I have a website (located in the root directory) with a forum located in ./forum/
I have successfully integrated phpBB's sessions into the index of my website using the following codes:
In my index page before <html>:
<?php include_once("include/phpbb.php");
// check for logout request
$cp = $_GET['cp'];
// is it a logout? then kill the session!
if ($cp == "logout") {
$user->session_kill();
$user->session_begin();
echo "Successfully Logged Out.";
}
?>
phpbb.php:
<?php
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './forum/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
?>
Displaying the information - this is in header.php which is included in my index:
<?php
// Page login notice
if ($user->data['user_id'] == ANONYMOUS)
{
?>
<img src="forum/images/avatars/gallery/noavatar.png" style="float:left; width:72px; height:72px;">
<div class="login">
<form method="POST" action="forum/ucp.php?mode=login">
<ul><li><span>Username:</span> <input class="loginfield" type="text" name="username" size="20"></li>
<li><span>Password:</span> <input class="loginfield" type="password" name="password" size="20"></li>
<li>Remember Me? <input type="checkbox" name="autologin"> Register</li>
<li><input type="submit" value="Login" name="login"></li>
</ul>
<input type="hidden" name="redirect" value="../index2.php">
</form>
</div>
<?php
} else { ?>
<img src="forum/images/avatars/gallery/<?php echo $user->data['user_avatar']; ?>" style="float:left; width:72px; height:72px;">
<div class="login">
Welcome back, <?php echo $user->data['username_clean']; ?><br>
You have <?php echo $user->data['user_unread_privmsg']; ?> new messages<br>
Log Out
</div>
<?php } ?>
I can successfully log in on the index using the form I created, but if I then click to another page (i.e. about.php) I am asked to log in again. This happens for every page. This also happens if I click over to the phpbb forum.
Is there any way to make it so I can log in on any page, and not have the session restart when browsing other pages?
Thank you for any help!
Check the cookie path in your board configuration in the phpBB ACP. phpBB by default tries to create restrictive cookies with the board root specified as the cookie path.
If the cookie path is /forum/, sessions won't persist in /.
Related
I need to create a login form with session and cookies . I tried a code in login as well as logout but the cookie is not working for me. I am a beginer kindly help and below is my code for login and log out. Thanx in advance
Login.php:
<?php
session_start();
$message="";
if(count($_POST)>0) {
$conn = mysqli_connect('localhost','root','Spiegel#123','sachin') or
die('Unable To connect');
$result = mysqli_query($conn,"SELECT * FROM login WHERE name='" .
$_POST["name"] . "' and password = '". $_POST["password"]."'");
$row = mysqli_fetch_array($result);
if(is_array($row)) {
$_SESSION["id"] = $row[id];
$_SESSION["name"] = $row[name];
} else {
$message = "Invalid Username or Password!";
}
}
if(isset($_SESSION["id"])) {
setcookie("name", $_SESSION["name"], time()+60*60*24*100, "/");
header("Location:one.php");
}
?>
<html>
<head>
<title>User Login</title>
</head>
<body>
<form name="frmUser" id="frmUser" method="post" action="" align="center">
<div class="message"><?php if($message!="") { echo $message; } ?></div>
<h3 align="center">Enter Login Details</h3>
Username:<br>
<input type="text" name="name">
<br>
Password:<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="submit" value="Submit">
<input type="reset">
</form>
</body>
</html>
Logout.php:
<?php
session_start();
if(session_destroy()) // Destroying All Sessions
{
unset($_COOKIE['name']);
header("Location: login.php"); // Redirecting To Home Page
}
?>
you need to set cookie for time before now like below:
setcookie('name', null, -1, '/');
I would like to create a direct unsubscribe page in magento, I found this instruction to follow but the steps 1 and 2 are not clear As I'm not a professional.
Can someone please help me clarify these two steps. Where to create the "unsubscribe.phtml" page? How to add the just created block in it?
Thank you in advance.
1. Create a phtml page say “unsubscribe.phtml” containing the code to create the unsubscribe form.
<?php $newsletterObj = new Mage_Newsletter_Block_Subscribe(); ?>
<div class="newsletter-unsubscribe">
<div class="newsletter-unsubscribe-title"><?php echo $this->__('Submit your email id to unsubscribe newsletter') ?></div>
<form action="<?php echo $newsletterObj->getUnsubscribeFormActionUrl() ?>” method="post" id="newsletter-validate-detail">
<div class="block-content">
<div class="input-box">
<input type="text" name="email" id="newsletter" title="<?php echo $this->__('Sign up for our newsletter') ?>” class="input-text required-entry validate-email” value="<?php echo $this->__('Enter Your Email Here') ?>” onfocus="if(this.value==’<?php echo $this->__('Enter Your Email Here') ?>’)this.value=’’;” onblur="if(this.value==’’)this.value=’<?php echo $this->__('Enter Your Email Here') ?>’;”
/>
</div>
<div class="actions">
<button type="submit" title="<?php echo $this->__('Submit') ?>” class="button"><span><span><?php echo $this->__('Submit') ?></span></span></button>
</div>
</div>
</form>
<script type="text/javascript\">
//<![CDATA[
var newsletterSubscriberFormDetail = new VarienForm(’newsletter-validate-detail’);
//]]>
</script>
</div>
2) Create a CMS page. Add the just created block in it. So that your CMS page will contain that form.
