasamja · kolovoz 2010 12:44 19

Ok, ali mozes li molim te malo detaljnije da mi to objasnis

jasamja · kolovoz 2010 13:45 20

Cini mi se da to nije toliko tesko da se sredi. Ja sam pokusavao, i umjesto onog koda za sessions ubacio sam kod za cookies. Ulogujem se, ali onda cim otvorim novu stranicu budem izlogovan.

Evo i prepravljeni kod za loginbox.php:

<?php
if (!defined('CN_INIT_LOGINBOX')) {
    // Define variables and constants and include files
    define('CN_INIT_LOGINBOX', true);
    $cutepath = dirname(__FILE__);
    chdir($cutepath);
    if (isset($_GET['action'])) {
        $action = $_GET['action'];
    } elseif (isset($_POST['action'])) {
        $action = $_POST['action'];
    } else {
        $action = '';
    }

    require_once($cutepath.'/inc/functions.inc.php');

    $db_err = false;
if(file_exists('./data/users.db.php')){
    $all_users_db = file('./data/users.db.php');
    $check_users = $all_users_db;
    $check_users[1] = trim($check_users[1]);
    $check_users[2] = trim($check_users[2]);
}
else{
    $db_err = true;
}
if($db_err || ((!$check_users[2] || trim($check_users[2]) == '') && (!$check_users[1] || trim($check_users[1]) == ''))){
        if(!file_exists('./inc/install.mdu')){
        die('<h2>Error!</h2>CuteNews detected that you do not have users in your /data/users.db.php file and wants to run the install module.

However, the install module (<b>./inc/install.mdu</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.');
    }
    require('./inc/install.mdu');
    exit;
}

    // Start Session
    session_start();

    // Log user out if requested
    if ($action == 'logout') {
        session_destroy();
        session_unset();
        setcookie(session_name(), '');
        unset($_SESSION);
        $message = '';
    }

    // Detect IP
    $ip = '';
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    }
    if ($ip == '') {
        $ip = $_SERVER['REMOTE_ADDR'];
    }
    if ($ip == '') {
        $ip = 'not detected';
    }

    $all_users = file($cutepath.'/data/users.db.php');
    $is_logged_in = false;
  
    if(isset($username)){
    if(isset($HTTP_COOKIE_VARS['md5_password'])){ $cmd5_password = $HTTP_COOKIE_VARS['md5_password']; }
    elseif(isset($_COOKIE['md5_password'])){ $cmd5_password = $_COOKIE['md5_password']; }
    else{ $cmd5_password = md5($password); }
  
  
    if($action == 'login'){
    $md5_password = md5($password);
    if(check_login($username, $cmd5_password)){

            setcookie('lastusername', $username, time()+1012324305);
            if($rememberme == 'yes'){
                setcookie('username', $username, time()+60*60*24*30);
                setcookie('md5_password', $cmd5_password, time()+60*60*24*30);
            }
            else{
                setcookie('username', $username);
                setcookie('md5_password', $cmd5_password);
            }
        

        $is_logged_in = TRUE;
      
                    $old_users_db = file($cutepath.'/data/users.db.php');
            $modified_users = fopen($cutepath.'/data/users.db.php', 'w');
            foreach ($old_users_db as $old_users_db_line) {
                $old_users_db_arr = explode('|', $old_users_db_line);
                if ($member_db[0] != $old_users_db_arr[0]) {
                    fwrite($modified_users, $old_users_db_line);
                } else {
                    fwrite($modified_users, $old_users_db_arr[0].'|'.$old_users_db_arr[1].'|'.$old_users_db_arr[2].'|'.$old_users_db_arr[3].'|'.$old_users_db_arr[4].'|'.$old_users_db_arr[5].'|'.$old_users_db_arr[6].'|'.$old_users_db_arr[7].'|'.$old_users_db_arr[8].'|'.time().'||'.chr(10));
                }
            }
            fclose($modified_users);
    }
    else{
        setcookie('username', FALSE);
        setcookie('md5_password', FALSE);
        $result = '<span style="color: #f00">Wrong username or password</span>';
        $cookie_logged = FALSE;
    }
}}
    chdir(dirname($_SERVER['SCRIPT_FILENAME']));
} else {
    if ($is_logged_in) {
?>
<p align="right">
    <font color="#FFFFFF" face="Arial" style="font-size: 9pt" >Pozdrav <b><?=htmlentities($lastusername)?></b>, <a href="<?=$PHP_SELF?>?action=logout"></font><font color="#FFAE00" face="Arial" style="font-size: 9pt">odjavi se</font></a>
</p>
<?php
    } else {
?>
<form name="login" action="<?=htmlentities($PHP_SELF)?>" method="post">

  <input type="hidden" name="action" value="login" />
  
  <table border="0" cellpadding="0" cellspacing="0" bordercolor="#111111" width="100%">
  <tr>
    <td width="66%">
    <p align="right"></td>
    <td width="134%"> <fieldset class="search">
    <table border="0" cellpadding="2" cellspacing="0" bordercolor="#111111" width="100%" height="29">
      <tr>
        <td width="50%" height="13">
        <font face="Arial" style="font-size: 9pt">Korisnik</font></td>
        <td width="50%" height="13">
        <font face="Arial" style="font-size: 9pt">Lozinka</font></td>
        <td width="50%" height="13"></td>
      </tr>
      <tr>
        <td width="50%" height="25">
  <input type="text" class="box" name="username" id="username" value="<?=htmlentities($lastusername)?>" size="20" /></td>
        <td width="50%" height="25">
  <input class="box" type="password" name="password" id="password" size="20" /></td>
        <td width="50%" height="25">
        <button class="btn" title="Prijava" type="submit">Prijava</button>
  </td>
      </tr>
      <tr>
        </fieldset>
        <td width="50%" height="1">
  </td>
   <td style='text-align:left'><label for=rememberme title='Remmber me for 30 days, Do not use on Public-Terminals!'>
         <input id=rememberme type=checkbox value=yes style=\"border:0px;\" name=rememberme></label> </td>

      </tr>
    </table>
    </td>
  </tr>
  <tr>
    <td width="66%"></td>
    <td width="134%">
    </td>
  </tr>
</table>
 </form>
<?php
    }
}
?>

jasamja · kolovoz 2010 07:36 21

Ima li neko da zna kako ovo rjesiti?