3) Now in page \app\design\frontend\base\default\template\newsletter\subscribe.phtml add the code to add a link of the cms page.
<div class="unsubscribe">
<?php echo $this->__('Unsubscribe') ?>
</div>
4) In page \app\code\core\Mage\Newsletter\Block\Subscribe.php add a function to create the form action url which is called in the “unsubscribe.phtml”.
public function getUnsubscribeFormActionUrl()
{
return $this->getUrl(’newsletter/subscriber/unsubscribecus’, array(’_secure’ => true));
}
5) Now in \app\code\core\Mage\Newsletter\controllers\SubscriberController.php page add new action for unsubscribe process.
/**
* Unsubscribe newsletter from frontend
*/
public function unsubscribecusAction()
{
$email = $this->getRequest()->getParam(’email’);
$subsModel = Mage::getModel(’newsletter/subscriber’);
$subscriber = $subsModel->loadByEmail($email);
$id = (int) $subsModel->getId();
$code = (string) $subsModel->getCode();
if ($id && $code) {
$session = Mage::getSingleton(’core/session’);
try {
Mage::getModel(’newsletter/subscriber’)->load($id)
->setCheckCode($code)
->unsubscribe();
$session->addSuccess($this->__(’You have been unsubscribed.’));
}
catch (Mage_Core_Exception $e) {
$session->addException($e, $e->getMessage());
}
catch (Exception $e) {
$session->addException($e, $this->__(’There was a problem with the un-subscription.’));
}
}
$this->_redirectReferer();
}
Since a can't leave a comment and this question isn't marked as solved yet, i'll assume you still need an answer.
I would suggest placing the unsubscribe.phtml file in /template/newsletter/
For step 2 you can use this code
{{block type="core/template" template="newsletter/unsubscribe.phtml"}}
so the page will contain your form.
If you already figured out how to do this, please post an answer to your own question further on.
Would it be an idea to add an unsubscribe button next to the subscribe button (or allow for a variable in the block call that sets it to yes/no display) - this way you capture both
I'm using Ion Auth authentication library in Codeigniter. When I load my footer view, I get an CSRF Error(This form post did not pass our security checks). When I remove the footer view, it works fine though! Is there anything I'm doing wrong here? Thanks!
function edit_user($id) {
//I'm only posting the last part of the code of edit_user function in the auth controller
$this->load->view('layout/header');
$this->_render_page('auth/edit_user', $this->data);
$this->load->view('layout/footer'); // I'm getting an error when I load this footer view.
}
This is the code in my views.
<h1><?php echo lang('edit_user_heading');?></h1>
<p><?php echo lang('edit_user_subheading');?></p>
<div id="infoMessage"><?php echo $message;?></div>
<?php echo form_open(uri_string());?>
<p>
<?php echo lang('edit_user_fname_label', 'first_name');?> <br />
<?php echo form_input($first_name);?>
</p>
<p>
<?php echo lang('edit_user_lname_label', 'last_name');?> <br />
<?php echo form_input($last_name);?>
</p>
<p>
<?php echo lang('edit_user_company_label', 'company');?> <br />
<?php echo form_input($company);?>
</p>
<p>
<?php echo lang('edit_user_phone_label', 'phone');?> <br />
<?php echo form_input($phone);?>
</p>
<p>
<?php echo lang('edit_user_password_label', 'password');?> <br />
<?php echo form_input($password);?>
</p>
<p>
<?php echo lang('edit_user_password_confirm_label', 'password_confirm');?><br />
<?php echo form_input($password_confirm);?>
</p>
<h3><?php echo lang('edit_user_groups_heading');?></h3>
<?php foreach ($groups as $group):?>
<label class="checkbox">
<?php
$gID=$group['id'];
$checked = null;
$item = null;
foreach($currentGroups as $grp) {
if ($gID == $grp->id) {
$checked= ' checked="checked"';
break;
}
}
?>
<input type="checkbox" name="groups[]" value="<?php echo $group['id'];?>"<?php echo $checked;?>>
<?php echo $group['name'];?>
</label>
<?php endforeach?>
<?php echo form_hidden('id', $user->id);?>
<?php echo form_hidden($csrf); ?>
<p><?php echo form_submit('submit', lang('edit_user_submit_btn'));?></p>
<?php echo form_close();?>
Ion auth csrf protection is older. CI-2 already have
This is provide to security when posting form, ex: POST is from local or server?
ion auth controller file, you see like codes below:
// do we have a valid request?
if ($this->_valid_csrf_nonce() === FALSE)
{
show_error($this->lang->line('error_csrf'));
}
If you remove these validation, you will not get csrf error
You can enable security with CI core lib
http://ellislab.com/codeigniter/user-guide/libraries/security.html
$config['csrf_protection'] = TRUE;
You have to use form_open() tag to triggger csrf protection.
Same problem happened to me when i was trying to add common/header and common/footer to the auth/reset_password page.
Issue was that I was using relative paths for the JS included in the footer part. After a lot of experiment using the base_url() fixed the issue.
I have the sale pb but a replace flashdata by userdata, it's just a little less secure but it's a good solution.
I'm having some issues using sessions on my test website (Running it on WAMP server locally, using PHP php5.3.13) I have checked my php.ini to make sure that sessions are actually being saved, which they are:
C:\wamp\tmp
Basically, when the user logs in it shows, Welcome back, .$username so when I log in with the user "John", it shows this accordingly. Now, when I leave the login page and go back to it this sessions is somehow being lost. (And yes, I am using session_start at the top of every page).
Here is my code;
index.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Codecall Tutorials - Secured Login with php5</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php include "header.php" ?>
<div id="wrapper">
<form method="post" action="">
<h2>Log In</h2>
<div id="underline"></div>
<ul>
<li>
<label for="usn">Username : </label>
<input type="text" maxlength="30" required autofocus name="username" />
</li>
<li>
<label for="passwd">Password : </label>
<input type="password" maxlength="30" required name="password" />
</li>
<li class="buttons">
<input type="submit" name="login" value="Log me in" class="xbutton" />
<input type="button" name="register" value="Forgot Password?" onclick="location.href='passrecover.php'" class="xbutton" />
</li>
</ul>
</form>
</div>
</body>
</html>
<?php include "login.php" ?>
And my login.php page:
<?php
if($_POST){
if(empty($_POST['username']) && empty($_POST['password'])) {
echo 'Please enter all fields';
}else {
$username = $_POST['username'];
$password = $_POST['password'];
if($password !== $password){
echo 'Your password is wrong';
}else {
$db_name =
$db_user =
$db_pass =
$conn = new PDO('mysql:host=localhost;dbname=XXXXX', 'XXXXX', 'XXXXX', // My bd details have been removed for this post, for security issues obviously
array( PDO::ATTR_PERSISTENT => true )
);
$stmt = $conn->prepare("SELECT username,password from members WHERE username = ? AND password = ?");
$stmt = $conn->prepare("SELECT username,password FROM users WHERE username = ? AND password = ?");
$stmt->execute(array($username, $password));
if($stmt->rowCount() === 1 )
{
$_SESSION['name']= $username;
echo 'Welcome back '. $_SESSION['name'];
//echo '<META HTTP-EQUIV="Refresh" Content="0; URL=usercp.php">';
}else {
echo 'Username or Password incorrect.';
}
}
}
}
?>
So, when I originally log in it shows the $_SESSION['name'];
just fine, but when I move page and go back to it, it no longer shows it. (My other pages also have session_start(); ) My original assumption was that my code was wrong, or that my php.ini file wasn't saving any data. What is going wrong here?
You need to add session_start() on your login.php too
The reason it no longer shows is because when you go to another page, you aren't processing that block of code anymore. Because $_POST is empty on a regular page load, so you aren't echoing anything out. Try adding, var_dump($_SESSION); at the top of your page and then load something.
Try this right after your session_start();,
if(!empty($_SESSION['name'])) {
echo "Hello {$_SESSION['name']}";
}
Perhaps you're destroying the session somewhere in the script.
It's possible to make an external login with the following code
<form action="./phpBB3/ucp.php?mode=login" method="post">
<h3>Login • Register</h3>
<fieldset>
<label for="username">Username:</label>
<input type="text" name="username" id="username" size="10" title="Username" />
<label for="password">Password:</label>
<input type="password" name="password" id="password" size="10" title="Password" />
<input type="submit" name="login" value="Login" />
</fieldset>
</form>
but this will end you up at the forum index.
If you add
<input type="hidden" name="redirect" value="./somefile.html" />
you can get it to redirect back to the page you started at, but you will still have needlessly gone to another page only to come back and have lost everything you have done on that page.
Does anyone have an idea how to make a system that lets you login without leaving the page? Maybe something with an iframe?
This might be late but here this works:
<?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
if($user->data['is_registered'])
{
//User is already logged in
}
else
{
$result = $auth->login($username, $password, '', 1, 0);
print_r($result);
if ($result['status'] == LOGIN_SUCCESS)
{
echo '//User was successfully logged into phpBB';
}
else
{
echo '//Users login failed';
}
}
?>
in the above code , change the $username and $password to ur login stuff , run it and see , I have tested this on the latest phpbb version, and it works.
Don't forget to change the root path and things to ur specifications.